Are IT security people defending against the wrong enemy? asks the training body SANS. It is easy, while evaluating attack vectors, researching competitors and gauging the threat from organised crime or foreign adversaries, to conclude that external attacks should be the primary focus of defense. This conclusion would be wrong. The critical element is not the source of a threat to IT and industrial control systems, but its potential for damage, according to the foreword of a SANS paper.