Could not agree more with Alex Stamos' statement at the recent Black Hat conference.  Too many people get obsessed with the technical elements of security, and although they are an important element, they do not solve all ills.  

This could not be more true when dealing with a threat from the "insider within" - when someone with apparently legitimate access causes the issues.  Organisations need to focus on their internal human-based controls, and when dealing with a threat from within, consider the forensic and investigation-related dimensions pertaining to internal threats and not just cyber-security measures that address external forces.