Amidst complex AI-driven infiltration tactics by state actors posing as remote employees, CrowdStrike's CEO says a top best practice is shockingly simple: meet every new hire in person once. This single step can deter bad actors who rely on anonymity and can't risk revealing their identity, solving the problem before it starts.
Related Insights
Instead of just sending a resume, prove your value upfront by delivering something tangible and useful. This could be a report on a website bug, an analysis of API documentation, or a suggested performance improvement. This 'helping' act immediately shifts the dynamic from applicant to proactive contributor.
An effective remote hiring funnel weeds out unserious candidates efficiently. After an initial skills test, request a one-minute video introduction—most won't bother. For the final candidates, replace interviews with a paid, task-based trial to assess real-world skills and work ethic before speaking to them.
For CISOs adopting agentic AI, the most practical first step is to frame it as an insider risk problem. This involves assigning agents persistent identities (like Slack or email accounts) and applying rigorous access control and privilege management, similar to onboarding a human employee.
With LLMs making remote coding tests unreliable, the new standard is face-to-face interviews focused on practical problems. Instead of abstract algorithms, candidates are asked to fix failing tests or debug code, assessing their real-world problem-solving skills which are much harder to fake.
A sophisticated threat involves state-sponsored actors from the DPRK using AI interview tools and virtual backgrounds to pass hiring processes. They get hired, receive company laptops, and then operate as insider threats, creating a significant and often undetected security risk for organizations.
Tools like Final Round AI provide candidates with live, verbatim answers to interview questions based on their resume and the job description. This development undermines the authenticity of remote interviews, creating a premium on face-to-face interactions where such tools cannot be used covertly.
When hiring global remote talent at scale, a typing speed test is a surprisingly effective first filter. The vast majority of applicants fail to meet a basic threshold (e.g., 35 WPM), indicating a lack of the digital proficiency required for any remote role, from admin to engineering.
A company's biggest human security flaw often lies with its help desk. CrowdStrike's CEO points out that help desk staff are typically incentivized to resolve issues and close tickets as quickly as possible. This makes them susceptible to social engineering, as their motivation is speed and helpfulness, not rigorous security verification.
CrowdStrike has found hundreds of North Korean state actors getting hired as remote developers at US companies to gain insider access and steal trade secrets. They are so effective that one manager asked if they had to fire the operative because "he did such good work," highlighting a severe remote work vulnerability.
To ensure 100% team cohesion, implement a full-day working interview where candidates interact with everyone. Afterward, give every single team member a simple thumbs-up or thumbs-down vote. A single "thumbs down" is a veto, which prevents the poison of a bad cultural fit from entering the team and is easier than firing them later.
