{"id":300,"date":"2024-09-19T10:00:00","date_gmt":"2024-09-19T10:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=300"},"modified":"2024-09-19T10:00:00","modified_gmt":"2024-09-19T10:00:00","slug":"deepfakes-break-through-as-business-threat","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=300","title":{"rendered":"Deepfakes break through as business threat"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Deepfakes targeting enterprise financial data used to be a hypothetical concern, but that\u2019s no longer the case, as criminal deepfakers now target more than a quarter of all companies, according to a recent survey.<\/p>\n

About 15% of executives say cybercriminals have targeted their companies\u2019 financial or accounting data using deepfakes<\/a> at least once in the past year, while another 11% say they\u2019ve seen multiple deepfake scams. Deloitte conducted the survey of more than 1,100 company executives during a May webinar<\/a> about trusting generative AI.<\/p>\n

About half of the remaining executives in the survey either don\u2019t know whether their organizations have been targeted by deepfake scams or say the question isn\u2019t applicable.<\/p>\n

The number of targeted organizations may even be under-reported, with deepfake scams focused on financial data<\/a> still relatively new, says Michael Bondar, global enterprise trust leader and principal at Deloitte Transactions and Business Analytics.<\/p>\n

\u201cWe\u2019re talking about an entirely new realm of possibilities,\u201d he says. \u201cWhen these incidents occur, organizations are not likely to be very loud and verbose about this.\u201d<\/p>\n

More deepfakes expected<\/h2>\n

More than half of those surveyed expect the number of deepfake<\/a> financial scams to increase in the coming year. To fight deepfake scams, executives say their companies are communicating with employees, offering training, creating new policies, or deploying new technologies.<\/p>\n

But about 10% say their companies are doing nothing, and nearly a third of executives surveyed say they don\u2019t know what their companies are doing or believe the question isn\u2019t applicable.<\/p>\n

Deepfaked voice calls are becoming more common, but deepfaked videoconferencing<\/a> is happening as well, says Mike Weil, digital forensics leader and managing director at Deloitte Financial Advisory Services. When an employee hears a CFO\u2019s voice, or sees a CEO on a video call, most are wired to follow instructions, without questioning the request, he notes.<\/p>\n

\u201cThis takes social engineering to the next level,\u201d he says. \u201cYou\u2019re talking to that individual, and they also have a lot of knowledge that you would think is unique to that person. They\u2019re able to interact with you in a way that sounds legitimate.\u201d<\/p>\n

At the same time, criminals will increasingly do extensive research on an organization to sound legitimate when they deepfake voice or video calls, Weil adds.<\/p>\n

\u201cWe\u2019re talking about highly coordinated and sophisticated attacks, where there\u2019s a whole intelligence operation to understand your organization or a client,\u201d he says. \u201cThese aren\u2019t random attacks. These are looking for weaknesses within the organization, and it\u2019s a recipe for a lot of money to leave an organization.\u201d<\/p>\n

Defense in depth<\/h2>\n

The defense against deepfake attacks is multilayered, say Bondar and Weil. Employee education and training are important, as is ensuring executive leadership precisely follow internal processes for activities such as transferring large amounts of money. In addition, organizations should run internal fire drills to check how employees may fall for deepfake scams, they suggest.<\/p>\n

Finally, some vendors are using AI to spot AI-generated deepfakes. \u201cThis is really a bit of an arms race,\u201d Bondar says. \u201cIt\u2019s an emerging space for companies that are trying to provide technology needed to protect organizations, but of course, on the other side, malicious actors are also working feverishly to make themselves even more effective in their nefarious agendas.\u201d<\/p>\n

The survey results don\u2019t surprise Kevin Surace, chairman and CTO, Appvance, provider of AI-powered software testing tools. Deepfake scams are on the rise, but few executives want to talk about it, he says.<\/p>\n

Deepfake voice messages are becoming common, he adds. \u201cAnyone today can create this with no skills,\u201d he says.<\/p>\n

Interactive deepfake voice calls and fake participants on video calls require more technical knowledge, but they are also happening, he says.<\/p>\n

\u201cAll three [methods] are on the rise and will reach epic proportions by end of 2025 as the tools to generate them get far easier to access,\u201d Surace says.<\/p>\n

The problem may be bigger than the Deloitte survey shows, says Nicos Vekiarides, CEO of Attestiv, provider of deepfakes detection technology. A recent survey<\/a> by Medius, a provider of AI tools for finance professionals, found that over half of its audience in the US and UK have been targeted by deepfake scams.<\/p>\n

\u201cWhile deepfakes have become ubiquitous in the political and social media scene over the past few months, they have started to take on a far costlier toll in the financial fraud arena,\u201d he says. \u201cThrough deepfakes, identity theft and wire fraud have taken a new turn and can victimize any company or any individual.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Deepfakes targeting enterprise financial data used to be a hypothetical concern, but that\u2019s no longer the case, as criminal deepfakers now target more than a quarter of all companies, according to a recent survey. About 15% of executives say cybercriminals have targeted their companies\u2019 financial or accounting data using deepfakes at least once in the […]<\/p>\n","protected":false},"author":0,"featured_media":301,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-300","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/300"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=300"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/300\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/301"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}