chat
expand_more

New Research Shows 67% Chance of Supply Chain Compromise Attack

The risk of supply chain compromise (also known as vendor email compromise or VEC) continues to increase. Our latest research uncovered some startling statistics about these attacks.
April 13, 2022

Despite being a relatively new attack type, supply chain compromise (sometimes referred to as vendor email compromise) already represents a significant security threat to organizations of all sizes.

During a supply chain compromise attack, a threat actor gains control of a vendor email account and then uses the compromised account to launch attacks on the vendor’s partners. While the attacks can take a variety of forms, the most common is invoice fraud, where the threat actor poses as the vendor and requests payment for a fraudulent invoice. These attacks can also be run through impersonation of vendor accounts—no initial compromise necessary.

As outlined in our H1 2022 Email Threat Report, the risk of supply chain compromise has steadily grown since Abnormal began tracking this attack type in 2020. And since these attacks are nearly impossible for the average employee to recognize, all organizations must take steps to secure their email from vendor fraud.

Supply Chain Compromise Risk Remains Steady

Supply chain compromise attacks are highly successful because they exploit trusted communications between vendors and customers through personalization and social engineering. Because they utilize compromised accounts, these attacks are extremely dangerous, particularly because the threat actor has access to past and ongoing conversations and can use that knowledge to trick recipients.

Since Abnormal began tracking supply chain compromise, the risk has continuously increased, at least until the last half of 2021 when it remained steady for the first time. That isn’t to say the threat should be discounted, as more than a quarter of all Abnormal customers were the target of at least one supply chain compromise attack each week.

Percentage of Customers Targeted with supply chain compromise Each Week

The data shows that nearly two-thirds of all organizations are likely to receive at least one attack over the course of the half. And with the average attack size remaining at $183,000, it isn’t a threat to be taken lightly.

Large Organizations Still Facing Highest Risk

Similar to what we’ve seen with other advanced email attacks, organizations with more employees are at the greatest risk of receiving an attack.

While likely a result of there being more employees to target, particularly within the finance department, some of this can also be attributed to the fact larger organizations often have more vendors who can become compromised. When it comes to the numbers game, cybercriminals often win.

Probability of receiving supply chain compromise by Org Size

Organizations with 50,000 or more employees receive an attack from their supply chain nearly every single week. In fact, businesses of this size have a 96.7% probability of receiving a supply chain compromise attack every seven days.

Even companies with more than 1,500 employees are likely to experience a supply chain compromise attack nearly two weeks out of every three. It’s only when looking at small businesses that there is a small amount of relief, with threat actors targeting organizations with employee counts below 500 only one week in every three.

Innovative Security Measures Are Essential

There is little doubt supply chain compromise is a financially damaging threat. By taking advantage of the trust organizations place in their vendors, the attacks can both deceive humans and bypass traditional email security tools that rely on threat intelligence.

Stopping these attacks requires implementing a solution that can detect and interpret the thousands of signals available through an API, and then block the emails that come from compromised accounts. It’s only by stopping supply chain compromise attacks from reaching inboxes we can truly prevent our employees from being tricked and ensure our organizations stay protected.

To learn more about supply chain compromise attacks, as well as see additional data on business email compromise and phone fraud, download our latest email threat report.

New Research Shows 67% Chance of Supply Chain Compromise Attack

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More