The study from iProov revealed 70% of organisations believe deepfake attacks will have a high impact, while 62% worry their organisation isn’t taking the threat of deepfakes seriously enough.
The risk of deepfakes is rising. Almost half of organisations (47%) have encountered a deepfake and three-quarters of them (70%) believe deepfake attacks which are created using Generative AI tools, will have a high impact on their organisations.
Yet perceptions of AI are hopeful as two-thirds of organisations (68%) believe that while it’s impactful at creating cybersecurity threats, more (84%) find it’s instrumental in protecting against them.
This is according to a new global survey of technology decision-makers from iProov, a leading provider of science-based biometric identity solutions, which also found 75% of solutions being implemented to address the deepfake threat are biometric solutions.
The Good, The Bad, and The Ugly, is a global survey commissioned by iProov that gathered the opinions of 500 technology decision-makers from the UK, US, Brazil, Australia, New Zealand and Singapore on the threat of Generative AI and deepfakes.
While organisations recognise the increased efficiencies that AI can bring, these benefits are also enjoyed by threat technology developers and bad actors. Almost three-quarters (73%) of organisations are implementing solutions to address the deepfake threat but confidence is low, with the study identifying an overriding concern that not enough is being done by organisations to combat them.
More than two-thirds (62%) worry their organisation isn’t taking the threat of deepfakes seriously enough.
The survey shows recognition by organisations that the threat of deepfakes is a real and present threat. They can be used against people in numerous harmful ways including defamation and reputational damage but perhaps the most quantifiable risk is in financial fraud. Here they can be used to commit large-scale identity fraud by impersonating individuals to gain unauthorised access to systems or data, initiate financial transactions, or deceive others into sending money.
The stark reality is that deepfakes pose a threat to any situation where an individual needs to verify their identity remotely but those surveyed worry that organisations aren’t taking the threat seriously enough.
“We’ve been observing deepfakes for years but what’s changed in the past six to twelve months is the quality and ease with which they can be created and cause large scale destruction to organizations and individuals alike,” said Andrew Bud, Founder and CEO, iProov.
“Perhaps the most overlooked use of deepfakes is the creation of synthetic identities which because they’re not real and have no owner to report their theft go largely undetected while wreaking havoc and defrauding organizations and governments of millions of dollars,” added Bud.
“And despite what some might believe, it’s now impossible for the naked eye to detect quality deepfakes. Even though our research reports that half of organisations surveyed have encountered a deepfake, the likelihood is that this figure is a lot higher because most organisations are not properly equipped to identify deepfakes,” Bud said. “With the rapid pace at which the threat landscape is innovating, organisations can’t afford to ignore the resulting attack methodologies and how facial biometrics have distinguished themselves as the most resilient solution for remote identity verification.”
Regional nuances
The study also reveals some rather nuanced perceptions of deepfakes on the global stage. APAC (51%), European (53%) and LATAM (53%) organisations are significantly more likely than North American (34%) organisations to say they have encountered a deepfake.
APAC (81%), European (72%) and North American (71%) organisations are significantly more likely than LATAM organisations (54%) to believe deepfake attacks will have an impact on their organisation.
Amidst the ever-shifting terrain of the threat landscape, the tactics employed to breach organizations often mirror those used in identity fraud. Unsurprisingly, deepfakes are now tied for third place among the most prevalent concerns for survey respondents, in the following order: password breaches (64%), ransomware (63%), phishing/social engineering attacks (61%) and deepfakes (61%) .
AI’s not all bad
There are many different types of deepfakes but they all have one common denominator: they are created using Generative AI tools. Organisations recognise that Generative AI is innovative, secure and reliable, and helps them to solve problems. They view it as more ethical than unethical and believe it will have a positive impact on the future. And they’re taking action: just 17% have failed to increase their budget in programmes that encompass the risk of AI. Additionally, most have introduced policies on the use of new AI tools.
Biometrics leads the charge against deepfakes
Biometrics have emerged as the solution of choice by organisations to address the threat of deepfakes. Organisations stated that they are most likely to use facial and fingerprint biometrics however, the type of biometric can vary based on tasks.
For example, the study found organisations consider facial to be the most appropriate additional mode of authentication to protect against deepfakes for account access/log-in, personal details account changes and typical transactions.
Software is not enough
It’s clear from the study that organisations view biometrics as a specialist area of expertise with nearly all (94%) agreeing a biometric security partner should be more than just a software product.
Organisations surveyed stated that they are looking for a solution provider that evolves and keeps pace with the threat landscape with continuous monitoring (80%), multi-modal biometrics (79%) and liveness detection (77%) all featuring highly on their requirements to adequately protect biometric solutions against deepfakes.