The Threat Landscape of AI-Based Deepfakes: How CISOs Can Prepare and Respond

Deepfakes, once regarded as intriguing technological novelties, have now evolved into profound threats, exploited for fraud, disinformation, and manipulation. These realistic forgeries use AI to generate videos, audio, and images that convincingly mimic real people, challenging our perceptions of reality and trust.

The Rising Threat of Deepfakes

The impact of deepfakes is significant. In notable cases, a deepfake video of Facebook CEO Mark Zuckerberg claiming control over stolen user data went viral in 2019. More recently, in January 2024, an AI-generated robocall using President Joe Biden’s synthetic voice was used to manipulate the New Hampshire primary elections.

For organisations, the risk extends beyond reputational damage. Cybercriminals use deepfakes for financial fraud, data breaches, and social engineering. In one case, criminals reportedly used AI-generated audio to impersonate a CEO’s voice, tricking a UK energy firm into transferring US$243,000. In February 2024, a Hong Kong office lost US$25 million to a deepfake video conference call impersonating its CFO.

Implications for Organisations

Deepfakes amplify traditional social engineering attacks like phishing and spear-phishing, providing highly convincing impersonation tools. The rise of remote and hybrid work increases the risk of personnel impersonation in conference calls, impacting business communications and financial processes.

There is also the risk of stolen or recreated identities being used for fraud. Deepfakes can bypass banking and verification controls. For instance, attackers might use a victim’s identity and a deepfake video to open bank accounts for money laundering. The accurate replication of human voices and faces could undermine biometric security. According to Gartner, by 2026, 30% of enterprises will find identity verification solutions unreliable in isolation due to AI-generated deepfakes.

Mitigation Strategies

To address the sophisticated nature of deepfakes, CISOs should employ a proactive, multifaceted approach:

  • Regular awareness campaigns and simulated phishing exercises can help build a vigilant workforce. Employees should learn to identify signs of deepfakes and verify suspicious communications through multiple channels.
  • Low-tech verification methods such as challenge-response passphrases or two-step approval processes for high-stakes transactions can disrupt deception cycles.
  • Adopting multi-factor and multi-modal authentication, including behavioral biometrics, can provide more robust security.
  • Machine learning, while part of the problem, also offers solutions. Emerging AI tools that analyse metadata, audio consistency, facial movements and even signs of blood flow can help detect deepfakes.
  • Incorporating deepfake scenarios into incident response plans ensures preparedness.
  • Engaging in consortiums and information-sharing networks provides valuable insights. Collaboration with law enforcement can facilitate quicker responses to deepfake incidents.
The Road Ahead

In a digital world, combating deepfakes is essential for preserving the integrity of our digital identities and the trust that underpins all cybersecurity efforts. By adopting a proactive and adaptive approach, CISOs can effectively strengthen their defenses and enhance their resilience against the rising tide of AI-enabled attacks.

Sunari Dandeniya
Sunari Dandeniya
Chief Information Security Officer
Commercial Bank of Ceylon PLC
- Advertisement -

Disclaimer: The views expressed in this feature article are of the author. This is not meant to be an advisory to purchase or invest in products, services or solutions of a particular type or, those promoted and sold by a particular company, their legal subsidiary in India or their channel partners. No warranty or any other liability is either expressed or implied.
Reproduction or Copying in part or whole is not permitted unless approved by author.
To explore more insights from CISOs across South Asia, download your copy of the CISO Handbook today.
CISO handbook
CISO handbook – Strategic Cyber Vision, encapsulates point of views of 60+ CISOs and cybersecurity leaders across South Asia, highlighting the best practices, impact of AI and the cybersecurity landscape.
Download Now

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

error: Content is protected !!

Sign Up for CXO Digital Pulse Newsletters

Sign Up for CXO Digital Pulse Newsletters to Download the Research Report

Sign Up for CXO Digital Pulse Newsletters to Download the Coffee Table Book

Sign Up for CXO Digital Pulse Newsletters to Download the Vision 2023 Research Report

Download 8 Key Insights for Manufacturing for 2023 Report

Sign Up for CISO Handbook 2023

Download India’s Cybersecurity Outlook 2023 Report

Unlock Exclusive Insights: Access the article

Download CIO VISION 2024 Report

Share your details to download the report

Share your details to download the CISO Handbook 2024