Deepfakes result from people using AI and machine-learning technology to make it seem like someone is saying something they never actually said. Like every other tech on the market, it can be used with good and bad intentions. For example, David Beckham appeared in a malaria awareness campaign, and AI enabled him to appear to speak nine different languages. On the other hand, pornographic deepfakes of Taylor Swift went viral on X (to the horror of Swifties worldwide), and audio deepfakes of Biden encouraging New Hampshire voters not to cast ballots caused concern among experts.
However,
deepfakes aren't happening only to high-profile politicians and celebrities -
they are quickly making their way into the workplace. In April 2023, forensics
research company Regula reported that one-third of businesses worldwide had
already been attacked by deepfake audio (37%) and video (29%) fraud. Regula
also noted that the average cost of identity fraud, including deepfakes, costs
global SMBs $200,000 on average.
How Deepfakes Are Impacting The Workplace
While
deepfake technology is used to commit a variety of crimes, there are two ways
deepfakes currently cause harm to businesses like yours:
- Impersonation/Identity Fraud Schemes
- Harm To Company Reputation
One of the
most common deepfake attacks is when AI impersonates an executive's voice to
steal credentials or request money transfers from employees. Other attacks
include deepfake videos or audio of a CEO or employee used to disseminate false
information online that could negatively affect a brand. More than 40% of
businesses have already experienced a deepfake attack, according to
authentication experts at ID R&D.
What To Do About It
There are
a few simple things you can do to prevent deepfakes from having damaging
consequences on your business.
- Review policies around technology and communication: Ensure you have transparent communication practices and that your team knows how communications are used internally. Would a company executive ever call an employee to place an official request for money or information? If not, employees should be suspicious. Also, encourage employees to verify any e-mail or phone request they aren't sure about.
- Include deepfake spotting in cyber security awareness training: Double-check that your cyber security awareness training covers how to spot deepfakes. Things to look for include unnatural eye blinking, blurry face borders, artificial-looking skin, slow speech and unusual intonation.
- Have a response plan: Deepfake attacks are in their infancy, and you can expect to see more attacks like this in the future. Be sure your company's leadership talks about how to respond if a deepfake attack impacts your company. Even though there's no perfect solution to the problem yet, the worst thing that can happen is to be caught unprepared.