Over a third of US businesses have experienced a deepfake security incident in the past year, research by ISMS.online, the auditor-approved compliance platform, has found. 35% of organizations experienced a deepfake incident in the last 12 months.
LONDON, July 15, 2024 /PRNewswire-PRWeb/ -- Over a third of US businesses have experienced a deepfake security incident in the past year, research by ISMS.online, the auditor-approved compliance platform, has found. 35% of organizations experienced a deepfake incident in the last 12 months.
AI-powered deepfakes pose a new threat compared to more well-known methods of attack like social engineering and ransomware. However, deepfakes are already the second most common information security incident impacting organizations, with the most common incident being malware infections (37%). Sophisticated deepfake technology now allows threat actors to operate business email compromise (BEC) style attacks - many attacks mimic the voice and image of senior leaders to trick targets into transferring funds.
The ISMS.online State of Information Security US snapshot surveyed 518 information security leaders across ten sectors, including finance, technology, healthcare, manufacturing, education, and energy.
The Biden Administration set out measures to improve the nation's cybersecurity to protect against sophisticated malicious cyber campaigns, including improving supply chain resilience. The report data supports this need, with 75% of organizations stating they've been impacted by an incident caused by a supply chain partner. Partner data (43%) is cited as the most compromised in the past 12 months.
As a result, nearly two in three organizations (59%) plan to increase their spending on securing supply chain and third-party vendor connections in the coming 12 months, and 68% expect to increase their overall information security spending. Collaboration is a critical focus for businesses as they work to mitigate the risk of attacks and learn from cyber incidents. 42% say they increased their collaboration and sharing of threat intelligence in the last 12 months; 42% also increased their focus on employee education and awareness.
Despite training and awareness initiatives, over a third (35%) admit that employees use personal devices (BYOD) without proper security measures, leaving businesses more vulnerable to targeted cyber attacks like deepfakes.
Luke Dash, CEO at ISMS.online, said: "The number of US businesses that experienced a deepfake in the last year is the highest in our global report, showing threat actors are evolving their methods to access lucrative financial gains from successful attacks on US businesses. It's clear that businesses must proactively bolster their information security or risk falling victim to these sophisticated attacks."
While AI-powered deepfakes present a growing risk to businesses, nearly three-quarters (73%) say the technology is improving information security, and more than half (56%) expect to increase their spending on AI and ML security applications.
"AI-powered technologies will continue to evolve, so organizations should consider adopting standards like ISO 42001, which provides guidelines for managing and reducing AI risk. The ISO 42001 framework also enables businesses that adopt AI as part of their security systems to demonstrate their ethical, compliant approach to AI to customers, partners, and stakeholders."
About ISMS.online
ISMS.online is revolutionizing the way businesses across the globe handle data privacy and information security compliance. The cutting-edge SaaS platform provides a comprehensive roadmap to robust and scalable governance, risk and compliance for organizations of all sizes and maturities. With a global presence and over 25,000 users, including enterprise clients like Moneycorp, Siemens and Ricoh, ISMS.online simplifies complex processes across over 100 standards and regulations, empowering organizations worldwide to secure and scale their compliance with ease.
Research Methodology
ISMS.online commissioned leading independent market research firm Censuswide to conduct the research. With a sample of 1,526 respondents who work in information security across the UK (502), USA (518) and Australia (506), the research uncovers the leading information security and compliance challenges facing organizations in these regions. The survey fieldwork took place between 22.03.2024 and 02.04.2024.
Media Contact
Rebecca Harper, ISMS.online, 44 1273 041140, [email protected], https://isms.online
SOURCE ISMS.online
Share this article