I saw a report about a company losing millions because an employee thought they were on a video call with their CFO. Are these Cybersecurity Trends something we need to worry about now, or is it still mostly a high-level concern for the Fortune 500?
3 answers
It is very much a real threat for everyone now. The tools to create a convincing deepfake voice or video are becoming incredibly cheap and accessible. We’ve actually implemented a "safe word" or a secondary out-of-band verification for any financial transaction over a certain threshold. If the "CFO" calls and asks for a transfer, the employee has to call them back on a verified number or use a separate messaging app to confirm. You can't trust video or audio alone anymore, which is a massive shift in how we think about "seeing is believing" in a corporate environment.
How did you roll out the "safe word" idea without it sounding like a spy movie to your non-technical staff?
We use a "callback" policy. No matter who it is, if they ask for money, we hang up and call their official desk phone back immediately.
Simple and effective. Technology fails, but a solid, enforced policy like a callback is almost impossible for a remote hacker to bypass.
We framed it as "Multi-Factor Authentication for Humans." By explaining the tech behind deepfakes during a lunch-and-learn, the staff actually got quite excited about being part of the "human firewall." It’s all about the presentation.