The cybersecurity threats HR can no longer hand off to IT
The cybersecurity threats HR can no longer hand off to IT
https://hrexecutive.com/data-breach-report-reveals-new-risks-for-hr-leaders/
Publish Date: 2026-06-08 08:00:00
Source Domain: hrexecutive.com
The 2026 Verizon Data Breach Investigations Report says North Korean IT worker schemes used stolen identities, remote hiring and laptop farms run by local accomplices. It estimates that those operations may have leveraged about 15,000 possible identities.
The report, which analyzed more than 31,000 incidents and more than 22,000 confirmed breaches, documents how cyber risk and workforce risk occupy the same organizational space. Here are three findings from the report that may land on the CHRO’s desk.
The fake worker problem has a hiring solution
The North Korean IT worker operation documented in the 2026 DBIR has mechanics that are familiar to any recruiter, including polished resumes, strong technical interviews and remote onboarding. But these “candidates” are, in fact, coordinated state actors using tools that once seemed futuristic.
Ensar Seker, SOCRadar
“The North Korean IT worker threat is no longer just a cybersecurity issue. It is now an insider risk and workforce integrity problem,” Ensar Seker, chief information security officer at SOCRadar, a threat intelligence firm, told HR Executive. “Traditional background checks are often ineffective because these actors use synthetic identities, stolen credentials, AI-enhanced resumes and even deepfake-assisted interviews.”
The DBIR found that third-party supply chain breaches jumped 60% and now account for 48% of all incidents. Many infiltrations occur through subcontractors or fast-tracked technical recruiting pipelines where identity validation is weakest.
“Hiring can no longer operate independently from cyber risk management,” Seker says, “especially for remote technical roles with privileged access.” He suggests that organizations need to implement multi-layered identity verification such as live identity validation during interviews, device and geolocation consistency checks, payroll banking verification and tighter contractor onboarding controls.
Behavioral monitoring after hire…
