Rather than assuming a good perimeter means tight security, end-user companies have to assume attackers will get through the first layer of defense, he said. Real protection means having security that can slow down or wall out attackers who already look like legitimate users.

"Sophisticated attackers infiltrate a network, steal valid credentials on the network, and operate freely - just as an insider would," Aken said in the report. "Having defensive strategies against these blended insider threats is essential, and organizations need insider threat tools that can predict attacks based on human behavior."

The most common method of attack is spear-phishing - directing phony email requests at people with legitimate access to get entry credentials for a specific network.

Once into a network, hackers install keyloggers and command-and-control programs that gather other usernames and passwords, and give attackers control over systems attached to the network, where they can work unimpeded.

The technique is so successful military and civilian security specialists have almost given up keeping attackers out completely.