An Overview of Vendor Risks: Tips for Vendor Procurement and Security Assessments

Relationships with vendors are integral to your business and brand, but each company that you partner with poses an additional risk. Ideally, you and your vendors should be able to trust and stand by each other; unfortunately, though, threat actors are always poised to exploit any gap in your security posture. Vendor Email Compromise (VEC) weaponizes email—that convenient, useful conduit between companies and their vendors. VEC attacks are increasingly ingenious and bold, making messages appear to originate from trusted accounts. Criminals are resourceful in invading vendor email accounts and using legitimate invoicing information to target your employees.

Vendor email compromise is the malicious, unauthorized use of access to an email account for the purpose of targeting trusted partners. For the first time, 2022 saw vendor email attacks actually surpass those masquerading as internal workers. Third-party impersonations now constitute 52% of all BEC attacks. And we can expect that trend to rise. To get to you, criminals first compromise your outside vendor, and then trick that company into passing along a whole spectrum of misery, from fake invoices to credential phishing to malware, ransomware, and more.

You may cautiously evaluate new vendors, but crooks are patient, and time is on their side. With the passage of months, your guard tends to drop, and the risk grows as you learn to trust vendor email identities. Abnormal research reveals that only 2.1% of all attacks landing in end-user inboxes are reported to the SOC team! You need to stay alert to the escalating danger from third parties and keep your guard up.

When a malicious email arrives—ostensibly from a vendor that you have previously worked with—the chance that you’ll recognize the attack decreases. It’s difficult for employees to identify a scam in a known, familiar email address. And VEC is particularly effective because threat actors use ‘real’ vendor email accounts and legitimate invoicing information to target you.

These days, nearly all organizations, from global enterprises to startups rely on outside partners and third-party vendors for the features or services they need. This supply chain must share data to accomplish its purposes, and cybercriminals exploit that need. They breach and exfiltrate high-value data: proprietary information, personal credentials, and sensitive financial information. Sophisticated social engineering even mimics email writing styles and mentions personal information like travel plans to put a recipient off guard and sound credible.

1. Conduct a thorough vendor risk assessment.

These days, VEC effortlessly slips past reputation checks, attachment scans and other conventional email defenses. SEGs are no longer reliable to catch advanced VEC, BEC, and credential theft. Abnormal, on the other hand, is far more effective than traditional email security to spot compromised vendor accounts. Abnormal learns the behavior of every identity within and outside of an organization, analyzing communications between all senders and recipients,— including the vendors in your supply chain. The platform correlates behavioral identity information with tens of thousands of context signals to precisely identify suspicious anomalies.

2. Make sure you have continuous visibility in monitoring the risk of these vendors.

Gartner advises, “Look for email security solutions that use ML- and AI-based technology for BEC protection to analyze conversation history to detect anomalies.” Abnormal VendorBase™ employs behavioral AI, machine learning models, natural language processing, and computer vision to deliver a baseline of communication patterns. Our technology detects and tracks invoice information and banking details, while deep content analysis examines tone, intent, attachments, and URLs of every email. AI speed and accuracy let us deliver a vendor risk score and assessment with every email. Changes across the supply chain show up instantly to blow the whistle on attackers and support your decision-making process.

3. Rely on onboard security solutions to detect, analyze, and mitigate the continuous risk of VEC.

Abnormal is a VEC specialist, tracking every vendor you deal with, at all times, to spot compromises. By understanding normal behavior, Abnormal can detect when changes have occurred across the supply chain and use that risk information to make decisions on incoming messages. VendorBase inventories your vendors across email, as well as tracking engagement activities and assessing risk. With VendorBase, it doesn’t matter that an attack may emanate from a legitimate vendor account. It’s detected and caught anyway, and you’re protected from harm.

Abnormal makes preventing vendor email compromise an easy process, with no manual configuration required. The platform natively integrates into your cloud office environment; our cloud-native, API-based approach means no delay in email delivery time, with all inspection and scanning performed in memory. When an email deviates from this baseline, Abnormal automatically remediates the message and thwarts the attack, protecting your organization from vendor fraud and a spectrum of additional attacks.

Interested in learning more about how Abnormal protects you and your vendors?