96
Voice Security becomes necessary for Help Desks
View this email in your browser
The weekly newsletter of the Business of Tech, giving you new insights into the world of IT service delivery.
Looking for stories from the podcast stories? Check out the pod itself on Apple Podcasts, Spotify, or daily in your inbox. Stories are available to everyone for five days,and Patreon supporters forever.
Was this forwarded to you? Join the list!
Social Engineering with Voice AI
Just when I thought I had a pretty thorough understanding of the most pressing cybersecurity threats, I came across a rather terrifying avenue of the sector I’d never heard of: voice security.
And no, I’m not just bringing this up because I’m a podcaster. Turns out, voice security is something that large organizations already have to worry about, and small companies will soon have to think about as well.
Ready for a deep dive on yet another thing we IT folks have to consider? I welcomed the CEO of Pindrop, Vijay Balasubramaniyan, onto a bonus episode of The Business of Tech to explain what voice security is, why it matters, and how voice attacks will inevitably impact customers.
The State of Voice Attacks
Though voice security is stepping into the limelight right now, it’s actually been around for quite some time. It was originally developed to protect call centers, which is a far larger industry than you might realize – one in every 89 Americans is apparently a call center agent, fielding an annual total of about 40 billion calls.
To explain what voice security actually is, let’s stick to the call center as an example. When you call your bank, insurance company, or healthcare provider, they typically identify you with a bunch of questions: what’s your date of birth, what’s your mother’s maiden name, what’s your Social Security number, etc.
But there’s a problem with this method; turns out, 92% of fraudsters know the answers to those questions. Thanks to the 1,800 data breaches that happened last year alone, a lot of bad actors know a lot of info about a lot of individuals. And if you’ve been paying attention to cyber as a whole, you already know that these breaches are getting more common and more damaging each year.
So, voice security is a cyber tactic that detects and stops voice fraud when someone tries to impersonate an individual. Outside of call centers, it can play a major role in protecting the growing amount of technology that uses voice control and activation, like Alexa, Google Home, high-tech cars, and smart homes.
And, as you might have predicted, generative AI makes voice security all the more important. On top of knowing key data, fraudsters now have the tools they need to replicate an individually targeted voice.
In fact, voice fraud is flourishing so much that Balasubramaniyan and his team at Pindrop now see two different categories of attacks.
The first one is what Balasubramaniyan calls a synthetic attack. When a person doesn’t have public audio clips of them talking (AKA, if they’re not me), a scammer can instead use demographic information to create a voice that should sound like someone of your age and location. Call center people don’t know your exact voice, so this tactic seems to work quite well.
The second type is, of course, a deep fake. For a target who has a lot of clips out there of them talking, it’s relatively easy for a scammer to replicate their exact voice (yes, that does make me a tad nervous).
Pindrop’s Role
How do Balasubramaniyan and Pindrop play into this?
Well, they’ve been hard at work coming up with solutions long before the average joe started to worry. They launched about 8 years ago and filed their first patent in 2017.
In Balasubramaniyan’s own words:
“What [we’re] trying to differentiate between is how are humans producing voice versus how are machines producing voice. Machines tend to optimize for certain things, and humans, because of 10,000 years of evolution, naturally are built in a certain way.”
If you’re an auditory learner, now would be a good time to switch over to the video interview, because Balasubramaniyan gets into some really interesting detail about how the human voice works:
“For example, when I say, ‘Hello, Paul,’ my mouth is wide open when I say hello and my mouth shuts down when I say Paul, the P of Paul. The speed with which I can do that, because I have human limitations, my entire vocal anatomy has various configurations as it’s going through that statement.” he said.
Long story short, there are a lot of very slight differences in the intonations between human speech and computer speech. For example, the word San Francisco is apparently pronounced in such a way that computers can’t quite replicate it.
The word Balasubramaniyan kept using was ‘temporal’ – meaning the speed at which we say certain parts of certain words can’t quite be generated by a machine. He also referred to this process generally as a ‘liveness check.’
With Pindrop’s unique detection tools, they know when a voice could realistically only be produced by “a human who has a seven-foot-long neck and whose voice is moving in rapid configurations in that seven feet,” he explained.
And the results are quite impressive. Depending on how new the audio deep fake technology being used is, they catch fraud between 90 and 99% of the time.
What’s Next For Voice Security
I wanted to get a better sense of when this type of fraud could take off on a larger scale, so I asked Balasubramaniyan what level of maturity the voice attack industry is currently at.
Luckily, he believes it’s still on a relatively low maturity level for one specific reason: convincing deep fakes can’t yet be produced in real time. All of the attempts happening now require the fraudster to type out the response they want, creating a lag that greatly contributes to Pindrop’s detection abilities.
However, as is usually the case with cybersecurity, a good voice security strategy requires both technology and employee training. Because even at this low maturity level, humans still struggle to catch fraudulent voices on their own:
“We did this test with I think 2,000 people where we actually gave them at random a deep fake audio or a real audio and asked them to determine if it is deep fake or is it real. Humans got it right 57% of the time. What that means is they’re 7% better than a coin toss or a monkey. It is really, really hard for us to determine whether it’s deep fake or not, and that is where you really need tech to help with it,” he said.
When it comes to the organizations that need to start beefing up their voice security efforts, Balasubramaniyan estimates that if you have between 100,000 to a million customers, you might see attacks increase within two years as generative AI evolves. Once you pass the threshold of a million customers, you’re likely going to see highly sophisticated attempts.
In fact, Pindrop is currently seeing the highest rate of fraudulent calls since its launch – roughly 1 in every 800 calls.
“The last couple of years, it wasn’t quite that high. It was one in every 1,000, and that was because as the government was giving out easy money with PPP and unemployment, that’s where the fraudsters were going. Now the rate at which these attackers are attacking your call centers and your customer support centers has reached historic levels. In the last five years, this is the highest we’ve ever seen it,” he said.
If you’re as unsettled as I am by this POV, you can learn more about Balasubramaniyan and Pindrop at www.pindrop.com. As always, my inbox is open for reflections, comments, and questions – especially if you’ve had experience with voice attacks. I’m available at [email protected].
More from MSP Radio
Missed Things?
How about our latest videos to catch you up?
The Daily Podcast available as videos
Public Private Partnerships for Technology companies with Debra Lam
What a bootstrapped entrepreneur thinks of AI with James Benham
Culture, Marketing, and AI with Jeffrey Hayzlett
Learning about AI models from sports with Steve Wasick
Want the Daily News?
All the stories from the daily Business of Tech Podcast are available in the daily digest, and stories are available to everyone for the first five days, and Patreon supporters forever. Catch the audio of the show anytime on Apple Podcasts, Spotify, YouTube, or wherever you find podcasts. Links at businessof.tech
Copyright © 2023 MSP Radio, All rights reserved.
Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.