Some adversaries are really putting the “actor” in threat actor.

Cybercrime groups are impersonating IT pros to steal employee passwords or install malware. One big way to defend against these imitators is employee awareness—not just of the threat itself, but also the company’s own IT staff.

We spoke with IT pros who shared strategies on how to get acquainted with employees—and why that human touch pays off when threat actors act like admins.

Act I. For years, adversaries and pen testers have been imitating IT pros—to malicious effect. Some recent examples:

• In January 2026, Mandiant revealed that a cybercrime extortion group posed over the phone as an IT pro updating the company’s multi-factor authentication settings. The adversaries then directed victims to believably branded credential harvesting sites.

How one IT pro used free breakfast to build trust.—BH

What you don’t know could hurt you. That’s why IT pros need dashboards and other monitoring tools that provide maximum insight into their increasingly hybridized IT infrastructure—but what if they’re not getting what they need?

AI could help ensure IT teams have full visibility into on-premises and cloud systems. Kevin Sheu, VP of product and solutions at Versa Network, which provides security, networking, cloud, and analytics, told IT Brew that AI products can help fuse systems together for boosted visibility, especially when combined with Model Context Protocol (MCP), an open-source framework that standardizes how AI platforms integrate and share data with other tools.

Hybridized environments are the norm for most organizations today, but they can lead to disparities in the ability to monitor cloud services versus on-premises capabilities, Raghu Nandakumara, Illumio’s VP of industry strategy, told IT Brew. Those disparities, in turn, can lead to cybersecurity issues.

How many companies have 100% visibility?—CN

Everyone needs somebody to lean on: Batman has Robin, Calvin has Hobbes, and Beavis has Butthead. Now, CISOs can soon join that list, with a new partner-in-crime that can support them during security incidents.

Earlier this month, BreachRx announced the launch of a cybersecurity incident response management (CIRM) warranty, which it claims is the “industry’s first contractually backed financial safeguard” for CISOs and other organization leaders.

Warranty FAQ. The warranty will be available to enterprises who purchase BreachRx’s product plans at the beginning of next month. When CISOs and other executives use BreachRx’s platform during the incident response and recovery process, they can get warranty-backed coverage of up to $3 million to use toward costs that would have fallen on them or their companies, like fines or regulatory defense costs. BreachRx’s warranty is intended to supplement directors and officers (D&O) insurance, which CISOs tend to lack coverage under since they are often not regarded as corporate officers.

Why BreachRx felt now was a good time to roll out a warranty.—BM

Ransomware tactics are evolving faster than your patch schedule. Join IT Brew on April 15 to unpack what’s actually changing, where attackers are getting in, and how IT teams can stay one step ahead without chasing every headline. Register here.

Slack’s latest Slackbot upgrade could lighten the load for IT teams. This story breaks down how the bot pulls answers from chats, docs, and connected tools—and why it could streamline help-desk support as GenAI assistants spread across the workplace.