What types of AI-driven social engineering attacks are organizations facing?

Organizations are seeing CEO deepfakes requesting money transfers, fake job interviews with voice cloning, and sophisticated phishing attempts delivered across email, WhatsApp, and SMS. These attacks use AI to create highly convincing impersonations that are difficult to detect.

How can organizations defend against attacks that bypass traditional MFA?

Organizations should implement phishing-resistant MFA using tokens and keys, deploy passwordless authentication solutions like FIDO2/passkeys, strengthen email security to detect business email compromise, and build robust threat detection and response capabilities to identify suspicious activity quickly.

Defending Against AI-Driven Social Engineering Attacks

Name: Defending Against AI-Driven Social Engineering Attacks
Uploaded: 2026-04-21T06:37:43-04:00
Duration: 8 min 5 s
Description: TL;DR AI has dramatically increased the sophistication of social engineering attacks, with threat actors using deepfakes, voice cloning, and CEO impersonations across multiple communication channels. Employees are the first line of defense and require ...

Okta

04/21/2026

0 (0%)

Report Like Favorite

TL;DR

AI has dramatically increased the sophistication of social engineering attacks, with threat actors using deepfakes, voice cloning, and CEO impersonations across multiple communication channels.
Employees are the first line of defense and require ongoing training, phishing simulations, and awareness programs to recognize and report suspicious activity.
Organizations must deploy phishing-resistant MFA, passwordless authentication, enhanced email security, and Zero Trust architecture to combat advanced attacks like those from Scattered Spider.
Strong threat detection and response capabilities are essential because preventive controls alone cannot stop all attacks—organizations must detect and triage threats quickly.

Summary

In this Okta Executive Exchange interview, Thoughtworks CISO Nitin Raina discusses the rapidly evolving landscape of AI-powered social engineering attacks and deepfakes. Raina explains how threat actors are leveraging artificial intelligence to create sophisticated deception campaigns, including CEO impersonations, fake interviews, and voice cloning attacks delivered across multiple channels like email, WhatsApp, and SMS. He emphasizes that employees serve as the first line of defense and outlines a comprehensive security strategy that combines employee training, phishing-resistant MFA, email security tools, and Zero Trust architecture. Raina also addresses how advanced cybercrime groups like Scattered Spider are bypassing traditional MFA through SIM swapping and man-in-the-middle attacks, requiring organizations to deploy passwordless solutions and strengthen threat detection capabilities. The conversation concludes with Raina's advice for CISOs to position themselves as business enablers who partner closely with functional leaders to balance security with organizational agility.

Chapters

0:00 - Introduction
0:31 - The Rise of Sophisticated Social Engineering
1:21 - AI-Powered Deepfakes and Attacks
2:53 - Employee Training as First Line of Defense
3:45 - Technical Controls and Zero Trust
5:32 - Bypassing MFA and Advanced Threats
6:41 - Advice for CISOs

Key Quotes

0:51 "We're seeing a lot of very intelligent, smart attacks happen. A lot of deception, fake attempts happening. It has become so sophisticated. AI has played a very crucial role in assisting both the attackers and the folks on defending it."
1:55 "We are seeing a deep fake from a CEO impersonation. We are also seeing a lot of fake interviews. We are seeing a lot of these happen through multiple channels. So you could see it from an email, you could see it from non-official collaboration channels like WhatsApp, SMS."
3:10 "People, employees, they are the first line of defense. So you have to spend time and effort to train them."
5:01 "The attacker is getting advanced, they are leveraging AI, and other automation and other tech to actually penetrate some of the controls that the organizations are putting. So can you detect things sooner? Can you flag things sooner? ..."
7:15 "Are you clearly a business team player? So when you are working with your business, do they understand what security initiatives that you are trying to do? Are there things that if you do well, you can actually enable the organization to go fast."

Categories:

» Cybersecurity » Zero Trust
» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/12/2026

11:30 PM

05/12/2026

Implementing Effective Strategies for Active Directory Security and Data Protection

https://www.truthinit.com/index.php/channel/1888/implementing-effective-strategies-for-active-directory-security-and-data-protection/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Reveal Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-reveal-hidden-threats-and-ai-risks-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Deployment Phases

https://www.truthinit.com/index.php/channel/1936/establishing-a-robust-ai-governance-framework-for-genai-throughout-deployment-phases/
05/20/2026

08:00 AM

05/20/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1937/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/20/2026

10:00 PM

05/20/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1953/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/27/2026

10:00 AM

05/27/2026

Adopting AI: From Illusion to Intentional Control

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transitioning-from-illusion-to-purposeful-mastery/
05/28/2026

01:00 PM

05/28/2026

Harnessing AI for Smaller Teams: Strategies for Secure Implementation

https://www.truthinit.com/index.php/channel/1951/harnessing-ai-for-smaller-teams-strategies-for-secure-implementation/
06/02/2026

01:00 PM

06/02/2026

Spring of Satori: Delving into Recent Findings and the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/spring-of-satori-delving-into-recent-findings-and-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/
06/16/2026

07:00 AM

06/16/2026

Transforming Data Risk into Actionable Priorities: Essential Fixes First

https://www.truthinit.com/index.php/channel/1952/transforming-data-risk-into-actionable-priorities-essential-fixes-first/