The Deepfake Dilemma

How AI-generated video and voice are redefining cyber threats in manufacturing.

Adam Khan
Aug 21, 2025
Deepfake Orhan Turan
istock.com/OrhanTuran

In 2024, cybercriminals launched more than 105,000 deepfake attacks. That’s the equivalent of one every five minutes. Cybercriminals no longer treat deepfake audio and video as novelties. They’re using them to commit fraud, steal data and sabotage companies. In manufacturing, where teams rely heavily on remote coordination and supply chain trust, the risk grows even more severe. 

Deception at Scale

Verizon’s 2025 Data Breach Investigations Report (DBIR) reveals that social engineering accounted for 22 percent of breaches in the manufacturing industry. Phishing alone was responsible for 19 percent of breaches. That means attackers don’t need to hack into systems or exploit software vulnerabilities to cause severe damage. They simply need to deceive a human being. 

With generative AI at their fingertips, they’re doing precisely that at scale and with alarming sophistication. 

Generative AI has supercharged these deception tactics, providing attackers with new tools to manipulate perception and exploit trust in ways that traditional phishing has never been able to, including the use of deepfakes. 

Deepfakes are hyper-realistic synthetic media that attackers use deep learning to create, enabling them to impersonate executives, vendors or partners with uncanny accuracy. The CEO’s voice on a voicemail or a supply chain manager’s face in a video call can be enough to override internal skepticism and trigger costly actions. 

A Multi-Pronged Threat to Manufacturing Operations

An analysis by Google DeepMind of nearly 200 public cases of generative AI misuse identified two main threat categories: the exploitation of generative AI capabilities (such as impersonation or the creation of fake video calls) and the compromise of generative AI systems through jailbreaking or adversarial prompts. In real-world attacks targeting businesses, the vast majority of incidents stem from exploitation, often using widely available consumer-level tools. 

One such case involved an employee at a multinational company in Hong Kong. The cybercriminal tricked them into transferring the equivalent of $25.6 million during a deepfaked video conference. Every individual on the call, including someone who appeared to be the company’s chief financial officer, was a computer-generated impostor. As Hong Kong police reported, “Everyone he saw was fake.” 

In another example, a bank employee wired $35 million after receiving a voice call that mimicked a senior executive using AI-generated speech. 

Manufacturing depends on constant communication across teams, partners and time zones. Email, video calls and messaging platforms keep global supply chains moving, but they also provide attackers with numerous opportunities to pose as trusted contacts. That, combined with the fact that manufacturing’s digital footprint keeps growing, makes the sector especially vulnerable to deepfakes, particularly among smaller organizations.

Verizon’s DBIR shows that more than 90 percent of manufacturing organizations affected by breaches had fewer than 1,000 employees. Many of these companies run with small IT teams, constrained budgets and limited access to modern security tools. 

Combating Deepfake-Driven Cybercrime

There’s no single solution to the deepfake dilemma, but manufacturers can take critical steps to defend against this emerging threat. 

Start by adopting a zero trust mindset: “never trust, always verify.” Scrutinize all requests involving financial transactions, production changes or credential access — even if they appear to come from trusted contacts. If a request feels unusual, verify it through a separate channel before taking action. 

Employee education is another key defense. Google DeepMind’s research highlights the value of “prebunking,” proactively showing users how bad actors create deepfakes and what red flags to look for, such as unnatural facial movements, inconsistent lighting or voice-lip sync mismatches. Raising awareness helps teams resist manipulation, especially under pressure. 

Email is the primary entry point for these attacks. According to Barracuda’s 2025 Email Threats Report, one in four email messages is either malicious or unwanted spam, and 20% of companies experience at least one account takeover incident per month. 

Once inside, attackers can impersonate trusted individuals and launch highly targeted spear phishing or business email compromise (BEC) attacks. Meanwhile, nearly half of all companies lack a properly configured DMARC policy, and 77 percent aren’t actively preventing spoofed emails, leaving the door wide open for impersonation. As these tactics grow more convincing, traditional email security becomes insufficient on its own. 

Manufacturing organizations should also limit the amount of executive video and audio content published online. Many deepfakes use publicly available footage, such as earnings calls, interviews or promotional content. Reducing that digital footprint makes it harder for attackers to build convincing impersonations. 

A layered security approach is essential. That includes email security, identity and access management, communication verification protocols, and behavior-based monitoring tools. Most deepfake-based attacks are part of broader campaigns that combine spoofed communications with fake contracts, fake scenarios or insider reconnaissance. 

Finally, manufacturers must strengthen their incident response playbooks. Once a deepfake is discovered or suspected, quick action can minimize financial loss and reputational damage. Studies show that most reputational fallout occurs within the first 24 hours of an incident.

Building Digital Trust in an Era of Synthetic Deception

Synthetic media isn’t inherently harmful. It's widely used in engineering, training, marketing, and simulation. But deepfakes used for fraud, impersonation or extortion represent a fast-growing threat to the global manufacturing industry.

Generative AI-powered tools empower cybercriminals to make phishing and impersonation attempts far more convincing and easier to execute. What once required technical skill now just takes the right tool and a few stolen clips. To stay resilient, manufacturers must rethink how they define and defend trust and recognize that the next attack might not come through code, but through a familiar face on screen.

Adam Khan is the VP, Global Security Operations at Barracuda MSP.

Latest in Cybersecurity
B2B Digital-Assisted Selling at Its Best
Sponsored
B2B Digital-Assisted Selling at Its Best
August 15, 2025
Soc
Six Data‑Driven Trends Impacting OT Cybersecurity
August 21, 2025
istock.com/MaxxaSatori
Next Gen Firewalls, Zero Trust Top Latest Offering
August 21, 2025
Deepfake Orhan Turan
The Deepfake Dilemma
August 21, 2025
Related Stories
Utility Metamorworks
Cybersecurity
How Covert Adversaries Are Embedding Themselves in Critical Infrastructure
Ep146
Cybersecurity
Security Breach: Cure Me or Kill Me - The Little Things That Escalate Attacks
Encryption
Cybersecurity
Front Line Reports Reinforce Why Manufacturing Is a Top Target
Security Breach Podcast
Sponsor Content
Security Breach Podcast
More in Cybersecurity
B2B Digital-Assisted Selling at Its Best
Sponsored
B2B Digital-Assisted Selling at Its Best
These capabilities help sales teams close deals, empower buyers, and consolidate the sales process into one platform.
August 15, 2025
Cybersecurity
Divya Venkataraman
Director, Contracts Capabilities, Rockwell Automation
August 21, 2025
Soc
Cybersecurity
Six Data‑Driven Trends Impacting OT Cybersecurity
The discussion has shifted from “should we invest?” to “how fast can we prove payback?”
August 21, 2025
istock.com/MaxxaSatori
Cybersecurity
Next Gen Firewalls, Zero Trust Top Latest Offering
Simple, scalable solution focuses on MSPs.
August 21, 2025
Cybersecurity
Adam Khan
VP, Global Security Operations at Barracuda MSP
August 21, 2025
Utility Metamorworks
Cybersecurity
How Covert Adversaries Are Embedding Themselves in Critical Infrastructure
The biggest threats aren’t always smash-and-go ransomware attacks, but slow movers designed to stay hidden.
August 21, 2025
Ep146
Cybersecurity
Security Breach: Cure Me or Kill Me - The Little Things That Escalate Attacks
Hackers are leveraging overlooked deficiencies to target crown jewels you don't even think about.
August 21, 2025
Encryption
Cybersecurity
Front Line Reports Reinforce Why Manufacturing Is a Top Target
IT-based approaches continue to fail. Why access control strategies must be customized for OT environments.
August 21, 2025
Industrial Cyber
Cybersecurity
CISA Offers OT Asset Inventory Guidance
The advisory offers insight on initial and ongoing visualization challenges.
August 14, 2025
Industrial Concept Metamorworks
Cybersecurity
Nearly Two-Thirds Plan AI Adoption to Counter Cyber Risks in Manufacturing
A new report confirms cybersecurity as a top concern throughout the enterprise.
August 14, 2025
Ransomware
Software
Chip Makers See A 6X Surge in Cyberattacks and $1B in Ransomware Losses
State-sponsored and global hacking groups are waging war against the semiconductor industry.
August 14, 2025
Peach Istock Ai Cyber
Cybersecurity
Your Most Dangerous Attacker and Greatest Defender
The perils of fighting with and against artificial intelligence.
August 13, 2025
Cybersecurity
Jeremy H. Gottschalk
Founder and CEO of Marketplace Risk
August 13, 2025
Malware Sashkinw
Cybersecurity
The Growing Threat of Wiper Malware
Meet ransomware's quieter, but potentially more destructive cousin.
August 13, 2025
Financial Cyber
Cybersecurity
Building a Future-Proof Cybersecurity Strategy
You can't treat cybersecurity as a box to check - ways to make it an ongoing, strategic effort.
August 13, 2025