According to ISMS.online, deepfakes have become the second most common cybersecurity incident encountered by businesses, trailing only malware infections. Data indicated that more than a third of U.S. businesses experienced a deepfake security incident over the last year.
ISMS.online’s State of Information Security 2024 report surveyed 518 U.S. employees in information security across 10 sectors, including technology, manufacturing, education, energy and utilities and healthcare.
Key findings included:
35 percent experiencing a deepfake security incident in the last 12 months, ranking the second most common cybersecurity incident.
37 percent indicating that managing third party vendor risk is the biggest data security challenge they face, with 43 percent citing partner data as the most compromised.
39 percent saying financial allocations for securing supply chain and third-party vendor connections will increase by up to 25 percent in the coming year.
73 percent thinking that AI and ML are improving cybersecurity, though only 26 percent have adopted initiatives using these new technologies over the past 12 months. 25 percent, incidentally, called managing and securing emerging technology such as AI and ML a challenge.
The most likely scenario today for threat actors to use deepfakes is in business email compromise (BEC)-style attempts. Attackers use the AI-powered voice and video-cloning technology to trick recipients into making corporate fund transfers. However, there are possible use cases for information/credential theft, reputational damage or to bypass facial and voice recognition authentication. With partner data cited as the most compromised in the past 12 months, ISMS.online noted that businesses need to be vigilant when it comes to the risks posed by third-party vendors and suppliers.
“It is deeply concerning to see the number of organizations threatened by both deep fake and third-party vendor risks,” said ISMS.online CEO, Luke Dash. “To address these rising and more sophisticated threats, organizations must continue to build robust and effective cybersecurity foundations, especially as advanced technology like AI and ML is available to help support data security initiatives.”
American respondents are adopting AI and ML technologies to thwart threats, though they are still in the early stages. Just 26 percent have put initiatives in place, though 73% agree that AI and ML will help improve data security programs. Despite the positive attitudes toward AI and ML, only 36 percent intend to increase cybersecurity spend by up to 25 percent in the next 12 months.
“It’s still unclear how new, advanced technologies like AI and ML are going to change the data security landscape,” continued Dash. “We are certain, however, that governments across the globe will push for more, not less, regulation. Standards like ISO 42001, which deals with AI, will help organizations provide assurances to partners, customers and regulators. Having these in place are truly essential to building a better business, longevity and financial success.”
To partner with ISMS.online, click here.