Is Deepfake the Next Big Human Firewall Vulnerability?

The art of deepfake is one that has become increasingly nuanced in recent years. Wikipedia describes the process as “synthetic media in which a person in an existing image or video is replaced with someone else’s likeness”.

The tools for creating the synthetic images are developing quickly, often more quickly and resulting in higher quality end results than even major motion picture giants. Such is evidenced when Lucasfilm hired the visual artist who improved their Luke Skywalker likeness in “The Mandalorian” television show.

Deepfake is very commonly used in comedic situations, including tricking Justin Beiber as to Tom Cruise’s guitar skills or other social media, but can also be used in a more nefarious manner. Some not-so-funny examples include inappropriate celebrity or revenge videos, fake news stories, and hoax/conspiracy events. Anecdotal evidence points to a trend of deepfake use for bullying among school aged children. And, additionally, there is room for criminal activity in deepfake impersonation and fraud.

Recently, the IT world was shaken by a sophisticated attack utilizing an audio deepfake. By combining with a stolen email credential, the malicious actors stole $35 million from a United Arab Emirates (UAE) company. The voice-changing software impersonated a lawyer representing the company director and targeted a branch-level manager. This is the second major known IT attack: the first happened in 2019 and cost a German company approximately a quarter million Euros.

While it can be difficult to resist an attack of this magnitude, there are several strategies to be employed in order to significantly mitigate risk. Many of these will be policy creation that creates a layered approach:

Employ zero-trust policies as a standard. This can be slightly inconvenient in the day to day operation of a business, but maintaining security only sometimes—even most of the time—is not an acceptable risk, whether related to IT or otherwise.
Make use of passcodes and security questions that cannot be easily accessed via the web or a personal biography. The willingness of bad actors to learn details related to common security questions should not be underestimated…and in fact, very often we give away the answers to security questions on our own. This is called OSINT in the hacker community, or Open Source Intelligence.
Include copious amounts of common sense in your policy. If any transaction is unusual in some way, how can it best be checked? Asked another way: what should happen if a transaction falls outside of normal circumstance, whether in timing, recipient, or amount?
Train your staff to be ready for a deepfake situation. Don’t allow a call or video from bad actors be the first exposure to the technique!

Don’t be in a position where a deepfake will catch you or your business off-guard. If you’re not sure where to start, please CONTACT US and we can set up some consulting time for our security experts to guide you…if it’s even them on the other side of the screen! (Just kidding….it will be. I think.)

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

Is Deepfake the Next Big Human Firewall Vulnerability?

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666