One in four Australian businesses impacted by deepfake incidents

Recent research by ISMS.online has revealed that nearly one in four Australian businesses have encountered a deepfake information security incident over the past year. The report found that 24% of organisations faced a deepfake-related security breach in the last 12 months.

The report highlights the increasing prevalence of AI-powered threats compared to more traditional cyber threats such as social engineering and malware. Deepfakes, which use sophisticated AI to create realistic forged audio and video, are being used by cybercriminals to facilitate business email compromise (BEC) attacks. These attacks often mimic the voice and image of senior executives to deceive employees into transferring funds or sharing confidential information.

The State of Information Security Australia report by ISMS.online surveyed 506 information security leaders across various sectors, including finance, technology, healthcare, manufacturing, education, and energy. The findings come at a time when the Australian Government is focusing on strengthening the nation's cybersecurity through the Australian Cybersecurity Action Strategy.

Despite these efforts, 75% of organisations reported that they had been affected by information security incidents caused by third-party vendors or supply chain partners, with partner data being the most compromised at 39% in the past year. As a response, two-thirds (66%) of businesses are planning to increase their spending on securing their supply chain and third-party vendor connections over the next 12 months. Additionally, a significant majority (79%) anticipate an overall increase in their information security budget.

There has also been a growing emphasis on training and awareness within businesses. Nearly half (46%) of the surveyed companies reported having enhanced their employee education and awareness programmes in the last year. However, over a third (36%) admitted that employees are still using personal devices for work without adequate security measures, creating additional vulnerabilities to cyber-attacks like deepfakes.

Michelle McCarthy, Head of Asia Pacific at ISMS.online, commented on the findings, stating: “To see nearly a quarter of businesses already impacted by deepfake attacks is worrying. These findings, alongside the vulnerabilities associated with third-party suppliers, show that businesses must ensure they have a strong information security posture. It’s promising that the majority are planning further financial investment into their information security and supplier management.”

While the risks associated with AI-powered deepfakes continue to rise, the report also indicates a positive outlook on the role of AI in enhancing information security. Over four-fifths (84%) of respondents believe that AI and machine learning (ML) technologies will help improve data security programmes, and 69% expect to increase their investment in AI and ML security applications.

McCarthy further noted, “AI and deepfake technologies have evolved rapidly and continue to do so at pace. As businesses consider implementing AI tools in their information security operations, they must align with the global regulations that will undoubtedly come into force over time. Standards like ISO 42001, which encompasses AI use, will help organisations show their ethical, compliant approach to AI to their customers, regulatory bodies and partners.”