The Rise Of Deepfakes Means CEOs Need To Rethink Trust


The Rise of Deepfakes: Rethinking Trust in Business

Artificial Intelligence is driving a seismic shift in how businesses operate. As companies adjust their strategies and roadmaps, CEOs must rethink the core fundamentals of business, especially the concept of trust.

Recent estimates reveal that in just two quarters, the share of social engineering attacks among all cyber security threats surged from 7% to 20%, according to Kroll’s latest report. A staggering **43%** of all successful cyber attacks stem from social engineering, suggesting that businesses should take this threat seriously.

Corporate leaders are particularly vulnerable due to their public visibility. Only a few years ago, malicious actors needed significant resources to imitate a corporate leader. Today, access to one of the estimated **100,000 AI models** capable of producing deepfakes has made this easier than ever. Much of the information needed is readily available online, thanks to social media and corporate PR efforts.

My colleague and I raised alarms about deepfakes back in 2020, yet we could not foresee the current scale at which they are exploited for social engineering attacks. A recent case involved a Hong Kong banker who joined a video conference filled entirely with deepfake participants, including the company’s CFO. This led to the transfer of over **$25 million** after following instructions.

Investing in Cybersecurity: Building Trust

Cybersecurity practices often draw inspiration from military strategies due to shared objectives—avoiding, containing, and addressing adversaries. The **red team/blue team** model is a prime example. Here, the blue team defends while the red team seeks to breach security.

As Reid Hoffman demonstrated with just two models, **11Labs** and **Hour One**, team red can execute sophisticated attacks with minimal resources. This places significant emphasis on whether team blue is adequately resourced.

Emily Mossburg, Global Cyber Leader at Deloitte, emphasized that “CEOs need to ensure their team blue is equipped to address the current threat landscape.” Cybersecurity teams alone won’t suffice; embedding defensive tools across the organization is essential.

The truth is that adversaries can simply switch targets if one employee starts to recognize a ruse. “AI is evolving in defense, but ultimately, it’s on every employee to make cybersecurity effective,” Mossburg added.

Investing in comprehensive cybersecurity training goes beyond merely reporting phishing emails—it’s essential. “We cannot eradicate risks, but we can choose the level of risk we’re willing to accept,” Tavakoli noted when discussing the CEO’s role in enhancing security resources.

Equipping Team Blue: Strategies for Improved Cyber Defense

Numerous companies are working to weave trust into digital environments. For example, **Wiz**, a cloud-security firm, is set to be acquired by Google for **$23 billion**, underlining the profitability of trust-centric cybersecurity solutions.

However, it’s crucial for leadership to recognize the limitations of relying on a singular approach. Regarding AI, although team blue can harness its capabilities, there is still a gap to close before surpassing team red.

“Integrating AI into cybersecurity necessitates a blend of IT and predictive capabilities that remain largely inaccessible to the general public,” Dave Maher, CTO of Intertrust, explained.

Moreover, simply outfitting team blue with cutting-edge AI tools doesn’t suffice. Establishing robust systems of trust requires a diverse arsenal of strategies, including returning to traditional methods while team blue finds its footing.

Many financial institutions are implementing step-up authentication for phone transactions, which is an effective but limited measure. “Detecting acoustic and phonetic artifacts that AI-generated communications leave behind requires deploying the right tools across all calls,” said **Rahul Sood**, CPO at Pindrop.

Given the imbalance—where attackers can rely on one or two tactics while teams blue must utilize an entire suite of strategies—it’s imperative to focus on extensive training and a variety of protective measures.

The Importance of Context in Cybersecurity

In the war on trust, context is invaluable. Even the most adept adversary cannot replicate the unique context of each employee’s role. For instance, knowing that your CFO never schedules calls on Fridays can help distinguish a genuine request from a deepfake attack.

Hed Kovetz, CEO of Silverfort, said, “Having broad context about your interactions is essential for establishing trust.” Organizations can create this context by instituting clear protocols and practices that remain invisible to outsiders yet serve as critical cues for employees.

Maintaining consistent communication styles and employing unique internal jargon can bolster trust. For example, future meetings could incorporate specific signs or signals known only to company members.

Above all, organizations should not complacently wait for attacks to transpire. Emphasizing context and maintaining a proactive stance can significantly enhance defenses against social engineering.

By promoting an awareness of trust-related issues and embedding them within corporate culture, businesses are better equipped to combat the deepfake menace.

© Singularity Chamber of Commerce (SChamber) All Rights Reserved.