Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Risk Management

Coming to a Conference Room Near You: Deepfakes

Could Deepfakes be a Risk to Your Company?

Could Deepfakes be a Risk to Your Company?

Deepfake technology isn’t just something reminiscent of a Hollywood thriller, although the technology was first used in movie studios when film editors wanted to replace the faces of stunt doubles with the real stars. Over years of development, this has improved to the point where it is hard to spot in a movie. For example, you may or may not even be aware that Paul Walker’s brothers act as stand-ins for the Fast and Furious 7 movie, following the actor’s untimely death.

However, movie fakes are not the same as Deepfakes. This term was coined later when fairly affordable advanced video manipulation software combined with machine learning and powerful hardware to make this technology available to anyone. The origins of the name Deepfake came from a Reddit user who first posted one of these videos online. 

When Life Mimics Art

One aspect the majority of Deepfakes have in common is that the people shown are already well-known. We can be easily convinced of authenticity, due to our familiarity with faces and voices. However, at the same time, this feeling of familiarity is what reduces the amount of time it takes us to realize when videos are fake.

It is important to note that Deepfake technology is not simply the process of putting someone else’s face onto an existing video – today, the technology has moved far beyond this. With machine learning, it is also possible to generate fake audio for the video or accurately stitch together comment snips to create a totally fake narrative. 

Celebrity Deepfakes are typically debunked quickly. The situation is murkier when the fakes are of faces we don’t see every day. Consider if a CEO of a company appears on a corporate video making forward-looking performance statements that could likely affect the stock price or a Deepfake inside a conference call video that makes it appear as if an executive is making requests to share information that may expose the business to risk. 

While this all may seem rather “Hollywood” today, I predict this will happen soon. As Deepfake technology becomes easier to use and, therefore, people get better at using it, we may see an entirely new level of corporate espionage occurring. This is a very high risk since we are much less familiar with executive faces and voices but much more likely to act on a message from someone whose name we know to be senior in the organization. 

The Heroes of the Story

It’s not all bad news, however. As fast as Deepfakes are being created, there is also research underway to try and prevent the spread of this new fake news development.

 In the U.S., a bill has been introduced to criminalize the malicious creation and distribution of Deepfake content. Similarly, in China, a bill was passed in November 2019 that bans the creation and distribution of these videos.

• In the UK, several companies like Faculty are researching the use of machine learning to create a library of content that will help systems distinguish the difference between real and fake video and audio content. When combined with human forensics, this could act as a layer to reduce distribution and speed up removal of fake content.

So, what can we as individuals do, in order to prevent the spread of this content or reduce the risk of a targeted use of Deepfakes that could cause damage to our organization?

Lights, Camera, Action!

There being no software or hardware-based response to this problem is a major challenge. The race to develop technology for combatting Deepfakes is on but, naturally, the bad actors will be moving just as fast to stay ahead. Today, the only answer is for us – as individuals – to be smarter in how we respond to content and more aware that what we see may not always be the truth. 

If you see or receive a video and are unsure about its legitimacy, there are a few key things to watch for that might help you decipher between fake or real:

• Are there any points in the video where it is slightly blurred? For example, where the face meets the neck – or even slight differences in coloration between the two?

• How well synchronized is the audio to the video track?

• Is the lighting good? Sometimes, there can be slight lighting differences between the real and fake portions of the video.

However, with the quality of these videos improving constantly, it does mean these tiny differences are becoming increasingly hard to spot. When faced with a video you’re unsure about, there are two important questions to consider: Why would this person record this video? Does it make sense or seem to be out of character for them?

If it’s a video of or from someone famous that you’ve received via social media, personal email or messaging, then it is likely fake. Don’t share or spread and consider reporting it as a possible fake.

For a corporate video that raises a few red flags, either contact the person directly to confirm that they recorded it or report it as a concern to the internal security team in your organization.

In either case, the video could turn out to be valid. We all know of cases where content genuinely surprises – but why risk it? 

As individuals, we have a responsibility to prevent the spread of Deepfakes. It’s never appropriate to intentionally mislead people with fake content and the best way to prevent the spread is by resisting the urge to auto-share or blindly accept. Don’t believe everything you see on the internet.

Related: The Growing Threat of Deepfake Videos

RelatedMisinformation Woes Could Multiply With ‘Deepfake’ Videos 

RelatedBlack Hat 2019: Bounties, Breaches and Deepfakes, Oh My! 

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.

Funding/M&A

More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...