Page 252 - Cyber Defense eMagazine RSAC Special Edition 2025
P. 252

The Leadership Disconnect

            In recent years, the barrier to entry for cybercriminals has been lowered. Why? Because GenAI tools
            used in deepfakes have become more widely accessible and available. Threat actors can now not only
            create more believable deepfakes but launch attacks on a much wider scale than before.

            Here's where leadership fails most organizations: around one quarter of company leaders are barely or
            not at all familiar with deepfake technology, according to business.com. Meanwhile, more than half admit
            their employees haven't received any training on identifying these attacks.


            This knowledge gap is inexcusable. As a CEO who's spent decades in cybersecurity, I've watched too
            many organizations chase the latest detection tools while ignoring the fundamentals of good security
            leadership.  This  is  creating  a  dangerous  disconnect  where  sophisticated  threats  meet  unaddressed
            security gaps.



            Building a Secure Foundation

            Let’s be clear: deepfakes are not a one-size-fits-all threat. They can take many forms – from live and
            recorded videos to static images and personalized phishing attacks. When assessing the impact of these
            different types of attacks, a good place to start is understanding your specific areas of vulnerability.

            Every organization has different vulnerabilities, and some organizations will be targeted by specific types
            of  deepfakes  more  than  others.  This  often  comes  down  to  factors  including  the  nature  of  your
            organization, what types of data you have, and the ways this data can be accessed.


            For  organizations  that  don’t  know  where  to  start,  understanding  your  weaknesses  begins  with
            understanding  the  most  common  types  of  deepfake  fraud  within  your  industry.  Once  this  has  been
            established, you can then start tailoring your defenses to the risks that matter most to your organizations.

            But let’s not forget the basics. Building resilience is not about throwing more tools at the problem – it’s
            about ensuring fundamental security practices are performed well. This is where leadership plays a vital
            role.

            When it comes to defending against deepfakes, building a culture that prioritizes security awareness is
            essential. For organizations that need support with this, working with an expert cyber security consultancy
            can help strengthen fundamental aspects including:



               1.  Employee Education. One of the most effective ways to prevent deepfake fraud is to ensure
                   your employees understand and recognize the risks. Expanding security awareness training that
                   covers how to spot deepfakes, the risks they pose, and the procedures to follow in the event of
                   an attack is a no-brainer. Organizations that invest in targeted, specific training programs can
                   significantly reduce their chances of falling victim to deepfakes.
               2.  Risk Management Practices. Solid risk management practices not only help with managing and
                   mitigating deepfakes but defending against all major types of cyber-attacks. When it comes to





                                                                                                            252
   247   248   249   250   251   252   253   254   255   256   257