chat
expand_more

New Research Shows 67% Chance of Supply Chain Compromise Attack

The risk of supply chain compromise (also known as vendor email compromise or VEC) continues to increase. Our latest research uncovered some startling statistics about these attacks.
April 13, 2022

Despite being a relatively new attack type, supply chain compromise (sometimes referred to as vendor email compromise) already represents a significant security threat to organizations of all sizes.

During a supply chain compromise attack, a threat actor gains control of a vendor email account and then uses the compromised account to launch attacks on the vendor’s partners. While the attacks can take a variety of forms, the most common is invoice fraud, where the threat actor poses as the vendor and requests payment for a fraudulent invoice. These attacks can also be run through impersonation of vendor accounts—no initial compromise necessary.

As outlined in our H1 2022 Email Threat Report, the risk of supply chain compromise has steadily grown since Abnormal began tracking this attack type in 2020. And since these attacks are nearly impossible for the average employee to recognize, all organizations must take steps to secure their email from vendor fraud.

Supply Chain Compromise Risk Remains Steady

Supply chain compromise attacks are highly successful because they exploit trusted communications between vendors and customers through personalization and social engineering. Because they utilize compromised accounts, these attacks are extremely dangerous, particularly because the threat actor has access to past and ongoing conversations and can use that knowledge to trick recipients.

Since Abnormal began tracking supply chain compromise, the risk has continuously increased, at least until the last half of 2021 when it remained steady for the first time. That isn’t to say the threat should be discounted, as more than a quarter of all Abnormal customers were the target of at least one supply chain compromise attack each week.

Percentage of Customers Targeted with supply chain compromise Each Week

The data shows that nearly two-thirds of all organizations are likely to receive at least one attack over the course of the half. And with the average attack size remaining at $183,000, it isn’t a threat to be taken lightly.

Large Organizations Still Facing Highest Risk

Similar to what we’ve seen with other advanced email attacks, organizations with more employees are at the greatest risk of receiving an attack.

While likely a result of there being more employees to target, particularly within the finance department, some of this can also be attributed to the fact larger organizations often have more vendors who can become compromised. When it comes to the numbers game, cybercriminals often win.

Probability of receiving supply chain compromise by Org Size

Organizations with 50,000 or more employees receive an attack from their supply chain nearly every single week. In fact, businesses of this size have a 96.7% probability of receiving a supply chain compromise attack every seven days.

Even companies with more than 1,500 employees are likely to experience a supply chain compromise attack nearly two weeks out of every three. It’s only when looking at small businesses that there is a small amount of relief, with threat actors targeting organizations with employee counts below 500 only one week in every three.

Innovative Security Measures Are Essential

There is little doubt supply chain compromise is a financially damaging threat. By taking advantage of the trust organizations place in their vendors, the attacks can both deceive humans and bypass traditional email security tools that rely on threat intelligence.

Stopping these attacks requires implementing a solution that can detect and interpret the thousands of signals available through an API, and then block the emails that come from compromised accounts. It’s only by stopping supply chain compromise attacks from reaching inboxes we can truly prevent our employees from being tricked and ensure our organizations stay protected.

To learn more about supply chain compromise attacks, as well as see additional data on business email compromise and phone fraud, download our latest email threat report.

New Research Shows 67% Chance of Supply Chain Compromise Attack

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Human Risk
Humans are the biggest concern in cybersecurity, and AI is needed to protect them. Discover how Abnormal takes an AI-native approach to protecting human behavior.
Read More
B Proofpoint Replacement Multinational Healthcare Service Provider
Global healthcare provider detects 868 missed attacks and saves 13,000+ hours annually after moving from a Proofpoint SEG to Abnormal’s AI-native solution.
Read More
B Convergence S3 Recap Blog
That’s a wrap on Season 3! Explore a few of the biggest takeaways from chapters 7-9 and learn how to watch all three sessions on demand.
Read More
B CSAM SOC
Explore key insights from the SOC Unlocked podcast on enhancing cybersecurity awareness and training. Learn how offensive tactics, insider threats, AI, and cloud security shape effective defense strategies.
Read More
B F500 Packaging Solutions Provider Proofpoint Replacement Blog
A Fortune 500 packaging leader boosted threat detection 20x and saved 6,500+ hours annually by replacing its Proofpoint SEG with Abnormal’s AI-powered solution.
Read More
B E Rate
Discover how AI-powered email protection ensures a secure digital learning environment.
Read More