Today, insiders represent the single biggest security threat for the simple reason that we haven't addressed the problem. That's because IT designed to prevent intrusion from the outside cannot handle the task of keeping confidential data inside the organization. Yet according to Gartner, 84% of high-cost security incidents occur when insiders send confidential data outside the company.

It's easy to see why insiders, not hackers, now pose the greater threat. To violate information security, an intruder has to figure out how to break into the network, then locate, obtain and distribute the desired data - all without being detected by today's highly effective firewall, network security and intrusion-detection systems.

On the other hand, think of all the people inside the company who have ready access to customer, employee, product and financial data. These same people also have instant access to the Internet. How easy is it for a call center representative to e-mail confidential customer data to a competitor? Or for a software engineer to send source code out along with his résumé? And what's to stop an administrative employee from leaking quarterly earnings via instant messaging?

With confidential customer data and intellectual property just a keystroke from the Internet, every organization is at risk. Common sense tells us the insider threat is huge, and industry research confirms it. Vontu's risk assessment studies reveal that one out of every 500 outbound e-mails contains confidential customer, employee or financial data, intellectual property or competitive information. Our research further indicates that 95% of data loss incidents are unintentional.

Today's network security systems are mostly designed to prevent intrusion from outside the network. To stop an insider threat, software has to meet entirely different requirements.

First, it must not only detect every single security violation based on discrete policies and content, but it must also proactively prevent the transmission of confidential data outside the network. It must provide the ability to accurately measure and reduce risk over time. And it must let users manage information security throughout the enterprise and even, in some cases, across multiple companies, such as outsourcing partners and distributors.