Wow! Last week's blog post went viral, reaching major media outlets and receiving over 125,000 views within days. Responses from around the world praised our transparency and commitment for doing what's right, though some had negative reactions.
I decided to write an FAQ with more detail and reiterate that this was not a data breach but rather a public service announcement: https://blog.knowbe4.com/north-korean-fake-it-worker-faq
Do we have egg on our face? Yes. And I am sharing that lesson with you. It's why I started KnowBe4 in 2010. In 2024, our mission is more important than ever. Transparency helps the fight against these cyber attacks. One of our customers wrote to me and said: "Really appreciate the FAQ you put out as well. Very much appreciate the transparency and how forthcoming KnowBe4 was with information." - Matt.
Today's fast-paced media cycle often overlooks relevant data. In short, the press coverage was uneven. Many technical media outlets have been cool, calm, and collected, considering this a great cautionary tale, and appreciated our transparency. Other outlets took the "If it bleeds, it leads" sensational angle. They turned it into a "data breach" clickbait and only casually mentioned at the end that no harm was done.
But we got the message out and that was the main objective. I was asked to do a webinar about this topic to help organizations avoid making the same error. We will, so stay tuned. We are also creating an actual training module: "Secure Hiring" where we will compile all the best hiring practices to help prevent this.
Thank you for being a current (or future) KnowBe4 customer. We are all working together. A recent and very relevant article in the Wall Street Journal was sent to me, and is excellent for justifying why security awareness training is critical: "Deepfakes, Fraudsters and Hackers Are Coming for Cybersecurity Jobs:"
https://www.wsj.com/articles/deepfakes-fraudsters-and-hackers-are-coming-for-cybersecurity-jobs-e2a76d06
More Background: 1) At the end of the blog post we link to a recent podcast from Mandiant where they go in depth about this particular danger. I strongly recommend you listen to it. 2) The U.S. Government is aware of this threat and has been warning against it since 2022. Here is the link.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
