The Rising Threat Of Deepfakes

Uploaded on 2024-06-27 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

AI is evolving rapidly, with ChatGPT highlighting yet another example of the technology's vast potential. 

Keeping a pulse on AI's advancement has never been more important for security professionals. In the words of the UK government, AI has the potential to "increase risks to safety and security by enhancing threat actor capabilities and increasing the effectiveness of attacks." 

We continue to see how financially motivated cyber-criminals and nation-state actors are working to exploit weaknesses in cybersecurity frameworks, refining their techniques to trick their targets into giving up sensitive information such as login credentials or financial details.

As AI advances, these efforts become increasingly sophisticated. Today, cyber attackers readily leverage novel tools to create highly realistic deepfake images, audio, and video, posing a growing threat.

During the UK general election campaign, we've seen high-profile politicians like Wes Streeting and Nigel Farage being targeted by deepfake attacks. However, these technologies aren't just being weaponised in a political context. Equally, they are also being used against businesses.

In 2020, one threat actor managed to steal $35 million by using AI to replicate a company director's voice and deceive a bank manager. Similarly, in January 2024, a finance employee at British engineering firm Arup fell victim to a $25 million scam after a video call with a 'deepfake chief financial officer'.

From the spread of misinformation to financially motivated attacks, deepfakes have become an increasingly prominent threat in bad actors' arsenals. In fact, one report indicates that there was a staggering 3000% increase in deepfake fraud attempts between 2022 and 2023. Prompted by this rising tide, ISMS.online conducted a survey to assess the current impact of deepfakes on UK organisations. 

Here, the 'State of Information Security' report reveals alarming trends. Critically, nearly a third (32%) of UK businesses reported experiencing a deepfake security incident in the past year, making it the country's second most common type of information security breach.

The statistics speak for themselves: deepfakes are no longer a theoretical threat but a present-day reality that enterprises must confront.

AI In Cyberattacks Must Be Met With AI In Cybersecurity

Currently, threat actors use deepfakes most commonly in business email compromise (BEC) style attacks, where AI-powered voice and video cloning technology deceives recipients into executing corporate fund transfers. Other potential uses include information or credential theft, causing reputational harm, or circumventing facial and voice recognition authentication.

Regardless of the specific technique or intended outcomes, the consequences for organisations can be severe, leading to substantial data loss, service disruptions, and significant financial and reputational harm.

Organisations must take proactive steps to mitigate the threat of deepfakes, strengthening their cybersecurity frameworks with cutting-edge technologies. 

It's essential to recognise that AI isn't exclusive to threat actors. Equally, organisations can and should leverage it to their own advantage, building more robust defences while unlocking efficiency gains, accuracy improvements, enhanced security insights, and several other benefits.

Encouragingly, companies clearly recognise the potential of advanced technologies in security applications. According to ISMS.online's State of Information Security report, 72% of UK respondents believe AI and machine learning are improving information security, with six in ten planning to increase investment in such applications in the next 12 months.

Of course, the challenge of turning intent into action remains a gap that must be bridged with thorough and effective guidance.

Typically, we advise that companies should seek to embrace critical standards. ISO 42001, for example, can be used as a central guiding principle given that it deals with AI and is specifically designed to help organisations leverage and use AI within their businesses safely and sustainably ensuring compliance with all necessary data security, information security and ethical requirements. 

Of course, this is easier said than done. For organisations struggling to know where to start, it may make sense to leverage software platforms that can provide essential guidance for implementing standards like ISO 42001, significantly accelerating secure adoption of AI, necessary information and data security improvements and transformations. 

Every organisation's unique skillset, context, and requirements will differ, yet the goal across all enterprises must be the same.

By proactively aligning with modern security guidance and embracing relevant technologies, firms can position themselves against evolving threats, providing assurances to partners, customers, and regulators whilst setting themselves up for future-proofed operations and financial success. 

Sam Peters Is Chief product officer at ISMS.online

Image: Zinkevych

You MIght Also Read: 

The Psychology Of GenAI Manipulation:

DIRECTORY OF SUPPLIERS - Deepfake & Disinformation Detection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« LockBit Claims It Hacked The US Federal Reserve
Cyber Aftermath From The Airstrike On Syria’s Iranian Consulate »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

ECS

ECS

ECS is a leading information technology provider delivering cloud, cybersecurity, software development, IT modernization, and advanced science and engineering services.

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

GreenWorld Technologies

GreenWorld Technologies

GreenWorld has a proven track record in industry leading IT asset management, secure data destruction and remarketing.

ProWriters

ProWriters

As a leading cyber insurance company, ProWriters offers flexible Cyber Liability Insurance coverage designed to cover privacy, data, and network exposures.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

QuoLab

QuoLab

QuoLab empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem.

Qohash

Qohash

With a focus on data security, Qohash supports security, compliance and optimization use cases enhancing your risk management process.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

L&T Technology Services (LTTS)

L&T Technology Services (LTTS)

L&T Technology Services Limited (LTTS) is a global leader in Engineering and R&D (ER&D) services.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.

CardinalOps

CardinalOps

The CardinalOps platform continuously assesses your detection posture and eliminates coverage gaps in your existing detection stack so you can easily implement a threat-informed defense.

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike is a company based in Tirana that offers full service in the field of cyber and physical security.

Netcom Training

Netcom Training

Netcom Training are a dynamic and forward-thinking training provider, passionate about creating change within the IT, tech and digital industries.