The firm that conducted the latest quarterly poll is now expressing its opinion on this concerning “trend”
In our latest poll* of CXOs across the world on what’s top of their mind, C-suite leaders from the Asia Pacific region had ranked deepfakes at the bottom (number five) of their short list of cybersecurity concerns.
In a rapidly evolving threat landscape, this underestimation of risk can be particularly insidious, especially as threat actors are accelerating their use of AI and generative AI to quickly create and launch deepfake attacks.
The high financial and reputational risk to individual organizations was made apparent by the infamous and highly visible case of a Hong Kong-based organization that was scammed using a deepfake of the company’s chief technology officer, resulting in a US$25m loss.
A clear and present danger
As cyberthreat actors permeate industries and organizations of all sizes, it is easy to imagine the colossal damage that deepfakes can cause. Already, the threat actors (including state-sponsored cyber syndicates) are spending more for higher-quality deepfakes, with prices reaching up to US$20,000 per minute for high-quality videos.
Our own cyber intelligence research indicates a 223% increase from Q1 2023 to Q1 2024 in the purchasing and selling of deepfake-related tools in major dark web forums. As technologies advance, threats will become more complex, and it will be harder to distinguish between authentic and falsified identities. Complicated security protocols will exacerbate the financial and reputational damage.
The CXOs in the latest poll had ranked deepfake concerns at the bottom of their top concerns. Was that wrong?
To be fair, choosing your most dreaded cybersecurity threat is like choosing your favorite child. It can be hard to prioritize cyber threats, and organizations need robust cyber resilience strategies that can provide holistic cover and be sharpened and scaled to address imminent ones such as deepfakes.
In our opinion, it is important that APAC CXOs proactively safeguard against deepfakes by integrating advanced security features, enforcing strict controls, and providing comprehensive employee training.
Educating leadership about evolving threats and conducting regular sessions to keep executives updated on the latest deepfake techniques is essential, as is strengthening defenses at the infrastructure level through robust policies, procedures, and governance.
Implementing strict verification protocols for communications involving financial transactions and sensitive information is also necessary, and conducting regular tabletop exercises and penetration testing can help identify vulnerabilities and assess readiness for attacks. These are just some of the things businesses can consider.
Governance initiatives needed
Deepfakes present a clear and present danger, and their societal risk is well accepted.
Across the world, deterrence measures are being put in place, including legislation to address these risks, such as the Australian government’s amendment of its criminal code, to impose serious penalties on those who use AI to create and share sexually explicit material without consent. Another instance is Singapore’s recent ban of the publication, boosting, sharing, and reposting of deepfake content during elections.
In turn, businesses need to step up their vigilance, recognizing that the financial burden associated with rebuilding an organization’s reputation and regaining customer trust after a deepfake attack significantly surpasses the expense of implementing a robust cybersecurity strategy ahead of time.
*The 26 July to 4 September 2024 quarterly poll involved 2,800 C-Suite executives (CEOs, CFOs, CHROs, CMOs, etc.) across 18 countries and 22 industries, with respondents from Australia, China, India, Japan and Singapore representing the Asia Pacific sample cohort.