AI deepfakes are cheap, relatively easy to create and have the potential to cause damage to a company's reputation, which is why it's important to develop a comprehensive defense and response strategy now.
The threat of deepfakes is a big problem that is magnified by easier access to AI tools and services, Ari Lightman, a professor of digital media at Carnegie Mellon University's Heinz School of Information Systems and Public Policy, said in an email interview. “Part of the problem is that intent is hard to categorize,” he said. “In many cases, deepfakes are intentionally designed to deceive for political, ideological, or financial reasons, and in other cases, intent is more difficult to determine.”
Deepfake technology is rapidly advancing, making it increasingly difficult to distinguish between real and manipulated content, Rob Rendell, global head of fraud market strategy and fraud prevention at financial crime compliance assistance provider NICE Actimize, said in an email interview. “This poses serious risks to many aspects of society, including politics, business and personal reputations,” Rendell explained. “Developments in deepfakes and AI have sparked a wave of misinformation and confusion, with many consumers falling victim to AI-generated phone calls.”
The technology has been democratized, allowing virtually anyone with a consumer computer or smartphone and an internet connection to create a decent fake, Alik Atar, a senior threat intelligence researcher at security technology provider Radware, said in an email. “We are rapidly approaching a time when audiovisual content will no longer be inherently trustworthy.”
Multiple Threats
Deepfakes can harm businesses in a variety of ways. “They can harm the reputation of a business or its executives by spreading false information or creating fake videos or audio recordings,” Rendell says. “Deepfakes can also be used to impersonate employees, executives, or customers, leading to fraud and negatively impacting interactions with intended parties.”
Rendell notes that deepfakes generally fall into one of four basic categories:
Face swap. Replacing one person's face with another's in a video or image.
Speech synthesis. It generates realistic speech from text and allows you to create fake voice recordings.
Context operations. Changing the context of a video or audio clip to change its meaning or connotation.
Full body deepfake. Creating completely fake videos of people engaging in activities they never actually participated in.
Facing issues such as social media posts, polarized public opinion, and declining trust, Reitman said brands are struggling to monitor their online brand perception and address misunderstandings. “AI-generated satire is often mistaken for information, which has real-world implications,” he said. Meanwhile, deepfake AI has been used to impersonate brands, often successfully tricking employees into revealing sensitive information.
Prevention measures
Preventing or quickly neutralizing deepfakes requires a multi-pronged approach, Rendell said: “This could include implementing authentication mechanisms to verify the authenticity of media content, educating employees and customers about the existence of deepfakes and how to recognize them, and developing advanced detection technologies to identify and mitigate the spread of deepfake content.”
Attar said both manual and automated methods can help detect deepfakes by analyzing unnatural movement, visual artifacts, audio distortions, contextual inaccuracies and other characteristics. “AI-based detection systems can identify fakes from large datasets, but it’s an arms race as deepfake creators learn how to overcome imperfections,” he said, warning that some security experts estimate current deepfake detection methods will become unreliable within 12 to 18 months.
Damage control
Rendell says that now and in the near future, IT leaders can take proactive steps to mitigate the impact of deepfakes by implementing strong anti-fraud measures across all transaction channels. “This includes implementing multi-layered anti-fraud measures at every stage of a transaction, from initiation to completion, and ensuring that these measures work in real time.”
Rendell said that by continuously monitoring transactions for suspicious activity, detecting anomalies and intervening quickly if necessary, organisations can effectively reduce the overall risk of financial fraud. “Furthermore, investing in advanced technologies such as AI-powered fraud detection systems and biometric authentication methods can further strengthen a company's ability to detect and prevent deepfake fraud.”
Damir J. Bresic, CISO at security technology and services provider Inversion6, said in an email that the damage caused by deepfake attacks will be difficult to repair. “Companies may need to invest in public relations efforts to rebuild their reputations, provide compensation to affected parties, and work with law enforcement to hold attackers accountable,” he explained. “It is essential to take a proactive approach to cybersecurity and invest in the tools and training needed to prevent deepfake attacks in the first place.”
Final thoughts
The key to effectively defending against deepfakes is to act quickly and decisively, like a firefighter trying to put out a fire before it spreads out of control, Attar said. The longer misinformation circulates unchecked, the more damage it can do, he said. “Organizations need to have a rapid response playbook in place to respond immediately at the first signs of smoke.”
