Alarm bells went off in board rooms and C-suites across the globe last fall when an executive at a Hong Kong company was duped by deepfakes into wiring $25 million to criminals.
According to CNN:
A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.
That incident brought an ominous warning to C-suites across the globe: Deepfakes are probably just getting started.
Businesses are increasingly at risk
Deepfakes are becoming increasingly difficult to distinguish from reality. That can cause real problems not just in political settings but, increasingly, in business. Managed service providers (MSPs) are often the first line of cyber defense. This is especially true for small and medium-sized businesses (SMBs). MSPs will also increasingly have to tailor their offerings to intercept and identify deepfakes.
SmarterMSP.com reached out to a cross-section of experts to see what MSPs should do to combat the threat.
Aaron Painter is the CEO of Nametag. This digital identity verification platform stops cyberattacks perpetrated by threat actors using AI deepfake information. According to Painter, MSPs can provide significant support in this area by proactively preventing injection attacks. This is the primary way attackers use deepfakes.
“In an era when businesses are utterly defenseless against these cyberattacks, AI deepfake ID documents, selfie-swaps, and videos can and do fool helpdesk and call center agents into granting account resets to impersonators,” Painter states. He adds that this is how threat actors take over accounts and breach company systems, inject ransomware, steal and sell sensitive data, damage reputations, and shut down company operations.
The future lies in partnerships
Jacob Kalvo is the founder and CEO of the software company Live Proxies. He also believes MSPs can play a role in combatting deepfakes.
“We see our future in the solid relationships we have with key technology providers and our specialization in verification and authentication media technologies. This will help MSPs stay ahead of the game by allowing them to adopt state-of-the-art deepfake detection that directly integrates into their offerings,” Kalvo says. He also adds that the MSPs are increasingly contributing actively to the cybersecurity community.
“MSPs will, therefore, have more appreciation for emerging threats and the sharing of best practices in the detection and prevention of deep fakes,” Kalvo believes.
Kalvo also shares that we need to put effective security protocols into place, considering both human and technological elements. “Such advanced AI tools in detection can help an MSP to analyze most patterns and inconsistencies that are typical with deep fakes. Such technical solutions can work hand in hand with training employees and clients to spot deepfakes, bringing an even more secure entity,” he adds.
And, finally, he notes there should be transparency with clients concerning the potential risks that come with the use of deepfakes and what measures must be put in place to mitigate such risks. Similarly, Kalvo explains, “This helps build clients’ preparedness to act timely and effectively, should an incident related to deepfakes occur. MSPs should seek continuous feedback on the security protocols and involve the customer in the security plan and response strategies. This allows MSPs to provide strong security in these areas. It also allows MSPs to instill in their customers that they are under guard in a difficult cyber threat landscape.”
The key to combat deepfakes
Wes Kussmaul, CEO of The Authenticity Alliance, shares that to combat deepfakes, MSPs must return to the future. The solution, he says, is hiding in plain sight.
“The solution set is comprised of true digital signatures made by the private keys accompanying digital identity certificates whose identity claims are legally attested to by an Attestation Officer who is commissioned by public authority,” explains Kussmaul. He adds that metrics such as the U.S. government’s NIST 800-63, Osmio IDQA, or others accompany those attestations to let you know the measured reliability of the user’s identity claim.
“Anyone can click the resulting seal made by the true digital signature and know for certain that nothing has been altered in the video or image or other content since it was signed by the individual who takes responsibility for it,” Kussmaul explains. He also notes that an “electronic signature” is not a true digital signature. “For years, technology decision-makers have been trained to look for the “new thing,” the latest feature set, the “bright shiny object” as experienced developers characterize such things. Solutions such as this one, hiding in plain sight for years, can solve the deep fakes problem.”
Don’t overlook old-fashioned user training
Another solution, experts tell SmarterMSP.com, is user training. For instance, one CEO told us, that today’s deepfakes are “one-dimensional.” So, if in doubt about someone’s authenticity, have them turn to the left or turn to the right. If their head disappears, then end the call immediately.
When all else fails, walk down the hall and check with the boss. Meanwhile, MSPs should be ready to combat the new surge of deepfakes.
Photo: metamorworks / Shutterstock
