Deepfakes: the new enterprise cyberthreat vector?

By now, you may have seen examples of how deepfake videos can distort the messages of influencers, politicians, and actors. Perhaps the deepfake of Mark Zuckerberg, the cheap fake of Nancy Pelosi, or the admission of a top deepfake artist that he has created a monster has cemented the notion that deepfakes can pose more than just a nuisance. Not only have altered videos become more realistic, but they are also becoming easier to create.

Lest you think deepfakes are a problem limited to social media, consider that they are making a path into the enterprise. A worrisome recent example was an AI-generated voice, which matched that of the CEO of an energy company and was used to defraud the company of nearly $250,000. Was this a one-off occurrence, or the start of a more devious form of phishing?

Enterprise reliance on digital photos, videos, and audio is rising. This opens a new fraud attack vector: deepfakes.

What can be done to try to head this off? Efforts to outlaw deepfakes are effective as a deterrent, but they do not prevent access to the technology behind deepfakes. When it comes to deepfake generation software, the proverbial “cat has been let out of the bag.”

What should a CIO or CISO do?

From the perspective of CIOs and CISOs, it is worth examining trends that increase reliance on photos and videos. While such initiatives offer operational advancements and cost-savings, they also increase susceptibility to deepfakes. The risk is high, particularly if there is no means in place to trace authenticity of the media.

In industries such as insurance, transformational trends of interest include:

  • Self-service data gathering: What was once the realm of a trusted employee or 3rd party, has moved into the hands of consumers. Why send out an inspector if clients can capture the same quality of digital photo and video in a first notice of loss? Many insurance companies are capitalizing on this digital transformation. They allow insured customers to inspect their own home and assets, or file claims digitally. This saves the time and cost of sending an inspector or adjuster.
  • Autonomous data gathering: It’s no secret drones can save time and costs in surveying sites. Think about appraising roof damage after a major hurricane. Dozens, or even hundreds of homes in an area might have suffered damage. Why not enlist a local drone operator to retrieve photos and videos? Many insurance companies have started  using drone technology for this purpose.
  • Gig economies: The trend that enabled the Ubers and Lyfts of the world is spreading to other industries. When performing remote work, why not employ people who are local and can be leveraged without additional travel, and perhaps at a more economical part-time rate? In fact, the gig economy trend in insurance is gaining momentum.

Authenticating digital media

A common thread among these trends is that data is being provided to organizations by a new set of outside parties. They are end clients, 3rd-party device operators, or gig workers who are local to where the data is gathered. While the efficiency and scale benefits can be enormous, organizations are trading off a level of trust afforded by directly-controlled employees. Without adding a process to ensure traceability of the data gathered, organizations may increase the risk of fake or altered data.

These trends are unlikely to vanish any time soon. CIOs ought to take a serious look at how to mitigate the risk of deepfakes entering their digital workflows. If the threat is ignored, deepfakes can multiply exposure to fraud, and negatively impact the bottom line.

CIOs should consider a systemic approach that ensures photos and videos are authentic and untampered from the point of creation. Media authenticity solutions have begun to hit the market. They integrate into existing digital workflows and securely enable self-service, autonomous, and gig economies, by mitigating undue risk associated with deepfakes.

Key elements of media authenticity solutions include:

  • Fingerprinting digital assets at the time of creation.
  • Validating fingerprints using a virtually immutable distributed ledger.
  • Enabling sharing and trust across organizations using tamper-resistant media.
  • AI and heuristics to detect media anomalies, weed out fakes, and even identify potential offenders.

These technologies enable organizations to benefit from new digital processes without increasing fraud and security risks.

The verdict

The threat of deepfakes to the enterprise is real and only poised to get worse, thanks to:

  • Improvement and easier accessibility of deepfake generation technology
  • Growing reliance of organizations on media from outside sources to enable operational efficiencies and stay competitive

While this may paint a grim picture, there is a glimmer of hope for those who take action. CIOs who make provisions now, can create a secure digital foundation that is resilient to fake media. And by doing so, they can help their organizations avoid becoming the next victims of deepfake fraud.

Picture of Nicos Vekiarides

Nicos Vekiarides

Recent News

About Us

Attestiv provides authenticity and validation for digital photos, videos and documents using patented tamper-proofing blockchain technology and AI analysis. 

Deepfakes and Claims Automation

Deepfakes: An Insurance Industry Threat

Sign up for our Newsletter
Nicos Vekiarides

Nicos Vekiarides

Nicos Vekiarides is the Chief Executive Officer & co-founder of Attestiv. He has spent the past 20+ years in enterprise IT and cloud, as a CEO & entrepreneur, bringing innovative new technologies to market. His previous startup, TwinStrata, an innovative cloud storage company where he pioneered cloud-integrated storage for the enterprise, was acquired by EMC in 2014. Before that, he brought to market the industry’s first storage virtualization appliance for StorageApps, a company later acquired by HP.

Nicos holds 6 technology patents in storage, networking and cloud technology and has published numerous articles on new technologies. Nicos is a partner at Mentors Fund, an early-stage venture fund, a mentor at Founder Institute Boston, where he coaches first-time entrepreneurs, and an advisor to several companies. Nicos holds degrees from MIT and Carnegie Mellon University.

Mark Morley

Mark Morley is the Chief Operating Officer of Attestiv.

He received his formative Data Integrity training at Deloitte. Served as the CFO of Iomega (NYSE), the international manufacturer of Zip storage devices, at the time,  the second fastest-growing public company in the U.S.. He served as the CFO of Encore Computer (NASDAQ) as it grew from Revenue of $2 million to over $200 million. During “Desert Storm”, Mark was required to hold the highest U.S. and NATO clearances.

Mark authored a seminal article on Data Integrity online (Wall Street Journal Online). Additionally, he served as EVP, General Counsel and CFO at Digital Guardian, a high-growth cybersecurity company.

Earlier in his career, he worked at an independent insurance agency, Amica as a claims representative, and was the CEO of the captive insurance subsidiary of a NYSE company.

He obtained Bachelor (Economics) and Doctor of Law degrees from Boston College and is a graduate of Harvard Business School.