Exploring the DORA: Key Takeaways from the New EU Financial Sector Risk Regulation

Sep 28, 2023 8:00:00 AM By Stu Sjouwerman

When asked why he robbed banks, Willie Sutton, one of the first fugitives named to the U.S. FBI’s most wanted list, reportedly replied, “Because that’s where the money is.” As any infosec ...

Probability of Experiencing a Vendor Email Compromise Attack Increases 96%

Sep 16, 2021 2:07:36 PM By Stu Sjouwerman

Vendor Email Compromise requires first taking control of a strategic email account within the victim organizations. According to new data, cybercriminals are getting really good at this.

[On-Demand Webinar] Learn to Detect and Defend Against Supply Chain Attacks Before They Compromise Your Network

Jun 3, 2021 8:00:00 AM By Stu Sjouwerman

Your job is to safeguard your organization and its assets from bad actors trying to infiltrate your network. But what do you do when the threat is coming from what looks like a trusted ...

Vendor Email Compromise is Officially A Big (Seven-Figure) Problem

Mar 5, 2021 3:57:51 PM By Stu Sjouwerman

While the Solarwinds “sunburst” attack brought to light the compromising of a vendor, VEC has been around for some time and now seems to be going mainstream.

NSA Warns Against Using Third-Party DNS and Encourages DNS Over HTTPS

Jan 28, 2021 7:12:13 AM By Stu Sjouwerman

As cybercriminals look for new ways to attack organizations, the National Security Agency takes a hard look at how DNS can be manipulated and makes recommendations on how to secure it.

Third Party Digital Risk Significantly Increases as Organizations Continue to Work From Home

Jul 23, 2020 2:34:13 PM By Stu Sjouwerman

It's no secret that in the last year we have seen a huge shift to remote work at a rapid speed. A recent Forbes article covered that during this time third party (supply chain) risk has ...

We're All Third-Party Management Organizations

May 5, 2020 8:15:00 AM By Javvad Malik

In 2014, Jeff Immelt, CEO of GE famously said, “if you went to bed last night as an industrial company, you’re going to wake up today as a software and analytics company.”

Third-Party Risk Management Questionnaire for Extended Emergencies

Apr 21, 2020 8:39:05 AM By Roger Grimes

Here’s a questionnaire you can send to suppliers during extended work from home (WFH) periods.

Six Security Questions You Should Keep in Mind for Third Parties

Feb 6, 2020 8:23:45 AM By Jelle Wieringa

Organizations are beginning to understand the consequences of a data breach or a phishing attack and the negative impact they can really have. But what are the security risks for third ...

Cybercriminal Gang, Silent Starling, Creates New ‘Vendor Email Compromise’ Category

Nov 19, 2019 2:38:04 PM By Stu Sjouwerman

New attacks focus on organizations with global supply chains looking to trick a supplier’s customers into paying fake invoices and have already impacted 500 organizations worldwide.

Third Party Phishing: The New Spear-Phishing Attacks That Traditional Defenses Just Don't Stop

Nov 12, 2019 8:00:00 AM By Stu Sjouwerman

Joe in accounting is pretty cyber-savvy. He doesn’t fall for basic phishing emails with masked URLs or phony password reset requests. But what happens when Joe gets an email from a ...

Here Is A New Term For Your Cybercrime Glossary: Vendor Email Compromise (VEC)

Nov 8, 2019 6:49:08 AM By Stu Sjouwerman

Agari’s latest Email Fraud & Identity Deception Trends report highlights the growing threat of vendor email compromise (VEC), according to SecurityWeek. This is a variety of business ...

Vendors are Responsible for Almost Half of All Data Breaches

Apr 29, 2019 7:04:18 AM By Stu Sjouwerman

The latest data from a survey of 600 SpiceWorks IT and Security professionals shows that vendor users aren’t doing their part to keep your organization’s data safe.

Today I was attacked through an existing vendor using a real email thread

Feb 5, 2019 10:39:55 AM By Stu Sjouwerman

We have been dealing with a vendor of ours for on-hold messages for many years. I send them a Word file with the hold messages, their studio records them, and they send us a wave file ...

KnowBe4 Prevents Customer From Becoming Social Engineering Victim Of Duke Energy Vendor’s Hack

Dec 6, 2017 1:39:03 PM By Stu Sjouwerman

A customer just sent us this: "Stu, the company who processes payments for Duke Energy’s walk in payments was hacked and as a result about 375,000 bank accounts may have been stolen. "We ...

Security Awareness Training Blog

View Topics

Exploring the DORA: Key Takeaways from the New EU Financial Sector Risk Regulation

Probability of Experiencing a Vendor Email Compromise Attack Increases 96%

[On-Demand Webinar] Learn to Detect and Defend Against Supply Chain Attacks Before They Compromise Your Network

Vendor Email Compromise is Officially A Big (Seven-Figure) Problem

NSA Warns Against Using Third-Party DNS and Encourages DNS Over HTTPS

Third Party Digital Risk Significantly Increases as Organizations Continue to Work From Home

We're All Third-Party Management Organizations

Third-Party Risk Management Questionnaire for Extended Emergencies

Six Security Questions You Should Keep in Mind for Third Parties

Cybercriminal Gang, Silent Starling, Creates New ‘Vendor Email Compromise’ Category

Third Party Phishing: The New Spear-Phishing Attacks That Traditional Defenses Just Don't Stop

Here Is A New Term For Your Cybercrime Glossary: Vendor Email Compromise (VEC)

Vendors are Responsible for Almost Half of All Data Breaches

Today I was attacked through an existing vendor using a real email thread

KnowBe4 Prevents Customer From Becoming Social Engineering Victim Of Duke Energy Vendor’s Hack

Search Our Blog

Subscribe To Our Blog

Posts By Topic

Get the latest about social engineering

Subscribe to CyberheistNews

Get the latest about social engineering

Subscribe to CyberheistNews

Products & Services

About Us

Free Tools

Contact Us

Contact Support

Search