Misinformation, fake news, hoax. In recent years, we’ve all developed a heightened awareness of these terms – the latest buzzwords doing the rounds in media and political circles. But it’s not just the well-connected and well-heeled who should be paying attention.
As technology advances and becomes more accessible, it’s inevitable that misinformation will step up from malicious stories to something more sinister. In particular we’re talking about the phenomenon of “deepfakes” which are used to first deceive, then manipulate and finally, profit in some way.
What actually is a deepfake?
A deepfake is a variation of artificial intelligence (AI) that can be used to create image, audio and video hoaxes. Concerningly, emerging deepfakes can be indistinguishable from the real thing and have already begun to imitate public figures and trick everyday citizens to prominent businesspeople.
Who or what do deepfakes target?
Despite the proliferation of doctored pictures, videos and soundbites featuring Hollywood stars and high-profile politicians, it’s businesses which should be most worried. Leaders and authority figures need to have an especially sharp understanding of the dangers deepfakes pose to brand, employees, customers and perhaps most pointedly, your wallet.
As with more established scams, the aim of the game for deepfake AIs is to fraudulently extort money. This is often achieved through meticulously targeting (or imitating) the person holding the purse strings.
What is an example of deepfake technology?
Deepfakes include unnerving avatars that trick facial recognition systems, the fusing of real and fake footage, machine learning to create realistic videos from single images and much more. This might sound science-fiction, but it’s part of daily life on today’s social media.
One of most common examples of deepfakes in action are fake voicemails. Fake voicemails will imitate the voice of a business leader – everything from the tone, pronunciation, phrasing and vocabulary quirks – and make a request. The request could be anything from transferring funds, setting up a new payee to opening an email that conceals spyware.
The fake voicemail tactic (which is known as “vishing”) is increasing and has already resulted in financial theft from several businesses. In a world where we can no longer believe our own eyes and ears, identity theft and impersonation have clearly evolved from the phishing and whaling emails that can plague inboxes. In 2018, 49% of infosec professionals reported experiencing a vishing attack. Yet, a global audience could only identify a vishing attack 18% of the time.
Should deepfakes be taken seriously?
Fake news fatigue is a real thing, but it’s critically important for the business world to acknowledge the scale of the dangers associated with this terrifying technology. The potential for fraud against both a business and its customers is astronomical, and victims will surely be left with a stain on their reputation.
Although cybercriminals will attempt to make deepfakes as long as the promise of cash persists, taking tangible measures to defend against their effectiveness is what really matters.
Who is responsible for protecting against deepfakes in business?
Cybersecurity decision makers are typically responsible for managing the risk of cyberthreats such as deepfakes. It’s likely that this person or people will be part of the technical or IT team and should be represented at board level.
But as mentioned, deepfakes have already begun to be deployed by cybercriminals in commercial contexts, which is especially concerning for business leaders and finance executives as well as IT teams. In short, deepfakes are a company-wide threat that require company-wide attention.
77% of cybersecurity decision makers are worried about the potential for deepfake technology to be used fraudulently. Yet, despite this significant anxiety, only 28% have taken action to combat deepfakes and address any security vulnerabilities.
What can I do to prevent deepfake cyberattacks?
The latest deepfakes are so sophisticated that they’ll convince most people and bypass the majority of systems. Therefore, businesses need to rely on a combination of excellent, up-to-date security software and relevant, consistent colleague training to build the strongest possible defence.
A great place to start in identifying vulnerabilities and fixes is an IT security audit. You can book a no-obligation audit from K3 here, which is completed in 2 working days with no disruption and via remote access if more convenient to your business. We also recommend arranging colleague training and refreshing cybersecurity awareness across the business. You can book a session and get free, downloadable resources on our Security Surgery.
To speak to an IT security expert, contact K3 on 0844 579 0800.