Learn why GetApp is free

AI cyberattacks push 66% Aussie companies to have a deepfake response plan

Published on 15/09/2024 Written by Andrew Blair.

Aussie companies are already preparing for the most recent evolution of biometric cyberattacks—deepfake impersonations and ID fraud—in their fight against cybercriminals. What more can companies do to increase security?

Cybercriminals employ AI tech to try hack biometric login information on a smartphone

Deepfakes and artificial intelligence (AI) - generated identity fraud represent a looming threat to Australian companies, with many already suffering the impacts of increasingly sophisticated impersonation attacks. These attacks can disrupt unique, established protection methods like biometrics, which were previously considered impractical or impossible to replicate.

What is the definition of a deepfake?
A deepfake is a form of fraud in which cybercriminals use machine learning and deep learning processes to create artificial images, videos, and vocal audio to realistically impersonate an individual. [1]

This newer breed of cyberattacks can undermine direct communications with a person via phone or video chat, and has already helped hackers trick people out of millions. Company leaders need reassurance that their protections can still work to defend them against threats. Given the urgency of this issue, what are companies doing to adapt to the new realities?

To find out, in GetApp’s Executive Cybersecurity Survey*, we surveyed 2,648 IT and cybersecurity professionals globally in May 2024, including 241 Australian respondents. We examined how the rise of new AI-driven impersonation attacks is causing companies to reevaluate their cybersecurity and network monitoring protections.

Key insights
  • 51% of Australian IT and cybersecurity professionals have privacy concerns and 46% fear potential identity theft from implementing or using biometric protections.
  • 97% of Australian IT and cybersecurity professionals are satisfied with biometric authentication results.
  • 66% of Australian IT and security professionals say their companies have developed specific measures to defend against AI-generated deepfake attacks.
  • 88% of surveyed professionals work in companies that have increased their investments in cybersecurity over the last 18 months.

Privacy concerns are a challenge for businesses using biometric authentication despite satisfactory results

Biometrics have commonly been adopted to protect access to company systems and remain common in Australian businesses. Nearly two-thirds (64%) of Australian respondents work in companies where employers require the use of biometric authentication to tighten cybersecurity (above the global average of 53%).

Multibarchart showing types of biometric authentication implemented in Australian companies compared to the global average

Besides employers, biometric authentication methods are proving satisfactory to various other users. Overall, 97% of Australian respondents who use biometric authentication are either satisfied or extremely satisfied with the results. 

Despite being vulnerable to cyberattacks, they can still make up part of a strong defensive strategy, especially as a step of multi-factor authentication (MFA). Having multiple steps of secure authentication still remains a strong tactic for thwarting potential cybersecurity breaches.

Based on our survey, just over half (51%) of Aussie respondents identify high privacy concerns as their biggest challenge when using biometric protections above other potential issues such as identity theft and data breaches.

Bar chart showing the challenges most commonly faced by Australian businesses that implement biometric authentication

To top it all off, trust is now coming under threat from another source. With an increase in AI-generated attacks, including deepfake fraud, targeted phishing attacks, malware, and impersonations, Australian businesses are concerned about using biometrics. 

Out of all countries surveyed, Australians had the highest number of respondents (80%) in companies with biometrics measures worrying about AI’s potential to create synthetic fingerprints, facial images, or voices for ID fraud.

The pros and cons of biometrics for user security

Varied biometric login methods can enhance or weaken the protective capacity of a business. While it's easier for bad actors to spoof more recognisable biometric features, businesses can ensure robust protection by leveraging biometrics as just one part of the identification process instead of making it the only mode of authentication.

Adding an extra step of security verification can make all the difference. Businesses offering optional use of single-factor access sign-on can make it easier for hackers to breach a company's defences. Hackers responsible for the recent breaches affecting the data of 500 million Ticketmaster users took advantage of this by targeting specific users of one of the company’s cloud providers who had not enforced multi-step authentication access across the board. [2]

Therefore, businesses should ensure employees require multiple factors to identify themselves and do not have biometric authentication as an opt-in only.

Australian IT professionals brace themselves with a deepfake response plan 

Deepfake content and live videos present a worrying problem for company executives. These impersonation attacks allow cybercriminals to access sensitive information or make fraudulent transactions by using the visual appearance of a trusted employee or a company leader. 

In fact, the threat and fear of these attacks have already generated action. We found that 66% of Aussie IT professionals work in organisations where cybersecurity or IT management teams have developed specific measures against the risks of AI-generated deepfakes and their potential to impersonate senior executives. 

Companies can respond to the dangers of deepfakes in various ways, using training and software solutions in tandem.

Multibar chart showing Australian prevention methods for deepfakes compared to the global average

Simulation exercises can help organisations identify risks, enhance training by providing hands-on experience, and can help validate a response plan. Australian companies must put more emphasis on these to increase their preparedness for a cybersecurity attack as they fall behind the global average.

Awareness and practice of encountering deepfake attacks are both important to prepare the workforce to deal with these evolving threats. These approaches combine both theoretical awareness and a practical element to help employees spot the dangers and keep on their toes when a real attack comes along.

How organisations can identify a deepfake

As deepfaking executives and employees on video calls become more prevalent, it is important to be aware of the signs to look out for to know if something is up. Some common features of deepfake videos include:

  • Jerky or unnatural body movement 
  • Blurring around facial features
  • Unnatural eye-movements
  • Unusual colouration
  • Inconsistent audio

Additionally, if you are in doubt about the person you are speaking to, you can make it easier to spot deepfakes by asking them to turn their head 90° to the side to see a profile view of their face. This can disrupt the software algorithm that projects another face onto the speaker as it has to adapt to a shape it is not as used to working with.

7 low-cost ways Australian companies can increase their cybersecurity efforts

As the risks in the current security landscape are urgent, reallocating or raising spending on cyber defence is a major question small businesses are facing.

Unsurprisingly, our study shows that spending has been on the rise. Amongst our sample, 88% of Australian respondents report that their company’s cybersecurity spending has grown over the last 18 months, far above the global average of 77%.

Bar chart showing the top five security measures Australian companies have implemented in the last 18 months to prevent cyberattacks

However, as we can see, higher expenditure isn’t the only solution available to companies. There are also relatively straightforward, cost-effective optimisations that companies can implement to improve their defences. Here, we list seven measures firms can deploy:

1. Formulate a strategy for managing deepfakes 

Companies should prioritise a strategy for tackling deepfake attacks. This strategy could incorporate a two-pronged approach: raising awareness of the dangers and simulating the kinds of attacks staff may encounter, which might be crucial when a real threat arises.

Additionally, when addressing the threat of deepfake phishing, it is worth considering using a deepfake detection tool as an extra layer of security. These can monitor video calls and messages to scan for telltale signs of a fake image or appearance and notify users accordingly.

2. Conduct a network security audit

Where senior executives are being targeted, it is vital to review your company's network security for any vulnerabilities that could easily allow a cyberattack to succeed. We found that 48% of our sample whose senior executives were targeted by cyberattackers are prioritising improvements to their network security and this is key to underpinning security.

Network security software should be standard in every company. It protects against cyberattacks and data loss by detecting and blocking threats such as viruses, malware, and unauthorised access. It also improves network integrity and availability, resulting in a more stable and secure IT infrastructure. 

3. Prepare executives for emerging realities

Executives are a prize target for scammers or threat actors due to their levels of access and oversight over major transactions and decisions in a company. New threats such as deepfakes require extra commitment to this goal.

Security awareness training software can prove practical for executives and other staff, offering up-to-date guidance on how to spot and respond to the latest threats.

4. Secure your data with encryption 

Unprotected data is a goldmine for cybercriminals and can be used to socially engineer a cyberattack on your business. Therefore, it is especially essential to ensure business data is stored and shared securely.

Having a strong data encryption solution is key. This makes the data harder to access and interpret without the right authorisation. So, even if a hacker gets away with information, they may not be able to use it.  

5. Enforce routine update schedules

The latest updates usually prioritise security patches to prevent vulnerabilities from being exploited. According to our sample, software updates are a priority for 45% of previously targeted companies, representing a small but significant step toward better security.

A good trick here is to use patch management software across a business to ensure updates, drivers, and firmware are kept up to date as new patches are released. This tool can monitor software for upgraded versions and enforce compliance with update schedules.

6. Implement multi-layered protection

As we’ve seen, it’s important to ensure multiple levels of cybersecurity protection to enhance cybersecurity as newer forms of biometric authentication are on the rise. This is integral to preventing attacks from succeeding and making the process of breaching your defences more complicated for an attacker.

Having a strong multi-factor authentication (MFA) system in place can also help alleviate emerging concerns about the safety of authentication software and biometric security and create better confidence in cybersafety. When doing so, it can help to look out for software providers who offer features such as enhanced fraud detection and low-code integrations.

7. Enhance your password policy

A good password policy is a company-wide concern. This is an ever-more-important issue to ensure each step of security is up to the challenge of today’s technical landscape, especially as trust in biometrics drops. Moreover, a strong password policy is only going to get more vital as AI tools emerge that can crack passwords with greater ease. [3]

The use of self-service password reset (SSPR) tools can prove vital in this regard. They can help ensure staff regularly update their passwords and set parameters for the level of complexity a password must have.

Preparation is essential to combat biometric fraud

The threat posed by biometric fraud and deepfake technology is a serious cause for concern for companies. However, the good news is that steps can be taken to get ahead of cybercriminals. 

In many ways, the fear of these threats has galvanised companies to examine their security provisions more closely and make improvements. This helps defend against not only newer threats but also more established dangers. 

Looking forward, it is likely that newer threats to trusted security measures like biometrics will grow as techniques for sidestepping them evolve, but being forewarned is being forearmed. As we observed in our data, companies are responding to this challenge by spreading internal awareness, and staying on top of this will be important as a first line of defence.

This preparedness also needs to go beyond a one-size-fits-all approach. Company executives represent a major target for cybercriminals and this requires some special measures as we observe in part two of this survey analysis.

Looking for cybersecurity software? Check out our catalogue.


Survey methodology

*GetApp's Executive Cybersecurity Survey was conducted in May 2024 among 2,648 respondents in the U.S. (n=238), Canada (n=235), Brazil (n=246), Mexico (n=238), the U.K. (n=254), France (n=235), Italy (n=233), Germany (n=243), Spain (n=243), Australia (n=241), and Japan (n=242). The goal of the study was to explore how IT and cybersecurity professionals are responding to the rising threat of biometric fraud. Respondents were screened for IT and cybersecurity roles at companies that use security software and have more than one employee. Respondents were screened for involvement in, or full awareness of, cybersecurity measures implemented at their company.

Sources

  1. Deep Learning definition, Gartner
  2. Ticketmaster confirms hack which could affect 560m, BBC
  3. AI can steal passwords by listening to your keyboard, Information Age


This article may refer to products, programs or services that are not available in your country, or that may be restricted under the laws or regulations of your country. We suggest that you consult the software provider directly for information regarding product availability and compliance with local laws.

About the author

Andrew is a Content Analyst for GetApp, giving SMEs insights into tech, software and business trends. Interest in entrepreneurship, furthering projects and startups.

Andrew is a Content Analyst for GetApp, giving SMEs insights into tech, software and business trends. Interest in entrepreneurship, furthering projects and startups.