KnowBe4 Accused of Naivety after Being Duped by North Korean Fake Employee Hackers
In a disturbing example of corporate incompetence, security awareness training provider KnowBe4 has revealed that they fell victim to a North Korean fake employee scam, despite warning others to beware of such tactics.
How Did It Happen?
According to reports, KnowBe4 recently hired a "perfect candidate" who was not only extremely qualified but also allegedly from North Korea – a country notorious for state-sponsored hacking. The hired individual was given access to company systems and was supposedly performing their job duties within days of being hired.
But it wasn’t long before the company’s systems sounded the alarm, highlighting several red flags that a trained security expert would find unacceptable. Despite this, the company claims that "no illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems".
CEO’s Lackluster Response
KnowBe4 CEO Stu Sjouwerman bizarrely claimed that the whole incident was a "cautionary tale" aimed at educating others on how to avoid falling victim to these types of scams. Meanwhile, experts are raising concerns about the company’s woeful lack of scrutiny when it comes to identifying suspicious behavior.
Lest We Forget: Prevention is the Best Medicine
It’s crucial that every organization takes the necessary measures to prevent these types of hacks from occurring in the first place. This new whitepaper from KnowBe4 details the signs and signs of fake employee hires and offers suggestions on updating your hiring policies to minimize the risk of falling victim. But let’s hope this is not a slap-dash attempt to divert attention from their own errors. Download the white paper here.
But until then, the fact remains: KnowBe4 is now part of an infamous club of companies duped by North Korean operatives, and it’s no joke.