> But attackers who are already on the inside of a network, abusing his or her credentials for nefarious intent without anyone the wiser are rapidly gaining notoriety.
It has been a source of puzzlement for years - no, decades, why IT workers with admin prvileges are so reluctant to use these for their own benefit. It should be quite easy for any sysadmin worth their paycheck to insert whatever sort of "payload" they choose onto their boss's computer. Or their boss's boss or ..... the CEO. Or even a co-worker who they dislike or who's job they would view as a promotion (that alone would be enouigh motivation for people to secure their own kit).
That is, if "icky" stuff would actually need to be placed there - rather than the individual in question having already done the dirty work and it just needing to be discovered and reported.