• The use of deepfake technology is growing in volume and sophistication.
  • Awareness and vigilance are our best weapons against this threat.
  • These technologies may be smart - but they are not human. We are.

Just when you thought modern life couldn’t get any crazier, a video emerged during the run-up to the recent UK election, in which the Prime Minister Boris Johnson appeared to endorse his political opponent Jeremy Corbyn.

“Appeared” is the important word here, because this was actually just one of the latest in a steady stream of deepfakes – video and audio clips in which artificial intelligence simulates real people doing unreal things.

Of course, humans have been faking it for centuries. From tattoos and piercings to face paints and wigs, we love altering ourselves and indulging in a bit of make-believe. My own little secret for years was that I wore green-coloured contact lenses. I did need them for short-sightedness – the colour was purely a personal choice. And who can seriously say they haven’t tried an Instagram filter or two?

But there’s a darker side to this story.

In an increasingly divisive political climate, sabotaging politicians by showing them in fictionalized situations could be personally and politically devastating. The use of deepfakes in creating pornography is another disturbing trend.

It’s something that could potentially start to do real damage to businesses, too. Cybercriminals have already fooled a company into making a $234,000 wire transfer using an AI-powered deepfake of its CEO’s voice – and who knows how many other stories have gone unreported?

Recently, one of my team received a WhatsApp voice message from someone pretending to be our managing partner. Others received an email, supposedly from me, asking for a wire transfer to be made. In both cases, the phishing attempts didn’t succeed, but it was human instinct rather than formal security controls that saved the day.

So how can we protect ourselves as individuals and organisations from deepfake attacks?

It comes down to being super vigilant. Organizations can help by making sure employees undergo a thorough cybersecurity awareness programme that is updated frequently to inform them about the latest threats, and how to react. Here are a few things to think about.

1. Choose your information sources wisely

There has been a rise in the use of social media as a news source, particularly among younger people – which is not surprising, given they have grown up with digital media. Meanwhile, in non-Western countries like Brazil, Malaysia and South Africa, WhatsApp has become a primary network for sharing and discussing news.

In both scenarios, people will be seeing a mixture of genuine news, fake news, and subjective opinion presented as fact – sometimes from authentic sources, and sometimes from bots.

Perhaps this is why the report linked above also reveals that 55% of those surveyed are concerned about their ability to tell what’s real from what's fake online, while 26% said they had started relying on “more reputable” news sources. Of course, what might be considered reputable is still highly subjective, so if you want a clear, evidence-based analysis of a story, fact-checking sites like Snopes are probably the most useful resource.

2. Be careful about the information you share online

I wouldn’t say I’m reckless about my internet profile, but like many people there are certain things I do without thinking too much about, because they are just the norm these days, and convenience outplays caution. My husband, on the other hand, wants nothing to do with any of it and is extremely careful about any information he puts out there. He even deleted his Facebook account and was upset when a photo of him appeared on Google.

He probably has the right approach. It’s incredibly important to be sure you can trust any organization that has an online presence. There are lots of tips available out there, like this post from security firm ASecureLife.

Another thing to do on a regular basis is Google yourself – and your kids if you have them - to get an idea of your online footprint. The same goes for any accounts that you’ve created, for example to buy something online. You’ll probably be horrified by the number of places that hold information about you. If there’s anything lying dormant, don’t just leave it there – get it deleted.

3. Run the “Real person, or bot?” test

Although bots are increasingly capable of more and more, there’s one thing they haven’t cracked yet – and that’s coming across as convincingly human. Just think about the last time you used the chat facility with a brand – you were probably able to tell from the language whether it was a chatbot or a person. We instinctively know what sounds right, and how real people speak and write.

Most people tend to message in a fragmented way, so if you’re getting only full and formal sentences in response, that’s probably a sign - as is getting the same answer more than once, or superfast replies. Even when we’re LOLing or communicating in emoji, humans tend to take longer than a split second to compose and send what we want to say. Especially when we’re looking for an emoji that doesn’t exist.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum Platform for Shaping the Future of Cybersecurity and Digital Trust aims to spearhead global cooperation and collective responses to growing cyber challenges, ultimately to harness and safeguard the full benefits of the Fourth Industrial Revolution. The platform seeks to deliver impact through facilitating the creation of security-by-design and security-by-default solutions across industry sectors, developing policy frameworks where needed; encouraging broader cooperative arrangements and shaping global governance; building communities to successfully tackle cyber challenges across the public and private sectors; and impacting agenda setting, to elevate some of the most pressing issues.

Platform activities focus on three main challenges:

Strengthening Global Cooperation for Digital Trust and Security - to increase global cooperation between the public and private sectors in addressing key challenges to security and trust posed by a digital landscape currently lacking effective cooperation at legal and policy levels, effective market incentives, and cooperation between stakeholders at the operational level across the ecosystem.Securing Future Digital Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies and accelerate solutions and incentives to ensure digital trust in the Fourth Industrial Revolution.Building Skills and Capabilities for the Digital Future - to coordinate and promote initiatives to address the global deficit in professional skills, effective leadership and adequate capabilities in the cyber domain.

The platform is working on a number of ongoing activities to meet these challenges. Current initiatives include our successful work with a range of public- and private-sector partners to develop a clear and coherent cybersecurity vision for the electricity industry in the form of Board Principles for managing cyber risk in the electricity ecosystem and a complete framework, created in collaboration with the Forum’s investment community, enabling investors to assess the security preparedness of target companies, contributing to raising internal cybersecurity awareness.

For more information, please contact us.

What should leaders do?

Deepfake attacks are probably the most sinister thing we’ve experienced yet, and if you’re not familiar with the person being impersonated, how are you to know it’s a fake? To me this gives organizations an even more important responsibility than any cybersecurity measures they have in place.

It’s for anyone who has the authority to make financial or other important business decisions to make themselves known in a very authentic way to employees. That means getting out there and talking with people, being in their company, listening to one another and letting them get a feel for who you really are. It means not hiding anything, or trying to be something you’re not. And it means fostering a culture of genuine openness, so that people feel comfortable questioning something that doesn’t feel right, even if it has seemingly come from an authority source.

Lots of research has already shown the benefits of this type of approach anyway, but the better employees get to know the real you, the less the risk that they’ll be duped by any pretenders. Because while mimics are clever, and deepfakes are designed to be convincing, at the end of the day they’re not the real deal. And we are.