At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Probability of Experiencing a Vendor Email Compromise Attack Increases 96%

    iStock-1271491105

    Vendor Email Compromise requires first taking control of a strategic email account within the victim organizations. According to new data, cybercriminals are getting really good at this.

    Vendor Email Compromise – an attack where an email account is actually taken over rather than simply spoofed as seen in business email compromise attacks – can have a far greater impact on the organization. Emails coming from a threat actor-controlled legitimate email account are much harder – if not impossible – to discern as being malicious in nature.

    According to new data in Abnormal Security’s Q3 2021 Email Threat Report, email account takeovers are rising in both number and success rates:

    • The chance of experiencing a VEC attack has risen 96% over the last 12 months
    • Mid-sized companies are 43% likely to have at least one account takeover per quarter
    • Enterprises with 50K+ employees are 60% likely to be a victim of account takeover
    • The C-Suite is the most targeted group, at three times than VPs – the next targeted group
    • 14% of account takeovers occur at department head levels within organizations
    • The average request in a VEC attack is $183,000, with the highest documented being $1.6 million

    With the potential for VEC attacks to cost organization’s millions annually, it’s first imperative to protect email accounts from the possibility of account takeover using multi-factor authentication and zero trust solutions that scrutinize requests to access email. It’s equally important to educate users involved with the organization’s finances using Security Awareness Training to maintain a sense of vigilance – even when a request comes from a legitimate source. It’s necessary to validate any unexpected requests using a separate communication medium to ensure the person believed to be asking is actually doing so.

    Request a Demo of KCM GRC

    The new KCM GRC platform helps you get your audits done in half the time, is easy to use, and is surprisingly affordable. No more: “UGH, is it that time again!” 

    products-KCM2-2

    With KCM GRC you can:

    • Reduce the amount of time and money required to easily manage your compliance, risk, and audit requirements
    • Automate reminders so you can quickly see what tasks have been completed, not met, and are past due
    • Simplify risk management with an intuitive interface simple workflow based on NIST 800-30.
    • Efficiently manage your third-party vendor risk requirements
    • Quickly implement compliance and risk assessment processes using KnowBe4’s pre-built requirements and assessment templates
    Request Your Demo!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/demo_kcm_partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top