Probability of Experiencing a Vendor Email Compromise Attack Increases 96%

iStock-1271491105Vendor Email Compromise requires first taking control of a strategic email account within the victim organizations. According to new data, cybercriminals are getting really good at this.

Vendor Email Compromise – an attack where an email account is actually taken over rather than simply spoofed as seen in business email compromise attacks – can have a far greater impact on the organization. Emails coming from a threat actor-controlled legitimate email account are much harder – if not impossible – to discern as being malicious in nature.

According to new data in Abnormal Security’s Q3 2021 Email Threat Report, email account takeovers are rising in both number and success rates:

  • The chance of experiencing a VEC attack has risen 96% over the last 12 months
  • Mid-sized companies are 43% likely to have at least one account takeover per quarter
  • Enterprises with 50K+ employees are 60% likely to be a victim of account takeover
  • The C-Suite is the most targeted group, at three times than VPs – the next targeted group
  • 14% of account takeovers occur at department head levels within organizations
  • The average request in a VEC attack is $183,000, with the highest documented being $1.6 million

With the potential for VEC attacks to cost organization’s millions annually, it’s first imperative to protect email accounts from the possibility of account takeover using multi-factor authentication and zero trust solutions that scrutinize requests to access email. It’s equally important to educate users involved with the organization’s finances using Security Awareness Training to maintain a sense of vigilance – even when a request comes from a legitimate source. It’s necessary to validate any unexpected requests using a separate communication medium to ensure the person believed to be asking is actually doing so.

Request a Demo of KCM GRC

The new KCM GRC platform helps you get your audits done in half the time, is easy to use, and is surprisingly affordable. No more: "UGH, is it that time again!" 

products-KCM2-2With KCM GRC you can:

  • Reduce the amount of time and money required to easily manage your compliance, risk, and audit requirements
  • Automate reminders so you can quickly see what tasks have been completed, not met, and are past due
  • Simplify risk management with an intuitive interface simple workflow based on NIST 800-30.
  • Efficiently manage your third-party vendor risk requirements
  • Quickly implement compliance and risk assessment processes using KnowBe4's pre-built requirements and assessment templates

Request Your Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews