Over a third of US businesses have experienced a deepfake security incident in the past year, research by ISMS.online, the auditor-approved compliance platform, has found. 35% of organizations experienced a deepfake incident in the last 12 months.
Over a third of US businesses have experienced a deepfake security incident in the past year, research by ISMS.online, the auditor-approved compliance platform, has found. 35% of organizations experienced a deepfake incident in the last 12 months.
AI-powered deepfakes pose a new threat compared to more well-known methods of attack like social engineering and ransomware. However, deepfakes are already the second most common information security incident impacting organizations, with the most common incident being malware infections (37%). Sophisticated deepfake technology now allows threat actors to operate business email compromise (BEC) style attacks – many attacks mimic the voice and image of senior leaders to trick targets into transferring funds.
The ISMS.online State of Information Security US snapshot surveyed 518 information security leaders across ten sectors, including finance, technology, healthcare, manufacturing, education, and energy.
Read: AI In Marketing: Why GenAI Should Be in All 2024 Marketing Plans?
The Biden Administration set out measures to improve the nation’s cybersecurity to protect against sophisticated malicious cyber campaigns, including improving supply chain resilience. The report data supports this need, with 75% of organizations stating they’ve been impacted by an incident caused by a supply chain partner. Partner data (43%) is cited as the most compromised in the past 12 months.
As a result, nearly two in three organizations (59%) plan to increase their spending on securing supply chain and third-party vendor connections in the coming 12 months, and 68% expect to increase their overall information security spending. Collaboration is a critical focus for businesses as they work to mitigate the risk of attacks and learn from cyber incidents. 42% say they increased their collaboration and sharing of threat intelligence in the last 12 months; 42% also increased their focus on employee education and awareness.
Despite training and awareness initiatives, over a third (35%) admit that employees use personal devices (BYOD) without proper security measures, leaving businesses more vulnerable to targeted cyber attacks like deepfakes.
Luke Dash, CEO at ISMS.online, said: “The number of US businesses that experienced a deepfake in the last year is the highest in our global report, showing threat actors are evolving their methods to access lucrative financial gains from successful attacks on US businesses. It’s clear that businesses must proactively bolster their information security or risk falling victim to these sophisticated attacks.”
While AI-powered deepfakes present a growing risk to businesses, nearly three-quarters (73%) say the technology is improving information security, and more than half (56%) expect to increase their spending on AI and ML security applications.
“AI-powered technologies will continue to evolve, so organizations should consider adopting standards like ISO 42001, which provides guidelines for managing and reducing AI risk. The ISO 42001 framework also enables businesses that adopt AI as part of their security systems to demonstrate their ethical, compliant approach to AI to customers, partners, and stakeholders.”
Read:How AI Is Transforming Big Data?
