Corporate security directors and CISOs are constantly grappling an expanding attack surface caused by their company's complex security infrastructure and expanding digital footprint. As if controlling access to company assets, repelling hackers, or protecting data and privacy are not enough, they now have to worry about hackers using artificial intelligence to automate cyberattacks.
According to an article in The Wall Street Journal, there was a recent AI driven voice-spoofing attack targeting a German company. Criminals simulated the voice of the company's CEO to fraudulently request that funds be transferred from the parent company to a supplier in another country. The hackers used deepfake technology, which allows someone to “map” their words onto someone else’s voice. As with many social engineering attacks, the request was urgent and the funds were to be transferred within an hour.
The burgeoning world of deepfake technology is presenting a number of challenges beyond corporate security. In a world filled with disinformation, trial courts are preparing to confront a docket filled with deepfake video cases, where realistic but phony videos are made from actual audio and video clips.
Takeaway: In addition to active shooter and emergency preparedness training, employees need to learn how to adopt a security mindset that includes an understanding of ever-growing social engineering tactics.
Click here to learn more about Insite's workforce security training.