Case Studies CSC Generation's Deployment of Abnormal Security to Combat BEC Attacks

Edit This Case Study Record

	CSC Generation's Deployment of Abnormal Security to Combat BEC Attacks

CSC Generation's Deployment of Abnormal Security to Combat BEC Attacks

Technology Category	Cybersecurity & Privacy - Application Security Cybersecurity & Privacy - Identity & Authentication Management Cybersecurity & Privacy - Security Compliance
Applicable Industries	Retail
Applicable Functions	Business Operation Procurement
Use Cases	Cybersecurity Fraud Detection Remote Control
Services	Cybersecurity Services System Integration
Challenge	Business Email Compromise (BEC) has been growing at a breakneck pace over the past several years. Today, it represents more than half of all cyberthreat related financial losses according to the 2019 FBI Internet Crime Complaint Center (IC3) report. BEC attacks are sophisticated threats that leverage social engineering to target employees, who then unwittingly purchase gift cards, redirect payroll deposits or pay fraudulent invoices. As a holding company for retail brands, CSC is a primary target for BEC attacks due to its complex supply chain. Invoice fraud attacks, where attackers pose as suppliers, leverage the trusted relationships of external third parties to redirect legitimate invoice payments into an attackers’ bank account. Attackers have turned their focus toward the retail segment due to the sheer volume of suppliers and the fact that business invoices represent significantly greater value than payroll or gift card fraud. Compounding these issues is CSC’s growth strategy that is fueled by acquisition. The integration of new retail brands, their unique business processes and suppliers, create a dynamic that challenges any systems that cannot adapt to a constantly evolving environment. Traditional security policies become obsolete almost overnight. Read More
About Customer	CSC Generation is a holding company for famous retail brands such as DirectBuy, One Kings Lane, Z Gallerie, and Sur La Table. Part retailer, part investment bank, and part tech company, CSC’s rapid growth is fueled by the combination of acquisitions and digital transformation of the retail brands toward e-commerce. Headquartered in Gardena, CA, CSC Generation operates within the private equity and technology sectors and employs over 1,000 people. The company’s strategy involves acquiring retail brands and transforming them through digital innovation, making it a significant player in the retail and technology industries. Read More
Solution	CSC quickly deployed Abnormal Security by integrating in minutes via native Office 365 APIs. Without any configuration required, Abnormal Security’s AI automatically developed a deep understanding of the people in the organization and their business relationships. Abnormal automatically mapped CSC’s complex supply chain across its multiple retail brands, incorporating the knowledge from VendorBase, Abnormal’s global, federated data of vendor behaviors and associated risk scores to identify and stop attacks from compromised vendors. These Business Insights provide the critical baseline for identifying anomalous behaviors to stop BEC and other socially engineered attacks. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Application Security

Cybersecurity & Privacy - Identity & Authentication Management

Cybersecurity & Privacy - Security Compliance

Applicable Industries

Retail

Applicable Functions

Business Operation

Procurement

Use Cases

Cybersecurity

Fraud Detection

Remote Control

Services

Cybersecurity Services

System Integration

Challenge

Business Email Compromise (BEC) has been growing at a breakneck pace over the past several years. Today, it represents more than half of all cyberthreat related financial losses according to the 2019 FBI Internet Crime Complaint Center (IC3) report. BEC attacks are sophisticated threats that leverage social engineering to target employees, who then unwittingly purchase gift cards, redirect payroll deposits or pay fraudulent invoices. As a holding company for retail brands, CSC is a primary target for BEC attacks due to its complex supply chain. Invoice fraud attacks, where attackers pose as suppliers, leverage the trusted relationships of external third parties to redirect legitimate invoice payments into an attackers’ bank account. Attackers have turned their focus toward the retail segment due to the sheer volume of suppliers and the fact that business invoices represent significantly greater value than payroll or gift card fraud. Compounding these issues is CSC’s growth strategy that is fueled by acquisition. The integration of new retail brands, their unique business processes and suppliers, create a dynamic that challenges any systems that cannot adapt to a constantly evolving environment. Traditional security policies become obsolete almost overnight.

About Customer

CSC Generation is a holding company for famous retail brands such as DirectBuy, One Kings Lane, Z Gallerie, and Sur La Table. Part retailer, part investment bank, and part tech company, CSC’s rapid growth is fueled by the combination of acquisitions and digital transformation of the retail brands toward e-commerce. Headquartered in Gardena, CA, CSC Generation operates within the private equity and technology sectors and employs over 1,000 people. The company’s strategy involves acquiring retail brands and transforming them through digital innovation, making it a significant player in the retail and technology industries.

Solution

CSC quickly deployed Abnormal Security by integrating in minutes via native Office 365 APIs. Without any configuration required, Abnormal Security’s AI automatically developed a deep understanding of the people in the organization and their business relationships. Abnormal automatically mapped CSC’s complex supply chain across its multiple retail brands, incorporating the knowledge from VendorBase, Abnormal’s global, federated data of vendor behaviors and associated risk scores to identify and stop attacks from compromised vendors. These Business Insights provide the critical baseline for identifying anomalous behaviors to stop BEC and other socially engineered attacks.

Impact #1	Immediately upon integrating, Abnormal Security began identifying and blocking various BEC attacks: from executive impersonation attacks to invoice fraud attempts from established vendors.
Impact #2	Abnormal Security also began to provide real-time detection of user accounts that were compromised. This includes the ability to identify incidents where compromised passwords were used to successfully authenticate, but failed MFA.
Impact #3	These detections and automated remediations provided significant time savings for the security team from lengthy manual response processes.

Impact #1

Immediately upon integrating, Abnormal Security began identifying and blocking various BEC attacks: from executive impersonation attacks to invoice fraud attempts from established vendors.

Impact #2

Abnormal Security also began to provide real-time detection of user accounts that were compromised. This includes the ability to identify incidents where compromised passwords were used to successfully authenticate, but failed MFA.

Impact #3

These detections and automated remediations provided significant time savings for the security team from lengthy manual response processes.

Benefit #1	Abnormal Security represents more than half of all cyberthreat related financial losses according to the 2019 FBI Internet Crime Complaint Center (IC3) report.

Benefit #1

Abnormal Security represents more than half of all cyberthreat related financial losses according to the 2019 FBI Internet Crime Complaint Center (IC3) report.

Download PDF Version

Overview

CSC Generation's Deployment of Abnormal Security to Combat BEC Attacks

Operational Impact

Quantitative Benefit