Blog courtesy of KnowBe4
Written by Stu Sjouwerman
Vendor Email Compromise requires first taking control of a strategic email account within the victim organisations. According to new data, cybercriminals are getting really good at this.
Vendor Email Compromise – an attack where an email account is actually taken over rather than simply spoofed as seen in business email compromise attacks – can have a far greater impact on the organisation. Emails coming from a threat actor-controlled legitimate email account are much harder – if not impossible – to discern as being malicious in nature.
According to new data in Abnormal Security’s Q3 2021 Email Threat Report, email account takeovers are rising in both number and success rates:
- The chance of experiencing a VEC attack has risen 96% over the last 12 months
- Mid-sized companies are 43% likely to have at least one account takeover per quarter
- Enterprises with 50K+ employees are 60% likely to be a victim of account takeover
- The C-Suite is the most targeted group, at three times than VPs – the next targeted group
- 14% of account takeovers occur at department head levels within organizations
- The average request in a VEC attack is $183,000, with the highest documented being $1.6 million
With the potential for VEC attacks to cost organisation’s millions annually, it’s first imperative to protect email accounts from the possibility of account takeover using multi-factor authentication and zero trust solutions that scrutinise requests to access email. It’s equally important to educate users involved with the organisation’s finances using Security Awareness Training to maintain a sense of vigilance – even when a request comes from a legitimate source. It’s necessary to validate any unexpected requests using a separate communication medium to ensure the person believed to be asking is actually doing so.
Request A Demo: KCM GRC
The new KCM GRC platform helps you get your audits done in half the time, is easy to use, and is surprisingly affordable. No more: "UGH, is it that time again!"
With KCM GRC you can:
- Reduce the amount of time and money required to easily manage your compliance, risk and audit requirements
- Automate reminders so you can quickly see what tasks have been completed, not met, and are past due
- Simplify risk management with an intuitive interface simple workflow based on NIST 800-30.
- Efficiently manage your third-party vendor risk requirements
- Quickly implement compliance and risk assessment processes using KnowBe4's pre-built requirements and assessment templates