October 1, 2023—Synthetic media is a blanket term used to describe a broad scope of highly realistic examples of AI-generated media—believable images, videos, text, and voice recordings that are often manipulations of authentic media. Drawing from massive data sets, with most legitimate developers drawing from “fair use” sources, these technologies are being developed and exploited at an exponential pace. From OpenAI’s ChatGPT to social media dupes to fake news, synthetic media has both promising and malicious applications and leaves many wondering if they can believe what they see.
The U.S. government has been monitoring synthetic media for several years, aware of its potential to spread misinformation and of the growing threats of fraud and internet-based crimes. On September 12, 2023, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet (CSI), Contextualizing Deepfake Threats to Organizations, which provides an overview of synthetic media threats, techniques, and trends. This report warns that deepfakes and other forms of synthetic media can be abused to threaten an organization’s brand, impersonate leaders and financial officials, and enable access to networks, communications, and sensitive information. And, the implications for the financial services industry are significant.
As a credit union industry, we must be both well-informed and vigilant against current and emerging threats. To defend ourselves against risks related to this new technology, we must understand how to detect synthetic media, to authenticate our members and their behaviors, and to ensure that our policies and controls reflect a security posture which addresses specific and evolving threats.
The Cybersecurity and Infrastructure Security Agency website at www.cisa.gov is a foundational resource to educate credit union staff, security professionals, and members on the types of synthetic media, its uses, and its risks. It includes actionable guidance on how organizations can identify, defend against, and respond to threats, guidance that should be front of mind as you consider more positive applications for these innovations.