Thwart nation-state threat actors with these CISO tips

Attracting and hiring new talent is one of the hardest HR initiatives to get right. Now, companies face the risk of severely compromising their security in the process. Adversarial nation-states, such as Iran, Russia, China and North Korea, are using their trained IT workers to pose as remote workers and infiltrate foreign organizations. With remote work now an established practice for many organizations, foreign adversaries are taking advantage of this setup to rob companies of money and sensitive data.

Tune into this BrightTALK summit webinar presented by Alex Holden, chief information security officer (CISO) of consulting firm Hold Security, as he explains how these ticking time bombs manage to infiltrate and elude even security-conscious companies and the damage they are capable of once they're inside an organization. Luckily, fake employees often come with some warning signs that a well-informed employer can identify before the damage is done.

Read on for a sneak peek Q&A.

Viewers can register for this compelling webinar to get more in-depth details on this insidious threat and learn how to spot a fake employee before they can exact damage.

What are the aliases these people provide? Are they posing as U.S.-based remote workers or international?

Alex Holden: The threat actors assume identities of real people, often in similar technical positions. They steal identities by purchasing them on dark web markets and create professional social media presence. They always pretend to be in the U.S. -- or whatever country where they are seeking employment. Their physical location will always be far away from their victim's offices to justify remote positions.

What are some warning signs that a prospective employee is a threat actor?

Holden: The first signs will be during preemployment processes, where certain minor things will not add up. Usually, there would be something wrong during the presentation of work documents or odd conversations with hiring personnel. Then, there will be technical issues, like connection IP addresses from virtual hosting services or abroad, attempts to bypass company policies by installing remote access software or sharing confidential documents. Suspicious employees will often have sudden and unexplained disappearances from work for up to a week.

This is a significant practice, with estimated thousands of instances -- and more unreported and undiscovered events.

Can you provide a picture of how often this is happening? Do you see it getting much worse with the current state of international affairs?

Holden: This is a significant practice, with estimated thousands of instances -- and more unreported and undiscovered events. While it is not directly impacted by politics today, successful employment campaigns by North Korean and Iranian threat actors are starting to attract attention of other groups, like ransomware gangs, who want to capitalize on the trend.

What is some of the damage they have done once inside an organization?

Holden: There are different MOs for the threat actors. North Koreans mostly do this for money. Iranian threat actors have less interest in enrichment and target company's secrets and data.

How can companies protect themselves from this new breed of threat?

Holden: The first step is awareness, and unfortunately, not all companies are taking these things seriously. But there are two cornerstones of defense: improved HR hiring practices and general awareness of management, and technical safeguards that can detect and deter malicious threat actors before they capitalize on their foothold.

Alicia Landsberg is senior managing editor on the BrightTALK summits team. She previously worked on TechTarget's networking and security group and served as senior editor for product buyer's guides.