Deepfakes Can Damage Businesses

1. Combine Employee Training With Privileged Access Management

Research shows 30% of IT leaders feel unprepared to tackle deepfake threats, which have proliferated through the availability of AI. Organizations must combat threats that are more believable and easier to execute than ever before. Employee training can help prevent attacks, while privileged access management will strengthen an organization’s defenses and reduce the impact if an attack does occur.

2. Treat Deepfake Impersonation As A Tier-1 Security Threat

Voice and video deepfakes pose an executive impersonation threat. Imagine a fabricated video from a CEO directing emergency wire transfers to attackers’ accounts. Beyond standard multifactor authentication, organizations need real-time biometric verification protocols, AI-powered audio and video authentication systems, and incident response playbooks that treat deepfake impersonation as a Tier-1 security threat.

3. Educate Staff On The Warning Signs

Mis-, dis- and mal-information spread by malicious actors through deepfake technology are pervasive cybersecurity threats. Deepfake videos can trick employees into transferring funds to threat actors or sharing credentials. Instructing staff on the signs of fake images or videos and prioritizing cybersecurity training are critical.

4. Regularly Review Employee LinkedIn Profiles

We’ve noticed LinkedIn profiles for people who claim to work at our company but who don’t or never have. Such deepfake profiles damage our company because our people, our reputation and our brand are being abused. Leaders can respond to this specific use of deepfakes by periodically reviewing all “employees” of your company. Look for surprises and flag the frauds for review by LinkedIn.

5. Monitor Look-Alike Domains And Provide Response Training

Deepfakes that are well-executed can render substantial reputational damage to a company before they are exposed. Monitoring look-alike domains and training employees on the appropriate ways to respond when they spot a deepfake are great ways to become more resilient. There are also emerging technologies that can detect deepfakes with increasing sophistication.

6. Establish A Robust Multifactor Authentication System

Deepfakes impersonating a CEO or CFO and executing an unauthorized financial transaction are a significant threat. A robust multifactor voice and video authentication system must be established across all financial systems to maximize security. In addition, having a team that proactively verifies high-value transactions can prevent such threats.

7. Guard Your Brand Assets And IP Carefully

The use of social media and the internet, as well as advertising, put many assets of a company online. Logos, photos and much more can be used against a business. Threats from deepfakes and other malicious content can come from around the globe. The solution? Use an online intelligence provider to ensure robust IP monitoring and constant vigilance to get ahead of the problem instead of reacting to it.

8. Instruct Staff To Directly Confirm Unusual Requests

Deepfakes enable fraudsters to impersonate executives in video calls, tricking employees into transferring funds. To counter this, companies should train staff to verify video meeting sources, as deepfakes rarely breach corporate email. Employees must confirm unusual requests with executives via secure channels like direct messages, thereby fostering vigilance and reducing fraud risks.

9. Commit To A Multilayered Defense Strategy

Deepfakes can depict business leaders uttering false statements or committing dangerous acts, harming reputations and deceiving consumers. Companies must educate employees and customers to recognize the traits of deepfakes. Additionally, commit to a multilayered defense strategy using AI and biometrics to flag manipulated image, video and audio files and identify the creators of fraudulent content.

10. Establish Secure Internal Communication Channels

In a leader’s words lies the power to build or transform—but deepfakes can weaponize this authority. Fake CEO announcements could mislead stakeholders, causing panic or damage. To prepare, establish secure internal communication channels with verification protocols. When responding to deepfakes, act swiftly; issue a public statement debunking any misinformation and reassure stakeholders through transparent updates.

11. Adopt The C2PA Standard

Deepfakes can and will be used in scams and phishing attacks against your employees. Reliable content authentication is key to knowing exactly where an image, video or other content comes from, as well as when, how and by whom a piece of content was edited or created. Preparing to adopt the Coalition for Content Provenance and Authenticity standard for internal content starts the process by verifying all internal content.

12. Combine Awareness With Technical Solutions

Deepfakes can harm brand reputations and impact customer trust. As digital trust grows increasingly vital, companies must develop comprehensive strategies for measuring risk and deploying controls, including raising customer and stakeholder awareness, leveraging AI technologies that detect deepfakes, and developing coordinated response plans to address incidents in a timely manner. A trained workforce is needed to implement all of the above.

13. Develop A Rapid Response Strategy

Deepfakes could be weaponized to manipulate stock prices. Imagine a fabricated video of a CEO admitting to fraud; this could trigger a sell-off, harming investors and the company’s reputation. Leaders must proactively prepare for such scenarios by developing a rapid response strategy, including clear communication channels and readily available authentic footage to counter misinformation.

14. Put Multiple Controls In Place To Protect Employees

Deepfake technology provides fraudsters the ability to create compelling audio and video for social engineering. Leaders can address this threat by ensuring that business processes have multiple controls in place to circumvent employee coercion. These can include requiring a valid challenge-response, multiple manager approvals, two-person control, and end-user security training.

15. Build A Cautious Culture From The Top Down

Social engineering has always been a critical weakness for organizations. Deepfakes and more powerful AI are making social engineering exponentially harder to counteract. Culture and education are key for leaders. Drive home recurring, consistent messaging, top-down, to all employees—knowledge is the power that protects individuals, teams, organizations and communities.

16. Set Up Policies To Manage AI Usage, Verification And Communication

The most pressing threat comes from false executive statements and brand communications. Companies can fight against these by setting up proper policies to oversee the usage of AI, upgrading verification protocols (possibly including blockchain technology), and conducting regular communication audits to ensure the right information appears on the right channels—and those channels only.

17. Be Very Careful When Onboarding New Employees

Imagine hiring a remote employee who attends meetings and completes tasks—but has never existed. With rising geopolitical tensions, state-backed actors may use deepfakes to infiltrate companies, steal data or spread disinformation. Faces, voices and even identification documentation can be deepfaked. These multilayered threats require a realistic understanding of the problem and the right technologies—defenses against deepfakes do exist.

18. Set Up Dedicated Email And Social Media Accounts For Communications

Deepfakes could be used to hurt a company by impersonating executives in spam emails and testimonials—these fake communications seem more realistic than ever before. Leaders can respond to such incidents by ensuring official communications only originate from certain email addresses and/or social media accounts.

19. Ensure All Official Content Is Published Across Multiple, Verified Channels

Deepfakes have the potential to be used for spreading misleading executive statements to employees, which could cause significant harm both within the company and in the broader market. Our strategy to combat this is simple: We ensure that all official content is published across multiple verified channels. If content isn’t shared on these platforms, it’s likely fake.