Is Your Organization Vulnerable to an AI Deepfake Attack?
Webinar Summary:
Today we hosted a webinar and summarized some key points from the Verizon DBIR Report and the Treasury Report.
We’ve digested a couple of the key points here to make them easier to distill. We’ve included our take and added some of our own findings as well.
Our analysis can be summarized into the following:
Deepfake attacks: These are occurring more frequently than we think. Many of the incidents involving Deepfake are not making it into the news. This is due to these being security incidents, and companies are not obliged to divulge publicly. We can confirm we have received reports from numerous companies that have had a “Deepfake Attack” against their user base. Deepfake is more of an immediate threat than we think…Deepfake Audio is a theme we are seeing as being used more often in these types of attacks.
Bad Advice: We are seeing floods of bad advice around Deepfake and how to address it. Examples are: focusing on irregularities, shades in photos, or looking for subtle clues. The problem is Deepfake has matured rapidly and those visual clues may not be there in the very near future. Teaching this behavior creates a false sense of security and it’s actually hurting people more than helping. It creates a false safety net.. that soon may not exist. Instead, we encourage organizations to test users in alignment with business controls and verify if defensive measures work.. This helps organizations understand if they are vulnerable to Deepfake attacks. Focusing on ensuring controls work.. like verification checks, biometrics, detections and KYC etc… Teaching users how to verify information and empowering them with Knowledge is one of the best defenses against Deepfake currently.
Verizon DBIR: Proves that user awareness training is effective. We believe this is one of the best approaches to combating Deepfake for a user base at the moment. User awareness is not a silver bullet, and it will not solve the entire problem. But, it is a great way to quickly fortify your defenses and help create a culture of security. Creating the human firewall and arming your employees with knowledge is key.. Deepfake is a threat that not only impacts the workspace, but also the homefront too… This is why we strongly advocate for awareness training.
Verizon DBIR: AI is “Overhyped” except for Deepfake which is a growing concern. “The report noted that deepfake-related threats seem to be advancing and accelerating, with several reported cases of deepfake-facilitated fraud.” We can confirm this as well.
Verizon DBIR: Employees or the “Human” element contributed to about 70% of breaches last year. The best investment you can make is in your users… Turning you employees into a human firewall against threats. The narrative that humans are your weakest link is incorrect. They are your greatest asset, but are most vulnerable on their phones where there are very few security tools or protections in place. This leaves employees especially vulnerable to Deepfake audio as the preferred attack method for mobile phones.
Verizon DBIR: The MOVEit vulnerability was widely exploited last year… it was a prime target and was the reason behind the surge of Ransomware attacks. But, system intrusion, while being the top attack vector, is actually trending downwards.. had the MOVEit vulnerability not existed we would have seen a sharper curve. The threats that we believe need to be watched this year are actually Miscellaneous Errors and Social Engineering. These are both human factors and trending upwards… Remember, the Verizon DBIR is past year and there are lagging indicators.
Treasury Report: Level up your defenses for detection of Deepfakes.. especially financial services. We test these defenses to ensure that the correct preventative measures are in place and working using Deepfake simulations.
Treasury Report: Invest in human knowledge and expertise in AI based technology. We also help test and educate users against AI based threats for Social Engineering.
We’ve taken a very unique approach to addressing these threats: We combine Simulations, Testing, User Awareness, Vulnerability Assessment and Risk Assessments into one approach. We also test business defenses and controls in parallel, so you have a clear picture of your security posture against Deepfake. We do this all while educating your employees with knowledge that not only protects them in the workplace, but at the Homefront too.
Check out our solutions:
Defend with Knowledge. https://breacher.ai/deepfake-simulation/