Remote hiring, once a niche practice, has become the norm for many organizations worldwide. However cybersecurity awareness training company KnowBe4 recently discovered that the convenience of remote hiring comes with significant risks.
The company inadvertently hired a North Korean spy, who managed to bypass its security measures, highlighting critical vulnerabilities in modern recruitment processes.
The deception was uncovered when the company-provided laptop immediately began downloading malware upon its first use. Fortunately, KnowBe4’s security systems detected the threat early, preventing any data compromise.
The deception uncovered: How a spy infiltrated KnowBe4
In July 2024, KnowBe4’s US branch hired “a qualified candidate” for a remote position.
Despite rigorous background checks and multiple video interviews, the individual, who was later revealed to be a North Korean spy, managed to infiltrate the company. Using a stolen US identity, the fraudsters convincingly portrayed themselves as working from the United States, and by leveraging a Virtual Private Network (VPN) and logging in during nighttime hours, they concealed their true location, which was either in China or North Korea.
The incident serves as a stark reminder that even the most security-conscious organizations must remain vigilant and continually adapt their practices to counter emerging threats.
One of the key takeaways from KnowBe4’s experience is the importance of recognizing potential red flags during the recruitment process. Fraudsters are becoming increasingly sophisticated, using advanced techniques to create fake but believable identities. Here are some common signs that may indicate a candidate is not who they claim to be:
- Inconsistencies in birth dates, educational backgrounds, or unexplained gaps in employment history should raise suspicion. Fraudsters may provide incomplete or misleading information to avoid detection.
- Simple email verifications are no longer sufficient. It’s essential to conduct phone calls with listed references to confirm their legitimacy. Direct conversations can reveal more than what is written in an email.
- Candidates who seem too qualified for the role and appear to be just what the company needs may be trying to avoid scrutiny by relying on their impressive credentials. This tactic is often used by fraudsters to speed up the hiring process.
- A candidate’s reluctance to appear on camera during interviews is a significant red flag. While there may be legitimate reasons for this, fraudsters often avoid video interviews to conceal their true identity.
- In today’s connected world, most people have some form of online presence. A candidate with no digital footprint, or a “digital ghost,” should be investigated further.
One crucial step in protecting against incidents such as these is the use of Multi-Factor Authentication (MFA) from the outset. By requiring new employees to verify their identity using hardware tokens sent to verified physical addresses, companies add an essential layer of security, ensuring that only the intended recipient can access company systems.
Additionally, providing new hires with pre-configured, secure devices and limiting their access to sensitive information until their identity is thoroughly verified is vital. This approach, which was instrumental in detecting the malware in KnowBe4’s case, helps mitigate the risk of malicious activity. Organizations should also adopt a zero trust approach by restricting system access for new employees until they have completed all necessary training and security checks.
Furthermore, enhancing the verification process for remote workers by shipping company devices to trusted third-party locations, such as UPS stores, where recipients must present a valid ID, can prevent bad actors from gaining physical access to sensitive hardware, with KnowBe4 activating this strategy after the breach.
“For a cybersecurity company like us to get caught with egg on our face was a big wake-up call," admitted Anna Collard, Senior Vice President of Content Strategy & Evangelist at KnowBe4 AFRICA.
"We could have kept quiet, but instead we shared our story hoping other organisations could learn from it."
More from TechRadar Pro
- These are the best VPNs with antivirus
- It's time to start intense scrutiny of SaaS apps as more organizations fall prey to exploits despite higher budgets
- Take a look at our list of the best firewalls