What types of AI-driven social engineering attacks are organizations facing?

Organizations are seeing CEO deepfakes requesting money transfers, fake job interviews with voice cloning, and sophisticated phishing attempts delivered across email, WhatsApp, and SMS. These attacks use AI to create highly convincing impersonations that are difficult to detect.

How can organizations defend against attacks that bypass traditional MFA?

Organizations should implement phishing-resistant MFA using tokens and keys, deploy passwordless authentication solutions like FIDO2/passkeys, strengthen email security to detect business email compromise, and build robust threat detection and response capabilities to identify suspicious activity quickly.

Defending Against AI-Driven Social Engineering Attacks

Name: Defending Against AI-Driven Social Engineering Attacks
Uploaded: 2026-04-21T06:37:43-04:00
Duration: 8 min 5 s
Description: TL;DR AI has dramatically increased the sophistication of social engineering attacks, with threat actors using deepfakes, voice cloning, and CEO impersonations across multiple communication channels. Employees are the first line of defense and require ...

Okta

04/21/2026

0 (0%)

Report Like Favorite

TL;DR

AI has dramatically increased the sophistication of social engineering attacks, with threat actors using deepfakes, voice cloning, and CEO impersonations across multiple communication channels.
Employees are the first line of defense and require ongoing training, phishing simulations, and awareness programs to recognize and report suspicious activity.
Organizations must deploy phishing-resistant MFA, passwordless authentication, enhanced email security, and Zero Trust architecture to combat advanced attacks like those from Scattered Spider.
Strong threat detection and response capabilities are essential because preventive controls alone cannot stop all attacks—organizations must detect and triage threats quickly.

Summary

In this Okta Executive Exchange interview, Thoughtworks CISO Nitin Raina discusses the rapidly evolving landscape of AI-powered social engineering attacks and deepfakes. Raina explains how threat actors are leveraging artificial intelligence to create sophisticated deception campaigns, including CEO impersonations, fake interviews, and voice cloning attacks delivered across multiple channels like email, WhatsApp, and SMS. He emphasizes that employees serve as the first line of defense and outlines a comprehensive security strategy that combines employee training, phishing-resistant MFA, email security tools, and Zero Trust architecture. Raina also addresses how advanced cybercrime groups like Scattered Spider are bypassing traditional MFA through SIM swapping and man-in-the-middle attacks, requiring organizations to deploy passwordless solutions and strengthen threat detection capabilities. The conversation concludes with Raina's advice for CISOs to position themselves as business enablers who partner closely with functional leaders to balance security with organizational agility.

Chapters

0:00 - Introduction
0:31 - The Rise of Sophisticated Social Engineering
1:21 - AI-Powered Deepfakes and Attacks
2:53 - Employee Training as First Line of Defense
3:45 - Technical Controls and Zero Trust
5:32 - Bypassing MFA and Advanced Threats
6:41 - Advice for CISOs

Key Quotes

0:51 "We're seeing a lot of very intelligent, smart attacks happen. A lot of deception, fake attempts happening. It has become so sophisticated. AI has played a very crucial role in assisting both the attackers and the folks on defending it."
1:55 "We are seeing a deep fake from a CEO impersonation. We are also seeing a lot of fake interviews. We are seeing a lot of these happen through multiple channels. So you could see it from an email, you could see it from non-official collaboration channels like WhatsApp, SMS."
3:10 "People, employees, they are the first line of defense. So you have to spend time and effort to train them."
5:01 "The attacker is getting advanced, they are leveraging AI, and other automation and other tech to actually penetrate some of the controls that the organizations are putting. So can you detect things sooner? Can you flag things sooner? ..."
7:15 "Are you clearly a business team player? So when you are working with your business, do they understand what security initiatives that you are trying to do? Are there things that if you do well, you can actually enable the organization to go fast."

Categories:

» Cybersecurity » Zero Trust
» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

04/21/2026

02:00 PM

04/21/2026

How Purpose Brands scales IT with Zendesk ITAM

https://www.truthinit.com/index.php/channel/1881/how-purpose-brands-scales-it-with-zendesk-itam/
04/22/2026

01:00 PM

04/22/2026

Evolving Service Account Security: Transitioning from Legacy to Agentic Identities in AI

https://www.truthinit.com/index.php/channel/1885/evolving-service-account-security-transitioning-from-legacy-to-agentic-identities-in-ai/
04/22/2026

01:00 PM

04/22/2026

Harnessing the Power of AI for Rapid Advancements

https://www.truthinit.com/index.php/channel/1892/harnessing-the-power-of-ai-for-rapid-advancements/
04/23/2026

01:00 PM

04/23/2026

Cultivating Trust as a Foundation for the Agentic Consumer in 2026

https://www.truthinit.com/index.php/channel/1883/cultivating-trust-as-a-foundation-for-the-agentic-consumer-in-2026/
04/29/2026

12:00 PM

04/29/2026

Strategies for Safeguarding AI in Applications, Agents, and APIs

https://www.truthinit.com/index.php/channel/1893/strategies-for-safeguarding-ai-in-applications-agents-and-apis/
04/30/2026

10:00 AM

04/30/2026

Insights from the 2026 Keepit Annual Data Report on SaaS Data Protection

https://www.truthinit.com/index.php/channel/1868/insights-from-the-2026-keepit-annual-data-report-on-saas-data-protection/
04/30/2026

01:00 PM

04/30/2026

The New Economics of a VMware Exit

https://www.truthinit.com/index.php/channel/1880/the-new-economics-of-vmware-exit/
05/06/2026

02:00 AM

05/06/2026

Transforming AI's Potential: Proactively Identifying Attacks Before Breaches Occur

https://www.truthinit.com/index.php/channel/1886/transforming-ais-potential-proactively-identifying-attacks-before-breaches-occur/
05/06/2026

10:00 PM

05/06/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1913/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

05:00 AM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1914/world-password-day-strategies-for-managing-your-passwords-effectively/
05/07/2026

01:00 PM

05/07/2026

World Password Day: Strategies for Managing Your Passwords Effectively

https://www.truthinit.com/index.php/channel/1915/world-password-day-strategies-for-managing-your-passwords-effectively/
05/12/2026

01:00 PM

05/12/2026

Transforming Black Box Mysteries into Transparent Insight: Addressing AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-mysteries-into-transparent-insight-addressing-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Effective Strategies for Safeguarding Active Directory and Minimizing Data Exposure

https://www.truthinit.com/index.php/channel/1888/effective-strategies-for-safeguarding-active-directory-and-minimizing-data-exposure/
05/13/2026

01:00 AM

05/13/2026

Transforming the Unknown: Revealing AI Risks and Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-unknown-revealing-ai-risks-and-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Revealing Hidden Threats and AI Risks Through Data Lineage Insights

https://www.truthinit.com/index.php/channel/1894/revealing-hidden-threats-and-ai-risks-through-data-lineage-insights/