How can SMEs protect themselves against deepfakes?

What is a “deepfake”?

The term deepfake refers to an artificial intelligence-based image synthesis technique used to create or modify videos and audiovisual content with a high degree of realism. It’s an amalgam of “deep learning” and “fake”. Deepfakes involve superimposing human features on another person’s body or manipulating sounds to create a believable human experience.

In a cybersecurity context, the rise of deepfakes poses a serious threat. This sophisticated technique is increasingly used for scams such as phishing. By 2021, according to a study conducted by VMware, deepfakes attacks will have increased by 13%. Deepfakes play an alarming role in misinformation and media manipulation, threatening corporate security. Detecting and preventing these deepfakes is therefore a critical issue for organizations, requiring increased vigilance and security measures.

How are deepfakes used in cyberattacks against companies?

Deepfakes are becoming increasingly sophisticated. They are increasingly used in cyberattacks against businesses:

• Identity theft scams (FOVI – President’s Scam)
• Disinformation and propaganda through phishing or spear phishing
• Blackmail and financial threats (ransomware)

These different cyberattack techniques illustrate the need for businesses to remain vigilant in the face of rapidly evolving cybercrime, and to invest in robust cybersecurity solutions to protect themselves against these sophisticated threats.

A few examples

• Sonantic’s hypertrucage technology

This technology was recently used to restore actor Val Kilmer’s voice following a bout with throat cancer in 2015. This surreal experiment illustrates the damaging capacity of deepfakes. A case reported in 2019 involved the use of an audio deepfake to imitate the voice of the CEO of a major corporation. The cybercriminals succeeded in convincing an employee to transfer funds, resulting in a significant loss for the company.

• Deepfake against Ukrainian President Volodymyr Zelensky

In March, a video posted on social networks showed the president ordering his soldiers to surrender to Russian forces. The video was quickly denounced by the head of state, but served as an example of the impact artificial intelligence is having on the digital world. It’s a pattern that can be replicated in business, leading your employees to divulge sensitive data.

Cybercriminals are getting creative, and going beyond fraudulent e-mails or calls. Today, the majority of these deepfake attacks use video (58%), more than audio (42%). Hackers use them during virtual meetings or when new collaboration tools are deployed internally. They also send messages that appear to come from a higher hierarchy with a legitimate request to access confidential information.

How can deepfake attacks affect the reputation and operations of SMEs and ETIs?

Deepfake attacks can affect the reputation and operations of SMEs and SMBs in several ways:

• Reputational damage: deepfakes can create false scandals (bad buzz), damaging a company’s reputation.
• Loss of trust: Deepfakes can lead to a loss of trust among customers and business partners, which in the long term could also affect revenues.
• Disruption of business operations: Deepfakes can lead to direct and indirect financial losses, disrupting the organization’s normal operations.
• Impact on employee morale: Deepfakes are often linked to harassment/blackmail, which can affect employee morale, leading to lower productivity and higher staff turnover.
• Compliance risk: Companies could find themselves in breach of data protection regulations if they fail to detect and respond appropriately to deepfakes.

What tools and techniques can detect deepfakes?

Deepfakes can be videos, audio recordings or images that look authentic, but are actually fabricated. The first step towards better detection is awareness. It’s crucial to inform your teams about the threats posed by deepfakes. Regular training on the latest cybersecurity trends, including deepfakes, helps maintain constant vigilance within your organization.

In addition, the adoption of advanced security solutions, which use artificial intelligence to filter incoming and outgoing e-mails, are essential for detecting and blocking phishing or spear-phishing attempts based on deepfakes. These solutions analyze not only the content of e-mails, but also anomalies in sending behavior, a major asset in the fight against deepfakes. This kind of verification is crucial in countering Business Email Compromise (BEC) attempts involving deepfakes.

Detection methods for deepfakes generally focus on what the human eye cannot easily detect.

• Artificial intelligence-based detection: Machine learning algorithms, in particular convolutional neural networks (CNNs), are at the heart of deepfake detection methods.
• Analysis of visual and audio cues: Deepfakes often feature imperfections that can serve as clues for their detection, such as subtle distortions in images or videos, irregularities in facial movements or anomalies in audio.
• Use of blockchain and cryptography: By recording the metadata of original files in a blockchain, it is possible to track and verify the origin and integrity of content. This approach helps ensure that media has not been altered since its creation.
• Contextual analysis: If a video appears to be out of its usual context within the organization, this raises doubts about its authenticity. This method requires a thorough understanding of context and a critical mind.

How can you raise awareness of the risks of deepfake?

Education, vigilance and cutting-edge technology are your best allies in this ongoing battle for data security and the protection of your business.

On the one hand, the detection of deepfakes is constantly adapting. So it’s a difficult task that requires a combination of advanced technology, awareness and education within the organization. Investing in detection therefore becomes crucial to stay one step ahead of cybercriminals.

On the other hand, deepfakes circulating on the Internet rarely originate from state-of-the-art generation models, and are possibly detectable. A proactive, educational and technologically sophisticated approach is needed to stay at the forefront of this ongoing battle against deepfakes.

The threat of deepfakes is real and constantly evolving, but by adopting a proactive approach and integrating advanced cybersecurity solutions like Altospam’s Mailsafe, SMEs and SMBs can significantly boost their resilience in the face of these digital challenges.