A Trojan horse: Hiring malicious actors

"Everybody in the hiring pipeline should really be looking out for this. Every person that touches a candidate has a chance to pick this up before someone gets hired."

Key Moments

00:42 Insider Threats for Financial Gain

06:10 High-Profile Cybersecurity Incident Reporting

09:16 Healthcare Data Extortion Risks

10:40 Spotting Red Flags in Hiring

14:14 Security and HR Collaboration in Hiring

17:23 Identifying Security Red Flags

19:51 Verifying Candidate Authenticity Steps

23:34 On-Camera Hiring Best Practices

There is a new security concern that is catching many offguard: hiring malicious actors. Matt Mock, our CISO, shares that instances of fake candidates, particularly those backed by entities from countries like North Korea, are no longer a rarity.

These actors typically have financial motives as their primary aim and have a surprising sophistication. They employ stolen identities and may even be working with domestic associates to get their foot in the door. As Megan McLeod points out, these aren't mere hypotheticals. Even companies like KnowBe4 have reported encounters, underscoring that no organization is too small to be targeted.

It is important to be vigilant in the hiring process. There are a number of red flags during remote interviews that are worth being aware of such as inconsistencies in a candidate's story, reluctance to appear on video, or unusual locations to send equipment. But it's not just about catching these actors during interviews.

Some of these actors may be hired before they start to show subtle but suspicious activities. Accessing systems from unexpected locations or changing device settings to a foreign language can reveal their true intentions.

Ultimately, collaboration between security teams and HR is crucial. By arming ourselves with knowledge and sharing insights about potential threats, we can better protect our organizations. And remember, don't overlook the small details; they're often where the truth hides.

Browse additional episodes on our blog or listen wherever you get your favorite podcasts, including:

• Amazon Music or Audible

• Apple Podcasts or Libsyn Classic Feed

• iHeartRadio

• Spotify

Subscribe now to get notifications of new episodes in your inbox.

Have an idea for future episode topic? Share it with us.

Learn more about the security of the Redox data interoperability platform here.