The Rising Threat of Deepfake Attacks
In 2024, Arup, a global engineering consulting firm, fell victim to an elaborate deepfake scam. A finance employee participated in what appeared to be a legitimate video conference with the company’s CFO and other senior leaders. Unbeknownst to them, every participant—except the employee—was a deepfake, generated by cybercriminals using AI-powered synthetic media. Tricked into believing the instructions were legitimate, the employee transferred over $25 million to fraudulent accounts.
Deepfake technology—AI-generated synthetic media that manipulates audio, video, and images—has rapidly advanced, making it increasingly difficult to discern real from fake. From impersonating executives to manipulating stock markets with false news, deepfake threats are becoming a significant concern for businesses. As these attacks grow more sophisticated, executive leadership teams must prepare for potential deepfake incidents by conducting targeted tabletop exercises.
Why Run a Deepfake Tabletop Exercise?
A deepfake tabletop exercise helps organizations:
- Recognize the indicators of a deepfake attack.
- Assess their current policies and response strategies.
- Test decision-making under pressure.
- Strengthen crisis communications and cyber resilience.
- Refine escalation protocols and mitigation tactics.
PreparedEx, a leader in crisis preparedness, designs and facilitates deepfake tabletop exercises to equip executive teams with the knowledge and tools to detect and mitigate these evolving threats.
Designing a Deepfake Tabletop Exercise
A well-structured exercise should simulate a realistic deepfake attack scenario while engaging leadership in critical decision-making. Below is a proven approach to running a deepfake tabletop exercise.
1.Define Objectives and Scope
Before launching into a scenario, clarify the exercise’s key objectives. Common goals include:
– Testing the ability to verify high-level communications.
– Evaluating response times and decision-making.
– Identifying gaps in cybersecurity and fraud prevention.
– Improving internal and external crisis communication strategies.
Scope Considerations
- Will the exercise focus on a single incident or a series of escalating deepfake attacks?
- Should participants experience only voice deepfakes, or will video and synthetic emails be included?
- Will social media misinformation be part of the scenario?
2. Develop a Realistic Scenario
A compelling deepfake scenario should reflect real-world risks relevant to the organization. Example scenarios include:
Fake CEO Directive: Executives receive an urgent video call from the ‘CEO’ directing financial transfers.
Misinformation Crisis: A deepfake video falsely depicting a company leader in a scandalous situation circulates online.
Media Manipulation: A synthetic news broadcast announces a fabricated corporate crisis, impacting stock prices.
Supply Chain Fraud: A vendor receives deepfake-generated instructions for unauthorized transactions.
Key elements of the scenario
– Authentic-looking multimedia (voice/video deepfakes, emails, social media posts).
– Increasing complexity over time to test adaptability.
– Time-sensitive decision-making pressure.
3. Assign Roles and Responsibilities
Participants should represent key stakeholders, including:
– C-Suite Executives (CEO, CFO, CISO, COO, General Counsel)
– Crisis Management Team
– Cybersecurity & IT Leadership
– Corporate Communications & PR
– Legal & Compliance Teams
Each team member must respond based on their actual roles within the company, ensuring the exercise reflects real-world decision-making processes.
4. Execute the Exercise in Phases
A deepfake tabletop should unfold in distinct phases:
Phase 1: Initial Alert – Participants receive the deepfake (e.g., a voice message, a fake email, or a manipulated video). They must determine its authenticity.
Phase 2: Internal Response – The leadership team assesses the situation, verifies sources, and discusses response strategies.
Phase 3: Escalation & External Response – If the deepfake spreads externally, how does the company engage with the media, regulators, and stakeholders?
Phase 4: Resolution & Lessons Learned – The team discusses what worked, what failed, and areas for improvement.
5. Post-Exercise Analysis and Improvement
After the exercise, PreparedEx facilitates an After-Action Review (AAR) to:
- Identify strengths and weaknesses in the response process.
- Assess gaps in policies and technologies.
- Recommend improvements in training and verification protocols.
- Develop an actionable remediation plan.
Key Takeaways for Executives
After completing a deepfake tabletop exercise, executives should:
- Implement stronger identity verification protocols, such as multifactor authentication for sensitive communications.
- Develop a rapid response framework to detect and contain deepfake incidents.
- Train employees on deepfake awareness so they can recognize potential threats.
- Strengthen external communications strategies to manage public perception and misinformation.
How PreparedEx Can Help
PreparedEx specializes in executive-level tabletop exercises, equipping leadership teams with the tools to navigate crisis scenarios—including deepfake attacks. Our expert facilitators create customized, high-impact simulations tailored to your organization’s needs.