Vegas Inc. Guest Column: Business owners must cultivate crisis readiness in the age of deepfakes and cyber threats

The below article is authored by our Founder and CEO, Rina Foster, APR.

Read the article online here.

In the past year, our Las Vegas community has seen cybersecurity threats affect prominent organizations such as MGM Resorts International, the Clark County School District and countless others. In fact, 63% of small-business owners report having been victims of cyberattacks, according to the Nevada Small Business Development Center. Small- to medium-sized businesses are particularly at risk because hackers view them as easier targets.

As the advancement of AI technology gains momentum, local businesses may face a rapidly growing cyberthreat in deepfake attacks. This fabricated content can damage reputation, erode consumer trust and ruin credibility. And yet, while 80% of companies acknowledge the threat of deepfakes, less than 30% have acted.

No matter your level of security, due diligence or control, the reality is that organizations are prone to a multitude of risks that can attack from every angle—deepfakes are just one risk you should be preparing for.

Understanding Deepfakes

Deepfakes are AI-generated content, often utilizing deep learning techniques to manipulate or fabricate visual and audio elements in a realistic manner. These malicious creations can range from fake videos of company executives making false statements to forged audio recordings that mislead clients or partners.

The technology has advanced so much in recent years that it now poses a real security threat to organizations, necessitating a proactive approach to detecting and mitigating the spread of misinformation in an increasingly digital landscape.

Earlier this year, a Hong Kong multinational company fell victim to a sophisticated deepfake attack where the face and voice of the company’s CFO was used to convince his finance team to execute fraudulent transfers. The attack cost the company $25 million.

Last year, three New York City high schoolers posted a deepfake video of a local middle school principal on TikTok. The perpetrators programmed the deepfake version of the principal to spout violent, racist comments about Black students.

Before law enforcement officials eventually uncovered the truth behind the video, the short-term chaos it caused was distressing. Parents blasted the school district for what they mistakenly believed was a systemic problem, even threatening lawsuits. The school was unprepared to deal with a crisis like this and ultimately displayed a clear failure in communication while the situation was continuing, resulting in ongoing distrust.

If three high schoolers could create such a strong threat through generative AI, imagine how someone with more resources and experience could disrupt your business with a concerted deepfake attack.

Here’s how to prepare for such a risk.

Crisis Ready Strategies

With the right strategies in place, you are capable of effectively safeguarding the reputation of your business and retaining trust with your important stakeholders.

Audit and Assess

Conduct an audit of your organization’s current mindset and culture. The way an organization chooses to interpret the word ‘crisis’ has a direct impact on the way it will approach crisis management and preparedness. Knowing your organization’s mindset and culture will allow you to understand where you currently sit on the spectrum of crisis readiness and help identify areas that will require dedicated focus.

Know Your Areas of High-Risk

Every organization has a handful of high-risk scenarios that are the most likely to occur, like data breaches and deepfakes, employee misconduct, product recalls, employee protests, to name a few. Start by making a list of your top three to five high-risk scenarios and uniquely prepare for each one.

Develop the Program

Having a crisis ready culture doesn’t mean having a plan with scenarios that sits on a shelf that addresses operationally how you’ll handle a crisis. Plans give you steps to follow; programs strengthen your culture. Think in terms of a crisis ready program and develop governance. How does your organization define a crisis? What is the process for declaring a crisis? Who within the organization makes up the crisis management team? What are their roles and responsibilities? Once you’ve answered foundational questions, then start to build scenario-specific playbooks that can guide your organization through the first 24-48 hours of a breaking crisis.

Employee Training and Awareness

No matter where a crisis originates, or who detects it, your team should be trained and empowered to first identify it as a risk, and then to quickly assess its immediate potential impact. Invest in regular training sessions to educate employees about common cyber threats and deepfake awareness. Conduct simulated crisis scenarios to test employee’s responses and their ways of working together and lines of communication.

Bring in Experts

Oftentimes, bringing in outside experts with real-world experience helps to bring a level of credibility that offers additional weight and support for your objectives. Experts can help you anticipate potential risks and formulate a plan to prevent communication barriers. In the case of cybersecurity and deepfakes, collaborate with cybersecurity firms to gain additional insight. These firms can help evaluate your current operational processes.

One Final Note

Inevitably when more people are looking for and pointing out threats, more threats will be found. That is the point. Being able to identify and solve for risk helps mitigate issues and crises. And, while planning and exercises are a big part of building a crisis ready culture, so is the ability and mindset to be versatile, flexible, and adaptable.