Stu Sjouwerman is the founder and CEO of KnowBe4 Inc., a security awareness training and simulated phishing platform.
AI has complicated the already murky world of cybercrime, particularly because sophisticated attacks have become accessible to novice cybercriminals and amateurs. Impersonation, which involves imitating a person's appearance, voice, mannerisms and online identity, may have required extensive research and great effort in the past. Today, generative AI (GenAI) has reduced months-long reconnaissance and preparation to the typing of short prompts. Attackers can automate and personalize their masquerade, rendering it more convincing and virtually undetectable to the unaware.
Heralded as the year of AI innovation, 2023 turned out to be the worst year for phishing, as the number of attacks rose to five million. As cybercriminals harness AI’s advanced audio, video and text generation capabilities to breathe life into fabricated scenarios, organizations have their operational integrity, stakeholder trust and business viability at stake. They must brace themselves for impeccably orchestrated, traditionally undetectable impersonation scams.
A Closer Look At Impersonation Tactics And Telltale Signs
In the cyber world, impersonation can take many forms. Email impersonation is one of the oldest tactics, now made remarkably undetectable and sophisticated through AI. Cybercriminals can manipulate email addresses, headers and content to impersonate trusted entities like brands, colleagues, clients or C-suite executives to lure unsuspecting victims into clicking malicious links, divulging personal information or transferring funds.
Social media platforms offer a fertile ground for impersonation, with attackers leveraging fake profiles or hijacked accounts of acquaintances to create apparent legitimacy. The threat is exacerbated by the advent of advanced AI algorithms that can generate hyper-realistic audio and video calls, allowing attackers to convince their victims to perform certain actions or share confidential information.
MORE FOR YOU
Despite increasing sophistication, here are some telltale signs that can indicate impersonation:
• Unusual Requests: Impersonation attacks involve requests for unusual actions, such as divulging sensitive information, clicking on suspicious links or transferring funds to unfamiliar accounts.
• Contextual Anomalies: AI-generated messages may lack the nuances and contextual awareness of real-human communication, leading to deviations from established communication patterns and inconsistencies when referencing past interactions, events or shared knowledge.
• Synchronization Issues: Audio and video GenAI and deepfake technologies are still developing and leave subtle visual or auditory discrepancies, like unnatural facial movements or vague backgrounds, which can be detected upon closer inspection.
Key Imperatives For Effectively Managing Impersonation Threats
1. Implement multilayered defense.
Organizations must adopt a defense-in-depth (DiD) approach to achieve true security, beginning with solutions like AI-based email analysis, which scrutinizes content and user behavior to identify markers of impersonation. It must also include sender authentication protocols like DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting and Conformance) to help verify the legitimacy of emails.
Endpoint security and AI-enabled data loss prevention (DLP) are equally important for mitigation and containment. At the network level, implementing multifactor authentication and zero-trust network access (ZTNA) can thwart unauthorized access and make impersonation more challenging. A DiD approach with a comprehensive security stack helps ensure that even if one mechanism fails or is compromised, others remain active against a wide range of security threats, including impersonation attacks.
2. Invest in user awareness and training.
The human element is a critical link in cybersecurity. Organizations must educate users about impersonation tactics, making them adept at recognizing the red flags in emails, calls and social media interactions. For employees, it should become second nature to verify information independently, report suspicious activity promptly and understand the importance of strong passwords and not sharing sensitive information like passwords under any circ*mstances.
Regular security awareness training coupled with unannounced phishing simulations plays a pivotal role in strengthening an organization's security posture. These initiatives allow organizations to gauge the susceptibility of their users to advanced impersonation attacks and assess the robustness of their security measures in a safe and controlled environment.
3. Cultivate a security-first culture.
Organizations must embed security across all operations and workflows, treating it as a priority instead of an afterthought (or occasional workshop event). This can be achieved by enforcing stringent policies for following security protocols, allocating sufficient resources for cybersecurity initiatives like awareness campaigns and workshops, and positive reinforcement. For instance, organizations can recognize employees who proactively identify and report impersonation incidents, thereby incentivizing vigilance and active participation in training sessions.
4. Identify, investigate and remediate.
All organizations need a comprehensive plan that outlines procedures for detecting, responding to and recovering from impersonation attacks. They should regularly test and update their incident response plan to ensure its effectiveness. A successful attack should always be followed by a thorough review, including monitoring dark web forums for identifying breached credentials. A post-attack review can also help measure and mitigate the potential impact, identify vulnerabilities and implement corrective measures to prevent similar incidents in the future.
5. Always report.
Organizations must encourage employees to report incidents without fear of reprisal by creating a safe space and a clear reporting channel for everyone. Reporting suspicious activities promptly allows for quicker investigation and potential mitigation of an attack before significant damage occurs. In addition, being transparent with users about cybersecurity incidents and the steps taken to address them builds trust, reinforces security principles and demonstrates the organization's commitment to security.
As impersonation tactics become incredibly advanced, traditional security measures fall short. Beyond financial losses and data breaches, such attacks erode trust, challenging the very foundation of any business interaction. In a world where what’s seen and heard can't always be trusted, building a strong culture underscored by advanced security awareness and AI-powered, multilayered defenses is more urgent than ever.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
