The financial industry group FS-ISAC today released a new white paper to help banks and other financial institutions understand the risks posed by deepfake technology. “Deepfakes in the Financial Sector: Understanding the Threats, Managing the Risks” provides guidance to aid cybersecurity teams in enacting preventative measures and control mitigations to protect their firms, customers and reputations, as well as the public’s trust in the financial system, according to the report.
“Though benign and helpful applications exist, threat actors use deepfakes to bypass traditional security measures, exploiting the human element of trust that often underpins financial transactions and decision-making processes,” the white paper states. “The function of adversarial deepfakes includes impersonating customers, employees, public officials and institutional leaders with purposes such as committing fraud and manipulating markets through stakeholder and public deception.”
The white paper lists different types of deepfake fraud targeting financial institutions, from videos impersonating C-suite executives to technology duplicating customer voices to thwart voice-authentication security measures. It also lists the types of assets under threat from deepfakes and summarizes controls that can be implemented to protect against the technology. The paper emphasizes that the role of education and awareness in combating deepfakes “cannot be overstated.”
“By fostering a culture of vigilance and critical thinking, financial institutions can create a human firewall that complements technological defenses,” the paper states. “This approach is particularly crucial given the sophisticated and often persuasive nature of deepfake social engineering content.”
