Not all security threats come from outside: human beings in organizations are often threats as well, from accidents to negligence to malicious behavior. Be wary of the inside threats as well when considering your overall security posture.
How can employees pose a risk? Any user with network permissions can inadvertently delete or compromise data. This behavior is accidental, rather than malicious, but it can be just as bad. Then there’s negligence: sometimes employees violate security policies or best practices through well-intentioned but harmful actions or inattention.
And lastly, there are malicious insiders. The classic example is the fired employee who absconds with sensitive data to sell or who uses still-active login credentials to access and harm business accounts.
Take these sort of insider threats into account and plan your security procedures accordingly.