Probability of Experiencing a Vendor Email Compromise Attack Increases 96%

iStock-1271491105Vendor Email Compromise requires first taking control of a strategic email account within the victim organizations. According to new data, cybercriminals are getting really good at this.

Vendor Email Compromise – an attack where an email account is actually taken over rather than simply spoofed as seen in business email compromise attacks – can have a far greater impact on the organization. Emails coming from a threat actor-controlled legitimate email account are much harder – if not impossible – to discern as being malicious in nature.

According to new data in Abnormal Security’s Q3 2021 Email Threat Report, email account takeovers are rising in both number and success rates:

  • The chance of experiencing a VEC attack has risen 96% over the last 12 months
  • Mid-sized companies are 43% likely to have at least one account takeover per quarter
  • Enterprises with 50K+ employees are 60% likely to be a victim of account takeover
  • The C-Suite is the most targeted group, at three times than VPs – the next targeted group
  • 14% of account takeovers occur at department head levels within organizations
  • The average request in a VEC attack is $183,000, with the highest documented being $1.6 million

With the potential for VEC attacks to cost organization’s millions annually, it’s first imperative to protect email accounts from the possibility of account takeover using multi-factor authentication and zero trust solutions that scrutinize requests to access email. It’s equally important to educate users involved with the organization’s finances using Security Awareness Training to maintain a sense of vigilance – even when a request comes from a legitimate source. It’s necessary to validate any unexpected requests using a separate communication medium to ensure the person believed to be asking is actually doing so.

Request A Demo: Compliance Plus

Old-school compliance training is challenging for organizations to offer, difficult to do right, and is generally very expensive to deliver. In this live one-on-one demo we will show you how easy it is to deliver your compliance training program using Compliance Plus with KnowBe4's training platform.

CMP-Collage-LCompliance Plus gives you:

  • A whole new library with fresh compliance content updated regularly
  • Coverage of legislative requirements, such as HIPAA and many others
  • New-school high-quality customizable modules
  • Short, interactive modules to keep learners focused, newsletters, docs, and posters are all included
  • Completely automated compliance training campaigns with world-class support and extensive reporting

See for yourself how Compliance Plus can help you keep your users on their toes with compliance, risk and workplace safety top of mind!

Request A Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews