Safeguarding businesses against deepfake threats to employees
Cybersecurity threats are constantly evolving and posing new challenges for businesses and their employees. As artificial intelligence (AI) advances, malicious actors are finding innovative ways to exploit vulnerabilities and compromise systems. One emerging threat that has garnered significant attention is deepfakes.
In February 2024, CNN reported that an employee of a Hong Kong company was tricked into making 15 transfers totalling about US$25 million to scammers after a fake video call with the company's chief financial officer and co-workers. The scammers had used deepfake technology to create the fraudulent call to convince the employee to make the transfers into five Hong Kong bank accounts.
There are many cases of prominent government ministers, business leaders and celebrities being used by scammers to lure people into cryptocurrency and investment scams.
Such maliciously manipulated images, audio and video recordings can harm a company's reputation, compromise sensitive information, and even lead to financial or business loss.
Businesses need to take proactive measures to counter these threats. Here are steps that they can consider taking to protect their employees from unknowingly falling prey to scams and phishing attacks.
1. Raise awareness: Knowledge is power. The first line of defence against deepfake threats is to raise awareness among employees. Conduct workshops, and share articles, videos and updates on latest deepfake trends. Use multiple channels such as email, intranet, posters, and team meetings. These are among the ways to heighten awareness and empower employees to recognise and respond to this emerging cybersecurity risk effectively. By raising awareness about the dangers of deepfakes, employees can become more vigilant and discerning when consuming digital content.
2. Train employees: Businesses should educate employees through training programmes. An example is StarHub's automated cybersecurity and personalised cybersecurity awareness training programmes, which expose participants to simulated phishing attacks. The comprehensive StarHub training is designed to empower businesses by educating their employees about the latest cybersecurity threats and best practices. It includes engaging and interactive learning modules that cover essential cybersecurity topics, such as phishing awareness, password security, and social engineering tactics. Additionally, the platform offers real-time reporting and analytics, providing valuable insights into employee performance. This enables businesses to track progress, measure effectiveness, and identify areas for improvement.
3. Establish verification protocols: Implement robust verification protocols for all communication channels, especially those involving sensitive information. Adopt multi-factor authentication and encryption methods to ascertain the identity of individuals. By requiring multiple forms of authentication (such as passwords, biometrics, and one-time codes), businesses can reduce the risk of unauthorised access even if a deepfake impersonates a key employee.
Businesses can also consider adopting the Zero Trust Maturity Model developed by was developed by the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency. This framework outlines the progressive stages and capabilities an organisation should implement to achieve a robust zero trust security architecture. The model can help businesses enhance their cyber resiliency by emphasising three key capabilities: visibility and analytics, governance, and automation and orchestration. It provides a roadmap for businesses to transition toward a zero trust architecture, ensuring robust security practices across their systems and services.
StarHub has adopted multi-factor authentication measures to improve security, using the zero trust model for continuous verification and authentication.
4. Adopt detection tools: It's the case of an eye for an eye. Use AI-powered detection tools to counter AI-generated deepfakes. These tools analyse subtle cues, such as inconsistencies in facial expressions or unnatural voice patterns. Leveraging such tools can help businesses identify and flag suspicious media content effectively. The Singapore government is establishing the Centre for Advanced Technologies in Online Safety to test technologies such as watermarking and content authentication to develop tools to detect harmful contents such as deepfakes and misinformation.
Regrettably, the same tools used for detecting deepfakes can also be employed to improve them, making detection more challenging. Businesses must stay informed about the latest advancements in detection tools. The delicate balance between detecting and countering deepfakes while avoiding their unintended enhancement remains a critical challenge in the digital landscape.
5. Collaborate with industry experts: Deepfake technology will continue to evolve, making it increasingly difficult to distinguish between authentic and manipulated content. Businesses should collaborate with industry partners and experts, such as those from StarHub and Palo Alto Networks, to combat the threat of deepfakes effectively. Engage with industry partners, cybersecurity experts and law enforcement agencies to share information, insights and best practices for detecting and mitigating deepfake threats. By pooling resources and expertise, businesses can strengthen their defense against this ever-evolving threat.
While the rise of deepfake technology poses a significant threat to businesses and their employees, taking such measures can help mitigate the risk of falling victim to scams. Safeguarding employees against the dangers of manipulated media is not only essential for protecting the reputation and integrity of businesses but also for upholding trust and security in an increasingly deceptive digital landscape.