Picture this: You are the CEO of a German energy company. You receive a phone call from the CEO of your parent company, based in Germany, telling you to wire $200K to a new Hungarian supplier. You are told that the matter is urgent and to send the money within the hour. You send the money and continue with your day. A few hours later, you receive another request to wire more money. You call your boss only to receive another phone call at the same time from… your boss?
This situation may sound like something out of a poorly directed Lifetime film, but it’s actually the plot to a real article written by the Wall Street Journal on how deepfake technology was used to dupe a CEO into wiring a significant sum of money across international borders.
“The software was able to imitate the voice and not only the voice: the tonality, the punctuation, the German accent,” a Euler Hermes spokesperson told the Washington Post. According to The Verge, the phone call was linked to a company email, the money then routed through accounts in Mexico and Hungary before disappearing.
Now, imagine a similar scenario, but this time, it’s a video conference where a client is asking about sensitive details regarding an upcoming product launch. To the untrained eye, the facial features, speech patterns and minor shifts in the body language of a deepfake could be virtually undetectable to disastrous effect.
WHAT IS A DEEPFAKE?
Deepfake is a combination of the terms “deep learning” and “fake”. It denotes a type of hyper-realistic image, video or audio file generated by an AI. The AIs are fed large amounts of data in the form of images or audio files. The algorithms behind the AI then learn to reproduce incredibly lifelike recordings, images and sounds of events that may have never happened.
There is a growing recognition that disinformation campaigns, or “fake news,” could negatively impact businesses, made all the more easier by technological advances in AI. Foremost among those concerns is the rapid advancement of deepfake technology. In a few years, deepfake technology may be indistinguishable from reality, according to Hao Li, founder and CEO of Pinscreen, Inc., associate professor of Computer Science at the University of Southern California, and one of the most prominent pioneers in computer graphics and vision.
“We are working together on an approach that assumes that deepfakes will be perfect,” Li said. “Our guess is that, in two to three years, it’s going to be perfect. There will be no way to tell if it’s real or not, so we have to take a different approach.”
Li has proven that deepfakes can present numerous benefits to the world of e-commerce, such as in the entertainment and fashion industries. However, the implications for visible or high-level employees to be extorted, blackmailed or otherwise held hostage is becoming a serious concern as the technology progresses. Beyond the potential harm to employees themselves, these types of cyberattacks circumvent current methods of financial security for minimizing the impact of spammers, scammers and con-artists.
“If you want to be able to detect deepfakes, you have to also see what the limits are,” Li said, explaining that the issue isn’t the existence of the technology but the intentions of how that technology is used. “The real question is, how can we detect [media] where the intention is . . . to deceive people or . . . [have] a harmful consequence.”
Take a moment to consider the perceived security of certain biometric data, such as voice and facial recognition software. In a few short years, deepfake technology used for nefarious means could allow individuals to bypass current security pathways with startling ease.
Concerns about deepfake technology are most prominent in discussions around fraud, extortion and market manipulation. However, the threats to brand reputation cannot be overlooked. These threats, far from being idle considerations for a tech-centric future, are a part of the evolving reality of doing business. According to a report by New Knowledge, 78% of consumers surveyed agreed that “disinformation damages a brand’s reputation.”
A LOOK AHEAD
The dawning truth of the matter is that we are behind the curve on addressing the threats posed by deepfake technology. Currently, companies like Facebook and Microsoft are leading the charge into deepfake research by partnering with the world’s leading experts at universities like Stanford, MIT and the University of Oxford. Think-tanks and governments have also begun to propose possible solutions against threats to democratic institutions and elections. Foremost among their concerns are foreign interference in elections and mass hysteria caused by a poorly timed viral video.
While this type of investment and urgency is necessary, it is not enough when standing against the scale and rapid development of the technology. If forward-thinking companies wish to inoculate themselves from potential dangers, prevention is key.
KEEPING PACE WITH THE COMPETITION
Under these conditions, building resilient security plus data-protection systems and processes is paramount. A resilient system is one that can cope with an attack without damage to major internal processes or brand reputation. Unfortunately, we have made little progress in building the technological tools needed to effectively detect deepfake technology. However, the core purpose of a deepfake is to create confusion. The most direct solution, then, is to clarify your communications and marketing processes.
Critical to this endeavor is a well-staffed team with critical competencies in the mechanisms of disinformation and the rapid development of new technologies. Early detection then becomes a priority given the fast-paced nature of social media. Training employees, particularly those who guard a company’s finances and brand identity, to recognize the signs and tricks of deepfake technology is also an important step. It is often these front-line employees, those who live closest to the platforms and consumers, who are in the best position to notice the early signs of a security breach. In addition to building resilience amongst employees, increasing capacity for resources is also advised. Adding in dual verification processes, a full-time Data & Security team member, and staying up-to-date on the latest developments and policy changes can all go a long way in preparing a company for the rapid shifts of the digital age.
These organizational changes often require both time and an investment in resources. Adding new employee roles or designating a full-time staffer to stay abreast of these technological changes, though, may not be feasible for everyone. There is a solution: Working with an agency is a quick and efficient way to introduce these changes. Pace Communications has a fully staffed social media team with the technical and professional competencies to provide personalized marketing and brand reputation strategies to protect your brand and keep you ahead of the competition.