Blog: Social engineering and deepfakes a key threat to UK insurers

The business world’s increasing reliance on information technology means new opportunities for malicious actors to exploit vulnerabilities. Ashley Easen, director of risk consulting at Gallagher Bassett, elaborates on the cyber threats of the future.

An emerging concern for businesses is social engineering, where individuals are deceived into divulging confidential or personal information.

Social engineering in cybersecurity typically occurs through psychological manipulation and IT-based phishing attacks. In psychological manipulation, attackers might impersonate someone trustworthy to lure targets to malicious websites that infect corporate networks. Phishing attacks often aim to acquire banking details, resulting in financial theft.

Exploitation through social engineering

Social engineering attacks employ various tactics, including pretexting, baiting, quid pro quo, tailgating, water-holing, phishing, spear phishing, honey-trapping, scareware, whaling, pharming and vishing. These methods prey on human trust and gullibility, frequently targeting individuals via email or social media platforms.

To combat social engineering, companies must train their employees to recognise psychological triggers and other warning signs. Staff should be cautious of unsolicited communications, meticulously verify email sources, check for spelling or grammar mistakes, and confirm the sender’s identity. Suspicious attachments should never be opened, and sensitive information should only be shared after thorough verification.

Social engineering methods such as tailgating, honey-trapping and scareware prey on human trust and gullibility, frequently targeting individuals via email or social media platforms.

Organisations should also establish a robust cyber threat strategy, which includes raising employee awareness about cyber threats, evaluating the effectiveness of security protocols, and enhancing technological cybersecurity measures.

Relevant employee training should be regularly released, and staff encouraged to be suspicious of unsolicited communications and unknown sources.

The rise of deepfake threats

Deepfakes have added another layer of complexity to the threat landscape. These synthetic media, generated using artificial intelligence (AI) and machine learning, create realistic videos, images, audio, and text depicting events that never happened. Deepfake content can disseminate disinformation and misinformation, posing risks to individuals, industries, and societies.

Research from Sumsub’s 2023 Identity Fraud Report shows a 300% increase in deepfake content online between 2022 and 2023, indicating this trend will likely continue as the technology becomes more accessible.

Deepfakes can be classified into three categories: deepfakes (using deep learning); cheapfakes (created with readily available software); and shallowfakes (audio-visual manipulations made with video editing software).

To counter the threat of deepfakes, organisations should develop strategies to bolster their reputation and address misinformation. A proactive approach to media monitoring and a media literate workforce are recommended pillars of anti-deepfake security procedures. Recognising indicators of deepfakes, such as unnatural movements, facial expressions, and body positioning, can aid in identifying and mitigating negative impacts.

As information technology evolves, organisations must focus on training and awareness programmes to equip employees with the knowledge to detect and defend against social engineering and deepfakes. Implementing strong cybersecurity practices and maintaining vigilance can help safeguard organisations and their stakeholders from these digital threats.

 

 

Sponsored