Only 20% of employees in the kingdom of Saudi Arabia could tell a deepfake from a real image
According to Kaspersky Business Digitization survey1, around 41% of employees in the Kingdom of Saudi Arabia said they could tell a deepfake from a real image. However, despite this claim, in a test2 only 20% could actually distinguish a real image from an AI-generated one. This means that organizations are vulnerable to such scams, with cybercriminals using generative AI imagery in several ways for illegal activities. They can use deepfakes to create fake videos or images that can be used to defraud individuals or organizations.
For instance, cybercriminals can create a fake video of a CEO requesting a wire transfer or authorizing a payment, which can be used to steal corporate funds. Compromising videos or images of individuals can be created, which can be used to extort money or information from them. Cybercriminals can also use deepfakes to spread false information or manipulate public opinion. 46% of employees in the Kingdom of Saudi Arabia believe their company can lose money because of deepfakes.
A deepfake of Elon Musk promoting a new cryptocurrency scam
“Even though many employees claimed that they could spot a deepfake, our research showed that only half of them could actually do it. It is quite common for users to overestimate their digital skills; for organizations this means vulnerabilities in their human firewall and potential cyber risks – to infrastructure, funds, and products,” comments Dmitry Anikin, Senior Data Scientist at Kaspersky. “Continuous monitoring of the Dark web resources provides valuable insights into the deepfake industry, allowing researchers to track the latest trends and activities of threat actors in this space. This monitoring is a critical component of deepfake research which helps to improve our understanding of the evolving threat landscape. Kaspersky’s Digital Footprint Intelligence service includes such monitoring to help its customers stay ahead of the curve when it comes to deepfake-related threats.”
To be protected from threats related to deepfakes, Kaspersky recommends:
· Check the cybersecurity practices in place in your organization – not only in the form of software, but also in the form of developed IT skills. Use Kaspersky Threat Intelligence to get ahead of the current threat landscape.
· Boost the corporate “human firewall”: ensure the employees understand what deepfakes are, how they work, and the challenges they can pose. Have ongoing awareness and education drives on teaching employees how to spot a deepfake. Kaspersky Automated Security Awareness Platform helps employees to stay up-to-date with the most recent threats and increases the digital literacy levels.
· Use good quality news sources. Information illiteracy remains a crucial enabler for the proliferation of deepfakes.
· Have good protocols like ‘trust but verify.’ A skeptical attitude to voicemail and videos will not guarantee people will never be deceived, but it can help avoid many of the most common traps.
· Be aware of the key characteristics of deepfake videos to look out for to avoid becoming a victim: jerky movement, shifts in lighting from one frame to the next, shifts in skin tone, strange blinking or no blinking at all, lips poorly synched with speech, digital artifacts on the image, video intentionally encoded down in quality and has poor lighting.