Deepfakes result from people using AI and machine-learning technology to make it seem like someone is saying something they never actually said. Like every other tech on the market, it can be used with good and bad intentions. For example, David Beckham appeared in a malaria awareness campaign, and AI enabled him to appear to speak nine different languages. On the other hand, pornographic deepfakes of Taylor Swift went viral on X (to the horror of Swifties worldwide), and audio deepfakes of Biden encouraging New Hampshire voters not to cast ballots caused concern among experts.
However, deepfakes aren’t happening only to high-profile politicians and celebrities – they are quickly making their way into the workplace. In April 2023, forensics research company Regula reported that one-third of businesses worldwide had already been attacked by deepfake audio (37%) and video (29%) fraud. Regula also noted that the average cost of identity fraud, including deepfakes, costs global SMBs $200,000 on average.
How Deepfakes Are Impacting The Workplace
While deepfake technology is used to commit a variety of crimes, there are two ways deepfakes currently cause harm to businesses like yours:
1. Impersonation/Identity Fraud Schemes
2. Harm To Company Reputation
One of the most common deepfake attacks is when AI impersonates an executive’s voice to steal credentials or request money transfers from employees. Other attacks include deepfake videos or audio of a CEO or employee used to disseminate false information online that could negatively affect a brand. More than 40% of businesses have already experienced a deepfake attack, according to authentication experts at ID R&D.
What To Do About It
There are a few simple things you can do to prevent deepfakes from having damaging consequences on your business.
1. Review policies around technology and communication
Ensure you have transparent communication practices and that your team knows how communications are used internally. Would a company executive ever call an employee to place an official request for money or information? If not, employees should be suspicious. Also, encourage employees to verify any e-mail or phone request they aren’t sure about.
2. Include deepfake spotting in cyber security awareness training
Double-check that your cyber security awareness training covers how to spot deepfakes. Things to look for include unnatural eye blinking, blurry face borders, artificial-looking skin, slow speech and unusual intonation.
3. Have a response plan
Deepfake attacks are in their infancy, and you can expect to see more attacks like this in the future. Be sure your company’s leadership talks about how to respond if a deepfake attack impacts your company. Even though there’s no perfect solution to the problem yet, the worst thing that can happen is to be caught unprepared.