A survey by Gartner found that 62% of organizations have been hit by a deepfake attack in the past twelve months, Infosecurity Magazine reports.
Akif Khan, senior director at Gartner Research, told Infosecurity Magazine that deepfakes are currently being used in social engineering attacks to impersonate executives and trick employees into transferring money.
“That’s trickier because social engineering is a perpetually reliable thing for attackers to use,” Khan said. “When you throw deepfakes in there, your employees really are on the frontline of trying to spot something [that] is unusual. You can’t just rely on automated defenses to protect you.”
Additionally, the survey found that 32% of entities experienced attacks on AI applications that abused application prompts.
“Chatbot assistants are vulnerable to a variety of adversarial prompting techniques, such as attackers generating prompts to manipulate large language models (LLMs) or multimodal models into generating biased or malicious output,” Gartner says.
A defense-in-depth strategy can help organizations stop attacks that bypass technical defenses. As technology evolves, following security best practices remains a crucial fortification against social engineering attacks.
Khan added in a press release, “As adoption accelerates, attacks leveraging GenAI for phishing, deepfakes, and social engineering have become mainstream, while other threats — such as attacks on GenAI application infrastructure and prompt-based manipulations — are emerging and gaining traction….Rather than making sweeping changes or isolated investments, organizations should strengthen core controls and implement targeted measures for each new risk category.”
AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
Infosecurity Magazine has the story.
