Have you ever watched a video that looked and sounded real, only to discover it had been manipulated by Artificial Intelligence (AI)? If so, you have most likely encountered a deepfake. Deepfakes are digitally altered videos, audio, or images that mimic reality and are often unrecognizable by digital users. These alterations come across different domains through entertainment, politics, personal profiles, and businesses.
As AI algorithms and technology rapidly advance, deepfakes are becoming deliberately pervasive in digital media. This results in posing threats to individuals and businesses. Imagine seeing a video where your face is plastered on another person’s body, an audio recording that mimics your CEO’s voice, or a video about your business sharing controversial information on some issues. This shows that deepfakes could happen to anyone.
The Growing Threat of Synthetic Content
According to the Global Risk Report 2024, false information, such as misinformation and disinformation, has been ranked as the top global risk. Since AI no longer requires specialized skills to operate and is easily accessible to almost anyone, this has led to an outburst of false information and synthetic content. Moreover, the report stated that over the next two years, AI may have the capability to manipulate digital users, disrupt economies, and gravely affect our communication towards society.
Deepfakes represent a serious and escalating threat. For businesses, there are potential consequences of a deepfake attack, including financial loss, stock price manipulation, reputational damage, and legal consequences. The stakes are high, and the cyberthreats are real.
With this, this shows that there is a need for a call to action in strengthening cybersecurity. Given the rising threat of deepfakes, businesses must take proactive steps to safeguard their businesses and their people. Here’s what they must take note:
1. Answering unknown calls
One of the most common deepfake-related threats is the robocall scam. It usually occurs when you receive a call from an unknown number. If you answer, there’s no response but silence on their end. However, what you may not realize is that the caller is already recording your voice and your voice patterns. This captures enough audio to create a convincing mimicry of your voice. Through this, your synthesized voice can then be used in various malicious ways, from fraudulent phone calls to falsifying your consent in business transactions. It is important to ensure that whenever you answer a call, you have to think twice. Are you expecting a call from an unsaved number? Do you have the need to answer this call?
2. Use of AI Detection Tools and AI Imaging Apps
While detection tools are essential in identifying deepfakes, businesses must be cautious. Although these tools can detect cyberattacks, they may also be used to harvest your sensitive information while protecting you from other tools. A double persona, in a sense. For example, the use of third-party AI imaging apps on social media, such as seemingly entertaining apps that you voluntarily submit a photo of your face to generate AI images, can be used as a source for future deepfakes. If you continue to utilize these apps, it may put you and your businesses at risk as they collect your own personal information. With this, you must always ensure that your detection tools are official, certified, and regularly updated. Additionally, you must refrain from uploading your photos and personal information for the sake of amusement without considering the potential consequences.
3. Employee Training and Expert Consultation
Cybersecurity awareness should be an ongoing process. At P&A Grant Thornton, we use a cybersecurity system called Vigil@nt to keep training our people, especially since we are in the professional services firm. However, regardless of what industry, this is an imperative to the business. This training includes recognizing phishing emails, understanding the importance of strong authentication processes, and consulting with experts on what to do when incidents happen or are about to happen. A people-focused cybersecurity strategy is key to strengthening the business and maintaining a positive outlook for the future.
4. Updating Crisis Management Plans
In times of crisis, like a CEO or a board member being a victim of deepfake or false information, an outdated crisis management plan that does not consider how to deal with this issue can aggravate the situation. It’s crucial to keep crisis management plans updated at all times, especially as new threats like deepfakes emerge and technology continues to adapt and evolve. However, this responsibility doesn’t lie solely with the cybersecurity or IT team; everyone has a shared responsibility. Human Resources must address staff concerns, Marketing and Communications should manage public messaging, and every team member must remain vigilant yet alert.
5. Act fast and stay vigilant
People are often the weakest link in information security and are mostly targeted by cyberattacks. It is time to change that narrative by making people the strongest line of defense. If you notice something suspicious, whether it’s a phishing email, a strange phone call, or unusual activity, you must report it immediately to the IT department or your immediate manager. Collective vigilance can make all the difference in preventing an attack.
The threat of deepfakes is already here, and it’s growing. Hundreds of stories have spread stating individuals and businesses were victims of deepfake attacks. It is now time to take our awareness of cybersecurity seriously, especially since we are integrating our lives digitally. By staying vigilant and proactive, businesses and individuals alike can protect themselves from the potentially devastating consequences of deepfake attacks. Stay informed, stay secure, and always be on the lookout for the next wave of cyber threats.
As published in The Manila Times, dated 04 September 2024
