Is that really Tom Cruise going to fight an alligator? Keanu Reeves dancing like no one is watching? Or is Robert Pattinson getting shade from the cat? No – it’s a deep lie.
Deepfake technology is an advanced artificial intelligence that replaces real video and audio with images and audio created from other sources. While it may seem like harmless fun on TikTok, it’s also becoming a major security risk for businesses of all sizes.
A report released from cloud services firm VMware suggests that deep spoofing attacks are on the rise.
Rick McElroy, chief cybersecurity strategist at VMware, said: “Cybercriminals are now incorporating deep falsification into their attack methods to evade security controls. “Two out of three respondents in our report considered malicious deep phishing as part of an attack, a 13 percent increase from last year, with email as the primary delivery method.”
According to McElroy, their new goal is to use deep spoofing technology to compromise organizations and locate them. why? By tricking employees into thinking they are dealing with real people.
This is what happened to a bank manager in Hong Kong who received a fake call from a bank director asking for a transfer. The impressions were so good that the manager ended up handing over $35 million, and I never saw him again. A similar incident occurred at an energy company in the UK, where the receiver pretended to be the CEO of the company’s parent company and transferred nearly $250,000 to criminals. Deepfakes are being used to trick people into buying products, and the FBI is now warning businesses that criminals are using deepfakes to create online “staff” for remote workplaces to access corporate information.
It’s the new security challenge. And given how much video and audio we have online thanks to social media and YouTube, it’s not hard to use readily available tools to get people to believe what we don’t say and do — or talk to people who don’t. Actually there is. Big tech companies like Microsoft and Google are developing tools to detect these threats, and federal law is trying to limit the damage. But these steps can only go so far. So how do we protect our businesses from this growing threat?
Training. and controls.
The most common cause of security breaches – profound or otherwise – remains human error. The bank manager, CEO, every HR person who has been duped by the fake remote worker could have avoided these mistakes if they had better knowledge to spot deep fake scams.
Today, many of my clients invest more in training tools like KnowBe4 or Phishingbox to test their employees’ potential risk awareness. Others pay IT professionals to update their employees on a quarterly basis. The best line of defense against these threats is training.
But training cannot completely protect us from deep technologies. That’s why having strong internal controls is more important than ever. Ensuring that multiple layers of authentication are in place for significant transactions should be a requirement for any business, regardless of size. Owners and senior managers should not attempt to override these policies, as doing so opens the door to unauthorized transactions by mistake.
As with all security threats – spam, viruses, malware and now deep phishing – there will be new technologies to help reduce their impact. But, as always, we can’t completely rely on these technologies to protect us. As business owners and managers, we must strive to better understand and acknowledge these risks and take responsibility for the actions of ourselves and our employees. This is not a movie. It’s real life.