Blog

What Is Vendor Email Compromise (VEC) & How Can You Protect Against It?

Cyber Defence Team
March 30, 2023
Home

Let's Get STARTED

With so many different cyberthreats these days (and new ones emerging every year), it’s hard for organisations and individuals alike to stay on top of what to look out for, and how to protect themselves.

For those who are new to the concept, Vendor Email Compromise (VEC) is an increasingly common type of attack used by malicious actors to gain access to an organisation’s emails or networks. If you’ve heard of Business Email Compromise (BEC) before, you could consider VEC to be its younger sibling.

HOW VENDOR EMAIL COMPROMISE (VEC) WORKS

In a VEC attack, the attacker steals credentials of an organisation’s supplier and sends email messages from their account. These messages typically appear to be legitimate and can include requests for payment, confidential information, or attachments designed to compromise the target's system.

Needless to say, this is a terrifying prospect for any organisation. VEC attacks can cause unprecedented damage to business partners, customers and stakeholders; with the average cost reaching a staggering $183,000.

The goal of a VEC attack is often to gain access to sensitive data or financial resources held in the victim’s network. To do this, the attacker may use sophisticated methods such as phishing or malware delivery to steal credentials or install unauthorised software on the victim's network.

VEC attacks are incredibly hard to detect as they pass through traditional security measures, due to their ability to masquerade as legitimate interactions between suppliers and employees. This is because the emails appear to come from a trusted entity outside of your organisation and have the same tone and format as normal messages sent by suppliers.

As human experts are unable to review each message manually in order to identify whether or not it is malicious, organisations and individuals need to rely on advanced technology in order to protect themselves against such threats. Without this technology, it is almost impossible for them to be able to discern which emails are genuine, and which ones could potentially put their systems at risk.

ORGANISATIONS SHOULD TAKE STEPS TO PROTECT THEMSELVES FROM VENDOR EMAIL COMPROMISE TACTICS

These steps include:

  • Monitoring vendor accounts for any suspicious activity and implementing multi-factor authentication wherever possible
  • Ensuring that vendors are using secure methods of communication and have up-to-date security software installed on all devices connected to their networks
  • Keeping regular backups of all system data in case a successful attack occurs
  • Layer your secure email gateway and antivirus solutions with threat intelligence and behavioural analysis to pick up anomalies between you and your suppliers

That’s what can be done on your end to minimise your organisation’s risk of falling victim to a Vendor Email Compromise attack. However, to fully bolster your defences against these kinds of cyberthreats, AI & Machine Learning is currently the most effective solution.

HOW TO PROTECT AGAINST VECTOR EMAIL COMPROMISE (VEC) USING AI & MACHINE LEARNING

AI and Machine Learning technologies offer sophisticated behavioural analytics that can be used to identify individual actors, establish complex relationships between them, and provide detailed insights into the content of conversations.

This helps detect malicious financial transactions, attempts to obtain sensitive information through phishing attacks, or any suspicious requests for large sums of money. By monitoring interactions between vendors and customers in real-time, these systems enable organisations to quickly detect supply chain fraud and stop cybercriminals before they can do any harm.

In addition, our comprehensive Infotrust Security Awareness Services are highly effective in creating a culture of security throughout your organisation. From awareness training and incident response to penetration testing and more; Infotrust serves as an end-to-end cyber security solution.

SPEAK TO OUR CYBER SECURITY EXPERTS TODAY

Infotrust can provide peace of mind that your organisation’s data is protected against VEC attacks and other malicious cyber security threats. For more information, get in touch.