When People Become the Attack Surface

Anna Borgström

CEO | NetClean

In today’s threat landscape, individuals are not just users. They can become entry points for influence, compromise, and organisational risk.

Many organisations still believe their greatest cyber threat comes from the outside. A sophisticated attacker, a newly discovered vulnerability, or a breach that originates beyond their control.

But what if the real vulnerability is already inside the organisation?

Not in the systems, but in the people.

The shift from external threats to internal exposure

Recently, I listened to Karl Engelbrektson, Major General and former Chief of the Swedish Army, describe how power is shifting. Not only through military or economic strength, but through influence.

Because if you can compromise a person, you can influence an organisation. And if you can influence an organisation, the impact rarely stops there.

This is where the conversation becomes uncomfortable.

Human vulnerability rarely begins with malicious intent. It often starts small. A moment of curiosity, a search, a click. Something that, in isolation, may seem insignificant.

When behaviour crosses the line

But there is a point where behaviour is no longer accidental or exploratory.

The consumption of compromising or high-risk material, such as child sexual abuse material on work devices, is not a grey area. It reflects a progression far beyond a momentary lapse and signals behaviour that carries severe security implications.

This is not something most organisations want to think about. But it is something that does happen.

From behaviour to leverage

The real risk is not only the behaviour itself, but what it creates.

Once secrecy and shame enter the picture, the dynamics change. An employee with something to hide is no longer just an insider. They become exposed.

And exposure creates leverage.

We understand this dynamic well. It mirrors how grooming works. Vulnerabilities are identified, trust is built, and pressure is applied, sometimes slowly over time. Not through force, but through influence.

The real danger is not only the behaviour itself, but the loss of control it creates. When individuals become exposed, organisations become vulnerable to influence in ways that traditional security models are not designed to handle.

Why this demands executive attention

This is why human insider risk demands attention at the highest level. It is not only a question of policy or compliance, but a direct threat to the organisation’s security posture. In today’s landscape, it can also carry implications that extend into national security.

Because in a world shaped by geopolitical tension and digital influence, individuals inside organisations are not just employees.

They are potential entry points.

A different way to think about security

Human insider risk is not about distrust. It is about recognising a fundamental reality. Even the strongest technical environment can be undermined by human behaviour. And in the wrong hands, that behaviour can be turned into influence.

So the question is not whether this risk exists.

The question is whether you would recognise it if it already existed inside your organisation.

If this risk already existed inside your organisation, would you recognise it?

Detecting human insider risk is not about collecting more data. It is about turning complex signals into high-confidence, actionable alerts.

More articles

You might also like...

Contact us

Talk to an expert

Find out more about our Threat Intelligence Platform and how it strengthens your defense against insider threats. Our security experts are ready to guide you.