For sure, you can never eliminate the risk posed by insider threats in an information system. And I agree with you when you write, "The majority of security breaches involve internal employees to a certain degree". As long as people are vulnerable to the temptations of financial gain or revenge, there is always a risk that those who have system access will abuse their trusted roles for such motives.

There are some ways that administrators can reduce the likelihood of insider threat incidents. They are:

1. Least privilege.
2. Separation of duties.
3. Rotation of duties.
4. Logging of server and Internet access (accounting and auditing).
5. User training on how to spot and report malicious insiders.
6. Tight authentication with non-repudiation (to ensure that malicious insiders cannot impersonate or "frame" innocent users).