web analytics

From CEO Fraud to Vendor Fraud: The Shift to Financial Supply Chain Compromise

Download Info PDF | 12.7 MB

Since its initial identification in 2013, business email compromise (BEC) has been dominated by executive impersonation. But over the past few years, attackers have adjusted their strategies—opting to impersonate third party vendors and suppliers instead. In January 2022, the number of attacks impersonating third parties surpassed those impersonating internal employees for the first time. This trend has continued each month since, with third-party impersonations making up 52% of all BEC attacks in May 2022. We’ve seen this shift to what we’ve termed financial supply chain compromise for a number of reasons, most notably because it gives threat actors a plethora of additional trusted identities to exploit. Even the smallest businesses likely work with at least one vendor, and larger companies have supplier numbers in the hundreds or thousands. And while the average employee has some level of familiarity with the company’s executive team, they may not have that same awareness of the organization’s entire vendor ecosystem—particularly in larger enterprises. Further, the vendor-customer dynamic has an intrinsic financial aspect to it, which means emails requesting payments or referencing bank account changes are less likely to raise red flags.

To learn more please download this whitepaper.

Download this free e-guide now!
Once we receive your request, We'll send you direct download link to your work email.

The State of Ransomware...

Ransomware has become one of the most common and...

This Is How You...

Cyber security is basically an arms race between hackers...

CISO Guide to Business...

Business email compromise (BEC) is the most significant cybersecurity...

Download more...

Ausfallsicherheit bei Cyberangriffen

Während immer mehr Unternehmen mit softwarebasierten Rechenzentren arbeiten, steigt auch deren Abhängigkeit von Servern als Grundlage für Geschäftsfunktionen. Das bedeutet, dass Serversicherheit der grundlegende...

Cyber-Resilient Infrastructure starts with Server Security

In the digital-first era, firms employ a technology-based business strategy that underpins all aspects of their business, be it the way they engage with...

A Practical Approach to Cyber Resiliency

Organizations today are keenly aware of the need to improve cybersecurity. However, finding an effective and efficient strategy for achieving that goal often feels...

Quest Supply Chain Risk Management

The Microsoft Platform Management line of products earns a high level of trust from its customers as it performs critical administrative, auditing and security...

Ultimate Cyber-Resiliency: A Guide to Combatting AD Security Villains

In the world of cyber security, Active Directory (AD) is key. Every organization's Active Directory serves as a cornerstone, providing authentication and authorization for...

Level Up Your Active Directory Security With Attack Path Management

Most AD user accounts are far more valuable to adversaries than is generally understood. You may have read that Microsoft reports that 95 million...

Improving AD Security Through Consolidation and Modernization

Active Directory (AD) architecture plays an important role in keeping your organization safe from threats. It is important to ensure you keep up with...

Be Prepared for Ransomware Attacks with Active Directory Disaster Recovery Planning

Devastating ransomware attacks on critical organizations and infrastructure like JBS and the Colonial Pipeline have escalated ransomware awareness to the highest levels. In fact,...

Cyber-Resilient Infrastructure starts with Server Security

In the digital-first era, firms employ a technology-based business strategy that underpins all aspects of their business, be it the way they engage with...