Your own legitimate users are a source of particular risk to your network and so to your organization. They have access to at least some of your resources without needing to do anything improper or difficult, and they may have a significant amount of information about the network.
It is important to recognise that risks arise from innocent actions of users who mean no harm, as well as from the small number who may from time to time be actively malicious.