All Threats are Insider Threats
Back in the day when the enterprise security model was a hardened perimeter protecting the internal "trusted" network, security vendors seized on the notion that businesses need protection from their employees - the insider threat.
Studies were commissioned to show how much malicious insiders were costing businesses. More recent studies indicate the majority of data breaches are carried out by outsiders.
So, what to do? Protect against insider threats or outside attacks? The answer is it doesn't matter, because both forms of attack are carried out in pretty much the same way.
The standard attack MO is the abuse of elevated privileges to gain access to and then steal high value information. The insider may already have those privileges. The outsider has to obtain them first. From that point on the outsider is, effectively, an insider.
Conceptually, it is straightforward enough to defend against this.
Step One: Track, manage and monitor the credentials that give access to the data you need to protect.
Step Two: Monitor, record and audit all sessions that use elevated privileges. This includes not just interactive sessions, such as system administration, but also automated application sessions that can have access to entire databases of high value information.
Step Three: Link these capabilities into the security infrastructure - SIEM, DLP, IPS, SOC.
Sounds good on paper, but, unfortunately, attacks are not carried out on paper. Work with experienced people and vendors with strong domain expertise to put together a well-integrated security infrastructure.