%22%3E%0A%3Cpath%20d%3D%22M412%20101.2H393.7C393.1%20101.2%20392.3%20100.9%20391.8%20100.5C377.3%2087.6004%20362.9%2074.6004%20348.4%2061.6004C344.8%2058.4004%20341.3%2055.2004%20337.7%2052.0004C337.1%2051.5004%20336.2%2051.1004%20335.5%2051.0004C334.2%2050.8004%20333%2051.0004%20331.5%2051.0004V101.1H316.7V0.100391H331.4V44.3004C331.9%2044.3004%20332.2%2044.4004%20332.5%2044.4004C334.9%2044.4004%20337.2%2044.5004%20339.6%2044.4004C340.4%2044.4004%20341.3%2044.0004%20341.8%2043.5004C351.6%2034.4004%20361.4%2025.2004%20371.1%2016.0004C376.5%2010.9004%20381.9%205.90039%20387.3%200.800391C387.9%200.200391%20388.5%200.000390626%20389.3%200.000390626H400.9C384.2%2015.8004%20367.8%2031.3004%20351.2%2047.0004C371.5%2065.0004%20391.8%2082.9004%20412.1%20100.9C412.1%20101%20412.1%20101.1%20412%20101.2ZM180.9%20101.2C184.1%2094.9004%20187.2%2088.9004%20190.3%2082.8004C198.3%2067.3004%20206.2%2051.8004%20214.2%2036.2004C220.3%2024.4004%20226.4%2012.5004%20232.4%200.700391C232.7%200.100391%20233%20-0.0996094%20233.7%20-0.0996094H248.1C248.8%20-0.0996094%20249.2%200.100391%20249.6%200.800391C256%2013.3004%20262.4%2025.7004%20268.8%2038.2004C279.3%2058.6004%20289.8%2079.0004%20300.3%2099.5004C300.5%20100%20300.8%20100.4%20301.1%20101.1C300.5%20101.1%20300.1%20101.2%20299.7%20101.2H286.5C285.6%20101.2%20285.1%20100.9%20284.7%20100.2C280.1%2091.3004%20275.4%2082.4004%20270.8%2073.4004C270.1%2072.1004%20269.3%2071.6004%20267.8%2071.6004H209.9C208.7%2071.6004%20208.1%2072.0004%20207.5%2073.1004C202.9%2082.1004%20198.2%2091.0004%20193.6%20100C193.1%20101%20192.6%20101.3%20191.5%20101.3C188.4%20101.2%20185.3%20101.3%20182.3%20101.3C182%20101.2%20181.6%20101.2%20180.9%20101.2ZM239.1%2011.4004C230%2029.2004%20221.1%2046.7004%20212.1%2064.3004H266.4C257.2%2046.7004%20248.2%2029.2004%20239.1%2011.4004ZM0%200.000390626H43.4C51.2%200.000390626%2058.7%201.20039%2065.7%204.80039C75.9%2010.0004%2078.9%2018.0004%2078.6%2027.4004C78.3%2034.3004%2076%2040.5004%2071.2%2045.5004C67.3%2049.6004%2062.4%2052.3004%2057.1%2054.3004C50.6%2056.7004%2043.9%2058.0004%2037.1%2058.6004C30.1%2059.2004%2023.1%2059.4004%2016.2%2059.7004C15.8%2059.7004%2015.3%2059.8004%2014.8%2059.8004V101.1H0.1C0%2067.4004%200%2033.8004%200%200.000390626ZM14.8%207.10039V52.2004C23.7%2052.4004%2032.6%2052.3004%2041.2%2050.1004C44.4%2049.3004%2047.6%2048.2004%2050.6%2046.7004C58.4%2043.0004%2062.3%2036.7004%2062.7%2028.0004C63%2019.9004%2059.5%2014.1004%2052.4%2010.5004C47.6%208.00039%2042.5%207.10039%2037.2%207.10039H14.8ZM95.9%20101.1V0.100391H167.3V7.20039H110.7V44.7004H158.1V51.9004H110.8V93.9004H171.1V101C146.1%20101.1%20121%20101.1%2095.9%20101.1Z%22%20fill%3D%22black%22%2F%3E%0A%3Cpath%20d%3D%22M35.0004%2025.7996H42.5004V20.6996H44.8004V33.1996H42.6004V27.5996H34.9004V33.2996H32.7004V20.7996H35.0004V25.7996ZM54.4004%2025.8996V27.2996H48.9004V31.6996H55.9004C55.9004%2032.1996%2056.0004%2032.5996%2056.0004%2033.0996H46.5004V20.5996H55.5004V21.8996H49.0004V25.7996C50.7004%2025.8996%2052.5004%2025.8996%2054.4004%2025.8996ZM25.9004%2033.0996H23.5004V21.9996H17.9004V20.6996H31.6004V22.0996H27.1004C26.2004%2022.0996%2025.9004%2022.2996%2025.9004%2023.1996C26.0004%2026.0996%2025.9004%2028.9996%2025.9004%2031.7996V33.0996Z%22%20fill%3D%22black%22%2F%3E%0A%3C%2Fg%3E%0A%3Cdefs%3E%0A%3CclipPath%20id%3D%22clip0_388_462%22%3E%0A%3Crect%20width%3D%22411%22%20height%3D%22101.2%22%20fill%3D%22white%22%2F%3E%0A%3C%2FclipPath%3E%0A%3C%2Fdefs%3E%0A%3C%2Fsvg%3E%0A)
FS-ISAC helps the financial sector guard against digital impersonations
Deepfakes are becoming increasingly sophisticated, but 60% of companies lack protocols to mitigate this growing risk. Cybersecurity non-profit FS-ISAC has released a whitepaper aimed at helping financial institutions safeguard stakeholder trust amid this growing threat.
By Jamie Wong /
The Financial Services Information Sharing and Analysis Center (FS-ISAC), a non-profit organisation with a focus on cybersecurity in the global financial system, recently released a whitepaper titled: Deepfakes in the Financial Sector: Understanding the Threats, Managing the Risks. This paper aims to help senior executives, board members, and cyber leaders address the emerging cybersecurity risk posed by deepfakes.
Scale of the impact
Deepfakes have recently captured public attention through incidents in sectors outside finance, such as the recent cases in South Korea. However, these risks apply across various industries, including the financial one.
The term "deepfake" combines “deep learning” and “fake” to describe synthetic media created through AI. This technology allows malicious actors to produce hyper-realistic impersonations of individuals' images and voices, enabling them to bypass security protocols and deceive victims into giving up sensitive information. Such cyber threats exploit human vulnerabilities in decision-making and interaction, adding a new layer of complexity to financial cybersecurity.
Although the concept of deepfakes isn't new, advances in AI have made them increasingly accessible and convincing, heightening their potential as cybersecurity threats. However, according to FS-ISAC, 60% of executives lack specific protocols to counteract these risks, indicating an urgent need for companies — especially financial institutions that handle money— to develop protective measures against the substantial impacts of this technology.
Specific to the finance industry
The paper outlines several risks deepfakes pose to financial institutions, such as market manipulation, direct fraud, and reputational damage through disinformation campaigns.
For instance, last year, a deepfake of an alleged explosion near the Pentagon, paired with fabricated images, circulated on social media. This fake incident triggered an 85-point drop in the Dow Jones Industrial Average, illustrating the potential for deepfake-driven misinformation to influence financial markets. A similar fake video featuring a C-suite executive could sway investors or clients, impacting both market stability and institutional trust.
“The potential damage of deepfakes goes well beyond the financial costs to undermining trust in the financial system itself,” said Michael Silverman, Chief Strategy & amp; Innovation Officer of FS-ISAC. “To address this, organisations need to adopt a comprehensive security strategy that promotes a culture of vigilance and critical thinking to stay ahead of these evolving threats.”
Strategies to cope
To address deepfake threats, companies must invest in both preventive and detection strategies. Preventive controls focus on reducing risks before they materialise, while detection strategies help identify deepfakes that do infiltrate systems. Multi-factor authentication and biometric verification are key preventive tools, providing added security layers that deepfakes alone cannot circumvent. Additionally, measures such as customer call-backs for transaction verification reduce the chances of fraud from impersonations.
Detection strategies, like digital watermarks, help identify altered or false media by verifying authenticity markers. Watermark-based tools allow employees and clients to spot inconsistencies in deepfake media. However, as detection methods rely on the latest data to stay effective, these controls must be regularly updated to keep up with evolving deepfake technology.
Certain measures recommended in the report serve dual purposes, combining prevention and detection. For example, FS-ISAC strongly encourages companies to implement employee training to improve understanding and recognition of deepfake threats. Role-specific examples in training sessions can help employees understand that cybersecurity threats can happen to everyone. It also illustrate the organisational impact of deep fakes, fostering a better awareness of their consequences.
Hiranmayi Palanki, Distinguished Engineer at American Express and Vice Chair of FS-ISAC’s AI Risk Working Group, said, “Addressing deepfake technology requires more than just technical solutions—it also demands a cultural shift. Building a workforce that is alert and aware is crucial to safeguarding both security and trust from the potential threats posed by deepfakes.”