Deepfakes have caused quite a stir in our digital-first world. They have become so convincing that 52% of 700 global IT decision-makers surveyed by Ping Identity said they were not confident they could spot a deepfake of their CEO. This startling indictment of the current situation is, perhaps, unsurprising considering how far deepfakes have come.
Just recently, Singapore saw high-profile deepfake incidents involving former Prime Minister Lee Hsien Loong and his successor, Lawrence Wong, highlighting the lengths that scammers will go to for their nefarious ends. The fact that malicious actors are developing fake content of public importance causes alarm ahead of Singapore’s national elections due next year. More robust cybersecurity policies are clearly needed, with swift and extensive actions aimed at protecting the integrity of the democratic process.
For its part, the government is walking the talk. At the start of the year, Minister for Communications and Information Josephine Teo revealed an SG$20 million allocation for fostering online trust and safety. More recently, the minister mooted a 90-day deepfake ban before the April 2025 polls.
However, the onus isn’t just on governments. The private sector must take on this responsibility, too. That hinges on having a robust fraud protection strategy. Yet, the same research finds that 99% of organisations surveyed in Singapore are experiencing challenges with identity verification. Not surprising when just 52% are using a one-time passcode to protect against fraud, and even less — 51% — are using digital credential issuance and verification.
Meanwhile, 55% said they expect AI to increase identity fraud, but despite that, nearly half of those surveyed said they were not very confident they have the technology in place to defend against AI attacks.
Furthermore, only 41% of respondents said they have incorporated decentralised identity (DCI) into their cybersecurity strategies. DCI helps users manage their own identity data, which can enhance privacy and security by reducing reliance on centralised systems. This approach aims to mitigate risks associated with identity theft and streamline authentication processes for organisations. However, this is just one of many approaches that can be used to strengthen security frameworks.
Establishing detailed guidelines
Leaders must also set and properly explain unambiguous rules inside their organisations. Clear instructions should be developed by CEOs and their teams to assure staff members that they will never be asked to make unusual or unexpected requests, such as gift card purchases, which is a typical phishing technique. Fraudsters will change over time from focusing on CEOs to virtually posing as other staff members. Organisational preparedness is non-negotiable as these scammers will target everyone, from peers and frontline managers to VPs and directors.
The corporate sector should also consider the risks involved in using deepfake technologies on business tools. Establishing these guidelines marks a first step in defence against these hazards.
Verifying requests using multiple methods
Organisations need a varied approach to authentication to effectively combat deepfakes. Relying on a single method of authentication may not be enough to deter today’s sophisticated fraudsters. To stay ahead, businesses should implement multiple layers of authentication without disrupting the user experience.
Leaders should also ensure strong controls are in place to detect deepfakes and phishing attempts. Examples include multi-party approvals for significant business transactions and in-app authentication that prompts users to confirm actions. Phishing-resistant authentication methods can help prevent account takeovers, and ongoing cybersecurity awareness training is essential to create an environment where employees feel encouraged and able to report anything suspicious.
Frequent training sessions
Employee awareness of deepfakes and other forms of identity theft hinges on consistent training. These sessions help educate staff members who may be unfamiliar with deepfakes and reinforce the importance of staying alert to digital misinformation. Without regular reminders of the risks, employees may become complacent, leaving the organisation vulnerable to digital security threats.
We live in what is often referred to as the “Trust nothing, verify everything” era. In other words, nothing should be assumed as genuine until it is verified. Sophisticated and frequent deepfakes have become a regular occurrence in our society. To navigate this era, businesses must implement well-defined policies, verify requests across multiple channels, and provide continuous training. This equips them to face these challenges with greater confidence.
