Evolving technology is providing businesses with a new and exciting range of opportunities to grow, but it also presents risks that can further challenge the ways that a company operates. One emerging and alarming risk comes from the increasing use of “deepfakes” by scammers and hackers who seek to cause reputational harm or benefit financially. Learn more about what deepfakes are, how people create them and some of the risks by reading on.
What are Deepfakes?
Deepfakes are photos, videos or audio created by artificial intelligence, generally designed to imitate a person. Some deepfakes use a human model and then project the face of another onto them, whereas others create images from scratch without any “base” or projection. The faces used are not necessarily those of a celebrity or famous person, but anyone that there are enough images of.
How are Deepfakes Created?
The first step in the process of deepfake creation is “training” the program, or supplying it with enough data to get a complete idea of what a person looks like. This involves feeding it thousands of pictures and video frames of the person’s face from a range of different angles. Higher-quality images mean that the deepfake will be of higher quality at the end of the process. By training AI in this way it can effectively build a 3D portrait of the person’s face or a “map” of what their head looks like.
The deepfaker then takes a video or image that already exists to put the mapped face over. AI programs go about placing the face over the target, leading to a final product where the face in the base video or image has been replaced with the AI generated mapped face. The results can be extremely realistic.
The Risks Deepfakes Pose
There are several risks posed by the increasing prevalence of deepfakes. Just some of the dangers that deepfakes pose include:
Reputational Harm and Emotional Distress
Businesses and celebrities rely on their reputations which keep them relevant and highly regarded in the mind of their customers or followers. Deepfakes have massive potential to tarnish the reputation of a celebrity or a company by creating false perceptions of their behaviour, including things like completing actions that are outside of their character, such as being offensive,or saying things that breach their contracts. A deepfake in this instance not only leads to financial loss in the short term, but potential loss of business for years to come.
Deepfakes can also cause individuals personal emotional distress. Employees within an organisation who cause the business financial loss by falling victim to a deepfake will likely feel embarrassed and like they have let their team down. Worst still, those who have had their faces imposed on unsavoury images and videos by deepfakers are likely to suffer severe emotional distress.
Financial Loss From Phishing Attacks
Deepfakes offer malicious actors a more sophisticated and potentially successful way to carry out phishing attacks and other similar scams. For example, if someone is looking to access their account at a bank and the bank requires a video of them next to a form of ID to verify who it is, there is a possibility of a deepfake being able to pass the test. Phishing attacks mean that external parties have access to sensitive internal information, which can lead to financial impacts as the infiltrators steal money from companies.
Audio deepfakes have already been used to approve large transactions, whereby an employee unknowingly transfers funds to a cyber criminal because they believe they are being instructed to do so by a superior when in fact, the telephone conversation they are having is with a deepfake recording imitating someone else.
Organisations that are on the wrong side of a deepfake incident can have issues beyond reputation and finance, with their ability to operate being hampered. If someone gains access to a company’s internal systems and servers, they can choose to delete files that are essential for business operations such as master data pertaining to staff members and customers. Preventing this once someone is inside the company’s systems is extremely challenging, as someone that appears to be the right user with all their server permissions will have the ability to change, add and delete documents at will.
How to Protect Against Deepfakes
Protecting yourself against the generation of deepfakes is incredibly difficult due to the openness of data, so most protections come from identifying deepfakes and creating responses that limit the damage of the technology. One of the first things to do is introduce complex verification for processes that require it such as financial transfers.
Live deepfakes are incredibly difficult and tend to be more glitchy than those prepared in advance, so consider using live video calls with spur-of-the-moment questions to avoid people using deepfakes that they created prior to contacting a business to gain access.
Greater degrees of cybersecurity are also a must. By combining tools such as facial recognition with multi-factor authentication, you introduce another hurdle for the scammer to try to breach before accessing any systems. You can learn more about cybersecurity in our informative article Cybersecurity and Cybercrime Explained.
Access or approvals that require a second device are ideal such as sending an SMS message to verify that the person is legitimate, because the likelihood of the scammer having access to their phone in addition to running a deepfake is lower than them simply creating a deepfake of the person that they are imitating.
Combine this with an attempt to train staff more to look for common inconsistencies in deepfakes, such as lighting inconsistencies.
Protect Against Deepfakes
Regardless of your personal circumstances, deepfakes are becoming simpler and simpler to use, with everything from Snapchat filters to full-blown cinema productions using the technology. By being prepared as far in advance as possible you increase your chances of limiting the damage that deepfakes cause you and your business in the years to come, rather than trying to scramble to catch up when cyber criminals are already ahead.
Why Choose Eventura for a Cybersecurity Audit?
With over 20 years experience in cybersecurity, we know our stuff. Our team of cybersecurity experts and complete a full audit of your business and identify any areas of weakness, which could leave you vulnerable to cyberattacks.
We were even mentioned in the Governments National Cyber Security Centre (NCSC) Annual Review 2020 when we were chosen to test their “Exercise in a Box” designed to help small businesses prepare and respond to cyberthreats. You can read the article here.
There is a common misconception that cyberattacks don’t happen to SMEs but this couldn’t be further from the truth. With our expert knowledge, we can help you protect your business’s future from the ever increasing threat of cybercriminals.
If you would like to speak to one of our cybersecurity experts or request a cybersecurity audit, you can request a free call back here.