September 15, 2025
Netarx's CEO, Sandy Kronenburg, recently provided his insights and expertise in the latest VMware Blog for National Insider Threat Awareness Month.
Sandy Kronenberg, CEO and Founder, Netarx
As we observe National Insider Threat Awareness Month, we must recognize that phishing is evolving faster than training can keep up. A recent Wall Street Journal article highlighted a UC San Diego Health study that tested nearly 20,000 employees with simulated phishing attacks. The results showed that mandatory cyber awareness training had little effect. Failure rates stayed flat regardless of how recently employees had completed their training. In many cases, employees spent less than a minute on training modules or closed them immediately. We are now even seeing deepfakes used in hiring, where synthetic candidates attempt to fool recruiters during virtual interviews. If training cannot keep pace with phishing, it certainly cannot prepare employees to reliably identify fake applicants face-to-face. The risks are rising fast. Deepfake fraud in North America has grown more than 1,700 percent. Losses may reach $40 billion by 2027. The average cost per incident is half a million dollars, and two-thirds of security professionals say they have already experienced deepfake incidents. The real danger lies in trusting a single channel. A voice may sound authentic, a video may look real, and an email may feel urgent. When each is judged on its own, the attack succeeds. The answer is shared awareness. By connecting signals across email, voice, video and metadata like device location and biometrics, organizations can uncover anomalies invisible to the human eye.
Insider threat defense must now move beyond isolated training. It requires a collective approach where systems and people verify across every channel. Only then can we defend against deepfakes that are designed to exploit trust and bypass human judgment.
To read the blog, go to: https://vmblog.com/archive/2025/09/15/expert-insights-on-national-insider-threat-awareness-month-crucial-for-cybersecurity-in-2025.aspx
