How CISOs should tackle the year of deepfakes

Deepfakes are picking up steam and no one is safe -- not even the President of the United States, who was recently the subject of an election-based audio deepfake scandal. And with an unavoidably heated year ahead with the impending presidential election, I anticipate deepfakes will continue to proliferate.

Deepfakes are a unique cybersecurity topic. They stem from social engineering and are always evolving, but there’s a responsibility for CISOs to position their organizations to combat them.

The Advancement of Adversarial AI = The Advancements of Deepfakes

Deepfakes are dangerous, and with artificial intelligence (AI) now in the hands of threat actors, I anticipate we’ll see more realistic and destructive deepfakes. In a recent Hybrid Cloud Security Survey, 40 percent of the security and IT leaders claimed they’re seeing a rise in deep fakes and AI security attacks. There’s no doubt, the automation through AI and large language models (LLMs) is multiplying the magnitude of the attack chain.

AI is processing more context to make deepfakes much more realistic, such as generating more compelling messages, utilizing vocal recognition, and AI-generated images and videos. Although identity validation is traditionally put into place as a security and safety measure, malicious actors are using the advancement of AI to gain access to systems by stealing or tampering with identities.

Websites that require passports or other government-issued identification, such as booking a rental home, are at risk. With the advancement of AI, it’s easy for people to create AI-generated photos of a non-existent person paired with a real social security number, address, etc., to fool validation platforms. While this is a more trivial case, there’s also the chance that the wrong people can gain access to critical business information with badge and/or login credentials, leading to far more widespread.

Given these risks, the Biden administration is working on an order to prevent other countries from gaining access to Americans’ sensitive data including health records and cell phone logs, proving that it can be not only a personal security concern but also a national security concern.

How CISOs Can Combat Deepfakes When (Not If) Their Organization is Impacted:

While it is impossible for CISOs to prevent falling victim to a deepfake 100 percent of the time, there are a few measures they can take to reduce risk. Here are five ways to do so:

1. Prioritize education: CISOs must educate their workforce on different deepfake methods. Although they are constantly evolving, there are plenty of repeated efforts that are easier to detect, such as texts and requests from the organization’s CEOs or other C-suite executives. A recent example of this was a finance employee who paid over $25 million after a deepfake Zoom call with whom he thought was his CFO. These vocal deepfakes are becoming increasingly realistic making it more important than ever that all employees be educated about their risks, how to identify them and never trust but verify.

2. Remain on the offense: CISOs must approach these threats the same way malicious actors do, by staying on the offensive as it pertains to AI. When CISOs automate their organizations through LLMs, they need to understand where the cracks may be so they can take preventative measures to safeguard their organizations while still leveraging AI. In doing this, they should run recurring threat intelligence audits that prioritize real-time visibility to ensure their infrastructure remains free of threats.

3. Optimize your AI stack: As organizations look to invest in AI capabilities to keep pace with the expanding attack vector, it's important for CISOs to keep in mind that AI alone can’t win this war. LLMs are only as accurate as the data within them. However, with 95 percent of network traffic encrypted, there is a surplus amount of data not visible -- and therefore not being used -- to optimize AI toolsets. Without that data, networks, organizations, employees, and customers are at substantial risk of being compromised. As organizations look to prioritize budgets for 2024 and look to do more with less, they must have visibility into encrypted cloud traffic to not only improve their security posture but also make the most of AI toolsets.

4. Maintain visibility: It doesn’t have to be game over once a threat actor has penetrated your first layer of defense, you can stop them before they successfully exfiltrate sensitive data. To do this, CISOs need to have the ability to maintain deep visibility into their networks. It’s critical to identify non-baseline traffic that could possess potentially nefarious activity, which is critical given 93 percent of malware hides behind encryption. Just recently, it came out that a Chinese nation-state threat group was living in U.S. critical infrastructure IT environments for five years.

5. Respond quickly: Not only do they need to spot suspicious traffic, but CISOs need the ability to respond quickly as breaches impact everything -- employee, security, and organizational security as well as public opinion, profitability, and more. As a CISO, you never want your organization to be the one sending out an email to stakeholders letting them know they were compromised six months ago, you want to be the CISO that identifies and mitigates a compromise within a matter of days, and assures all stakeholders that their security is top priority. To do this, you must maintain a real-time, data-driven view of all organizational traffic. And today, that means across all hybrid cloud infrastructure and North-South and East-West traffic.

Deepfakes aren’t going anywhere, and are only going to be more dangerous and more difficult to detect as the year goes by. CISOs have the responsibility to protect their organizations leveraging the latest threat intelligence and mapping that to the complexities – and any weaknesses -- in their infrastructure. As important, it’s up to CISOs to educate their organizations and rely on emerging technology to keep a close eye on and detect any malicious behavior to mitigate future threats.

Chaim Mazal is Chief Security Officer at Gigamon.