Is Tom Cruise really about to fight an alligator? Keanu Reeves dances like nobody’s watching? Or Robert Pattinson in the shadow of his cat? No, it’s a deepfake.
Deepfake technology is an advanced artificial intelligence that replaces real video and audio with artificially created video and audio from other sources. While this may seem like harmless fun on TikTok, it also becomes a huge security risk for businesses of all sizes.
According to a recent report from cloud services company VMware, deepfake attacks are on the rise.
“Cybercriminals are now incorporating deepfakes into their attack methods to evade security checks,” said Rick McElroy, senior cybersecurity strategist at VMware. “Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13% increase over last year, with email being the primary method of delivery.”
According to McElroy, their new goal is to use deepfake technology to compromise organizations and gain access to their environment. How? By making employees believe they are dealing with real people.
This is what happened to a bank manager in Hong Kong, who received fake calls from a bank manager asking for a transfer. The impressions were so good that the manager eventually transferred $35 million and never saw them again. A similar incident occurred at a UK-based energy company where an unwitting employee wired approximately $250,000 to criminals after being tricked into thinking the recipient was the CEO of the company’s parent company. Deepfakes are used to trick people into buying products and the FBI is now warning companies that criminals are using deepfakes to create online “employees” for remote workstations to access company information. the company.
This is the new security challenge. And with the amount of video and audio of us online through social media and YouTube, it’s not hard for a scammer to use readily available tools to trick people into thinking we say and do things we don’t do – or talk to people who don’t. t actually exists. Big tech companies like Microsoft and Google have developed tools to detect these threats, and federal legislation is also in the works to try to limit the damage. But these steps can only go so far. So how do we protect our businesses from this growing danger?
Coaching. And checks.
The most common reason for security breaches – deepfakes or otherwise – is still human error. The bank manager, the CEO, the HR person who was duped by the fake remote employee could all have avoided these mistakes if they were better versed in recognizing deep scams.
Many of my clients today invest more in training tools like KnowBe4 or Phishingbox to continuously test their employees’ awareness of potential danger. Others pay IT professionals to keep their staff up to date with quarterly update sessions. Training is the best first line of defense against these threats.
But training will not fully protect us against deepfake technologies. That’s why it’s now more important than ever to have strong internal controls. Ensuring that multiple levels of approval are required for large transactions should be a requirement for any business, regardless of size. Owners and senior managers should not be tempted to override these policies, as this would mistakenly open the door to potentially unauthorized transactions.
Like all security threats – spam, viruses, malware and now deepfakes – there will be new technologies to help minimize their impact. But, as always, we cannot rely on these technologies to fully protect us. As business owners and managers, we must take responsibility for our actions and those of our employees by making the effort to better understand and recognize these threats. This is not a movie. It’s real life.