A few weeks ago, we wrote about CEO fraud.
CEO fraud is plain email trickery, but it’s an extremely effective tactic.
A message arrives from someone at the top. It addresses you by your first name. It requests you authorize a sizable transaction (no questions asked) to a supplier, a client, a potential acquisition. As the kicker, the email directs you:
— ‘Time is tight, act now.’
You may even get a phone call from a trusted financial advisor, verifying the transaction. Who are you to query the request? You click confirm, and the fraud is complete.
In 2018, CEO impersonators conned US businesses out of a tidy $3.5 billion.
If you think that’s from a few targeted attacks relieving companies of vast sums, you’re mistaken: 1,100 businesses fall victim to a form of email fraud every month. Now, 2020 is upon us. There’s a new imposter in town. Worryingly, emerging technology has created an even more effective way to con any business.
And it’s someone who speaks — even looks — just like your CEO.
Deepfakes are the real security threat of 2020
Deepfakes are videos that use artificial intelligence and machine learning to make it look like a staged event has taken place. When, in reality, it didn’t. It may be through a subtle edit to an existing video. Or, it could be completely fake.
Either way, the deepfake is designed to convince any viewer that what they’re watching happened in the real world. And the technology has become so good, it can carry off the gambit…. just take the video of Nancy Pelosi acting drunk. It didn’t take long for the footage to go viral so that by the time commentators had confirmed it wasn’t genuine, it no longer mattered.
The damage had been done. Now, security experts are warning businesses that they need to be on high-alert as well. As imagine how a video purportedly showing a CEO announcing damaging news could impact a company’s share price.
Or, consider how you’d act if you saw your Chief Exec, at the other end of a video message, shouting:
— “Transfer the funds… WITHOUT DELAY.”
Given the efficacy of basic email fraud in 2018, the potential for deepfake-related extortion in 2020 could be unprecedented — worse, the risks extend further, but there are actions you can take to counter them.
Let me explain…
There are no limits to faking content
Technical specialists are clear on the subject.
Deepfakes are a grave concern — for society as much as for business — because as AI and machine learning techniques improve, there’ll be no limits when it comes to faking content. Expect email writing styles, photos, even video conference calls that reflect real-life.
Meaning, as faked content crosses into new territories, extortion becomes simpler to execute. Imposters will no longer need to rely on email alone.
They can add faked videos and phone calls to strengthen their arsenal.
What raises concerns further is that, as fake content becomes more convincing, it becomes easier to enact deeper levels of fraud. Scammers could convince employees to give up all manner of sensitive information, which they could then use as a ransom, for blackmail, or to carry out ongoing criminal acts.
The leading fear for IT security teams is that cybercriminals will use deepfakes in turbocharged spearfishing campaigns: that is, highly targeted attacks that trick employees into sharing network access credentials. And if a member of your team does share login details so that a hacker can gain access to your enterprise’s network, there’s no telling what the cybercriminal will do.
For many, deepfakes present the most significant risk in an artificially intelligent world — as when a video looks so real, how can anyone say for sure…
— ‘That’s a fake’?
How to protect your business from deepfakes
Technology makes even the most sophisticated attacks, cheap.
In this digital world, all a criminal requires is access to the right software. Suddenly, they can create high-quality (yet fake) content that anyone would believe. And to make matters worse, few in the business world are alert to such risks. This is why you need to protect your business from the threat, and to mitigate the impact in case a deepfake finds success. How so?
There are three fundamental steps.
The number one way to avoid disaster is to educate your employees about the risk. Until there’s an automated way to authenticate videos or soundbites, people are your only defense. If your team knows deepfakes exist, and have a basic understanding of them, your business is already better off.
2. Early Detection
There’s no way to stop someone from creating a deepfake. But you can keep an eye out for them. Often, fake content follows a specific distribution pattern (for example, the same social media accounts tend to distribute fake videos). So, if you know where to look, you should be able to spot the risk early, then act fast to fight back.
3. Clear Communication
But what’s the key to fighting fake content? Simple: real content. When fake news strikes, respond with a clear picture of what’s really going on and do everything in your power to destroy the narrative of the deepfake. As soon as you acknowledge the existence of fake news, you can start to undermine its credibility.
The harsh reality of deepfakes
The difficulty we all face is there’s no cheap way to auto-detect deepfakes.
There’s simply too much content online to analyze it all. And committing to finding fake content — manually or automatically — is prohibitively expensive.
The best actions to take are:
- Be vigilant to the fake
- Educate your workforce
- Have a strategy to fight back
….so that should your business become a target, you can quickly take aim and eliminate the threat.
Network security is crucial for every enterprise. Keep your business secure by hiring qualified, competent, and (above all else!) friendly IT support — call Mid-Coast Tech on 207-236-0021 to see how we can help.