Are these guys for real? How to keep your business safe from deepfakes | US small business

Is that really Tom Cruise going to wrestle an alligator? Keanu Reeves dancing like nobody’s watching? Or Robert Pattinson getting shadows from his cat? No – it’s a deepfake.

Deepfake technology is an advanced artificial intelligence that replaces actual video and audio with video and audio artificially created from other sources. While it looks like harmless fun on TikTok, it’s also becoming a huge security risk for businesses of all sizes.

According to a recently published report by cloud service provider VMware, deepfake attacks are increasing.

“Cybercriminals are now incorporating deepfakes into their attack vectors to bypass security controls,” said Rick McElroy, senior cybersecurity strategist at VMware. “Two in three respondents to our report saw malicious deepfakes being used as part of an attack, a 13% increase over the last year, with email being the primary delivery method.”

According to McElroy, their new goal is to use deepfake technology to compromise organizations and gain access to their environment. As? By making employees believe they are dealing with real people.

This is what happened to a bank manager in Hong Kong who received fake calls from a bank manager asking for a wire transfer. Impressions were so good that the manager eventually transferred $35 million and never saw it again. A similar incident occurred at a UK-based energy company, where an unwitting employee wired about $250,000 to criminals after pretending the recipient was the CEO of the company’s parent company. Deepfakes are used to trick people into buying products, and the FBI is now warning companies that criminals are using deepfakes to create online “employees” for remote jobs to gain access to company information.

It’s the new security challenge. And given how much video and audio of us exists online thanks to social media and YouTube, it’s not hard for a scammer to use readily available tools to trick people into believing that we say and do things we don’t — or do talk to people who don’t. t actually exist. Big tech companies like Microsoft and Google have developed tools to detect these threats, and federal laws are also in the works to limit the damage. But these steps can only go so far. So how do we protect our businesses from this growing threat?

Education. And controls.

The most common reason for security breaches – deepfakes or otherwise – remains human error. The bank manager, the CEO, the HR worker fooled by the fake remote worker all could have avoided these mistakes if they were more knowledgeable about deepfake fraud detection.

Many of my customers now also invest in training tools such as KnowBe4 or Phishingbox to continuously test their employees’ awareness of potential threats. Others pay IT pros to keep their employees in the loop with quarterly update sessions. Training is the best first line of defense against these threats.

But training will not fully protect us from deepfake technologies. That’s why strong internal controls are now more important than ever. Ensuring that significant transactions require multiple levels of approval must be a requirement for any business, regardless of size. Owners and senior managers must not be tempted to override these policies, as doing so inadvertently opens the door to potentially unauthorized transactions.

As with all security threats – spam, viruses, malware and now deepfakes – there will be new technologies to minimize their impact. But as always, we cannot rely on these technologies to fully protect us. As entrepreneurs and managers, we must take responsibility for our own actions and those of our employees by striving to better understand and recognize these threats. This isn’t a movie. It’s real life.