While organisations spend large amounts of money trying to defend their perimeters from being breached by external malicious actors, the defensive strategies put in place are not effective at protecting the organisation from within, according to IDC Australia senior market analyst, Vern Hue.

"When a rogue employee has access rights to various, and deep-lying parts of the business --most often due to employees being with the organisation for a long period of time and changing roles as they go along-- access to other parts of the system remains," he says.

According to Hue, this is because many organisations do not have the right processes in place to remove access rights to that previous role.

"This allows the employee to be in a position of siphoning precious information out and hold it against the organisation for a ransom, or to sell it in the black market," he says.

The risks of allowing staff access to certain systems can range from the employee destroying data that they should not have access to through to the entire corporate environment becoming compromised, according to Pure Hacking chief technology officer, Ty Miller. "This is a common scenario found by our security consultants where organisations are creating excessive numbers of domain administrator accounts," says Miller.