Industry Insights with Mike Britton

AI-Driven Security Operations , Email Security & Protection , Email Threat Protection

How AI Shields Enterprises from Advanced Email Attacks

How AI Shields Enterprises from Advanced Email Attacks

Email continues to be the largest attack surface in organizations today and advanced email threats are on the rise, with business email compromise (BEC) growing 50% over the past year. And these attacks are costly, having generated $55 billion in exposed losses over the last ten years.

See Also: OnDemand | When AI Becomes Doctor, Nurse, and Security Guard

Despite companies investing heavily in email security technology, attackers are outpacing legacy detection methods and successfully infiltrating organizations through email. So what can be done? Fortunately, AI is changing the game—giving security teams like those at Valvoline and Marmon a new way to neutralize attacks before they reach users’ inboxes.

Why Traditional Email Security Solutions Fall Short

For many years, secure email gateways (SEGs) were the gold standard in email protection, especially in the face of high-volume malware and phishing attacks. But today’s savvy cybercriminals have quickly learned how to outsmart the SEG in pursuit of lucrative email compromise schemes.

SEGs operate by detecting known threat signatures, which is precisely why they fall short when it comes to these text-based attacks. Today’s adversaries can simply omit traditional indicators of compromise – like malicious links and attachments or bad domains – to slip by undetected. As a result, we’ve seen a drastic rise in social engineering attacks that closely resemble real-life communications and deceive targets into taking action—like paying a phony invoice or sharing sensitive information.

The recent proliferation of generative AI has only added fuel to the fire. With tools like ChatGPT or its malicious counterparts like WormGPT, cybercriminals can now create perfectly written, highly-personalized email attacks easier and more quickly than ever before.

Operationally, SEGs require hands-on management with constant, manual policy updates to block specific senders, IPs, or messages containing known-bad keywords. This can be an incredibly resource-intensive process when threats evolve by the day. Plus, these tools can mislabel legitimate emails as threats—overburdening security teams with false positives.

What Makes AI-Powered Solutions Different?

Although SEGs are rapidly losing their effectiveness in catching advanced email attacks, AI solutions are a formidable alternative—finally allowing enterprises to keep pace with cybercriminals. Because AI can learn and decipher patterns in real-time, it has the power to detect subtle abnormalities that even the best SEGs and security-aware employees miss.

Using behavioral AI models, these solutions continuously ingest thousands of signals across the email environment, including users’ sign-in locations and times, language and tone, and typical communications patterns, as well as what their interactions typically entail. If anything deviates from the norm, these solutions can remediate the potential threat before it reaches a user’s inbox—even when no traditional indicators of compromise are present. And, because the process is entirely automated, it frees up security pros from manual investigation and remediation.

AI Solutions in Action

So, what does AI-native email security look like in the real-world? Hundreds of large enterprises across the world are tapping the power of AI to secure their organizations against evolving attacks. Here are a couple examples.

To secure its cloud email, Fortune 1000 company Valvoline Inc. historically relied on a defense-in-depth approach consisting of multiple layers of security, including native Microsoft 365 capabilities, a SEG, and security awareness training. But even with all these solutions in place, attacks were still landing in users’ inboxes. And these attacks included some of the most targeted types of email threats like spear phishing and invoice fraud—with attackers requesting everything from $5,000 to millions. Valvoline needed a solution that could more effectively detect and stop the malicious emails that its current solutions were missing.

Since replacing its SEG and API solution with AI-powered security, the team has prevented $600,000 in recurring invoice fraud attacks and saved its security analysts 480 hours on email management. Total cost of ownership reduced as well. Because the SEG isn’t a set-it-and-forget-it tool, analysts would spend up to 90% of their day on manual email-related tasks—a burden that’s now been alleviated through the use of autonomous AI.

A similar transformation occurred for Marmon, a Berkshire Hathaway company. The holding company owns over 120 manufacturing organizations worldwide—each with its own security tech stack involving a variety of SEGs. But with threat actors using more sophisticated social engineering tactics to bypass SEGs and analysts swamped with user-reported alerts, the team knew they needed to adopt behavioral AI-based security. This shift not only stopped more attacks than the SEGs managed to prevent, but also automated remediation, which saves security analysts over 100 hours a month.

The bottom line? SEGs have performed admirably for many years, but they’re no match for this new generation of email attacks, and relying on outdated tools can have catastrophic consequences. By upgrading to a behavioral AI-based solution, you can defend against emerging threats and become more proactive in the fight against cybercrime.

Abnormal Security is trusted by more than 2,400 organizations, including 17% of the Fortune 500. Learn why industry-leading enterprises choose Abnormal.



About the Author

Mike Britton

Mike Britton

CIO, Abnormal Security

Mike Britton is the CIO of Abnormal Security, where he leads the information security team, privacy program, and corporate AI strategy. He is integral in building and maintaining the customer trust program, performing vendor risk analysis, protecting the workforce with proactive monitoring of the multi-cloud infrastructure, and leading the implementation of AI-powered tools and processes to enhance employee efficiency and productivity. He also works closely with the Abnormal product and engineering teams to ensure platform security and serves as the voice of the customer for feature development. Mike previously spent three years as the CISO of Abnormal Security. Prior to Abnormal, Mike spent six years as the CSO and Chief Privacy Officer for Alliance Data and previously worked for IBM and VF Corporation. He brings 25 years of information security, privacy, compliance, and IT experience from multiple Fortune 500 global companies. Mike holds an MBA from the University of Dallas and a BA in Political Science from the University of Mary Washington.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.