The biggest risk to an organization's cyber security comes from the inside and that needs to be a top priority all year round.