Deepfakes are now the second most common security incident

Concern around deepfakes has been growing for some time and new research released by ISMS.online shows deepfakes now rank as the second most common information security incident for UK businesses and have been experienced by over a third of organizations.

The report, based on a survey of over 500 information security professionals across the UK, shows that nearly 32 percent of UK businesses have experienced a deepfake security incident in the last 12 months.

The most likely scenario today for threat actors to use deepfakes is in business email compromise (BEC)-style attempts. Attackers use the AI-powered voice and video-cloning technology to trick recipients into making corporate fund transfers. There are also possible use cases for information/credential theft, reputational damage or even to try to bypass facial and voice recognition authentication.

Among other findings 41 percent say that partner data has been the most compromised in the last year, highlighting the persistent risks posed by suppliers.

In addition 79 percent of businesses have been impacted due to an information security incident caused by a third-party vendor or supply chain partner -- an increase of 22 percent compared to 2023's research.

To combat these increasingly advanced attacks, enhancing training and awareness is crucial across both the supply chain and internally. Nearly half of the respondents (47 percent) are placing greater emphasis on employee education and awareness initiatives. In addition 38 percent say financial allocations for securing supply chain and third-party vendor connections are set to increase by up to 25 percent in the coming year. Despite AI being seen as part of the problem, 72 percent of respondents agree that AI and ML will help to improve data security programs.

Luke Dash, CEO of ISMS.online says, "It is deeply concerning to see the number of organizations threatened by both deepfake and third-party vendor risks. To address these rising and more sophisticated threats, organizations must continue to build robust and effective information security foundations. However, it is encouraging to see businesses investing in securing their supply chains and increasing employee awareness and training."

The full State of Information Security Report is available from the ISMS.online site.

Image credit: Skorzewiak/depositphotos.com

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.