Fresh research by ISMS.online has found that almost 25% of Australian businesses have experienced a deepfake information security incident within the last 12 months and sophisticated deepfake technology now allows threat actors to facilitate business email compromise style attacks.
The ISMS.online State of Information Security Australia Snapshot surveyed 506 information security leaders across ten sectors, including finance, technology, healthcare, manufacturing, education, and energy.
The research comes as the Australian Government seeks to position the country as a global leader in cybersecurity with the Australian Cybersecurity Action Strategy. However, as 75% of organisations state they’ve been impacted by an incident caused by a supply chain partner, and partner data (39%) is cited as the most compromised in the past 12 months, businesses must remain vigilant.
As a result, 66% of the surveyed businesses plan to increase their spending on securing supply chain and third-party vendor connections in the coming 12 months, and 79% expect to increase their overall information security spending. Training and awareness are also critical focus points for businesses as cyber-attacks become more sophisticated: 46% have put greater emphasis on employee education and awareness in the last 12 months.
Despite training and awareness initiatives, over a third (36%) admit that employees use personal devices without proper security measures, leaving businesses more vulnerable to targeted cyber attacks like deepfakes. However, while AI-powered deepfakes present a growing risk to businesses, 84% say the technology is improving information security, and 69% expect to increase their spending on AI and ML security applications.
“To see nearly a quarter of businesses already impacted by deepfake attacks is worrying,” said ISMS.online Asia Pacific Head Michelle McCarthy. “These findings, alongside the vulnerabilities associated with third-party suppliers, show that businesses must ensure they have a strong information security posture. It’s promising that the majority are planning further financial investment into their information security and supplier management.”
“AI and deepfake technologies have evolved rapidly and continue to do so at pace. As businesses consider implementing AI tools in their information security operations, they must align with the global regulations that will undoubtedly come into force over time. Standards like ISO 42001, which encompasses AI use, will help organisations show their ethical, compliant approach to AI to their customers, regulatory bodies and partners.”
You can read the full report here.