Three essential steps for organizations to safeguard against deepfakes

Discover three crucial steps every organization must take to safeguard against the rising threat of deepfakes

News By Matt Berzinski published 27 September 2024

Our identities face unprecedented threat. While AI has the potential to be a force for good, in the hands of nefarious actors it can have the opposite effect, amplifying these dangers. Among these threats are deepfakes: synthetic media used to impersonate real individuals. Over the past year, these fraudulent impersonations have surged, targeting individuals across various platforms. As deepfakes become more convincing, cybercriminals are finding new ways to exploit them, posing serious risks to personal and organizational security.

While deepfakes have been circulating online since 2017, their impact has recently escalated. Initially used to impersonate celebrities and public figures, deepfakes have now become more personal, targeting senior executives across nearly every industry—from retail to healthcare. A notable case involved a finance employee who was deceived into transferring an astonishing £20 million to fraudsters who used a video deepfake to impersonate the company's chief financial officer.

Exacerbating the issue is the need for more awareness among the general public. A recent survey by Ofcom revealed that less than half of UK residents are familiar with deepfakes, increasing the likelihood of these attacks succeeding. Equally concerning is that according to KPMG, 80% of business leaders believe deepfakes pose a significant risk to their operations, yet only 29% have implemented measures to counteract them.

The first step in addressing the deepfake challenge to cybersecurity is raising awareness and adopting proactive strategies to combat the threat. But where should organisations begin? Let's delve deeper, looking at three solutions that organisations can take to prevent being caught out by deepfakes.

Matt Berzinski

Senior Director, Product Management at Ping Identity.

A Dual Approach: The Importance of Passive and Active Identity Verification

To effectively counter deepfakes, organizations must adopt a multifaceted approach to identity management and verification. While biometric authentication methods such as fingerprint or facial recognition are robust, more than a single mode of authentication is required to protect against today's sophisticated cybercriminals. Multiple layers of authentication are necessary to safeguard against these threats without compromising the user experience.

This is where passive authentication, particularly passive identity threat detection, becomes crucial. Operating alongside active authentication methods—such as user-initiated verifications—passive identity threat detection works behind the scenes, primarily focusing on identifying potential risks. This technology can activate alternative verification methods, such as a push notification to confirm location or device usage when suspicious login attempts or behavior are detected. Rather than overwhelming users with additional authentication steps, passive identity threat detection alerts both the user and the organization to potential fraudulent activity, preventing it before it escalates.

Navigating a 'Trust Nothing' Era: The Shift from Implicit to Explicit Trust in Identity Verification

The concept of implicit trust—where we naturally trust what we see and hear—is diminishing as deepfakes increasingly compromise identity verification. In today’s “trust nothing, verify everything” era, explicit trust measures, such as sending a text message, push notification, or other credential checks outside the usual communication channels, have become essential. While not necessary for every interaction, these additional verifications are crucial when dealing with sensitive actions like transferring money or clicking on potentially malicious links, ensuring authenticity in a world where appearances can deceive.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors