Security planners are racing to close gaps across networks and ICT infrastructure. But they have overlooked a Trojan horse already inside the gate, Attorney-General, George Brandis has warned.\nThis Trojan horse is the trusted insider, an internal staff member with unprecedented access to intelligence as well as government and business information, Brandis warned delegates at a 'Government in Security' conference this week in Canberra.\nHe said that a trusted insider with unmonitored access to information can cause considerable damage because "they know how things work."\nBrandis added that classified material that filled a suitcase is now stored on a microchip no larger than his thumbnail.\n"The amount of classified information that we hold has grown exponentially,\u201d he said.\nA trusted insider can source sensitive information through networked computers and copy and transfer this with ease.\n\u201cThat is why the two largest breaches of Western intelligence have occurred only recently,\u201d he said.\nThe stakes are getting higher, as demonstrated by the high-profile Edward Snowden and Bradley Manning incidents involving US intelligence and government, he said.\n\u201cBradley Manning copied thousands of classified documents while working as an intelligence analyst for the US Army. He leaked a quarter of a million diplomatic cables and half a million army reports to the website WikiLeaks.\u201d\nKnow your staff\nThe common assumption is that sophisticated hacking or viruses are the biggest concerns, he said.\n\u201cThese are threats but the reality is that the most likely source of a breach, whether accidental or deliberate, is not a hacker. It\u2019s not a person that puts malware into the system. The most likely source of a breach is one of your own staff.\u201d\nTo tackle insider risk, it is critical to continually vet and monitor staff\u2019s suitability to access information, he said. \u201cThis should never be under-estimated.\u201d\nWith staff vetting arrangements, \u201cit\u2019s not enough to simply \u2018tick and flick\u2019 an application every few years.\u201d\nHe added that a trusted insider can only be thwarted by a robust security culture that is shared, observed and managed by everyone within an organisation.\nAmong the remedies, the Attorney-General\u2019s Department is sharing a new handbook 'Managing the insider threat', which details how to understand the insider threat.