IBM's Global Security Intelligence has warned that there will be a big shift in cybercrime this year. Along with mobile devices, instant messaging from botnets, blogging-led security leaks, insider attacks will be more of a threat as attacks shift from global outbreaks to more finely-targeted efforts.
Having a carefully-mapped out Sarbanes-Oxley strategy goes some way to addressing insider threats because insider attacks are so much more difficult to deal with than external threats. The linkage between insider threats and Sarbanes-Oxley compliance is spelled out here.
I have yet to be convinced it will stop insider attacks completely. The problem with systems is that people will always find a way around them if they really want and it depends how far they are prepared to go. Still, it does show how security strategy is another growth industry to come out of SOX.
Most of the companies I talk to have spent thousands, sometimes millions for network & perimieter security, and most of the major breaches, and the rise of insider violations, go around just about any network security solution. Protect the core of your business – your databases – although database security is certaintly not new, it seems to be a low priority for most organizations, until they have a breach or audit failure.