GUEST COLUMN:

Business owners must cultivate crisis readiness in the age of deepfakes and cyber threats

Mon, May 13, 2024 (2 a.m.)

In the past year, our community has seen cybersecurity threats affect prominent organizations such as MGM Resorts International, the Clark County School District and countless others. In fact, 63% of small-business owners report having been victims of cyberattacks, according to the Nevada Small Business Development Center. Small- to medium-sized businesses are particularly at risk because hackers view them as easier targets.

As the advancement of AI technology gains momentum, local businesses may face a rapidly growing cyberthreat in deepfake attacks. This fabricated content can damage reputation, erode consumer trust and ruin credibility. And yet, while 80% of companies acknowledge the threat of deepfakes, less than 30% have acted.

No matter your level of security, due diligence or control, the reality is that organizations are prone to a multitude of risks that can attack from every angle—deepfakes are just one risk you should be preparing for.

Understanding Deepfakes

Rina Foster

Rina Foster

Deepfakes are AI-generated content, often using deep learning techniques to manipulate or fabricate visual and audio elements in a realistic manner. These creations can range from fake videos of company executives making false statements to forged audio recordings that mislead clients or partners.

The technology has advanced so much in recent years that it now poses a real security threat to organizations, necessitating a proactive approach to detecting and mitigating the spread of misinformation in an increasingly digital landscape.

This year, a Hong Kong multinational company fell victim to a sophisticated deepfake attack where the face and voice of the company’s chief financial officer was used to convince his finance team to execute fraudulent transfers. The attack cost the company $25 million.

Last year, three New York City high schoolers posted a deepfake video of a middle-school principal on TikTok. The perpetrators programmed the deepfake version of the principal to spout violent, racist comments about Black students.

Before law enforcement officials eventually uncovered the truth behind the video, the short-term chaos it caused was distressing. Parents blasted the school district for what they mistakenly believed was a systemic problem, even threatening lawsuits. The school was unprepared to deal with such a crisis and displayed a clear failure in communication while the situation was continuing, resulting in ongoing distrust.

If three high schoolers could create such a strong threat through generative AI, imagine how someone with more resources and experience could disrupt your business with a deepfake attack.

Here’s how to prepare for such a risk.

• Crisis-ready strategies: With the right strategies in place, you can safeguard your business’ reputation and retain trust with stakeholders.

• Audit and assess: Conduct an audit of your organization’s mindset and culture. The way an organization chooses to interpret the word ‘crisis’ has a direct impact on the way it will approach crisis management and preparedness. Knowing your organization’s mindset and culture will allow you to understand where you sit on the spectrum of crisis readiness and help identify areas that will require dedicated focus.

• Know your areas of high risk: Every organization has a handful of high-risk scenarios that are the most likely to occur, like data breaches and deepfakes, employee misconduct, product recalls and employee protests, to name a few. Start by making a list of your top three to five high-risk scenarios and uniquely prepare for each one.

• Develop the program: Having a crisis-ready culture doesn’t mean having a plan with scenarios that sits on a shelf that addresses operationally how you’ll handle a crisis. Plans give you steps to follow; programs strengthen your culture. Think in terms of a crisis-ready program and develop governance. How does your organization define a crisis? What is the process for declaring a crisis? Who within the organization makes up the crisis management team? What are their roles and responsibilities? Once you’ve answered foundational questions, then start to build scenario-specific playbooks that can guide your organization through the first 24-48 hours of a breaking crisis.

• Employee training and awareness: No matter where a crisis originates, or who detects it, your team should be trained and empowered to first identify it as a risk, and then to quickly assess its immediate potential impact. Invest in regular training sessions to educate employees about common cyberthreats and deepfake awareness. Conduct simulated crisis scenarios to test employees’ responses and their ways of working together and lines of communication.

• Bring in the experts: Oftentimes, bringing in outside experts with real-world experience helps to bring a level of credibility that offers additional weight and support for your objectives. Experts can help you anticipate potential risks and formulate a plan to prevent communication barriers. In the case of cybersecurity and deepfakes, collaborate with cybersecurity firms to gain additional insight. These firms can help evaluate your operational processes.

One Final Note

Inevitably when more people are looking for and pointing out threats, more threats will be found. That is the point. Being able to identify and solve for risk helps mitigate issues and crises. And, while planning and exercises are a big part of building a crisis-ready culture, so is the ability and mindset to be versatile, flexible and adaptable.

Rina Foster is a crisis communications expert and accredited public relations adviser with 84 Communications, a strategic communications and reputation management firm she founded in 2018.

Click HERE to subscribe for free to Vegas Inc’s BizClick newsletter. Stay up to date with the latest business news in Las Vegas sent directly to your inbox each Monday.

This story appeared in Las Vegas Weekly.

Back to top

Share