Deepfakes als neue Cyberbedrohung: Risiken und Abwehrstrategien für Organisationen
摘要
Deepfakes, media content generated or manipulated using artificial intelligence (AI), are intensifying the threat landscape for organizations in the domain of social engineering (SE). Recent advances in AI enable the creation of highly convincing forgeries of media such as audio recordings and videos with comparatively little effort. Attackers exploit these capabilities to impersonate identities in phone calls or video conferences, for instance to authorize financial transactions or to participate in remote job interviews under false pretenses. Such incidents can cause severe financial losses and reputational damage for affected organizations. While prior research has primarily focused on the generation and detection of deepfakes, the present study shifts the perspective toward the organizational application context. Based on nine interviews with cybersecurity experts, the study explores how organizations can protect themselves against deepfake-enabled SE attacks and which challenges arise in the implementation of corresponding measures. The results lead to the development of a framework that highlights key factors facilitating or hindering engagement with deepfake risks and the implementation of appropriate countermeasures. It further includes preventive approaches to protecting against deepfake-enabled SE and practical guidance for dealing with security incidents.