"Deepfake" sounds like something out of science fiction, but the threat is real, and not just in politics. Deepfakes—synthetic media in which a person in a video is replaced with someone else's likeness—are evolving fast and becoming an increasing threat to businesses, and one that's hard to counter.
These convincingly doctored image (and audio) files have the power to ruin your business overnight. The problem is most businesses have no idea how to fight against them.
But businesses don't have to feel powerless. Here's what you need to know about thwarting deepfakes.
The quick rise of deepfakes
Deepfakes aren't new, but they haven't been seen as a real threat until recently. Thanks to advanced machine learning and artificial intelligence, cybercriminals are able to create convincing fake audio and video. Imagine getting a phone call that sounds convincingly like it is from the CEO, but the person asking for financial account details is just a hacker using a computer to trick you.
These targeted threats have already been proved to pay off. As anyone in cybersecurity knows, once hackers figure out that something works, they fine-tune the strategy to profit off of it even more.
Between December 2018 and October 2019, deepfake videos online had risen by 84%. Of course, that's just the ones experts could find. While most are adult content, think about the damage a compromising video could do to your business.
While Symantec hasn't released names, the company has already seen three successful deepfaked audio scams that tricked three CFOs out of substantial funds. Forrester even predicts that deepfake scams will cost businesses $250 million in 2020.
In one instance, a chief executive at a UK energy company wired $220,000 to a supposed Hungarian supplier because he thought his boss was instructing him to do so. He stated the voice sounded exactly like his boss, even down to how he would punctuate certain sounds and words.
Top threats to businesses
While businesses are still trying to deal with sophisticated email phishing scams, deepfakes are quickly becoming a more difficult issue to combat. Widespread deepfakes might not be the norm right now, but they will become a favorite tool for many hackers who have the equipment and patience to make this strategy work for them.
Deepfakes pose numerous financial threats to businesses, with the main tricks being:
Posing as clients or suppliers asking for payment
Posing as supervisors and business owners asking for fund transfers or sensitive information
Posing as IT administrators to gain access to company accounts
Using fake blackmail audio and video for extortion
Using fake pictures, video, and audio on social media for smear campaigns
How to protect your business
While your organization's chief information security officer, CIO, or security team may already be aware of the threat, protecting your business is easier said than done. Many of the current solutions, such as Deeptrace or Cogito, are costly, which makes it difficult for small- to medium-size businesses to afford them.
However, there are a few methods to protect against deepfakes today:
Educate employees about deepfakes and ask them to report anything that seems odd.
Establish a two-step communication policy, such as verifying phone calls by email and vice versa. You should make sure employees respond only to previously known email addresses or phone numbers, not ones provided in the email or told over the phone.
Strengthen security measures overall so cybercriminals can't gain access to company data as easily. Some hackers use this data to create more convincing deepfakes.
Create a policy that requires a second employee to verify any fund transfers. It may take a few minutes longer, but it's a process that could save a business thousands.
Deepfakes are an emerging threat, but they're a real threat you can't ignore. Start making preparations today to ensure your business doesn't become the next victim.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.