By William Petherbridge, Systems Engineering Manager at Fortinet
Most organisations link employee well-being to productivity, but overlook the direct correlation between high-pressure work environments and heightened cybersecurity risk. In an era of accelerated digital transformation, the cognitive load on employees in critical sectors has intensified. This state of constant pressure is relevant to more stakeholders than those in HR, because it is a systemic security vulnerability. Research consistently highlights that work overload and job stress degrade cybersecurity behaviour, turning well-intentioned, trusted employees into an organisation’s most significant, and unintentional, insider threat.
While malicious insiders capture headlines, the more pervasive risk stems from dedicated but cognitively overloaded employees. It is a well-established fact that human error is a factor in the vast majority of security breaches, a risk that is amplified in environments where the capacity for vigilance is finite. When employees are overworked or distracted, their judgment is impaired. This translates directly into the automatic, reflexive behaviours that threat actors rely on: risky clicks, poor data handling, or a failure to adhere to security protocols that seem inconvenient in the moment. Social engineering, by its very nature, is designed to exploit this. It preys on urgency and distraction, bypassing rational thought to trigger an immediate, and often disastrous, response.
This creates predictable failure points in sectors vital to the national economy. Consider a nurse at the end of a gruelling 12-hour hospital shift who clicks on a malicious link disguised as an urgent patient update. Or a logistics manager at a port, juggling vessel schedules and customs declarations, who hastily approves a fraudulent invoice. In the financial sector, a junior analyst working late to meet a deadline might download a compromised data file from an unverified source. These are not failures of intent; they are symptoms of a security posture that does not account for the operational realities of its environment. The common thread is that these errors stem from individuals operating at their cognitive limits, a vulnerability that threat actors actively and systematically exploit.
The strategic response, therefore, cannot be to simply demand more from already strained employees. Relying on human perfection as the last line of defence is a fundamentally flawed strategy. Instead, the security architecture itself must evolve. Traditional, perimeter-based security models, which operate on the principle of “trust but verify,” just don’t cut it anymore. They inherently trust activity inside the network, a fatal flaw when the internal user becomes the vector of compromise. A new approach is needed, one that serves as a resilient technological safety net – a system designed on the premise that human error is not an exception, but an inevitability.
This begins with applying zero-trust principles through context-aware access controls. A security platform should not grant access based on credentials alone; this is a binary and dangerously simplistic approach. It must continuously verify every user, device, and connection for every single resource request. A smart system will analyse a rich tapestry of contextual signals: is the user logging in from a recognised location and a corporate-managed device? Is the access request happening during normal work hours? Does this user’s role justify access to this specific data? A user’s account suddenly accessing sensitive files it never has before, or attempting a large data transfer at 3 a.m., should trigger an immediate, automated security response. This is the foundation of a system that trusts nothing and verifies everything.
Endpoint security provides the next critical layer of this safety net. Every device, from a medical tablet and a point-of-sale terminal to a warehouse scanner, is a potential entry point for an attacker. Modern endpoint detection and response (EDR) solutions go far beyond legacy antivirus software. They act as a vigilant guard on every device, using sophisticated behavioural analysis to identify the subtle patterns of a potential attack. Rather than just looking for known malware signatures, EDR identifies and neutralises threats in real time based on suspicious actions, making it effective against the novel or zero-day threats often used to exploit an initial human error.
Over time, this continuous monitoring and analysis create a dynamic behavioural baseline for normal activity across the entire network. By using machine learning to understand what constitutes genuine user actions versus suspicious anomalies, the security fabric can automate containment. This is where Security Orchestration, Automation, and Response (SOAR) becomes critical. When an error inevitably occurs – when the wrong link is clicked or the malicious attachment is opened – an automated playbook can immediately quarantine the affected endpoint, suspend the user account, and block communication with the attacker’s command-and-control server. This reduces the threat’s “dwell time” from hours or days to mere seconds, preventing a minor mistake from escalating into a major breach. The technology acts as a second set of eyes that is always alert and always consistent, compensating for the moments when human focus wanes.
Ultimately, building resilience in today’s high-stakes environments requires this strategic shift. It means moving beyond a reliance on perfect human behaviour and instead engineering an intelligent, integrated security platform that anticipates and contains the impact of human fallibility. By de-risking the human element through technology, organisations are not only more secure, but they are also better enabled to pursue their core objectives with speed and confidence. In critical infrastructure and high-pressure commercial sectors, the most effective defence is a security fabric that supports and protects employees by assuming they will make mistakes, and can act appropriately when they do.
