What CIOs and CISOs Are Saying About Fake IT Workers: 4 Key Takeaways

Across private conversations with CISOs, CIOs, and heads of HR and identity, one issue continues to emerge as both urgent and unresolved: fake IT workers infiltrating enterprise environments under false or stolen identities.

In many of these discussions, leaders admitted they’ve seen this problem up close, or know someone who has. Fake hires can linger undetected for months, perform well enough to avoid scrutiny, and quietly gain access to sensitive systems. Whether the goal is financial fraud, IP theft, or funding a foreign regime, the result is always dangerous: critical systems are compromised, trust is shattered, and the organization is left exposed.

One of the most pressing challenges isn’t just how these bad actors get in, but who is responsible for stopping them. HR teams oversee hiring, but often lack the tools for identity verification beyond background checks. Security and IT teams are concerned about post-hire access and risk, but don’t own the onboarding funnel. The result? Confusion, finger-pointing, and growing vulnerability.

Below I unpack four key insights from ongoing conversations with enterprise leaders who are trying to get ahead of this threat. If you’re in HR, IT, or security, these perspectives may sound familiar, and they offer a path toward better collaboration and stronger safeguards.

Insight #1: Worker Impersonation Has Become a Board-Level Concern: Why Directors Are Demanding Identity Verification

Executive leadership teams and boards of directors are no longer in the dark. High-profile media coverage in The Wall Street Journal, Fortune, and other outlets has accelerated awareness and pressure. Directors are asking CIOs, CISOs, and HR leaders direct questions:

• Could this happen to us?
• Have we already been compromised?
• What safeguards are in place?

For companies in highly regulated industries such as finance, healthcare, and defense, the scrutiny is even more intense. While some board members have suggested drastic measures, like requiring all new hires to verify their identity in person, most executives acknowledge that this alone won’t solve the problem. A more sustainable, digital-first strategy is needed.

Insight #2: Who Owns Employee Identity Verification? Solving Accountability Gaps Across HR, IT, and Security

One of the most persistent issues? Nobody agrees on who owns the impersonation problem.

• Is it HR, responsible for hiring and onboarding?
• Is it IT, responsible for managing account access?
• Is it Security, who typically handles insider threats?
• Or is it Legal or Compliance, given the regulatory exposure?

The result is organizational paralysis, with each department assuming someone else is responsible, no one takes ownership, and the risk continues to grow unchecked. Some companies assign ownership to HR ops, only to discover their background check tools aren’t built for identity verification at scale. Others lean on security or insider threat teams, who are already overwhelmed and reluctant to take on additional responsibility without a clear mandate.

The most successful organizations tackling this issue have one thing in common: collaborative, cross-functional alignment across HR, IT, and security, often driven by a central identity security program.

Insight #3: Manual Identity Checks Can’t Stop Fake IT Workers: Why Traditional Onboarding Is Failing

When detection fails, prevention becomes a guessing game. Unfortunately, many companies are relying on labor-intensive, manual processes that don’t scale and are easy to bypass:

• Video-based interviews and onboarding: Helpful, but increasingly vulnerable to deepfakes.
• In-person onboarding: Logistically difficult and only effective if the individual remains in the role.
• Laptop shipping verification: Foiled when attackers use “mules” or remote access post-delivery.
• Always-on video during virtual meetings: Easy to fake, hard to enforce.
• Behavior-based 2FA triggers: Ineffective if the attacker already has valid credentials.

Worse still, many adversaries are using stolen identities purchased on the dark web or leveraging GenAI to create fraudulent documents that pass background checks. The impersonation problem is outpacing traditional onboarding controls.

Insight #4: The Scope Is Vast – and Underreported: How Global Worker Impersonation Goes Undetected

While North Korean infiltration garners headlines due to FBI intervention, similar incidents are happening globally. Attackers from Eastern Europe, Southeast Asia, and other regions are using identical playbooks.

There’s also a related phenomenon gaining steam: job stacking, where one person holds multiple jobs under a single identity, often outsourcing tasks to others for profit. These schemes can fly under the radar for months and result in confidential data being shared with unauthorized third parties.

Many security teams remain reactive, addressing these issues only after something suspicious surfaces. Given that some experts estimate over 500,000 impersonators may be employed by U.S. organizations today, this approach is no longer tenable.

6 Actions CIOs and CISOs Can Take to Prevent Employee Impersonation

1. Reverify All Identities Using Multi-Factor Signals 
   Conduct a phased identity verification process using device checks, location data, government ID scans, and manager attestation. Move beyond one-time checks.
2. Make Identity Security an Ongoing Priority
   Identity assurance isn’t a one-and-done task. Apply Zero Trust principles to continuously verify the human behind the login.
3. Scrutinize Third Parties and Contractors
   Treat contractors and gig workers with the same rigor as full-time staff. Consider biweekly or monthly identity reverification cadences.
4. Bridge the Gap Between HR, IT, and Security
   Establish shared KPIs and workflows across departments to ensure no gaps in accountability exist.
5. Leverage Existing Security Tools for Continuous Verification
   Correlate identity assurance signals from IDPs, EDR tools, and network monitoring systems to flag suspicious behavior.
6. Report Incidents and Collaborate with Industry Peers
   Engage with communities like FS-ISAC and share learnings. Open dialogue is critical to closing industry-wide gaps.

Why Continuous Employee Verification Is Now Essential

Impersonation-based attacks are no longer rare, and they’re not going away. These threats are stealthy, scalable, and extremely difficult to detect using traditional HR or IT processes alone.

The only path forward is one built on continuous identity verification, from day zero through every access point of the employee lifecycle. At HYPR, we believe trust must be earned continuously, not just at the time of hire.

To learn more about how HYPR’s Identity Assurance platform can help your organization verify who’s really on the other side of the screen, explore our solution here.