Brian Johnson, Chief Security Officer at Armorblox, discusses the prevalence and dangers of vendor and supply chain fraud and how organizations can protect against these targeted attacks.
Through frequent interactions, a certain level of trust is acquired with our vendors and third-party contacts over time. Sadly, bad actors are counting on this trust, eager to exploit it. According to Armorblox 2022 Email Security Threat Report, the Armorblox research team saw a 73% increase in financial fraud email threats year-over-year from 2021 to 2022. And 44% of these financial fraud attacks were sophisticated, targeted attacks such as wire fraud, invoice fraud, or vendor fraud. For organizations that work with vendors and suppliers, it is important to take the necessary precautions to protect your organization against vendor fraud and supply chain attacks.
Brian Johnson, Chief Security Officer at Armorblox, sat down with Expert Insights to discuss the dangers of vendor fraud and supply chain attacks, why these attacks are becoming more prevalent, and how Armorblox Vendor and Supply Chain Attack Protection helps organizations protect end users against vendor fraud, vendor compromise, and attacks on the supply chain.
Straight from the CSO, here are the key takeaways on how businesses can prevent today’s email threats:
- Executive spoofing has morphed to any employee who has access to sensitive or confidential data — not just CFOs, its admins and executive assistants being targeted by these attacks.
- Adversaries are coming up with new campaigns within minutes, on a rapid scale.
- Over the last six months, account takeover threats continue to grow, this is the number one attack we see amongst customers.
- Having layers of security in place is necessary to protect against today’s attacks. Targeted, dynamic attacks are growing exponentially, and standard email platforms do not reduce the risk of these attacks targeting end users.
Read the full conversation between Brian Johnson, CSO at Armorblox, and Expert Insights here.
Armorblox Protects Organizations from Today’s Largest Emerging Threats
The number of write ups on breaches and million dollar losses continue to increase, due to today’s largest emerging threats – vendor fraud and supply chain attacks. Armorblox protects organizations against these targeted attacks by understanding behavior and communication baselines across vendor and third-party contacts in contact with all individuals across the organization.
Armorblox helps current customers and new customers coming to us understand who their vendors are, and what suspicious emails look like. And this is designed not only for C-suite staff, but also for your mid-level managers—individuals that are actually writing and sending checks or wiring money from bank accounts. This means that we can protect the whole organization, not just an individual.
– Brian Johnson, CSO at Armorblox
Large companies may work with thousands of vendors, which makes it difficult to identify genuine emails from targeted attacks. Emails spoofing legitimate vendor notification and business workflows continue to grow, with large vendors such as PayPal, Netflix, and Docusign continuously being impersonated. These are the targeted attacks that are bypassing native email security layers and employees are receiving.
We're seeing a very large increase in financial fraud where organizations receive an email from a vendor asking them to pay for a service. Large companies may work with thousands of vendors, and the ability for CFOs and finance teams to keep up with that number of vendors is continually becoming harder and harder. This makes it more difficult to tell when an email is from a genuine vendor, or from an adversary.
– Brian Johnson, CSO at Armorblox
More than 58,000 customers trust Armorblox to protect them against these targeted attacks that slip past legacy security layers. Armorblox Vendor and Supply Chain Attack Protection protects organizations from vendor compromise, vendor and third-party fraud, and supply chain attacks. Armorblox protects while educating end users on suspicious emails and blocks malicious emails, that bypass other security controls, from coming through.
