Tackling deepfakes: Now is the time to fix your broken processes
The recent news that a global design and construction company was the target for a deepfake scam costing $25million is a sign of what businesses will soon be facing on a regular basis. But while the business threat from deepfakes is relatively new, these kinds of cyberattacks exploit a weakness in process that are only too prevalent in the cybersecurity community.
Social engineering attacks such as phishing and spear phishing campaigns have long exploited these weak and broken processes resulting in huge financial and reputational impacts for companies of all sizes across the world. They could provide a route through to compromising an employee device with privileges far beyond their role, or to trigger a chain of events to exfiltrate information or money from an organisation.
In this blog we examine weak and broken processes, an understanding is paramount to effectively manage vulnerabilities such as deepfakes and improving robustness to social engineering and cyber-attacks.
Ineffective Processes Exposed
A frequent scenario in many businesses is one where a non-senior staff member is responsible for releasing money from the business for payroll or other purposes, as shown in the following illustration.
These activities are commonplace but expose the business to fraud requiring controls to be put in place. In this case, employee Y now needs approval from senior management member Z to release funds.
This approval process may in some cases be technically implemented through financial systems, ensuring that payments would be stopped if approval was not gained.
If an attacker can impersonate Senior Z and tell Employee Y to send money to a specific account, Employee Y will most likely no longer seek approval from Senior Z before releasing funds.
How is this changing with new technology?
It is clear to see how this problem deepens with the recent rise in deepfakes being used to impersonate senior members within organisations. Applying the use of a deepfake to the attack scenario listed above, applies additional pressure and gives unwarranted credibility to criminals. This is especially true in the case of junior members of staff, who are coerced into performing actions that have a negative impact on an organisation.
It is an extremely effective method for attackers, providing a level of trust to further bolster targeted attacks against organisations. The attacker benefits from the reputation of a senior representative within an organisation or even that of a whole enterprise externally.
How to secure your business?
Protecting against the use of AI in social engineering attacks is a multi-tiered issue. In the first instance providers of business systems must improve and evolve their technical controls to protect those using their services, with many already making progress in this space. But for organisations already greatly dependent on external systems, this exposes a window of opportunity for cybercriminals.
So while we wait for technical solutions to the growing deepfake problem, there is an opportunity to look inwardly to our own systems, both technical and process driven, with a view to identifying and tightening broken processes that make these exploits so successful. By building the necessary checkpoints, technical or otherwise, into processes to catch issues before they are able to damage the organisation, processes can be in place while services catch up.
About the author
Harry Gough is coc00n’s Chief Operating Officer. With almost a decade of experience at the forefront of cyber security within government, devising and implementing systems to protect the UK’s most high-risk institutions and individuals against cyber threats.
About coc00n
coc00n provides personal device protection for high value and high risk individuals at a level previously only available to those under government protection. Contact us to find out more.