.png){kind=small}
It’s getting hard to tell what’s real these days. The latest addition to the recent streak of deepfakes saw scammers successfully duping an employee into a million-dollar transaction by impersonating a Hong Kong company's Chief Financial Officer (CFO) and other colleagues via video call. While deepfakes are a concerning development, the threat they pose is symptomatic of a wider issue. That is, the unpreparedness of individuals and organisations in countering increasingly sophisticated social engineering scams. It is only natural that the tactics of malicious actors evolve as technology does. Consequently, it demands a multi-layered defence strategy from us that goes beyond just spotting pixelated faces on video calls.
As the case in Hong Kong demonstrated, human fallibility and weak internal governance remains a key vulnerability in averting deception hidden in plain sight. Even the most sophisticated technology can be bypassed if internal processes and employee awareness are lacking.
This is where Governance, Risk Management, and Compliance (GRC) steps in, offering a robust framework to combat not just deepfakes, but the entire spectrum of social engineering threats. As the name suggests, its three pillars form a fully integrated strategy in enabling organisations to minimise their vulnerability to attacks by effectively managing risks, implementing comprehensive controls as well as defensive protocols to respond promptly to any attack holistically.