Stop assuming that undetectable computer viruses and socially engineered malware aren't readily getting to your end-users. In its place, start imagining that zero-day exploits and ultra-sophisticated malware are reaching your users every day, and that those users are double-clicking and running everything. A good defense continues to protect and thrive under a full-fledged assault. Don't allow mistaken probability calculations to ruin your defenses.
If I assumed that zero-days were executing every second of every day on every desktop I managed, I probably wouldn't rely on end-user education and an up-to-date anti-virus software program as my primary defenses. Instead, I would prevent end-users from executing anything not previously approved by management, and I would take away root or administrator privileges. I'd consider looking for buffer overflow defenses, unusual types of network activity, and unexpected traffic patterns.
Trust no one
Imagine that every one of your IT employees was up to no good and all outsiders were inside. Now how good are your defenses? I'm not saying your IT employees are unscrupulous. In fact, clearly the opposite is true; most are loyal, law abiding employees. But it only takes one. What if you have a bad apple? How would you change your defenses?
It would be by implementing stricter least privileges, minimizing opportunities for untracked privilege use, setting up internal honeypots, and using split passwords -- in general, helping the honest employee stay honest. It would mean stronger background checks and giving no one absolute trust. Today, Transportation Security Administration employees must undergo background checks and the same rigorous inspections as normal passengers every time they leave and come back to their post.
By taking a mental trip through your worst fears, you'll gain additional clarity on the fitness of a particular computer security defense. Preparing for the worst helps you build a stronger defense against external threats. And when external attackers become internal, which isn't so hard these days, your defenses will still hold up to scrutiny.
It's like planning the security for a prison. In most prisons, guards don't carry deadly weapons during the normal course of rounds. Jail management assumes that guards may be overpowered by inmates, and the last thing they want is armed prisoners. Prisons are notoriously hard to break out of with just one key or one cut in the fence. And their thick concrete walls are built to withstand forces from outside as well as from within.
The best defenses assume things could go very wrong and still work. Go ahead and pray that you'll never see an inside job, but don't make hope part of your defense.