when talking about "databases, internet, security", the focus is usually on firewalls etc. When a database is connected to the internet, it is of course a good idea to move the database server behind a firewall. But I wonder if the threats from INSIDE the firewall aren't often underestimated. The question is: where is the major threat for an enterprise with a database connected to the internet? Is it the employee, working in this enterprise, who abuses his privileges, or is it the hacker who assaults the database via the internet? Any opinions? If anybody has some information about that topic (maybe some statistics, too), please let me know. - Thanks!