Hackers are one thing. But too few companies take the threat of an inside job seriously enough.