In an era where digital manipulation is predominant, the rise of deepfake technology has created a new frontier of deception. Deepfakes blur the lines between reality and fiction with unprecedented precision, using highly realistic images, videos, and audio replicas.

While these creations have potential for entertainment and artistic expression, they also pose a threat to corporate security and the social sphere. Deepfakes can trigger waves of fraud and undermine the fabric of organizational and interpersonal trust. Let’s explore what deepfakes are and how to defend against them.

What is a deepfake?

The term deepfake refers to a form of multimedia content generated by artificial intelligence: specifically, the creation of graphic and audiovisual content using deep learning functionalities.
Although this technology was developed for creative and non-malicious use, it can also be misused for social engineering attacks .

As Andrea Saturnino, Cyber Security Specialist at HWG Sababa, states, “Deep learning algorithms use neural networks to simulate the functioning of a human mind by processing a massive amount of data but at much higher speeds.”.

These algorithms for creating deepfakes can generate and manipulate audio and video content, altering a person’s appearance and movements to create realistic but entirely fabricated material. What characterizes deepfakes is their ability to replicate mannerisms, facial expressions, and speech patterns with surprising accuracy, making it increasingly difficult to distinguish between reality and simulation.

Between 2022 and 2023, deepfakes increased tenfold globally; Europe saw a 780% increase, while the Middle East and Africa (MEA) region experienced a 450% surge. Although an increase in deepfake attacks has been observed across all sectors, the most affected include online media, professional services, healthcare, transportation, and video games.

Why are deepfakes dangerous?

Deepfakes represent much more than a technological novelty; they are, in fact, powerful weapons in the arsenal of cybercriminals and malicious actors. Exploiting their capacity to appear authentic, deepfakes have become a tool for conducting fraud and social engineering attacks in the corporate landscape. Let’s consider some scenarios.

CEO Fraud: A particularly deceptive deepfake might involve a video impersonating a company’s CEO or CFO, interacting with employees and requesting the transfer of funds to a fraudulent account disguised as a legitimate business transaction.

Phishing Attack: Deepfakes can be embedded in phishing emails, leading unsuspecting employees to share sensitive information or click on dangerous links. “As implausible as it may seem, a Hong Kong company lost 23 million euros due to this in early April,” comments Andrea Saturnino.

Impersonation: Malicious actors can use deepfakes to impersonate key figures within an organization, such as human resources or IT support staff, and exploit trust to gain unauthorized access to systems or sensitive data.

How to recognize deepfakes?

Identifying deepfakes in the sea of digital content requires a keen eye and a healthy dose of skepticism. We can look for telltale signs such as visual anomalies, unnatural behaviors, or discrepancies in speech patterns and audio quality. Contextual clues and verification from reliable sources can also serve as valuable tools for discerning the authenticity of content.

However, aware of the possibility of encountering a deepfake, companies cannot rely solely on people’s ability to recognize them. According to the “Fooled Twice” study by N. C. Köbis, B. Doležalová, and I. Soraperra, users can distinguish authentic content from deepfakes with an accuracy rate 57,6%. The situation worsens when people tend to be overconfident in their ability to recognize real from fake content.

How can companies protect themselves?

According to a study conducted by the American consulting multinational McKinsey, 40% of companies plan to increase investments in artificial intelligence and cybersecurity, while 28% are already integrating them into their upcoming business strategies.

As the threat landscape evolves, companies are therefore forced to strengthen their defenses against such threats.

Here are some strategies to improve corporate security posture:
• Verification Procedures: Establish strict protocols to verify the authenticity of requests and communications, particularly those involving sensitive information or high-risk actions. Encourage employees to use various channels for verification and to exercise caution when dealing with unfamiliar or suspicious content.
• Updating Security Policies: Review and enhance existing security policies and procedures to address the new challenges posed by deepfakes. Incorporate guidelines for handling synthetic multimedia files, apply access controls, and respond to suspected fraud or social engineering incidents.
• Employee Training: Invest in comprehensive training programs to raise awareness of cybersecurity and educate employees on the risks associated with deepfakes and related countermeasures. The goal is to promote a culture of vigilance and responsibility within the organization, ensuring that employees can act as the first line of defense against attacks.

In conclusion, companies today face the complexities of a rapidly evolving digital landscape. Therefore, it is essential that they provide their employees with the knowledge and tools to use generative artificial intelligence responsibly and defend against its potential misuse.