A Deep Dive into Deepfakes

Author: Mitigo

Date published

25 July 2024

Price
Free
The Institution of Structural Engineers The Institution of Structural Engineers
Back to Previous

A Deep Dive into Deepfakes

Tag
Author
Date published
Price
Blog
Author

Mitigo

Date published

25 July 2024

Author

Mitigo

Price

Free

Deepfake technology, which uses Artificial Intelligence (AI) to create highly realistic but fake images, audio, and videos, is rapidly emerging as a significant threat in the cyber security landscape. As cyber criminals adopt this technology to exploit vulnerabilities, businesses must understand its implications and strengthen their defences.

What are Deepfakes?

Deepfakes involve the use of AI algorithms to create convincing forgeries of individuals' likenesses. This technology can fabricate realistic images, videos, and audio recordings, making it increasingly difficult to distinguish between authentic and fake content. Initially developed for entertainment and artistic purposes, deepfakes have quickly been acquired by cyber criminals for malicious activities.

Cyber security implications for deepfakes

The adoption of deepfake technology by cyber criminals presents several alarming implications:

  1. Sophistication of Attacks: AI enables a higher level of sophistication in cyber attacks. Deepfakes can be used to create realistic phishing emails, voice messages, or video calls, making it harder for individuals to identify scams.

  2. Enhanced Social Engineering: Deepfakes take social engineering to a new level. Cyber criminals can impersonate senior executives or trusted colleagues to deceive employees into divulging sensitive information or authorising large financial transactions. For instance, an employee at a multinational firm was tricked into transferring $25 million to fraudsters who used deepfake technology to impersonate the company’s CFO in a video call.

  3. Bypassing Security Measures: Deepfakes can bypass traditional security controls. For example, AI-generated voice deepfakes can fool voice recognition systems, and AI-manipulated images can deceive facial recognition software.

  4. Rapid Development: The speed at which AI technology evolves means that deepfakes will become even more convincing and harder to detect. Cyber criminals can continually improve their methods, making it essential for businesses to stay ahead of these developments.

Deepfakes in the real world

Several high-profile cases highlight the real-world impact of deepfake technology:

  • In the financial sector, deepfake incidents surged by 700% in 2023. Criminals are using AI to imitate vocal patterns, successfully issuing fraudulent instructions over the phone.

  • The legal sector has also been targeted, with the Solicitors Regulation Authority (SRA) warning lawyers about the risks of using video calls for client identification due to the threat of deepfakes.

  • The CEO of a leading advertising firm narrowly avoided falling victim to a deepfake scam. Cybercriminals used a fake WhatsApp account, voice cloning, and doctored YouTube footage to create a convincing virtual meeting. Thanks to the vigilance of the firm’s staff, the attack was unsuccessful.

  • Popular culture has not been spared either, with manipulated videos of celebrities like Taylor Swift being used to spread misinformation. These videos are widely shared on social media, illustrating the challenges in moderating such content.

  • A deepfake video of Ukrainian President Volodymyr Zelenskyy was circulated, showing him supposedly telling Ukrainian troops to surrender. Zelenskyy quickly debunked the video, but the incident highlighted the potential use of deepfakes in war propaganda.

Strengthening Defences Against Deepfakes

To combat the threat of deepfakes, businesses must adopt a multi-faceted approach:

  1. Staff training: Train your staff to stay vigilant to enable them to recognise and react appropriately to suspected attacks.

  2. Frequent Simulated Attacks: Test your training by conducting regular simulated attacks that mimic techniques used by cyber criminals. This helps in identifying vulnerabilities and improving response strategies.

  3. Enhanced Authentication: Implement stronger authentication measures, such as multi-factor authentication and conditional access, to reduce the risk of unauthorised access using stolen credentials.

  4. Layered Defence Strategy: Establish multiple layers of protection. If one control is breached, ensure that there are additional safeguarding measures and alerting mechanisms to prevent further progression of an attack.

  5. Assessment and Assurance: Regularly assess and audit security measures to ensure their effectiveness. Engage independent experts to provide an unbiased evaluation of your security posture.

Conclusion

Deepfake technology represents a considerable challenge in the realm of cyber security. However, by understanding the implications and adopting proactive measures, businesses can better protect themselves against the sophisticated threats posed by deepfakes. Staying informed and vigilant, coupled with robust security practices, will be crucial in safeguarding against the evolving landscape.

 

We have partnered with Mitigo to offer cybersecurity risk management services with exclusive discounts for our members.

IStructE members can benefit from a free no-obligation consultation. For more information about Mitigo’s cyber security services, call 020 8191 1590 or email [email protected].
 

Tags

Blog Other

Related Resources & Events

Blog
<h4>Professional risk and PI insurance: building resilience</h4>

Professional risk and PI insurance: building resilience

Griffiths & Armour Partner, Tanya Winstanley, shares her thoughts on building resilience into SME businesses and provides an update on Griffiths & Armour’s ‘Constructing change’ initiative, which aims to stimulate debate on the wider issues facing the sector.

Date – 3 July 2024
Author – Tanya Winstanley
The Structural Engineer
<h4>Professional indemnity insurance considerations when adopting modern methods of construction</h4>

Professional indemnity insurance considerations when adopting modern methods of construction

Claire Meade and Stephen Hargreaves of insurance broker Griffiths & Armour provide an update of insurers' attitudes to MMC and implications for designers' insurance policies.

Date – 1 February 2024
Author – Claire Meade and Stephen Hargreaves
Price – £9.95
Training
Engineer with notepad and pen inspecting and working at construction site

Building Safety Act: what the secondary legislation means for Structural Engineers

Hear experts from leading City law firm Bevan Brittan discuss the new obligations and liabilities for built-environment professionals under the Building Safety Act secondary legislation, which has come into force in England and Wales on 1 October 2023.

Date – 28 November 2023
Author – Various
Price – Free
The Structural Engineer
<h4>Specifying reused structural steel: some professional indemnity insurance considerations</h4>

Specifying reused structural steel: some professional indemnity insurance considerations

Claire Meade of insurance broker Griffiths & Armour examines the insurance industry approach to the emerging trend for reuse of structural steel, and considers the disclosure requirements for designers.

Date – 1 June 2023
Author – Claire Meade
Price – £9.95
The Structural Engineer
<h4>Roundtable: Talking mass timber: why early engagement is key to allaying insurers' concerns</h4>

Roundtable: Talking mass timber: why early engagement is key to allaying insurers' concerns

Robin Jones summarises the discussions and key recommendations from a roundtable examining the insurance risks relating to mass timber construction.

Date – 2 May 2023
Author – Robin Jones
Price – £0