RS Risk Solutions Favicon

CYBER-RISKS AND LIABILITIES

Courtesy of RS Risk Solutions
Deepfakes Explained
Deepfakes refer to sophisticated forgeries of an image, video or audio recording. Deepfakes have been around for years, you can even find examples of them in social media applications. For instance, with Snapchat, face-changing filters take real-time data and feed it through an algorithm to produce synthetic images.
However, as technology has evolved, deepfakes are now able to alter media so well that its often difficult to detect that any manipulation has occurred. Through the use of artificial intelligence (AI) technology, deepfakes leverage existing audio and video of an individual – all while continuously learning how to produce a more convincing forgery.
Deepfakes have been used to believably impersonate influential political figures. They can be used to alter both real-time or recorded media. Deepfakes are so sophisticated that they can deceive the general public into thinking a person has said or done something they normally wouldn’t. And in the hands of a malicious party, deepfakes can be incredibly devastating.

The Risk of Deepfakes for Organisations
Through the use of phishing and various scams, cyber-criminals have long tried to deceive organisations into giving up sensitive information. Often these scams are executed using fraudulent email accounts, which in some cases can be easy to spot. However, using deepfakes, cyber-criminals now have the power to fool even the most careful and perceptive organisations.
Deepfakes can allow cyber-criminals to make a person in a video or over the phone look and sound like a target organisations CEO, tricking employees into transferring money or sharing sensitive data, among other compromising actions. For instance, the CEO of a UK-based energy firm thought he was speaking to the chief executive of the organisations partner company, who asked him to send funds to a Hungarian supplier over the phone. The deepfake was so convincing that the employee transferred about £200,000 to criminals, according to the organisation’s insurance firm.

Particularly noteworthy, deepfakes are used to execute social engineering scams or sway public opinion:
• Using deepfakes in social engineering scams – Put simply, social engineering is when a malicious party takes advantage of human behaviour to commit a crime. Social engineers can gain access to buildings, computer systems and data simply by exploiting the weakest link in a security system: humans. For example, social engineers could steal sensitive documents or place key loggers on employees’ computers at a bank – all while posing as fire inspectors from a nearby fire service. Social engineers don’t need to have expert knowledge of an organisations computer network to break into a business; all it takes is for one employee to give out a password or allow the social engineers access to an area they shouldn’t be in. And because deepfake technology has become less expensive and more accessible, the prospect of tricking an employee into performing a malicious action through social engineering tactics is that much easier. This is especially true, given how realistic deepfakes can be.

Given the potential harm of deepfakes, its crucial that businesses are prepared to protect themselves.

Guarding against Deepfakes
To protect your organisation from deepfake schemes, consider the following strategies.
• Train employees. To protect your organisation against deepfakes, employee training is critical. Employees should be educated on deepfakes, including what they are and how they may be used against the business. Simply by raising awareness of deepfakes, employees will be better equipped to spot them, allowing your organisation to respond quickly and swiftly.

• Utilise detection software. While AI is used to make deepfakes better and more effective, it can also be used to help detect potential deepfakes. In fact, large corporations such as Facebook and Microsoft use AI and similar software to detect and remove deepfake videos form their platforms. When it comes to deepfakes, the earlier they are detected the better. This allows you to act quickly to reduce potential harm.

• Establish a response strategy. If and when your organisation is the target of a deepfake driven attack, its crucial to have a response strategy in place. Such a strategy should centre around crisis mitigation. This includes outlining individual responsibilities, determining escalation practices and communicating response best practices.
For more information on various cyber-exposures, contact us today.

Legal Specific Disclaimer:
The following information is not exhaustive, nor does it apply to specific circumstances. The content therefore should not be regarded as constituting legal or regulatory advice and not be relied upon as such. Readers should contact a legal or regulatory professional for appropriate advice. Further, the law may have changed since the first publication of this information.

Add to my favourites

Speak to us

RS Risk Solutions Logo

Related Articles

SUBSCRIBE TO OUR NEWSLETTER

Registered office: 2 Windsor Mews, Crown Drive, Heathfield, East Sussex, TN21 8FP. Registered in England and Wales, No. 11899365.

RS Risk Solutions Limited is authorised and regulated by the Financial Conduct Authority. FRN 843988

We are an independent insurance broker regulated by the Financial Conduct Authority and operate in the UK, predominantly in London and the South East, Surrey, Kent, East Sussex, West Sussex.

Quick Links

Policies

Get Support

RS Risk Solutions Logo

Request a callback

By providing the above information you consent to RS Risk Solutions Limited contacting you by any of the methods that you have provided details for. We will process this information in accordance with our privacy notice.

RS Risk Solutions uses cookies to monitor the performance of this website and improve user experience. To find out more about cookies, what they are and how we use them, please see our privacy notice, which also provides information on how to delete cookies from your hard drive.