Wiz CEO says company was targeted with deepfake attack that used his voice

Cybersecurity companies are increasingly falling victim to deepfake attacks, highlighting the vulnerabilities even within the industry. Assaf Rappaport, CEO and co-founder of Wiz, shared a recent incident where his employees received a voice message that appeared to be from him but was actually a deepfake created by a hacker. This incident occurred just two weeks before Rappaport’s public remarks, reflecting the rising sophistication of cybercriminal tactics.

The deepfake attack targeted the credentials of Rappaport’s employees by utilizing manipulated audio of his voice sourced from a conference appearance. However, employees were able to discern that the message was not authentic, as the deepfake did not replicate his typical speaking voice, which is influenced by his public speaking anxiety. The discrepancy in sound prompted the team to question the validity of the voice message, showcasing the critical importance of familiarity in identifying such threats.

Although Wiz was able to trace the origin of the audio used in the deepfake, the identity of the attacker remained undetermined. Rappaport emphasized the challenge of accountability in cyberattacks, pointing out that the anonymity of perpetrators often contributes to the allure of these attacks. He stated, “That’s why cyberattacks are so beneficial [for the attackers] … the risk of getting caught is very low,” highlighting a significant disadvantage faced by companies in securing their operations against such advanced threats.

In addition to addressing the deepfake incident, Rappaport discussed Wiz’s strategic decision to decline a substantial acquisition offer from Google, valuing the company at $23 billion. He articulated the rationale behind this choice, emphasizing the vast potential in the cloud security market, which he estimates to be a $100 billion opportunity. This perspective reflects not only confidence in the company’s current positioning but also a forward-looking approach to harnessing emerging opportunities in the cybersecurity landscape.

Rappaport’s insights underscore the complexities of the cybersecurity field, particularly how internal vulnerabilities can be exploited through external manipulations like deepfakes. As sophisticated threats become more commonplace, awareness and adaptability will be critical for companies.

The incident involving Rappaport serves as a cautionary tale for organizations regarding the necessity of employee education and training in recognizing deepfake attempts and other forms of social engineering. By fostering an environment where employees are vigilant and informed, companies can bolster their defenses against such tactics.

Moreover, the decision to prioritize growth and opportunity over immediate financial gain signifies a broader trend among tech firms to focus on long-term vision amid growing competition and technological advancements in the cybersecurity sector. This approach may set a precedent for other companies weighing similar decisions in an evolving market.

As cyber threats continue to proliferate, the emphasis on comprehensive security strategies, including the development of detection capabilities against deepfake technology, will be paramount for firms like Wiz. The mixture of proactive security measures and employee awareness can establish a formidable line of defense against the risks posed by emerging technologies in malicious hands.