Tom Cruise is not on TikTok. And yet he has amassed 3.3m followers on the popular social media platform.
He has had well over 10m likes without moving a muscle, from people who enjoy watching video clips of him playing golf, playing the guitar and even eating cereal with Paris Hilton.
It’s not the real person, of course. It’s @deeptomcruise, not the real Hollywood actor, but another actor called Miles Fisher. Every single short clip is a computer-generated version of Tom, transplanting his face, voice and general likeness onto Miles.
It’s uncanny, but it’s just a deepfake: an audio or video recording that uses artificial intelligence to impersonate faces and voices. An art project by a US company, Metaphysics, @deeptomcruise is clearly labelled as manipulated media and was created to raise awareness of the phenomenon – and how it could be abused.
The most worrying aspect of deepfakes is how they can be used to spread political propaganda or incite violence. The technology is so convincing people could very easily be tricked into thinking they were watching the real thing. The FBI has already asserted its concerns around deepfake and the risks of actors leveraging synthetic content, posing as journalists.1
From a business point of view, what does it mean to you? Are your cyber risk management systems ready for this tech?
Cybercriminals are so sophisticated, and the results of deepfakes so believable, it was only a matter of time before they were used for illegal financial gain. They are now being used to create detailed and highly plausible phishing messages, with voice impersonations being used to extort and trick - £35m was taken in one scam which saw a bank manager in Hong Kong duped by a deepfake impersonation into transferring the funds.2
We’ve all received recorded calls in which a polite sounding person asks us questions as part of a pre-recorded message. They’ve been around a while and are usually easy to spot. But what if the person’s voice was someone you knew? You, or your employees, could easily be tricked into passing over business information or clicking on a link and giving away private business access. An audio deepfake is easy to create if you are working with good artificial intelligence.
Social media platforms can exacerbate the problem as entire accounts can be created with a name, photo, video content and links, leading recipients to click links or open documents, believing that they are communicating with someone they trust.
Communication is key
The best advice to prevent deepfake technology from infiltrating your business is to ensure you communicate thoroughly with your employees and have a good risk management approach to cyber security.
Ensure that they know it is not company procedure to drive them to click on links without secondary verification or request payment on the phone. Regularly train your team on the technology that exists and teach them how to recognise requests that could lead to them giving away access to sensitive or confidential information. Provide clear social media guidelines and regularly communicate these to avoid errors. Ensure they know to type out web addresses into their browsers. Confirm they should not provide personal information, including usernames, passwords, birth dates, social security numbers, financial data, or other information in response to unsolicited inquiries, instead to always seek verification when approached.
By adopting good cyber hygiene, staying alert, and maintaining strict training and communication, businesses can protect themselves against the use of deepfake technology. This type of technology will likely only improve, so the best form of attack has to be defence.
Added protection
Even with these measures, precautions, and robust cyber risk management in place, it’s essential to arrange cyber insurance to protect your business and help get back on track should it be a victim of any cyber-related crimes.
Managing these incidents may require detailed technical knowledge that comes at a cost, so as well as minimising disruption to your business and offering financial protection during an incident, cyber insurance can help with any legal and regulatory actions after an incident.
Sources:
1. https://www.ic3.gov/Media/News/2021/210310-2.pdf
2. https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/?sh=1f501d057559
Share this article
Read our latest related articles
-
March 22, 2024
Safeguarding sensitive data: cybersecurity challenges and solutions for umbrella companies and recruiters
Umbrella companies and recruiters face cybersecurity challenges handling sensitive data. In our article we explore vulnerabilities and solutions.
-
October 30, 2023
AI’s cyber challenges and opportunities uncovered
Artificial Intelligence (AI) systems present advantages and opportunities for businesses thanks to advances in computing power. A team from Marsh came together at the recent Future Unlocked event to address the challenges and discuss how businesses can build cyber resilience.
-
October 25, 2023
Cybersecurity: Protecting farmers from cyberattacks
UK farmers face rising cyber threats, including phishing and AI risks. Prioritizing cybersecurity and insurance is crucial for protecting digitalized farming operations.
-
October 17, 2023
How would your customers respond to their data being leaked
As businesses increasingly rely on digital technologies and interconnected systems, we’re likely to see increases in cyber security breaches for SMEs. In this article, we're exploring the ways cyber insurance can protect your business should you experience a cyberattack.
-
August 21, 2023
Cyberattacks on industrial control systems: Understanding and mitigating cyber risks for manufacturing businesses
Over the last decade, cyberattacks targeting industrial control systems have surged. The best way to protect your business is to understand what you’re up against.
-
June 26, 2023
Cybercrime: risks motor trade businesses can't ignore
The cost of a cyberattack on motor trade businesses can be devastating. Are you aware of the risks and how to protect against them?