Freely subscribe to our NEWSLETTER

“Recently a business in Hong Kong was tricked to wire $25M by a videocall with their CFO and other team members all of which appeared to be deep fake recreations. This is further evidence that cybercriminals have already enhanced their tactics with the wealth of AI generation capabilities. The proven success of such scams not only renews calls for advanced AI defenses to combat such fakes but encourages organisations to refer to the basics of how to protect against advanced fraud.

“First, organisations should implement dual control for any privileged actions, including wire transfers. Any wire transfer over $10,000 should require two or more people to approve. Second, identity-proofing technologies should be used to verify the identity of individuals participating in financial transactions. Those can include – for example – tokens and authenticators. As a simpler solution, there can be pre-agreed privilege keywords to confirm a privileged action occurrence.

“Third, organisations should make sure to regularly review user entitlements in financial applications to ensure they are up to date and reflect the changes associated with joiners, movers, and leavers. In addition, organisations are advised to stick to the separation of duty principle to ensure business users cannot circumvent security controls in place.

“With the emerging AI technology that is still new for both sides – cybercriminals and security professionals – the world is on its path to learning how to handle these fresh opportunities and previously unknown threats. Organisations should stay vigilant for more sophisticated ways to fraud businesses with the help of AI and ensure proper security controls to mitigate the risk of the attack turning into an actual data breach or financial loss.”