Survey Results: Making Sense of Deepfakes and GenAI Created Phishing Attacks

Survey Results: Making Sense of Deepfakes and GenAI Created Phishing Attacks

Phishing attacks are getting more sophisticated thanks to the rapid evolution and adoption of generative artificial intelligence (GenAI). In fact, the technology is getting scary good. Have you seen the video of David Beckham speaking nine languages? Have you gotten an email from Taylor Swift hawking Le Creuset cookware or Jennifer Aniston giving away free MacBooks? Fake. Fake. And Fake. All of them.

The same technology is also being used to dupe enterprise users into clicking on a malicious link, downloading a corrupted file, or executing a fraudulent transaction. Phishing attacks have been around for decades, but this new technology is taking things to a new level, making it harder than ever to detect these attacks in the moment.

Overconfident or Overly Worried?

Recent survey results from Bitdefender’s 2024 Cybersecurity Assessment Report have revealed an interesting conundrum in the cybersecurity industry. According to the report, nearly three-quarters of cybersecurity professionals think they are savvy enough to spot deepfake attacks. Yet, 96% say that GenAI poses a significant threat to their organization. So, what is it? Are we overconfident or overly worried?

The simple explanation is that cybersecurity professionals are confident in their own abilities to spot and counteract attacks created by GenAI tools, but they are less confident in their users’ ability to detect deepfakes. For people with extensive cybersecurity experience, it’s easy to think that you can’t be duped while worrying about Jane from accounting or Frederick from warehousing. But the reality is that GenAI technology has gotten so good, that even the most seasoned cybersecurity professionals are unlikely to distinguish every deepfake attempt from the real thing.

I’d love to see a research paper that tests cybersecurity professionals on their ability to spot deepfake images and videos – or even simple phishing emails that impersonate a popular brand. I’d bet that most people would fail spectacularly. The fact is that everyone up and down the spectrum are susceptible to deepfake technology – whether we like it or not.

Impact on Today’s Organizations

For enterprise security teams, the danger of increasingly sophisticated phishing attacks couldn’t be clearer. Threat actors use GenAI to spin up incredibly believable emails, photos, voice recordings, and videos based on an enormous amount of highly specific and personal information about people and organizations. They can now go beyond voice and appearance to include specific behavior, syntax, preferences, and tendencies. Coupled with social engineering campaigns that identify what financial software the organization uses, the banks where they have accounts, and internal processes and policies, deepfakes can be incredibly accurate, personal, and difficult to detect.

But not all is lost. Security teams can combat threats that have been created with GenAI technology with a strategy involving people, processes, and technology. Training can help users identify deepfake attacks or at least pause before blindly accepting them as truth. This includes building a culture of accountability. For sure, people need to take responsibility for the actions they take, but they also need to be empowered to challenge suspicious requests – especially when they come from their managers or people high up the corporate hierarchy. This requires building a culture across the entire organization that challenges people to ask questions, get confirmations, and hold themselves and other people accountable.

In addition, processes need to be put in place to enable this culture of responsibility. This could include a requirement to get confirmation from two people to execute large transactions. Or building in a three-day waiting period. Or adding safeguards that trigger additional security measures if an account is new. Seamlessly integrating these guardrails into regular business processes can go a long way toward protecting the organization from embarrassing or financially disastrous mistakes.

And, finally, organizations can fight fire with fire. There are a number of AI-powered security tools that can help detect, root out, and mitigate the risk from Gen AI created phishing attacks. This includes technology that can scan millions of incoming emails to predict identity fraud and deepfakes. Other tools can search image and video metadata to detect the file’s origin and whether it’s been altered. These AI-powered security tools can score risk and alert analysts of any red flags that need further investigation.

Altering Reality Itself

Deepfakes and Gen AI created phishing attacks are changing the concept of reality for many people around the world. Over-confidence in one’s own abilities to combat these threats and handwringing over business users putting the organization at risk are not helpful. Security teams need to put forth real solutions focused on a people, processes, and technology strategy for detecting these attacks and mitigating their impact on their organization.

Learn more about how security professionals feel about AI-generated deepfakes by downloading Bitdefender 2024 Cybersecurity Assessment Report.

Contact an expert



Bitdefender Enterprise

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Guardian over millions of consumer, enterprise, and government environments, Bitdefender is one of the industry’s most trusted experts for eliminating threats, protecting privacy, digital identity and data, and enabling cyber resilience. With deep investments in research and development, Bitdefender Labs discovers hundreds of new threats each minute and validates billions of threat queries daily. The company has pioneered breakthrough innovations in antimalware, IoT security, behavioral analytics, and artificial intelligence and its technology is licensed by more than 180 of the world’s most recognized technology brands. Founded in 2001, Bitdefender has customers in 170+ countries with offices around the world.

View all posts

You might also like