In a recent study conducted by ISMS.online, a compliance platform, it has been revealed that deepfakes are now the second most common cybersecurity incident faced by businesses in the United States, following closely behind malware infections. The research surveyed 518 individuals working in information security across various sectors, including technology, manufacturing, education, energy and utilities, and healthcare.
The findings of the study are quite concerning, with 35% of US businesses reporting experiencing a deepfake security incident within the last year, making it one of the top cybersecurity threats in the country. Additionally, 37% of businesses cited managing third-party vendor risk as their biggest data security challenge, with partner data being the most compromised in the past 12 months.
One of the key takeaways from the study is that more than a third of respondents anticipate increasing their financial allocations for securing supply chain and third-party vendor connections by up to 25% in the coming year. This proactive approach indicates the growing awareness of the risks associated with third-party relationships and the need to invest in mitigating those risks.
Furthermore, the study found that while 73% of US respondents believe that artificial intelligence (AI) and machine learning (ML) technologies can enhance cybersecurity, only 26% have adopted initiatives using these technologies in the past year. This gap between belief and action highlights the challenges organizations face in implementing new technologies to bolster their security posture.
The most common scenario identified for threat actors using deepfakes is in business email compromise (BEC) attempts. By leveraging AI-powered voice and video-cloning technology, attackers can deceive recipients into authorizing fraudulent fund transfers. However, the potential uses of deepfakes extend beyond financial fraud to include information and credential theft, reputational damage, and bypassing biometric security measures.
Luke Dash, the CEO of ISMS.online, expressed his concerns about the rising threats posed by deepfakes and third-party vendor risks. He emphasized the importance of building strong cybersecurity foundations and leveraging advanced technologies like AI and ML to improve data security practices.
Despite the positive outlook toward AI and ML technologies, the study revealed that managing and securing emerging technologies remains a top challenge for 25% of respondents. Only 36% of organizations plan to increase their cybersecurity spending by up to 25% in the next year, indicating a potential gap in resource allocation for addressing evolving threats.
Dash also highlighted the need for organizations to anticipate regulatory changes related to new technologies like AI and ML. Standards such as ISO 42001, which addresses AI, can help businesses demonstrate compliance and provide assurances to stakeholders and regulators.
ISMS.online is committed to revolutionizing data privacy and information security compliance worldwide through its SaaS platform. With a global presence and a diverse user base, the platform simplifies complex compliance processes and supports organizations in securing and scaling their operations effectively.
The research methodology employed by ISMS.online involved partnering with Censuswide, a leading market research firm, to survey over 1,500 information security professionals across the UK, USA, and Australia. The findings shed light on the prevalent challenges in information security and compliance faced by organizations in these regions, highlighting the importance of proactive risk management and investment in innovative cybersecurity solutions.