Following Facebook’s recent decision to ban deepfake technology from its social platform, many other social media companies are following suit, cracking down on what Mark Zuckerberg has called an “emerging threat.” Deepfake has quickly transcended from YouTube and social media to enterprise businesses, leading organizations to question the intensity of the security implications posed by deepfake. As cyber criminal tactics continue to evolve, deepfake could be behind the next big data breach.
Contrary to popular belief, deepfake technology does not require specialized, highly-skilled or knowledgeable actors. Deepfake algorithms use deep learning AI, allowing users to create realistic fake or altered videos and audio files. In fact, in 2019, deepfake audio was used to impersonate a German chief executive’s voice to trick a company into transferring $243,000 to the hacker’s bank account. So what’s preventing phone scams from leveraging AI technology to impersonate doctors, banks or government agencies to extract personal information?
Though verification techniques exist to help flag fraudulent attempts, it’s worth noting that employees must be trained to detect fraudulent emails. Targeted phishing attacks still remain one of the most popular attack vectors. Once an attacker gains network entry, they are able to access files containing video and audio data to create a deepfake.
As these attacks become more widespread, they will affect more than high-level CEOs, government officials and political figures. Enterprise businesses will be affected by less obvious instances of data stealing, which may involve giving up documents, transaction details, customer orders, or information to be leveraged for crime and fraud. To make matters even worse, retrieval of audio files may put companies at legal risk.
While cybersecurity companies are researching and developing products to detect deepfake recordings, identifying deepfake content is beyond the capabilities of most enterprises. Protecting organizations in the digital age requires businesses to be cognizant of deepfakes and the best ways to prevent them:
- Detection Technology: Organizations can defend themselves through automated technology. AI-powered detection software uses deep learning algorithms, similar to that of deepfake, to determine if an image or video has been altered. Cryptographic tools can also watermark content to detect tampering.
- Train Your Employees: Train employees to recognize deepfakes. Provide them with examples or situations in which they may receive an unexpected call or be asked to perform an uncommon task.
- Plan Ahead: Consider putting internal security controls or questions in place to help employees identify a caller’s identity. In the event that a deepfake issue arises, ensure you have a standard response plan that includes who to notify both internally and externally, how to respond and security measures that can be taken to prevent escalation.
Carolina Advanced Digital offers a breadth of security solutions including products and services for security reviews and assessments, security awareness training and other solutions that mitigate risks related to deep fakes. Contact us today to schedule a free call with a team member to discuss your needs.
You can also see a special session on deep fakes at our upcoming IT Hot Topics Conference. For more information visit https://hottopicsconference.com .