Cyber firm launches free tool to weed out hackers in hiring process

A new training tool designed to address critical security risks in hiring processes has been created by KnowBe4 following a failed infiltration attempt within its own company.

The firm, which is known for its security awareness training and simulated phishing platform, said that the tool – which is being made available at no cost – is aimed at enhancing organisational safety during the hiring and onboarding process and shares insights for companies to learn the pitfalls and avoid mistakenly hiring hackers.

This initiative follows KnowBe4’s recent experience in preventing a sophisticated infiltration attempt by a North Korean hacker during the hiring process, which TechInformed reported on earlier this year.

Knowbe4 claim that many organisations are unaware that they have unknowingly hired nation-state IT workers, a growing trend that has also been uncovered by other cyber firms such as SecureWorks.

The BBC has also released a podcast by investigative journalist Geoff White and former North Korean correspondent Jean Lee, The Lazarus Heist, which details the modus operandi of hackers working north of the 39^th parallel.

KnowBe4 claimed that its security team detected and neutralised the threat within just 25 minutes, ensuring no illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems.

According to the firm it has conducted a thorough evaluation of the hiring process, identifying critical vulnerabilities that state-sponsored actors attempt to exploit.

“In recent years, there has been a disturbing trend of state-sponsored hackers, particularly from North Korea, attempting to infiltrate organisations by exploiting the hiring process,” said John Just, chief learning officer at KnowBe4.

“At KnowBe4, we experienced this firsthand and successfully prevented such an attempt. This module is born from that experience, turning our real-world encounter into actionable knowledge,” he added.

You can access KnowBe4’s free training module here  To learn about specific steps organisations can take to protect themselves, KnowBe4 have published a blog post.