Digital fraud: How deepfakes jeopardise companies

What are deepfakes?

Deepfakes are synthetic media in which existing images and videos are altered or new ones are created with the help of artificial intelligence (AI). The term is a portmanteau of ‘deep learning’ (a form of machine learning) and ‘fake’. This technology can imitate faces, voices and even gestures so realistically that they are often indistinguishable from real material. Originally developed in the entertainment industry, deepfakes have now found their way into other areas, which has significant implications for IT security.
 

How have deepfakes evolved in recent years?

The technologies behind deepfakes have developed rapidly in recent years. While the first deepfakes often had a high error rate and were easy to expose, today's versions are much more sophisticated. Advances in the fields of machine learning, particularly through the use of Generative Adversarial Networks (GANs), have significantly improved the quality and credibility of deepfakes. These technologies make it possible to create realistic and consistent videos that can only be identified as fake with great effort, even by experts. In addition, the tools for creating deepfakes have become increasingly accessible, which favours the spread of this technology.
 

Potential of deepfakes in attacks on companies

Deepfakes offer a wide range of opportunities to attack companies and their IT infrastructure. The potential threats include:

• Identity theft: Attackers can use deepfakes to impersonate managers or other trustworthy persons within the organisation. This can lead to fraudulent transfers or the retrieval of sensitive data.
• Damage to reputation: The distribution of fake videos can put companies in a bad light. This can lead to a loss of trust among customers and business partners.
• Manipulation of information: Deepfakes can be used to spread false information that can disrupt business operations or cause financial damage.
• Phishing attacks: Attackers can use deepfakes to create realistic-looking messages aimed at tricking employees into disclosing sensitive information.

The dangers posed by deepfakes are manifold and can have serious consequences for information security and the general business environment.
 

How can you recognise and protect yourself against deepfakes?

To protect themselves from the dangers of deepfakes, companies can take various measures, in particular:

• Employee Training: Raising awareness of the issue of deepfakes and training in recognising suspicious content are crucial. Employees should be trained to deal critically with information and to scrutinise unusual requests or content.
• Technological solutions: The use of deepfake detection software can help to identify fake content at an early stage. These solutions use algorithms that analyse typical characteristics of deepfakes to flag potentially fake media.
• Verification of information: Companies should implement processes that ensure verification of information. This can be done by checking sources or using multi-level authentication procedures.
• Risk Management: The inclusion of deepfakes in the risk analysis and assessment of IT security can help to recognise and manage potential threats at an early stage.

Many of these measures come together under the umbrella of Business Continuity Managements (BCM). BCM is crucial to ensuring business continuity in crisis situations. Deepfakes should be integrated into the BCM risk analysis to identify potential business impacts Emergency plans must be developed that include specific procedures for responding to deepfake attacks. Effective communication management is necessary in order to respond quickly and transparently to incidents and to maintain the trust of customers and business partners.

An effective tool that can be used as part of your own risk management is the implementation of so-called Crisis Simulations. During such a trial by fire of your emergency processes, you not only prepare yourself optimally for an emergency - it is also a helpful tool for being prepared for potential deepfake attacks. Companies should develop realistic scenarios and carry out role plays to test their response strategies. These exercises raise awareness and strengthen the ability to react in an emergency. After the simulations, it is important to analyse the results and make any necessary adjustments.

Proactive communication is crucial to minimise the reputational damage caused by deepfakes. Companies should react quickly to rumours or false information and provide transparent information. The use of social media monitoring technologies can help to identify deepfake content at an early stage. A well-developed crisis communication plan should include specific measures for dealing with deepfakes. 

The social media team plays a central role in dealing with deepfakes. They can create humorous or creative content, such as memes, to address the issue of deepfakes and educate the audience. Educational campaigns and active engagement with the community can build trust in the brand and raise awareness of the dangers of deepfakes.