Considering the outsourcing threat
Assume there is a company which has 10,000 employees across the globe. To manage these number of employees the company will build an Information systems services. The basic functionality of Information systems is doing the asset management, IT Infra management, Desktop management, Server management etc..
Now to manage the set of above functions most of the time that company will rely on outsourcing solutions. An outsourcing company will maintain the employees who are ready to deploy in the giant companies. Here comes the problem. Consider I am the guy paid <10k per month in an outsourcing company, Should we think that the outsourcing company had verified my identity? No for most of the times. So what if I joined in that outsourcing company just to hack the giant company? Though I am the person from small outsourcing company I would have access to the Network & Infrastructure more than the employees of the giant company. This is insane, because I am not the verified employee of the giant company but still I have the access to their admin services. The giant company may not verify me or else verifies with outsourcing company identity. Outsourcing company may or may not do my background verification because they pay very less salary and recruit who ever joins.
We should not assume that this would never happens because I have personally seen things like this in my experience. OK let's have a simple question, how many giant companies are having desktop support engineer as an on-role employees? May be 10% or so. We should also concentrate these aspects to keep our organisation secure from external business threats.