When we think about cybersecurity, our thoughts often drift towards words like ransomware, phishing, firewalls, hackers and antivirus. While it is true, there is a lot of interesting technological aspects to it. We sometimes forget the human side to it: the victimized person. After all, there is a perspective on cybersecurity for every person and computer out there in a way.

In my seven-something years as a service desk agent and support technician, I have often encountered the incidents at the first response and triage level, meaning that I have been involved in the identifying, assessing and prioritizing aspects for example. Sometimes we have been alerted by an MDR (“Managed Detect and Response”) system that a user account has been involved in suspicious activity, which then has been followed by an investigation or remediation. Sometimes the users themselves have contacted us. While the tools available may be very useful and faster, they might miss signs of an attempted attack that the user has been better at picking up on.

In such cases, we have been contacted by the user who explains how their browser is acting strangely, how the computer behaves differently or that something simply doesn’t feel right. A clear example can be the times when users ask about help to verify whether an email is a phishing attempt or not. Admittedly, it can be difficult even for a person with experience and training.

Most of the time companies manages to catch the phishing email containing the malicious link or file, however this is not always the case. I have personally seen cases both professionally and privately where normal people like you and me have fallen victim to phishing attempts and scams, resulting in losses ranging from a few thousand SEK to more than a hundred thousand SEK.

I remember one case where the user fortunately got the money back after I had a talk with the company providing the platform of purchases. This time the story ended relatively well, but unfortunately this is not always the case. There is more at stake than a loss of money as well. If it is a corporate user there is also a risk of further damage. It causes a huge emotional impact on the person targeted, who might feel guilt, shame and that their trust was abused.

Whether you are an aspiring cybersecurity professional or perhaps already active in the field, remember the human perspective and who you are helping to defend. Security hardening and providing training for the user base is important, but I also want to finish this article by raising awareness about how important it is to create an open and non-judgemental environment so that a person feel safe reporting potential issues that they notice.

When an issue is brought to you, it is because they trust you and they trust the system set in place to deal with the matter at hand. Take the opportunity to turn non-IT coworkers into your cybersecurity allies.

Erik Engström

2025-10-06

At the podium:

THE HUMAN PERSPECTIVE

BY ERIK ENGSTRÖM

About the author

Hello! What’s your name and where are you based?

My name is Erik Engström, I live and work in Gothenburg, located in the western part of Sweden.

What do you currently do?

Currently I am working full-time as a Service Desk Agent for a retail company.

If we fast-forward five years , what are future-you up to?

In five years I would love to see myself having some more hands-on experience in cybersecurity, perhaps from a SOC, getting a feel for what is out there.

Tell us a fun fact about you!

In the spare time I like to listen to podcasts or build on my Minecraft world. To the annoyance of my surrounding I also enjoy puns.

And lastly, where do we find you?

You can find me online either on linkedin.com/in/engström or on my blog erikengstrom.se where I publish tech related thoughts, articles and my short stories.