I decided to write an FAQ with more detail and reiterate that this was not a data breach but rather a public service announcement: https://blog.knowbe4.com/north-korean-fake-it-worker-faq
Do we have egg on our face? Yes. And I am sharing that lesson with you. It's why I started KnowBe4 in 2010. In 2024, our mission is more important than ever. Transparency helps the fight against these cyber attacks. One of our customers wrote to me and said: "Really appreciate the FAQ you put out as well. Very much appreciate the transparency and how forthcoming KnowBe4 was with information." - Matt.
Today's fast-paced media cycle often overlooks relevant data. In short, the press coverage was uneven. Many technical media outlets have been cool, calm, and collected, considering this a great cautionary tale, and appreciated our transparency. Other outlets took the "If it bleeds, it leads" sensational angle. They turned it into a "data breach" clickbait and only casually mentioned at the end that no harm was done.
But we got the message out and that was the main objective. I was asked to do a webinar about this topic to help organizations avoid making the same error. We will, so stay tuned. We are also creating an actual training module: "Secure Hiring" where we will compile all the best hiring practices to help prevent this.
Thank you for being a current (or future) KnowBe4 customer. We are all working together. A recent and very relevant article in the Wall Street Journal was sent to me, and is excellent for justifying why security awareness training is critical: "Deepfakes, Fraudsters and Hackers Are Coming for Cybersecurity Jobs:"
https://www.wsj.com/articles/deepfakes-fraudsters-and-hackers-are-coming-for-cybersecurity-jobs-e2a76d06
More Background: 1) At the end of the blog post we link to a recent podcast from Mandiant where they go in depth about this particular danger. I strongly recommend you listen to it. 2) The U.S. Government is aware of this threat and has been warning against it since 2022. Here is the link.