Higher Ed Institutions Ramp Up Defenses Against Deepfakes

According to a 2024 EDUCAUSE report, deepfakes are evolving into a direct cybersecurity threat because AI is enabling more sophisticated, believable and personalized attacks targeting specific people with access to money or sensitive systems. 

Threat actors can now leverage AI to create advanced social engineering campaigns through cloned voices, deepfakes, tailored phishing attempts and automated large-scale attacks.

“The social engineering attempts that were easy to catch because they felt ‘off’ are now much harder to detect,” says Isaac Galvan, community program director of cybersecurity and privacy at EDUCAUSE.

Higher education institutions face a particularly difficult challenge because of their scale and openness. Large student populations, decentralized IT operations, collaborative research environments and widespread access to AI tools create multiple avenues for abuse.

Unlike more tightly controlled K–12 environments, universities operate as highly distributed ecosystems where students are not only potential victims but, in some cases, technically capable perpetrators themselves.

Practical Controls for Evolving Deepfakes

Galvan explains that because attackers can generate voices that are indistinguishable from the real thing, instituting procedures for verifying sensitive actions requested over voice communications is crucial.

DISCOVER: Continuous threat exposure management keeps higher ed protected.

“Establish out-of-band verification for password changes, money transfers and requests for access,” he says. “The threat isn’t limited to impersonating known people within the institution, like the CEO or president.”

Galvan explains that criminals can use AI tools to generate fake student identities to fraudulently enroll and collect financial aid, then disappear.

“The verification challenge in higher ed cuts both ways: You need processes that work when you don’t know who you’re dealing with, not just when someone claims to be your CEO,” he says. 

Andras Cser, vice president and principal analyst at Forrester, says universities are adopting layered identity and authentication controls as AI-generated impersonation and voice cloning attacks become more common.

Institutions are combining traditional multifactor authentication technologies with more advanced identity verification and behavioral monitoring tools designed to detect fraudulent activity before attackers can gain access to systems or financial workflows.

Cser says many organizations are strengthening authentication through mobile app-based multifactor authentication, contextual authentication and centralized identity platforms — such as Microsoft Entra — and deploying dedicated deepfake detection technologies alongside physical identity verification platforms.

LEARN MORE: Artificial intelligence in higher ed introduces new risks.

“Behavioral biometrics and device reputation technologies are also becoming part of the defense strategy,” he says, adding universities are leveraging tools to identify anomalous behavior patterns and reduce the risk of AI-driven impersonation attacks.

Verification Culture and Awareness Training Teaches Users to Spot Impersonators

Ed Skoudis, president of the SANS Technology Institute, says universities need to focus first on building what he describes as a “verification culture” as AI-generated impersonation attacks become more sophisticated.

Rather than trusting voice messages, videos or emails at face value, Skoudis says, students, faculty and staff should be trained to confirm unusual requests through secondary communication channels.

“Don’t trust everything you see,” he says. “If something looks a little off, make a phone call to the person that you know or send them a text.”

He says higher education institutions should also incorporate deepfake awareness into student orientation and cybersecurity education programs.

Beyond awareness training, Skoudis recommends the development of rapid-response communication plans designed to contain viral impersonation incidents.

If a deepfake targeting a university leader, professor or student begins circulating widely, institutions need pre-established procedures for communicating quickly and publicly.

“You’re not going to get the horse back in the barn, but you might prevent massive viral spread,” he says. 

Galvan points out faculty, staff and students all interact with digital media differently and face different exposure points.

“Starting with a lightweight assessment of where your institution is most exposed lets you build programming that feels relevant to the people receiving it,” he says. 

WATCH: Keep an eye on these cybersecurity trends.

Digital Literacy Efforts Should Extend Campuswide 

Doug Jacobson, director of the Center for Cybersecurity Innovation and Outreach at Iowa State University, says higher education institutions may need to rely less on purely technical defenses against deepfakes and focus more on building long-term digital literacy and cybersecurity awareness across campus communities.

He argues that AI-generated deception tools are evolving too quickly for organizations to depend solely on detection technologies.

“That is probably our best defense,” Jacobson says of digital literacy efforts. “I don’t think many of us do it very well.”

He says many universities still approach cybersecurity awareness through isolated campaigns or standalone training modules that students often rush through without meaningfully engaging with the material.

Instead, he argues, institutions should integrate AI and deepfake literacy into broader classroom discussions and academic contexts students will encounter in future careers.

Click the banner below to subscribe to our weekly newsletter.

He says he believes deepfake awareness should become part of everyday institutional culture rather than remaining confined to IT or cybersecurity departments. Jacobson compares the issue to other social norms universities routinely reinforce around physical safety and personal responsibility.

“We need to make this part of the conversation,” he says. “We all have a role in helping ourselves.”

Jacobson also points to growing discussions around integrating AI and cybersecurity literacy more broadly into education systems, including legislative proposals in Iowa aimed at weaving AI and security awareness into K–12 education and public literacy efforts.

He says institutions increasingly recognize that resilience against AI-driven deception will depend not only on technology controls but on building a more digitally aware campus population over time.

Building a Layered Defense Is Key

From Galvan’s perspective, a realistic layered defense strategy will require institutions to continuously assess traditional protection systems while integrating newer cybersecurity capabilities.

UP NEXT: Achieving cybersecurity maturity doesn’t have to be a costly endeavor.

According to EDUCAUSE’s 2026 Horizon Report, institutions may need to adopt a “mesh” approach that combines cybersecurity monitoring, detection, alerting and prevention systems into a more coordinated and proactive defense model.

Galvan notes AI will likely play a dual role: While it contributes to evolving threats, it can also help institutions improve predictive threat analysis, anomaly detection and rapid remediation capabilities.

“Partnering with vendors leveraging AI for cybersecurity may also become increasingly important,” he says.