> Besides, firewalls only protect against outsiders, whereas most damaging
> attacks are from insiders. ^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^
Do you have current data to support this? I believe this may have been
true 5 years ago but is no longer true.
No, just my experience from working for the last 4 years in the security
field (banking, insurance, government & US Army 
Is this a case of distinguishing damaging vs non-damaging?
Yes. External attacks are mostly show-offs by kids. Insiders intend to
do damage - that's the whole point of those attacks.
At my company,
all recent attacks that I'm aware of have been from outside. Even if
I allow for the fact that I'm not aware of all attacks
Internal attacks are rarely ever discovered because attackers have benefit
of knowledge of the actual systems and can plan the execution, not just
improvise (and trip detectors). Besides, intrusion detectors are mostly
designed to detect footprints of the external attackers.
... the mere volume of ones that I'm aware of would stand as
counterpoint to the assertion that most damaging attacks are from
insiders. Certainly, insiders have the 'potential' to generate the
most damaging attacks with greatest ease, but I'm not sure that
establishes a causal relationship with occurrence.
You are right that it does not; I'm afraid nobody has real figures because
these kinds of attacks are rarely reported even if discovered.
BTW, taking an unauthorized copy of company's sources when leaving company
IS an attack... how common is that?
Certainly the volume of attacks is strongly disproportional towards
the outsider.
Yep. Automated scanning lets attackers to pick easy targets; thouse
attacks are rarely targeted.
--vadim
