Organizations warned of "significant lag" in deepfake protection investment

Deepfake attacks are on the rise and causing big financial losses, but organizations are largely unprepared.

In its second annual AI Deepfake Threat Report, enterprise comms security provider Ironscales found that 85% of cybersecurity and IT leaders at mid-range and large enterprises have experienced at least one deepfake attack in the last year, 10% more than the year before. Four-in-ten experienced three or more attacks.

And of these, 55% incurred monetary losses, which averaged $280,000; although 61% lost $100,000 or more, nearly 20% lost at least $500,000, and more than 5% lost more than $1 million.

The two most common threats are static images and email-based attacks, at 59% each. However, other attack vectors are catching up quickly, with audio or voice manipulations rising from 25% to 52%; videos from 33% to 45%, and both live video manipulation and live voice-only calls increasing from 30% to 41%.

However, budgets aren't keeping pace with the threat.

"In light of the above findings, it should come as little surprise that deepfake defense is rapidly becoming a top priority for security teams. However, we are seeing a significant lag in actual investment," the researchers warned.

"While both current and anticipated investment in deepfake defense is increasing, the gap between concern and action reflects market dynamics: deepfake defense solutions are relatively new to the market, and many organizations are waiting for more mature, proven technologies before committing budget, even as losses mount."

Organizations are offering deepfake training, the report found – but it's not always terribly helpful. While 88% have provided training in the last year, up from 68% the year before, only 8% saw first-try simulation pass rates of 80% or above, and the first-try deepfake-simulation pass rate average was just 44%.

However, despite the fact that 94% of respondents expressed at least some level of concern about the threat deepfakes currently pose to their organizations, and over 63% said they were very concerned, an overwhelming 99% claim to be confident in their defences.

"This disconnect might be dismissible as just a matter of question design if organizations were otherwise performing well in defending against these threats. On the contrary, though, as we've seen throughout this report, organizations are not faring well thus far in the fight against deepfakes," the researchers said.

"So, what's behind this seeming preparedness paradox? Some possible explanations include professionals' wishful thinking about their organizations investing more and improving their defensive capabilities, an underestimation of more widespread prevalence, or plain old wishful thinking."

To effectively fight the threat, said Ironscales, organizations should focus on three critical areas: training that addresses the full spectrum of deepfake sophistication; detection technologies that match the pace of AI advancement; and incident response processes that account for the unique challenges of synthetic media.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.