Why Email is Not the Answer for Supply Chain Collaboration: The Dangers of Vendor Email Compromise Attacks

?The FBI documented 467,000 complaints in 2019, representing more than $3.5 Billion in losses.

As a supply chain professional, you know the importance of effective collaboration with your partners. Unfortunately, email is often the go-to method for communication and collaboration, but better options exist.

Companies need to be aware of the dangers of vendor email compromise attacks (VEC) and how they can hinder the supply chain.?Vendor email compromise (VEC) is a type of cyber attack in which a cybercriminal gains access to a?company's email system or that of a partner. And then uses it to send fraudulent emails to vendors or suppliers. These emails may request the transfer of funds or sensitive information. And they may appear to be from a legitimate source, such as a company executive or employee. The goal of a VEC attack is to trick the vendor into believing the request is legitimate and to take action. Such as transferring funds, changing an address, or sharing sensitive information.

Remember, you can’t scan your partners' system continuously or the many tier 2 or tier 3 partners that you may not know about.?According to the FBI, criminals are successfully infiltrating suppliers and waiting, sometimes for months, for an opportunity to jump on.

The entire supply chain may be at risk if the vendor falls for the scam.?Even with proper cybersecurity measures in place, emails still pose a risk. Implementing a multi-enterprise collaboration platform within your security perimeter minimizes the VEC risk.?

Please reach out if you have any questions - I have been involved with 4 companies' multi-enterprise solutions to help manage external manufacturing supply chains and am familiar with the strengths and weaknesses of each.?