The Changing Face of Deepfake and Other Threats to Cyber Security

It’s a wet, grey, and gloomy afternoon, and as I briefly peer out of the window glad to be in the warmth and shelter of Newable HQ, dreading my journey back home, I check my inbox for the umpteenth time to see what’s new.

Cyber Security

Amid a plethora of newsletters, articles and event invites, I glimpse the latest edition of the UK Finance newsletter. Ok yes, I confess, I’m turning into a bit of a geek, and the prospect of reading about what’s new in the world of finance proved too much to resist. I click on the email and view the first article catchily entitled “The rise of fraud-enabling tech and how you can protect your business from it”.

Presuming this would be an insight into the next generation of computer virus bearing some semblance to Red October, Petya or WannaCry, I read on. However, what I discover is something far more sinister.

Headline figures for 2019

In the aftermath of GDPR legislation which came into full effect during May last year, it’s fair to say that many more businesses have benefited from increased awareness of threats to their cyber security than ever before.

But even as awareness increases, so does the threat cyber criminals pose to small, medium and large businesses alike.

So far for 2019 61% of larger business, 60% of medium sized and 52% of high-income charities have been experienced some form of cyber-attack or breach. However, the problem is not exclusive to larger businesses or charities. 32% of small business and 22% of smaller charities have also experienced cyber attacks or breaches in the last 12 months. Phishing, email impersonations, spyware, viruses and malware including ransomware being the main culprits.

As I continue reading, I am stunned at the lengths cyber criminals will go to, to extort money from innocent victims worldwide. Deepfake whilst not necessarily a new thing, since its origins can be traced back to as early as 1997 is on the increase. Some of the most famous faces subjected to Deepfake attacks in recent times include, Barack Obama, Mark Zuckerburg and Wonder Woman actress Gal Gabot.

To provide some clarity for the uninitiated, the origins of Deepfake can be found in computer vision, a type of computer programming used to process digital images and video. Deepfaking involves face swapping and synchronizing visual and audio files to appear as though they are an original or authentic piece of footage. In recent times Deepfake technology has also been applied solely to audio files, replicating the voices of high-profile individuals using AI. In one instance convincing an employee to transfer $10 million into a bank account controlled by fraudsters. “What’s that got to do with me”, I hear you ask or at least that’s what I’d imagine. Well, consider if you appeared or spoke at a public event that was recorded on film and posted online, or if your telephone lines record conversations and stores them electronically. Potentially you are at risk of Deepfaking. Politicians, business owners, celebrities and us ordinary folk are all at risk. Research shows that women in particular are most vulnerable to the threat of Deepfake, as many of the Deepfake videos posted online have been in the form of revenge pornography! Indeed, there are plenty of Deepfake videos posted online showing people in places they’ve never been to or doing and saying things they simply did not do or say.

Looks can be deceiving

In principle it sounds very much like the stuff science fiction films are made of. However, the results of Deepfake, which was probably intended as a seemingly harmless piece of technology, poses an ever growing treat to cyber security. One that is challenging the most experienced cyber security experts, to rapidly find ways to combat the its potential dangers, as the technology continues to grow and become easier to obtain.

As a relatively new treat to cyber security, ways to recognise and prevent it from compromising footage or recordings of unsuspecting individuals are still being figured out. However, one thing that is for sure, is that every business needs to be aware of the differing nature of present and future threats to their cyber security, and ensure measures are in place to protect them.

Speaking with Mashudul Karim Newable’s Chief Information Officer and Ed Louttit, Director of Newable Digital, businesses at a bare minimum need to the consider the following:

  1. Awareness and training – the biggest threat to cyber security is the workforce. It doesn’t matter what software is in place, if someone opens or clicks onto an infected link contained within an email, the results can be devastating.
  2. Make sure that software is up to date – some of the most notorious instances of cyberattacks made on banks and other businesses were made possible as a result of using out of date software. Whether it’s Microsoft office or an alternative software package, they are updated for a reason!
  3. Make sure you use antivirus software and keep it up to date – we’ve all experienced those dreaded pop ups on our computer screens telling us that our antivirus software license is about to expire and must be updated. Take heed as once protection has expired, your computer will become susceptible to a whole host of horrors.
  4. Work with your internet service provider – Make use of firewalls, web and spam email filters these provide vital protection and your ISP can offer invaluable advice and expertise to help protect your computer data.
  5. Good back up is essential – the onslaught of cloud computing means businesses can enjoy an unprecedented amount of storage for their data. Having appropriate back up in place means that in the event of an attack in the worst-case scenario whilst some data could be compromised, all will not be lost.
  6. Use really strong passwords – Things like your name or date of birth are way too easy. Some reports of cyberattacks site that criminals make hundreds of attempts to access their data per minute. Testing as many variations of potentially obvious passwords as they can to access sensitive data.

Alphanumeric passwords using upper, lowercase and symbolic characters are usually best just make sure they are not predictable characters that can easily figured out.

Alternatively, software applications such a LastPass allow you to input one standard password while it systematically creates more complex versions that you can use across your various digital accounts.

With each day that passes technological evolution continues, be ready, be protected and above all be prepared.