Is it really Tom Cruise trying to wrestle an alligator? Keanu Reeves dancing like no one is watching? Or is Robert Pattinson making shade out of his cat?
Deepfake technology is advanced artificial intelligence that replaces real video and audio with artificially created video and audio from other sources. It may seem like harmless fun on TikTok, but it’s also a huge security risk for businesses of all sizes.
Deepfake attacks are on the rise, according to a recently released report from cloud services company VMware.
Rick McElroy, Principal Cybersecurity Strategist at VMware, said: “Two of his three respondents to our report confirmed malicious deepfakes were being used as part of an attack, a 13% increase from last year. and email was the top delivery method.”
According to McElroy, their new goal is to use deepfake technology to compromise an organization and gain access to its environment. How? By tricking employees into thinking they are dealing with an actual human being.
It happened to a bank manager in Hong Kong who received a deepfake call from a bank executive demanding money transfers. The impression was so good that the manager finally said he transferred $35 million and never saw it again. A similar incident occurred at a UK-based energy company. In this case, the recipient unknowingly transferred approximately $250,000 to criminals after tricking them into thinking he was the CEO of the company’s parent company. Deepfakes are used to trick people into buying products, and the FBI is now investigating how criminals can use deepfakes to create online “employees” who can work remotely to gain access to corporate information. are warning companies that they are taking positions in
This is a new security challenge. Also, given how much of our video and audio exists online, thanks to social media and YouTube, scammers use readily available tools to tell us we’re not. It’s not hard to convince people that you’re talking to someone who is, isn’t, or isn’t. It doesn’t actually exist. Big tech companies like Microsoft and Google are developing tools to detect these threats, and federal legislation is in the works to limit the damage. But these steps can only be done so far. So how can you protect your business from this growing danger?
training. and control.
Human error remains the most common reason for security breaches (deepfakes or otherwise). Bank managers, CEOs and HR personnel who were duped by fake remote employees could have avoided these mistakes if they were savvy at recognizing deepfake scams.
Many of my clients now invest in additional training tools such as KnowBe4 and Phishingbox to continuously test their employees’ awareness of potential hazards. Some companies pay IT professionals to keep their staff up to date with quarterly refresh sessions. Training is your first line of defense against these threats.
However, training does not completely protect against deepfake technology. As such, having strong internal controls is more important than ever. Ensuring there are multiple layers of authorization required for critical transactions should be a requirement for any business, regardless of size. Owners and senior management should not be tempted to override these policies. Doing so may result in accidental fraudulent transactions.
As with all security threats (spam, viruses, malware, and now deepfakes), new technologies will emerge to help minimize their impact. But as ever, we cannot rely on these technologies to fully protect us. As business owners and managers, we must hold ourselves and our employees accountable for their actions by striving to better understand and be aware of these threats. this is not a movie. It’s real life.