GetApp offers objective, independent research and verified user reviews. We may earn a referral fee when you visit a vendor through our links. 

Security

AI Cyberattacks Are Such a Threat That 73% of US Companies Have a Deepfake Response Plan

Jul 23, 2024

The risk of sophisticated attacks via deepfake impersonation and ID fraud is leading businesses to reassess their cybersecurity protections. Are they enough?

AvatarImg
David Jani
AI Cyberattacks Are Such a Threat That 73% of US Companies Have a Deepfake Response Plan

What we'll cover

Deepfakes and artificial intelligence (AI) generated identity fraud represent a looming threat to companies, with many already suffering the impacts of increasingly sophisticated impersonation attacks. These attacks can disrupt unique, established protection methods like biometrics, which were previously considered impractical or impossible to replicate.

What is a deepfake?

A deepfake is a form of fraud in which cybercriminals use machine learning and deep learning processes to create artificial images, videos, and vocal audio to realistically impersonate an individual.

This newer breed of cyber attacks can undermine direct communications with a person by phone or video chat, and they’ve already tricked people out of millions. Company leaders need reassurance that their protections can still work to defend them against threats and to adapt to the new realities. Given the urgency of this issue, what are companies doing about it?

To find out, in GetApp’s Executive Cybersecurity Survey*, we surveyed 2,648 IT and cybersecurity professionals globally in May 2024, including 238 US respondents. We examined how the rise of new AI-driven impersonation attacks is causing companies to reevaluate their cybersecurity and network monitoring protections.

Key insights

  • 49% of professionals have privacy concerns and 38% fear potential identity theft from implementing or using biometric protections. Nevertheless, biometrics still produce satisfactory results among respondents. 

  • 60% of global IT and security professionals say their companies have developed specific measures to defend against AI-generated deepfake attacks.

  • 77% of surveyed professionals work in companies that have increased their investments in cybersecurity over the last 18 months.

Biometrics still enjoy success but AI-based attacks are dampening trust 

Biometrics have commonly been adopted to protect access to company systems and remain common in US businesses as most (69%) respondents work in companies where employers require the use of biometric authentication to tighten cybersecurity (above the global average of 53%).

CAP_072024_DeepfakeAICyberattackResponses-biometrictypes

Not only that, they are also proving satisfactory to most users. Overall, 91% of global respondents who use biometric authentication are either satisfied or extremely satisfied with the results. Furthermore, they still make up part of a strong defensive strategy, especially as a step of multi-factor authentication (MFA). Having multiple steps of secure authentication still remains a strong tactic for thwarting potential cybersecurity breaches.

Yet, there are still relatively high privacy concerns about these systems. Amongst our global respondents, 49% identify this as their biggest challenge when using biometric protections above other potential issues such as data breaches and cost. In fact, we saw in GetApp’s 2024 Biometrics Survey that this was previously driven by a lack of faith in tech companies' ability to protect sensitive biometric data stored on their servers.

CAP_072024_DeepfakeAICyberattackResponses-challenges

To top it all off, trust is now coming under threat from another source. There is an increase in AI-generated attacks including deepfake fraud, more targeted phishing attacks, malware, and impersonations.

This is proving particularly worrying for US employees using biometrics. Out of all countries surveyed, the US had the highest number of respondents (36%) in companies with biometrics measures expressing the greatest level of concern about AI’s potential to create synthetic fingerprints, facial images, or voices for ID fraud.

Fears about synthetic AI-generated content compromising biometric authentication seem unsurprising in the current climate of deepfake fraud. [1] Since local respondents seem more likely than other international employees to use biometrics as a forms of access, this adds further fuel to the fire of worries in the US.

How biometrics can help and hinder user security

How and where biometric login methods are used can enhance or weaken their overall protective capacity. It may now be easier for bad actors to spoof more recognized biometric features, however, if they are only a single part of identification rather than being the only authentication mode, they can still provide robust protection.

Adding an extra step of security verification can make all the difference, especially as allowing the optional use of single-factor access sign-on can make it easier to breach a company's defenses. Hackers responsible for the recent breaches affecting the data of 500 million Ticketmaster users took advantage of this by targeting specific users of one of the company’s cloud providers who had not enforced multi-step authentication access across the board. [2]

Therefore, it is important to ensure it is a requirement for employees to use multiple factors to identify themselves and not to have it simply as an opt-in only.

IT professionals are so concerned that most companies now have dedicated deepfake plan

Deepfake content and live videos present a worrying problem for company executives. These impersonation attacks allow cybercriminals to access sensitive information or make fraudulent transactions by using the visual appearance of a trusted employee or even a company leader.

In fact, the threat and fear of these attacks have already generated action. We found that 73% of US IT professionals work in organizations where cybersecurity or IT management teams have developed specific measures against the risks of AI-generated deepfakes and their potential to impersonate senior executives.

Companies can respond to the dangers of deepfakes in various ways, using training and software solutions in tandem.

CAP_072024_DeepfakeAICyberattackResponses-preventionmeasures

Also, much like phishing attack preparation, it appears that companies are looking to run simulations of attacks to increase preparedness as a majority of respondents work in companies where this is already implemented.

Awareness and practice of encountering deepfake attacks are both important for getting the workforce prepared to deal with these evolving threats. These approaches combine both theoretical awareness and a practical element to help employees spot the dangers and keep on their toes when a real attack comes along.

Signs you might be talking to a deepfake

As deepfaking executives and employees on video calls become more prevalent, it is important to be aware of the signs to look out for to know if something is up. Some common features of deepfake videos include:

  • Jerky or unnatural body movement 

  • Blurring around facial features

  • Unnatural eye-movements

  • Unusual coloration

  • Inconsistent audio

Additionally, if you are in doubt about the person you are speaking to, you can make it easier to spot deepfakes by asking them to turn their head 90° to the side to see a profile view of their face. This can disrupt the software algorithm that projects another face onto the speaker as it has to adapt to a shape it is not as used to working with.

Shore up easily exploitable vulnerabilities at the earliest

Businesses can also take steps to bolster security without dedicating significant time, resources, or spending. A first priority needs to be spotting and securing potential holes in a company’s defenses that can be patched and made more secure without increasing spending. This will not only allow the business to prioritize spending on more urgent security requirements, but will also help shore up security overall.

For example, many international respondents in GetApp’s survey who have already suffered through cyberattacks are turning to measures that can be employed immediately to enhance their protection. These include essential actions such as improving network security, prioritizing software updates, and improving password policies.

7 cheaper vulnerability fixes you can apply as investment in cybersecurity grows

As you might expect, new threats mean new priorities for cybersecurity spending. As the risks in the current security landscape are urgent, reallocating or raising spending on cyber defense is a major question small businesses are facing.

Unsurprisingly, our study shows that spending has been on the rise. Amongst our sample, 85% of US respondents report that their company’s cybersecurity spending has grown over the last 18 months, far above the global average of 77%.

CAP_072024_DeepfakeAICyberattackResponses-vulnerabilities

However, as we can see, higher expenditure isn’t the only solution available to companies. There are also relatively straightforward, almost cost-free optimizations that companies can implement to improve their defenses. Here, we list seven measures firms can deploy:

1. Develop a plan for deepfakes 

Companies should prioritize developing a plan to tackle deepfake attacks. This plan could incorporate a two-pronged approach: raising awareness of the dangers and simulating the kinds of attacks staff may encounter, which might be crucial when a real threat arises.

Additionally, when addressing the threat of deepfake phishing, it is worth considering using a deepfake detection tool as an extra layer of security. These can monitor video calls and messages to scan for telltale signs of a fake image or appearance and notify users accordingly. Having a solid cybersecurity crisis management plan is also essential.

2. Use multi-layer protection

As we’ve seen, it’s important to ensure multiple levels of cybersecurity protection. This is integral to preventing attacks from succeeding and making the process of breaching your defenses more complicated for an attacker.

Having a strong multi-factor authentication (MFA) system in place can also help alleviate emerging concerns about the safety of authentication software and biometric security and create better confidence in cyber safety. When doing so, it can help to look out for software providers who offer features such as enhanced fraud detection and low-code integrations. 

3. Audit your network security

At a time like this, it is vital to review your company's network security. Any vulnerabilities in this infrastructure could easily allow a cyberattack to succeed. We found that 48% of our sample whose senior execs were targeted by cyber attackers are prioritizing improvements to their network security and this is key to underpinning security.

Network security software should be standard in every company. It protects against cyberattacks and data loss by detecting and blocking threats such as viruses, malware, and unauthorized access. It also improves network integrity and availability, resulting in a more stable and secure IT infrastructure.

4. Enforce regular update schedules

The latest updates usually prioritize security patches to prevent vulnerabilities from being exploited. According to our sample, software updates are a priority for 45% of companies that were previously targeted, representing a small but significant step toward better security.

A good trick here is to use patch management software across a business to ensure updates, drivers, and firmware are kept up to date as new patches are released. This software can monitor software for upgraded versions and enforce compliance with update schedules. 

5. Strengthen your password policy

A good password policy is a company-wide concern. This is an ever-more-important issue to ensure each step of security is up to the challenge of today’s technical landscape, especially as trust in biometrics drops. Moreover, a strong password policy is only going to get more vital as AI tools emerge that can crack passwords with greater ease. [3]

The use of self-service password reset (SSPR) tools can prove vital in this regard. They can help ensure staff regularly update their passwords and set parameters for the level of complexity a password must have.

6. Train executives for new realities

Executives are a prize target for scammers or threat actors due to their levels of access and oversight over major transactions and decisions in a company. New threats such as deepfakes require extra commitment to this goal.

Security awareness training software can prove practical for executives and other staff, offering up-to-date guidance on how to spot and respond to the latest threats.   

7. Encrypt your data

Unprotected data is a goldmine for cybercriminals and can be used to socially engineer a cyberattack on your business. Therefore, it is especially essential to ensure business data is stored and shared securely.

Having a strong data encryption solution is key. This makes the data harder to access and interpret without the right authorization, so even if a hacker gets away with information, they may not be able to use it.

Don’t panic, get prepared

The threat posed by biometric fraud and deepfake technology is a serious cause for concern for companies. However, the good news is that steps can be taken to get ahead of cybercriminals. 

In many ways, the fear of these threats has galvanized companies to examine their security provisions more closely and make improvements. This helps defend against not only newer threats but also more established dangers. 

Looking forward, it is likely that newer threats to trusted security measures like biometrics will grow as techniques for sidestepping them evolve, but being forewarned is being forearmed. As we observed in our data, companies are responding to this challenge by spreading internal awareness and staying on top of this will be important as a first line of defense.

This preparedness also needs to go beyond a one-size-fits-all approach. Company executives represent a major target for cybercriminals and this requires some special measures as we observe in part two of this survey analysis.

Looking for cybersecurity software? Check out our catalog.

Survey methodology

*GetApp's Executive Cybersecurity Survey was conducted in May 2024 among 2,648 respondents in the U.S. (n=238), Canada (n=235), Brazil (n=246), Mexico (n=238), the U.K. (n=254), France (n=235), Italy (n=233), Germany (n=243), Spain (n=243), Australia (n=241), and Japan (n=242). The goal of the study was to explore how IT and cybersecurity professionals are responding to the rising threat of biometric fraud. Respondents were screened for IT and cybersecurity roles at companies that use security software and have more than one employee. Respondents were screened for involvement in, or full awareness of, cybersecurity measures implemented at their company.

Sources

1. Finance worker pays out $25 million after video call with deepfake ‘chief financial officer', CNN

2. Ticketmaster confirms hack which could affect 560m, BBC

3. Hackers are using AI to crack passwords: How to choose better passwords to keep them out, USA TODAY

avatar
About the author

David Jani

David Jani is a content analyst at GetApp. With a background in tech journalism, public relations, and marketing, he uses his extensive experience to provide actionable insights for small and midsize businesses.

David’s research and analysis is informed by more than 150,000 authentic user reviews on GetApp and nearly 3,000 interactions between GetApp software advisors and software buyers.

His thought leadership work has been featured in TechRadar, Startups Magazine, and Raconteur.
Visit author's page