Deepfakes as a threat to businesses

Risk factor “deepfakes”

Artificial intelligence poses a new threat to companies. Not only the IT security of companies is affected by this threat. So called deepfakes also pose a significant threat to the reputation of individuals, institutions and companies. Criminals take advantage of the technology to gain access to sensitive data, spread false information and thus damage the reputation of your company. In this article we explain the risks of deepfakes for you and your company and explain how you can protect yourself from them.

Manipulated texts, images, videos and audio recordings

The word “deepfake” is composed of the terms “deep learning” and “fake”. This already shows what a deepfake is all about: fake or manipulated content that has been created with the help of modern technology and artificial intelligence. Among other things, deepfakes became famous through videos in which stars and politicians say things they would never normally express. The most famous example of this is a video of former US President Barack Obama.

While such videos were considered an extraordinary technical achievement at the time, today almost anyone with a smartphone and Internet access can create manipulated videos. Apps like Reface or open source programs like Avatarify are making this possible. All you need is enough photo material of the person you want to imitate. Nowadays you can find this quickly and easily via Google, Facebook & Co. In addition to videos, deepfakes can now take on many other forms. Whether text, image or audio recording – these days almost all content can be manipulated or falsified. In private life, this may seem harmless and funny at first glance, but in the corporate context, deepfakes can have devastating consequences.

Deepfakes as a new scam

Deepfakes are particularly suitable for scams. The goal is to get money or access to sensitive company data. Not only corporations, but increasingly also medium-sized companies are being targeted by cyber criminals. They use manipulated audio recordings, for example, to obtain money by fraud. With the fake recordings, they imitate the voices of executives in a deceptively real way and instruct employees to transfer money to false bank accounts. These methods are also called CEO fraud or voice spoofing.

So-called readfakes, i.e. forged texts, are increasingly being used in such fraudulent schemes as well. New technologies are used to imitate the writing style and wording of CEOs. The result is, for example, phishing emails instructing employees to follow fraudulent links, disclose passwords or send sensitive data. In the context of corporate fraud, deepfakes thus represent the next stage of social engineering. Employees are cleverly manipulated to unwittingly become the henchmen of fraudsters.

Deepfakes as a reputational risk

However, the threat to deepfakes goes far beyond sophisticated scams. Imagine a video is published in which your CEO (apparently) makes polarizing statements on sensitive issues. For corporations, this can quickly lead to a crash of share prices. For smaller companies, the online firestorm is usually pre-programmed. Even if your PR department reacts quickly and denies the authenticity of the video, stakeholders still don’t have to believe it. By the time evidence of this is available, considerable damage to your company’s reputation may already have occurred. After all, studies show that the majority of reputational damage often occurs within 24 hours after an incident. Deepfakes therefore represent a similar reputational risk to corporate disinformation – but with a much greater impact.If a well-made fake spreads online, it is difficult to invalidate credibility and halt a reputation crisis. The correct handling of the wrong information is essential at this point.

Attackers and victims of deepfakes

You may now ask yourself: “Okay, but who would create an elaborate deepfake to harm my company?” The answer to this question can be manifold. But in general, deepfakes can be easily created by anyone today. A disgruntled ex-employee who wants to take revenge on his boss or a competitor who does not shy away from unfair means. Therefore, almost any organization can become a victim of false or manipulated content. No matter if small business, medium-sized company or large corporation.

How to deal with the threat of manipulated content?

The best way to deal with deepfakes always depends on the specific situation. Nevertheless, there are some things that can reduce the risk of deepfakes. In order to avoid becoming a victim of fraudulent practices, for example, multi-level authentication procedures can be introduced for transfers or the release of data. Such processes should be laid down in internal company guidelines and explained to each employee. This can be used to raise your employees’ awareness of the danger posed by deepfakes. Awareness training and workshops on how to deal with such risks will also help to close the “human weak spot”.

If you are publicly attacked with a deepfake, you need to act quickly. This is the best way to prevent damage to your reputation. To this end, certain processes and (communication) rules should be defined in advance. It is important to prove quickly and conclusively that the reputation-damaging content is a deepfake. For this to work, the communications department in particular must be trained in dealing with such issues.

As is so often the case in reputation risk management, comprehensive prevention and preparation is therefore also a priority for dealing with deepfakes.

Do you need support in dealing with deepfakes or do you want to train your employees? We are happy to help!

Better safe than sorry.