The Implications of Deepfake
Just because we’re all stuck inside thanks to Coronavirus doesn’t mean the world of cybersecurity takes a break. As usual, threats constantly change to attempt crippling attacks on different databases and systems. Therefore, it’s important to stay vigilant. And hey, what better way to learn about cybersecurity than to be aware of a growing digital tech called “Deepfake?”
Deepfake has grown infamous for its uses and is based on synthetic media. In other words, artificial images and video are manipulated to exchange faces of the individual in said media. That means someone can be made to look like someone else, and the results are often indistinguishable. This is, if you haven’t guessed, horrifying. This kind of technology presents serious security and personal risk, not to mention its complete intrusion of privacy.
Real-world problems
Imagine viewing a news report with an altered voice delivering information. What if the information is artificial? How would you know? If you haven’t noticed, we’re in an age where artificial media and information drown the internet. International campaigns to spread disinformation are common. It’s worse than a conspiracy: it’s real.
Often, to combat this, we rely on our own scrutiny and critical thinking. After all, crosschecking an article isn’t always hard (though exhausting). But when that info comes from word of mouth, we’re more susceptible to believe it. With the presence of voice modifiers (another type of tech that’s concerning), we’re looking at artificial people delivering literal fake news. Real fake news, if you’ll pardon the oxymoron.
Today it’s already used for various forms of unpleasant harassment and other sordid digital attacks we won’t get into, signaling a troubling use of this technology.
Deepfake and the cybersecurity implications
Cybersecurity as an industry faces down numerous threats on a daily basis, and one of the biggest typically involves compromising security by taking advantage of human error. Phishing scams, for example, attempt to fool the recipient by acting as a trusted party – and if you’ve read anything by us at Bytagig you’re no doubt familiar with the methods.
Deepfake is a far more dangerous variant of these attacks. Imagine getting a false message from one of the people at “IT security” regarding something like a password change, involving altered media.
Now examine the problem further: we as people do not always look at information and material with an objective point of view. Even the best of us who take a moderate approach to things are subject to personal biases, and it’s these biases Deepfake exploits. Deepfake is also riding the current of social media, which if you haven’t noticed is a perfect haven for cybersecurity attacks, fake news, false flags, and a slew of other negatively artificial “information.”
Disinformation is powerful. We’ve discussed before how costly cybersecurity is, along with factors like downtime. But Deepfake can affect your business without having to intrude the network or gain access to financial information, simply by releasing false info on social media.
Oh, did we mention how disgustingly easy it is for Deepfake to impersonate people? That’s another major problem. Again, receiving messages or seeing media from authoritative bodies is a method of spreading disinformation easily and not something we can always catch. Really, what your first impression be of a quick “announcement video” from a business manager you trust talking about some major cybersecurity shift, such as turning off encryption for “upgrades?” Or, what if you receive a message requesting your password from what sounds like someone from higher up? The potential for damage is massive.
What can you do?
This is all sounds terrible, and it is. Deepfake is rising and its uses will grow more advanced. It’s already difficult to tell what’s an artificial face, so how far can it go? Given the circumstance, what even can businesses do?
Well, the primary thread in all this is still, oddly enough, quite simple. It’s based on human error and human judgment, or lack thereof. So, the primary defense involves educating your business about Deepfake, how to spot it, and how to use best judgment.
Sadly, “spotting” Deepfake attempts are easier said than done, given the power of media alteration. Instead, deferring on the side of caution works best. Workers should ask whether or not the message can be trusted, and whether or not it involves a serious risk to a company’s cybersecurity infrastructure.
If something doesn’t feel right, that’s reason enough to alert IT, security teams, to something that appears fraudulent. Focusing on the judgment of the situation is what enables successful identification of Deepfake alterations.
Rethinking the cybersecurity approach
There’s also a rather cynical-sounding method in a world where all data can be altered: “Zero Trust.” As we mentioned, leaning on the side of caution is the best strategy. Zero trust means just as it sounds: that no message, partition of info, or data is trustworthy, no matter where it came from. Zero trust until verified, so the saying goes.
Adopting this strategy normally involves several primary strategies:
Authenticating Everyone
Every person, when accessing a network or device, should be verified by a security measure. Don’t rely on only passphrases for this strategy.
Layered Privileges
It’s never a good idea to allow unanimous access to parts of a network Nor is it good to have a single-layer network where all staff operates on the same LAN. Therefore, limiting access of a network to certain members mitigates loss in the event a Deepfake intrusion was successful.
Device Validation
AI targets Deepfakes as much as it creates them. In this instance, validating devices with AI will immediately determine whether or not they’re compromised. It also establishes that only secure devices can access a company network.
Spotting Malicious Activity
Just as AI is useful for spotting compromised devices, it can also be trained to catch unusual activity from points of different intrusion such as identifying red-flag activity, preventing problems before they occur.
It’s by following these steps and procedures businesses can protect their networks from Deepfake and other security-compromising attacks.
Want even more cybersecurity tips and strategies? Contact us at Bytagig for additional info.
