Kymatio Isotype
Why Kymatio
Partners
Book a demo
Book a demo
EN
Kymatio Isotype
Why Kymatio
Partners
Book a demo
This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

I acceptSettings
Cookie settings
Kymatio uses cookies to make your experience better. Check our Privacy Policy to learn more.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
Accept all cookiesSave settings
Close
articles
Reducing supply chain cyber risk begins with recognizing social engineering as today’s biggest threat
Cyberattacks
Cybersecurity Glossary

Reducing supply chain cyber risk begins with recognizing social engineering as today’s biggest threat

by
Fernando Mateus
|
January 7, 2023

Supply chain cyberattacks have surged 78%, with over half caused by vendors. Learn how social engineering and BEC bypass defenses, and why managing human cyber risk is critical to protect your business.

IN THIS article
Text Link
Book a demo

Social Engineering Threats in the Supply Chain: The Overlooked Risk

Rising Threats
Recent studies, including research from Resilience 360 (DHL Consulting), reveal a 78% increase in cybersecurity attacks and incidents impacting the supply chain. Analysts, researchers, and even the FBI have issued public warnings about the risks embedded in the global supplier ecosystem.

Vendor Screening Gaps
While many large organizations—particularly Fortune 500 companies—have increased their scrutiny of new vendors by requesting details on firewall policies, compliance certifications, and data protection measures, there is a noticeable gap:

  • What is your human cyber risk score?
  • How do you ensure employee cyber awareness?
  • What is your email security strategy?

The omission is concerning, given that nine out of 10 cyberattacks start with an email phishing campaign.

Exploiting the Weakest Link
Over 56% of organizations report breaches caused by their suppliers. Cybercriminals know it is often easier to compromise a small or medium vendor with weaker defenses than to attack a large organization directly.

The Rise of Business Email Compromise (BEC)
BEC attacks bypass traditional defenses by avoiding malicious attachments or URLs. They rely on social engineering, posing as executives or colleagues to convince recipients to transfer funds or update sensitive information.

  • In 2019, the FBI estimated $1.7 billion in losses from BEC.
  • Attackers increasingly use fake login phishing websites—Bolster reported 800,000+ in the first quarter of 2020 alone.

These techniques are especially challenging for email security systems that cannot visually distinguish a fake login page from a real one in real time.

Reducing the Risk
Addressing the problem requires both technological advances and a mindset shift:

  1. Acknowledge that social engineering is now one of the top supply chain risks.
  2. Integrate human cyber risk questions into vendor security assessments.
  3. Implement human cyber risk management tools to ensure consistent security standards across all supply chain partners.
  4. Maintain ongoing employee training to keep awareness levels high.

Key Takeaway
Technical safeguards are important, but without a strong focus on the human factor, the supply chain will remain exposed to attacks specifically designed to evade detection.

related articles

Explore more articles

Why an AI-Phishing Benchmark is Critical for Your 2025 Strategy
Cyberattacks
Cybersecurity Prevention
Why an AI-Phishing Benchmark is Critical for Your 2025 Strategy
by
Kymatio
|
August 19, 2025
NIS2 vs. DORA comparison — what applies to your organization
Cyberattacks
Cybersecurity Glossary
NIS2 vs. DORA comparison — what applies to your organization
by
Kymatio
|
August 1, 2025
Annual Campaign Calendar: Phishing, Smishing, Vishing and QRishing
Cyberattacks
Cybersecurity Prevention
Annual Campaign Calendar: Phishing, Smishing, Vishing and QRishing
by
Kymatio
|
July 29, 2025
ACTIVATE YOUR HUMAN FIREWALLS

Ready to uncover the real risk within your organization

Book a demo
Know the real risk
4.8 in Capterra

Join the Kymatio® newsletter and get the latest insights, research, and practical tips on cybersecurity awareness prevention straight to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Services
HRMAssessment  & AwarenessAttack SimulationsBreach ScanDigital Wellbeing
Use cases
Public SectorFinancial SectorHealthcare SectorLarge enterprises
About us
Why KymatioKnow KymatioOur valuesSuccess Stories
Resources
BlogWebinarsWhitepapersNews
Get in touch
ContactLinkedInXFacebookYoutube
© 2025 Kymatio. All Rights reserved.
Privacy policy
·
Compliance
·
Cookies Policy
·
Legal Notice
·
AI Policy