Three essential steps for organizations to protect themselves against deepfakes
Our identity is facing an unprecedented threat. While AI has the potential to be a force for good, in the hands of nefarious actors it can have the opposite effect, exacerbating these dangers. These threats include deepfakes: synthetic media used to impersonate real individuals. Over the past year, these fraudulent impersonations have increased dramatically and are targeting individuals on various platforms. As deepfakes become more convincing, cybercriminals are finding new ways to exploit them, posing serious risks to personal and organizational security.
Although deepfakes have been circulating online since 2017, their impact has recently escalated. Initially used to impersonate celebrities and public figures, deepfakes have now become more personalized and target senior executives in virtually every sector – from retail to healthcare. One notable case involved a finance worker who was duped into transferring an astonishing £20 million to fraudsters who used a deepfake video to pose as the company’s chief financial officer.
What compounds the problem is the need for more awareness among the general public. A recent Ofcom survey found that less than half of UK residents are aware of deepfakes, making these attacks more likely to succeed. Equally worrying is that, according to KPMG, 80% of business leaders believe deepfakes pose a significant risk to their operations, while only 29% have implemented measures to counter them.
The first step in tackling the deepfake cybersecurity challenge is to increase awareness and adopt proactive strategies to combat the threat. But where should organizations start? Let’s dig deeper and look at three solutions organizations can take to avoid being caught by deepfakes.
Senior director of product management at Ping Identity.
A dual approach: the importance of passive and active identity verification
To effectively counter deepfakes, organizations must take a multi-faceted approach to identity management and authentication. While biometric authentication methods such as fingerprints or facial recognition are robust, more than one authentication method is needed to protect against today’s sophisticated cybercriminals. Multiple layers of authentication are needed to protect against these threats without compromising the user experience.
This is where passive authentication, especially passive identity threat detection, becomes crucial. In addition to active authentication methods (such as user-initiated verifications), passive identity threat detection works behind the scenes, focusing primarily on identifying potential risks. This technology can activate alternative authentication methods, such as a push notification to confirm location or device usage when suspicious login attempts or behavior are detected. Rather than overwhelming users with additional authentication steps, passive identity threat detection alerts both the user and the organization to potential fraudulent activity, preventing it before it escalates.
Navigating a “trust nothing” era: The shift from implicit to explicit trust in identity verification
The concept of implicit trust – where we naturally trust what we see and hear – is diminishing as deepfakes increasingly compromise identity verification. In today’s “trust nothing, verify everything” era, explicit trust measures such as sending a text message, push notification or other verification of credentials outside of usual communication channels have become essential. While not necessary for every interaction, these additional verifications are critical for sensitive actions such as transferring money or clicking on potentially malicious links, ensuring authenticity in a world where appearances can be deceiving.
Deepfakes are often used to socially manipulate victims, exploiting channels such as voice, images and video through unverified platforms. For example, an employee might receive a Zoom call from someone posing as the CEO, asking to reset a password or make an urgent payment. We have been encouraged by employers to trust our colleagues for years, but this increase in deepfakes is challenging the fabric of workplace culture.
Harnessing AI for Good: Using Emerging Technologies to Combat Deepfakes
Society is at a critical juncture where AI tools can be used for good or evil, with human identity caught in the middle of this technological tug-of-war. As trust erodes and our identities become increasingly at risk, it is imperative that we remain vigilant and proactive in the fight against deepfakes.
While AI contributes to the deepfake problem, it also offers solutions to mitigate it. To reduce the prevalence of deepfakes, organizations must leverage emerging technologies designed to detect these fraudulent mediums. These include image insertion detection, which identifies whether an image has been manually or incorrectly added to a communication, and audio detection tools that determine whether an audio file has been synthetically generated. As AI technology continues to advance, we can expect the development of even more advanced methods for deepfake prevention. In the meantime, however, organizations must leverage existing technologies to stay ahead, just as cybercriminals are doing with AI on the other side of this battle.
As with any cyber threat, the best protection comes from being one step ahead. The better organizations are prepared for potential deepfake attacks, the better they can protect themselves against future threats. By taking a multifaceted approach to identity verification and staying aware of the tactics cybercriminals use, we can protect our identities and maintain trust in a digital world.
We have listed the best network monitoring tools.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro