Deepfakes have reshaped corporate security and culture

COMMENTARY: In recent years, corporate Deepfake incidents have surged, with 53% of businesses reporting encounters. Initially perceived as mere digital entertainment on platforms like X and Instagram, Deepfakes have evolved into a formidable security threat, targeting businesses worldwide.

Today, Deepfakes jeopardize financial operations of businesses, as well as the operational integrity and trust within corporate ecosystems. Let’s explore the rise of corporate Deepfakes, how they’re impacting work environments, and the modern cybersecurity strategies poised to combat these threats.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

Just last year, high-profile celebrities and political figures were targeted by Deepfakes, attempting to tarnish their reputation. Headlines around Taylor Swift falling victim to a Deepfake attack, for example, sparked a growing concern among consumers of the threats of this technology. However, scammers are now also turning their attention to high-profile executives, and enterprises are feeling the financial impact.

A notable example: the $25.6 million fraud involving a multinational company, where Deepfake video conferencing duped an employee into executing unauthorized transactions. A similar tactic was used in May 2024, when fraudsters attempted to scam WPP, the world's largest advertising firm. The scammers attempted to impersonate CEO Mark Read by using a fake WhatsApp account, voice cloning, and YouTube footage to set up a virtual meeting. The goal was to deceive employees into authorizing transactions. In this case, they were not successful. However, the threat of this technology, especially as it becomes more advanced, shines a light on this growing issue.

Along with visual deepfakes, scammers are getting crafty with a rapidly developing Deepfake variation: voice cloning. In April 2024, LastPass reported an attempted voice cloning threat against the enterprise, and while the attempt was thwarted, it highlights just how confident scammers are becoming in this technology, and that any enterprise, large or small, can be a victim to these threats.

Cultural and operational impacts on virtual teams

Organizations operating in predominantly remote work environments are naturally at greater risk of Deepfake attacks. If a remote employee receives a suspicious call or meeting request from their executive, they can’t exactly walk down the hall to confirm if that executive is really trying to connect.

These types of threats disrupt the dynamics of virtual collaboration, undermining trust in digital communication. For hybrid or fully remote teams, this erosion of trust can stall decision-making and weaken team cohesion. As these attacks grow more sophisticated, the need to maintain a secure and trusting digital workspace is critical.

Fight AI with AI

Combating internal cybersecurity risks requires a multi-layered approach, integrating technological and educational strategies.

One of the most important, and effective, strategies enterprises should consider is fighting AI with AI. There are advanced cybersecurity tools including biometric authentication, liveness detection, and continuous identity verification systems that identify anomalies which may go unnoticed by human oversight. These types of technologies are critical during the user onboarding process, as fraudsters can be stopped at the front door when they try to create a fake account.

With technologies like biometric verification and liveness detection, organizations can authenticate users with the same confidence they would in a face-to-face meeting — even in a fully remote environment. During the authentication process, enterprises can deploy strategies such as selfie verification with advanced liveness detection to confirm the physical presence of the individual and differentiate between real users and deepfakes.

As attackers become more sophisticated, organizations must also guard against camera injection attacks — a method where pre-recorded or synthetic media is fed directly into the camera stream to bypass liveness checks. To counter this, liveness detection systems should verify not just the content of the video, but also the authenticity of the capture source itself.

Companies should also integrate systems that offer biometric checks such as age estimation to identify inconsistencies with the data on file. Additional security measures organizations should consider include:

Stay vigilant

Along with the adoption of modern cybersecurity tools, it’s critical for organizations to educate their workforce to recognize and respond to Deepfake tactics. Train employees to identify suspicious communications, such as those exhibiting urgency or containing out-of-context requests.

Enterprise leaders should also implement consistent communication and approval processes, especially for high-stakes transactions. Regularly update policies to address emerging threats and ensure employees adhere to best practices for mitigating risks.

As the threat of deepfakes escalates, businesses must prioritize advanced prevention strategies as a core component of their cybersecurity framework. By combining innovative tools, collaborative efforts, and a proactive security culture, companies can protect themselves and their people from this growing concern.

Daryl Huff, vice president, biometrics, Jumio

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.