Artificial intelligence (AI) has revolutionized visual content creation. Several AI image generator platforms have become available in recent years, and now new platforms such as Sora, OpenAI’s flagship AI video editor, are entering the market.
AI image and video platforms have enabled individuals and businesses to create content with limitless creativity and scalability, while also improving cost and time efficiency. However, the rapid evolution of this technology has outpaced regulatory measures, leaving a gap for abuse by malicious individuals or groups.
In recent years, there has been a surge in the proliferation of deepfake images and videos – media that has been digitally manipulated to replace the likeness of a person, whether that be their voice, face or body. The technology has been thrust into the spotlight by the recent targeting of public figures, including deepfake audio of Keir Starmer , deepfake pornographic images of Taylor Swift , and a computer-generated video of Martin Lewis . Advances in AI technology mean that deepfakes are becoming increasingly sophisticated, harder to spot and, with the right equipment, can be broadcast live, meaning that individuals can have a conversation in real time with someone who looks and sounds completely different to how they see and hear them on screen.
Recent figures show that deepfake fraud material will increase by 3,000% by 2023. And now that the technology has become fast, cheap and easy for almost anyone to use, cybercriminals have been quick to adopt it into their arsenal of cyberattack techniques.
Co-founder of Ecliptic Dynamics.
The cybersecurity risk of deepfakes for companies
Deepfake technology introduces several cyber risks to businesses. Deepfakes have been used over the years to spread misinformation, mislead the public, manipulate public opinion and smear individuals. It is therefore crucial to understand the potential risk.
Financial damage
The financial implications of deepfake attacks pose a major threat to businesses. These attacks are primarily caused by fraud and scams. People posing as high-ranking decision-making executives who are trusted and respected by their employees.
Cybercriminals can create highly convincing audio or video recordings of a CEO, for example, to instruct employees to wire transfers or share sensitive information. These deepfakes can bypass traditional security measures, leading to significant financial losses. In 2019, a UK-based energy company lost $243,000 after cybercriminals used voice-generating artificial intelligence software to impersonate the CEO of the brand’s German parent company to facilitate an illegal wire transfer.
Operational risks
Deepfakes can increase the effectiveness of social engineering and phishing attacks, posing significant operational concerns for businesses. Traditional phishing attempts often rely on poorly written or generic emails, but deepfakes add a new layer of credibility. Attackers can craft personalized emails or phone calls from trusted individuals within the organization, making it harder for employees to spot malicious activity.
Earlier this year, a finance executive at a Hong Kong-based multinational was tricked into transferring $25 million to cybercriminals. The criminals used deepfake technology to pose as the company’s chief financial officer in a video conference call. The elaborate scam involved the employee taking part in what appeared to be a meeting with several other staff members, who were all deepfake recreations in reality. This sophisticated attack successfully gained the employee’s trust, leading to massive financial losses for the company.
Damage to reputation
Deepfakes can also destroy the reputation of a brand or an individual. For example, a deepfake in which a CEO does and/or says something harmful or controversial can have a major impact on trust, business continuity and market stability, leading to a stock market crash and an online witch hunt.
By the time evidence of a deepfake becomes public, it may be too late to prevent serious damage to your company’s reputation.
Regardless of the form, such an attack on your organization can have significant consequences. So, what can you do to address these risks?
Recognizing deepfakes and limiting risks
As deepfake attacks increase, it is critical that organizations take proactive action to protect their environments. By creating a strong, security-focused culture and updating security procedures to account for the rise of these tactics, organizations can work to mitigate their risks.
Training employees and partners
Regular training sessions should be held to educate employees about deepfake technology and its potential implications for the organization. Teach staff how to recognize indicators of a deepfake, such as unusual facial movements or inconsistencies in audiovisual synchronization.
Strengthen identity verification
This is essential, especially for transactions involving money or sensitive information. Traditional authentication methods, such as passwords and PINs, can be easily compromised, which is why implementing multi-factor authentication (MFA) is crucial. This adds an extra layer of security by requiring multiple forms of verification before access is granted. You can also create trusted phrases to confirm someone’s identity, which serve as a last line of defense when attempting to thwart attacks. This layered approach ensures that even if one security process is compromised, additional measures are taken to prevent unauthorized access and protect sensitive information.
Include deepfakes in incident response planning
Finally, companies should update their incident response plans to include scenarios involving deepfakes. Ensure that clear protocols are in place for verifying the authenticity of suspicious communications and for responding to potential threats.
This year, deepfakes are expected to become increasingly sophisticated and popular. By 2023, there will be over 95,000 deepfakes circulating online, a 550% increase from 2019. As AI and deepfake technology continue to evolve and become more accessible to malicious groups, robust measures can help your business take proactive steps to protect against these threats.
We provide an overview of the best online cybersecurity courses.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of TechRadarPro or Future plc. If you’re interested in contributing, you can read more here:
