Deepfakes: the new enterprise cyberthreat vector?

deepfake fraud threat image

By now, you may have seen examples of how deepfake videos can distort the messages of influencers, politicians, and actors. Perhaps the deepfake of Mark Zuckerberg, the cheap fake of Nancy Pelosi, or the admission of a top deepfake artist that he has created a monster has cemented the notion that deepfakes can pose more than just a nuisance. Not only have altered videos become more realistic, but they are also becoming easier to create.

Lest you think deepfakes are a problem limited to social media, consider that they are making a path into the enterprise. A worrisome recent example was an AI-generated voice, which matched that of the CEO of an energy company and was used to defraud the company of nearly $250,000. Was this a one-off occurrence, or the start of a more devious form of phishing?

Enterprise reliance on digital photos, videos, and audio is rising. This opens a new fraud attack vector: deepfakes.

What can be done to try to head this off? Efforts to outlaw deepfakes are effective as a deterrent, but they do not prevent access to the technology behind deepfakes. When it comes to deepfake generation software, the proverbial “cat has been let out of the bag.”

What should a CIO or CISO do?

From the perspective of CIOs and CISOs, it is worth examining trends that increase reliance on photos and videos. While such initiatives offer operational advancements and cost-savings, they also increase susceptibility to deepfakes. The risk is high, particularly if there is no means in place to trace authenticity of the media.

In industries such as insurance, transformational trends of interest include:

  • Self-service data gathering: What was once the realm of a trusted employee or 3rd party, has moved into the hands of consumers. Why send out an inspector if clients can capture the same quality of digital photo and video in a first notice of loss? Many insurance companies are capitalizing on this digital transformation. They allow insured customers to inspect their own home and assets, or file claims digitally. This saves the time and cost of sending an inspector or adjuster.
  • Autonomous data gathering: It’s no secret drones can save time and costs in surveying sites. Think about appraising roof damage after a major hurricane. Dozens, or even hundreds of homes in an area might have suffered damage. Why not enlist a local drone operator to retrieve photos and videos? Many insurance companies have started  using drone technology for this purpose.
  • Gig economies: The trend that enabled the Ubers and Lyfts of the world is spreading to other industries. When performing remote work, why not employ people who are local and can be leveraged without additional travel, and perhaps at a more economical part-time rate? In fact, the gig economy trend in insurance is gaining momentum.

Authenticating digital media

A common thread among these trends is that data is being provided to organizations by a new set of outside parties. They are end clients, 3rd-party device operators, or gig workers who are local to where the data is gathered. While the efficiency and scale benefits can be enormous, organizations are trading off a level of trust afforded by directly-controlled employees. Without adding a process to ensure traceability of the data gathered, organizations may increase the risk of fake or altered data.

These trends are unlikely to vanish any time soon. CIOs ought to take a serious look at how to mitigate the risk of deepfakes entering their digital workflows. If the threat is ignored, deepfakes can multiply exposure to fraud, and negatively impact the bottom line.

CIOs should consider a systemic approach that ensures photos and videos are authentic and untampered from the point of creation. Media authenticity solutions have begun to hit the market. They integrate into existing digital workflows and securely enable self-service, autonomous, and gig economies, by mitigating undue risk associated with deepfakes.

Key elements of media authenticity solutions include:

  • Fingerprinting digital assets at the time of creation.
  • Validating fingerprints using a virtually immutable distributed ledger.
  • Enabling sharing and trust across organizations using tamper-resistant media.
  • AI and heuristics to detect media anomalies, weed out fakes, and even identify potential offenders.

These technologies enable organizations to benefit from new digital processes without increasing fraud and security risks.

The verdict

The threat of deepfakes to the enterprise is real and only poised to get worse, thanks to:

  • Improvement and easier accessibility of deepfake generation technology
  • Growing reliance of organizations on media from outside sources to enable operational efficiencies and stay competitive

While this may paint a grim picture, there is a glimmer of hope for those who take action. CIOs who make provisions now, can create a secure digital foundation that is resilient to fake media. And by doing so, they can help their organizations avoid becoming the next victims of deepfake fraud.

Comments are closed.