Menu
UAE icon

Faking it: Deepfake crime exposing cyber security skill gaps

Published by UAE Business

About: Deepfakes are exposing businesses’ cyber security skills gaps. Cyber security experts share their insight into how businesses can protect themselves against a growing risk.

 

Deepfake crime is a real and present danger for businesses. Last year, it cost one bank alone $35 million in a single scam, yet many businesses are still ignoring the risks, partly thanks to a lack of cyber security skills at leadership level.  

 

With Deepfake technology becoming more sophisticated – and readily available to criminals – businesses need to see the technology as a current threat and not a future concern. Here, cyber security professionals based in the UK and Singapore, look at the steps that every business needs to take now to protect themselves against Deepfake intrusions before it’s too late. 

 

Understanding the Deepfake threat 

 

Unlike established cyber-security threats – eg malware, SQL injections and database hacking – Deepfakes are still easy to dismiss from cyber security strategies. A relatively new technology, their introduction as a fun, viral video phenomenon hasn’t helped businesses to realise the severity of the threat they now pose to security. Yet several high-profile cases have emerged in recent years that illustrate just how dangerous Deepfake can be.  

 

In 2019, a UK-based CEO was conned into transferring $243,000 to a malicious actor, thanks to advanced Deepfake voice technology convincing them that they were speaking to their parent company’s chief executive. Different types of Deepfake known to be used against businesses currently include ghost fraud (where the criminal steals a deceased person’s identity), identity imitation (like the examples above), new account fraud, and virtual identity fraud (where criminals ‘create’ a new identity by combining information and images from multiple people). 

 

Highlighting growing concerns at government level, the FBI last year released a stark warning of the dangers of Deepfake in a six-page report, while the UAE’s National Programme for Artificial Intelligence and the Council for Digital Wellbeing issued guidance to raise public awareness of the security threat. 

 

How cyber security teams need to respond to Deepfake  

 

While technology is at the fore-front of most businesses fight against cyber crime, there is no software or system that businesses can ‘buy-in’ to seal their business against Deepfake threats. While they are a cyber security concern, their success currently relies on ‘human error’: namely, using technology to trick individuals into taking action. 

 

James Foster, Client Partner, Cyber Security at global tech recruitment firm RP International, advises: “The key to protecting your business against Deepfake risks is educating your employees on how to spot a Deepfake in action – and knowing when they need to be extra vigilant. At present, most Deepfakes do have tell-tale signs that something isn’t quite right with a call or video if you know what to look for, but these technologies are becoming more sophisticated. You need to make sure you keep evolving your armour against it. Having the right cyber security skills in your business, at both support and leadership level, is the best way to ensure that you are staying ahead of scammers.”  

 

However, thanks to ongoing advances in the technology, Deepfakes could soon pose a risk to automated activity, too, with the potential to help cyber criminals pass video and audio security protocols.  

Cyber Security specialist James Bore CSyP, comments, “Any time someone asks you to do something like transfer money or share data on a phone or video call, verify it elsewhere. Email them directly, drop a note to their PA, just get that extra verification. There’s no guaranteed method to spot a Deepfake, as the technology is changing all the time, so the key thing is changing your culture to educate everyone about the risks.”

 

Cyber security needs people, not just technology  

 

With cyber security threats constantly evolving, businesses need to have the right people on board to track threats and develop defences against them. 

 

Zero-trust policies are a big step towards educating every individual on the risks posed by cyber scams (Deepfake or otherwise) but they need to be led by people with the right tech knowledge and soft skills to engage employees across the business – especially at board level. Deepfake fraud is perhaps disproportionately aimed towards senior professionals compared to other cyber crime methods, as these high risk, high value targets can provide a more significant return to criminals who have invested in the technology.  

 

Jaqueline Chaw, RP International’s cyber security specialist based in Singapore, comments, “Many organizations haven’t recognized “Deepfake” as a cyber security risk, so technology to detect it isn’t as prevalent as conventional cyber security tools.  Educating your cyber security team, as well as business users, on Deepfake technologies is crucial to protect your organization. It’s also essential to have a robust team of cyber security talents that are trained and combat-ready for modern-day security threats.” 

With cyber security leadership talent in high demand and short supply across every sector, businesses need to act now to educate their employees and secure the skills they need to face Deepfake security threats – or risk falling foul of synthetic content attacks in the near future.  

Share

latest posts

Building Africa’s Future: The Kinshasa Finance Center as a Testament to the Power of Architectural Synergy

The Democratic Republic of Congo’s (DRC) Kinshasa Finance Center and Congress Center stand as a testament to a powerful collaboration. Designed by the visionary Tabanlıoğlu Architects (TA_) and constructed by the resourceful Miller Holding, this architectural marvel transcends its function as a Finance hub. It embodies the nation’s burgeoning progress and serves as a beacon for international exchange. But the Kinshasa Finance and Congress Center is just one example of the magic that unfolds when these two industry giants join forces.

Continue reading

How Innovation Drives Competitive Advantage for SMEs

Small and Medium-sized Enterprises (SMEs) are outpaced by larger firms when it comes to resources, capital, and reach. This can be especially challenging in today’s rapidly changing business environment. These same constraints can often spur unique opportunities for creative solutions and strategic agility, acting as the bedrock for innovation.  

Continue reading