Companies are largely ignorant of the looming threat of increased artificial intelligence (AI) identity theft, despite the fact that 93 per cent of companies surveyed suffered two or more identity-related breaches in 2024.
According to leading identity management company CyberArk Software, executives and employees alike are overconfident of their ability to spot ongoing ID-theft and subsequent cyber breaches, with over 75 per cent of respondents to a recent survey saying that they are confident their employees can identify deepfake videos or audio of their leaders.
“Employees are [also] largely confident in their ability to identify a deepfake video or audio of the leaders in their organization. Whether we chalk it up to the illusion of control, planning fallacy, or just plain human optimism, this level of systemic confidence is misguided,” warns Cyberark following a survey of 4,000 US-based employees.
The full destructive potential of GenAI applications is not yet fully understood by organizations outside the cybersecurity sector, says Cyberark, warning that raising staff awareness about audio and video deepfakes generated by artificial intelligence is now an urgent priority for all types of organizations.
Deepfake videos difficult for staff to identify
“The truth is, GenAI tools will produce increasingly realistic deepfake videos that will be hard for employees to identify and harder for cybersecurity teams to get in front of. Until we have tools sophisticated enough to detect and prevent deepfake scams, CISOs must focus on educating and building awareness with support and services teams on the frontlines of incoming technical help calls and emails,” advises Cyberark.
Despite low staff awareness of the risks posed by GenAI, Cyberark reports that 93 per cent of organizations expect AI-related cybersecurity challenges this year, with malware and phishing topping the list.
“Under a deluge of digital transformation, AI and identity-related attacks, it’s tempting to adopt that shiny new tech to solve a unique use case or simply for fear of missing out on the market buzz — and incur hefty cyber debt. But with eyes on that shiny new tech, beware of the blind spot: phishing and vishing [ID fraud using fake videos] attacks. While far less interesting, these tried-and-true attack methods remain highly effective and lead to breaches and significant financial loss for 9 out of 10 organizations,” advises Cyberark.
