Comment by whyever
7 months ago
They main defense against internal attacks is bookkeeping. Banks have been dealing with this for thousands of years. I recommend the corresponding chapter in Security Engineering by Ross Anderson: https://www.cl.cam.ac.uk/archive/rja14/Papers/SEv3-ch12.pdf
Bookkeeping will alert you to employees stealing your money. It won't alert you to employees selling information.
Access logs do help with this. They have been successfully used by the police to identify rogue officers abusing their access to police databases.