Sign up to save your podcasts
Or
Share Testing Deepfakes: The Reality of AI Impersonation Attacks
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Testing Deepfakes: The Reality of AI Impersonation Attacks
Send us a text
What happens when your company's cyber defenses face a deepfake attack impersonating leadership? Bill Shearstone, Director of Information Security in the energy sector, shares the eye-opening results from a penetration test where his team used AI-generated deepfake technology to trick an employee into resetting credentials. Despite technical limitations and the employee's "gut feeling that something wasn't right," the attack succeeded - revealing crucial lessons about human psychology in security.
Drawing from both his extensive commercial experience and previous work at the NSA during the global war on terrorism, Shearstone offers practical insights on how organizations should approach penetration testing. Rather than repeatedly testing external defenses, he advocates starting tests with internal access to thoroughly evaluate detection capabilities, incident response procedures, and lateral movement controls. This approach uncovered a critical finding: security tools detected suspicious activity but failed to provide the complete picture of what was happening.
Shearstone emphasizes why cybersecurity's strength lies in continuous improvement and incident response preparation: "If I look at an attack coming in and I'm able to contain it without impacting business operations tremendously, to me that's just as good as preventing an attack." His pragmatic approach acknowledges that perfect prevention is impossible, making effective detection and response capabilities equally crucial for organizational resilience.
View all episodes
By SecuronixSend us a text
What happens when your company's cyber defenses face a deepfake attack impersonating leadership? Bill Shearstone, Director of Information Security in the energy sector, shares the eye-opening results from a penetration test where his team used AI-generated deepfake technology to trick an employee into resetting credentials. Despite technical limitations and the employee's "gut feeling that something wasn't right," the attack succeeded - revealing crucial lessons about human psychology in security.
Drawing from both his extensive commercial experience and previous work at the NSA during the global war on terrorism, Shearstone offers practical insights on how organizations should approach penetration testing. Rather than repeatedly testing external defenses, he advocates starting tests with internal access to thoroughly evaluate detection capabilities, incident response procedures, and lateral movement controls. This approach uncovered a critical finding: security tools detected suspicious activity but failed to provide the complete picture of what was happening.
Shearstone emphasizes why cybersecurity's strength lies in continuous improvement and incident response preparation: "If I look at an attack coming in and I'm able to contain it without impacting business operations tremendously, to me that's just as good as preventing an attack." His pragmatic approach acknowledges that perfect prevention is impossible, making effective detection and response capabilities equally crucial for organizational resilience.