It’s been a long time since we stopped believing everything we read in the media or on social media. But with the inexorable advancement of gen-AI, we will soon stop believing our own eyes across the online space. While seeing the Hollywood sign on fire may cause a moment of shock, deepfake photos of world leaders posted by respected media are more of a threat and a real sign that our society is being taken over by post-truth.

The same threat also looms large in the corporate sector, where over 80% of professionals polled by KPMG say that deepfakes pose a potential risk to their businesses. Exhibit A: In 2024, a Hong Kong finance employee lost $25 million to scammers after a chat with a deepfake impersonation of his CFO. 

This process has been partially exacerbated by our post-Covid work attitudes. The signing of a multi-million-dollar contract via conference call might’ve seemed unthinkable before the pandemic, but now it seems like par for the course. However, while the dissipation of mutual trust is starting to look like a runaway train, the machinations of the fraudsters stoking the oven can be avoided—but only if your business adheres to at least three of four modern digital risk protection principles.

1. Acknowledge You’re at Risk

With an incredible amount of leaks continually surfacing on the Dark Web, scammers have an immense resource for gaining control over personal data, website access, or even people’s trust. Video recordings and voice samples are good sources for AI fraud schemes, but criminals also tap into small personal details in order to come across as credible to their targets. 

Ground zero is to realize just how much information about you is out there and how criminals can use it against you—from a seemingly innocuous Instagram story to a Zoom call recording. When it’s possible to replicate someone’s personality in just two hours, the media you leave on the web can be the makings of a time bomb.

2. Start Taking Action

Given the high stakes, C-level managers are prime targets for criminals. If you are a company decision-maker, consider what you post online and how careful you are about your digital hygiene—remember even the most basic information can be used against you. One rather ugly trend is blackmail and the defamation of executive family members—people would give up restricted access and documents to protect their loved ones’ reputations and private lives.

Standard cybersecurity practices like role-based access control or multifactor authentication create a sense of protection. However, in a world where personal data can be used more destructively than NDA information, this impression is questionable to say the least. So a crucial factor in staying ahead of fraudsters is to take a cold reality check, and maybe even reconsider your business’s entire approach to cybersecurity.

3. Sharpen Your Tools

There are dozens of tools to combat deepfakes and other modern digital risks. This matters. We should all be able to agree that a disaster is better avoided entirely than merely mitigated. And this is what AI-driven OSINT is already achieving with astonishing efficacy.

AI cuts both ways—while it can indeed be used for deploying ever more sophisticated social engineering traps and other schemes, it can also be used to counter these activities. In our products, we take a subtle approach to AI-driven defense—it’s not about merely scanning data for something explicitly bad, but piecing together fragments that in themselves may not indicate much, but are hugely effective in combination. This makes for a more throughgoing approach to data security.  

And even if things do slip the net, AI can quickly debunk a deepfake by finding the source files used to create it. And if no source files are found, AI tools can analyze facial microexpressions, inconsistencies in lighting, and unnatural voice modulations. What’s more, AI-powered behavioral analysis software can detect anomalies in typing speed and mouse movements, making identity theft almost impossible.

4. Develop a Culture of Critical Thinking

Investing in staff awareness can save your organization a fortune—every employee is a potential point of leverage for the unscrupulous. And while sustainable change may span multiple fields and departments, it all begins with critical thinking.

That said, this is not about fostering paranoid mistrust. On the contrary, a company should become a safe space where both the business and its employees protect each other from outside threats. Lay the foundation by preparing and sharing a plan for AI, deepfake, or data phishing emergencies. Show people that you have their backs. When people understand that such attacks are not solely about business or them—but both—they will be more likely to report suspicious activity or incidents instead of dealing with them alone.

In the end, our post-truth resistance is a matter of joint effort. AI fraud is a part of the virtual world we all to some extent occupy, and we are unlikely to eliminate it. Still, we can make the world safer by thinking critically, utilizing better safety tools, and cultivating healthy corporate relationships. But the foundation upon which each of these pillars is built is actually acknowledging the risk and facing up to what’s out there. Are you ready for that?