I recommend that you read the story "Banking on security" published Nov 29 in Dark Reading. The story outlines how a penetration testing team successfully penetrated a bank posing as a copier repair person and then quickly obtained uids and passwords for the banks senior management after successfully accessing their network.
The article shows how relatively easy it is to penetrate an enterprise physically and then obtain internal network access. Then criminals have a variety of tools at their disposal to use including malware, masquerading, etc.
The enterprise needs to have a layered enterprise defense using strong authentication as the user drills to higher risk applications, information and networks. Many of the layers must occur behind the enterprise perimeter. Additionally, employees need to be continually trained to watch out for social engineering attacks. If you don't, someone might literally walk in the front door and leave with all sorts of enterprise secrets and access privileges.