AI Security Mailbox: Elevating the Employee Reporting Experience

Amid a whirlwind of meetings, deadlines, and to-do lists, employees often don’t prioritize cybersecurity tasks. When the security team reaches out, it’s almost always viewed as an inconvenience. However, the threat landscape is ever-changing, and whether your employees like it or not, they are a line of defense for your organization’s assets. Because of this, security teams need to ensure that every engagement with employees is pleasant, educational, and easy. This is what we aim to do at Abnormal.

So much of what the Abnormal platform does is behind the scenes—protecting your employees without them even knowing it. However, our recently announced AI Security Mailbox product works both in the background to improve security operations AND in the foreground by engaging and educating employees on cyber threats. When an employee reports what they believe to be a malicious email, the AI Security Mailbox enables security analysts to leverage the power of GenAI to provide unique and personalized responses. This creates a better experience for the reporting employee and saves valuable analyst time, removing the burden of manually crafting individual responses.

Let’s take a look at what the employee experience looks like with GenAI Responses.

The initial response back to reporters of phishing emails is crucial. Reporters have taken time out of the day to report an email. If they receive no response, they will be demotivated to report emails in the future. Generic responses can be used to close the feedback loop, but they miss a key opportunity to engage and educate employees. GenAI responses capitalize on the opportunity to engage employees by personalizing each response to the reported email and educating the employee. Let’s take a look at an example.

In this example, the response does a few important things for the employee, including:

• Reminding the employee what email was reported and immediately sharing whether the email is safe or malicious

• Validating the reporter’s suspicions by sharing details as to why they were wary of this email

• Providing context explaining why the email is safe or malicious

• Expressing gratitude for submitting the email and encouraging future reporting

What if your employees have a follow-up question about the reported email, the response, or another security-related topic? With GenAI responses enabled, the employee does not have to log a support ticket, which would necessitate a manual response from your security team. Instead, the employee can reply directly to the original analyst email and receive a prompt conversational response to the question from the AI Security Analyst.

After reporting a message that was determined to be safe, the employee remains suspicious and replies, “I have never received an email like this before. I do not know the sender. How can you be sure that it is safe?” The AI Security Analyst responds with information specific to the original reported email. The AI Security Analyst then explains that the email passed important security messages, came from a known domain, and resembles a marketing email. The AI Analyst continues to validate the reporter's suspicions and provides next steps if the reporter continues to feel uneasy about the email. If the reporter has additional questions, they can continue to reply to the AI Security Analyst and receive engaging and educational responses.

Every organization is different in the way ‌it communicates, its goals, and its overall culture. As an extension of your security team, the AI Security Analyst should accurately represent your organization. To accomplish this, security teams can personalize the Analyst by dictating custom instructions via a text box on the settings page of the AI Security Mailbox.

Common information that is included in the custom instructions are:

• Tone: Security teams can specify the tone that should be used when communicating with reporters. This could range from a more empathetic and formal tone to a more humorous and casual tone.

• Security Context: By sharing security information specific to your organization (e.g., password mandates, MFA policies, security awareness training standards, etc.) in the custom instructions, the AI Security Analyst can include that information to better tailor responses to your employees.

• Other Customizations: So much of cybersecurity is stressful and fear-inducing. Employees don’t often interact with security teams, but when they do, it can be unpleasant. The responses to user-reported phishing emails present an opportunity for employees to interact with security in a more pleasant way. Custom instructions can be provided to ensure a positive experience for all employees.

In the example above, I put myself in the shoes of one of our larger customers–a home improvement company. To personalize the AI Security Analyst, I named it “Home Improvement D(AI)Y” and asked that it include an analogy about the topic being asked and home improvement at the end of conversations. To test this, I asked the AI Security Analyst, “What is one thing I can do to be more aware of cyber threats?” Home Improvement D(AI)Y responded with helpful resources and a fun analogy about how being aware of cyber threats is like keeping my garden tools sharp. Custom instructions allow you to really personalize your AI Security Analyst to capture your employees' attention.

Security teams need to capitalize on every interaction they have with end-users to improve security awareness. AI Security Mailbox and its associated GenAI Responses empower security teams to do just that without the addition of headcount or diversion away from other key priorities. AI Security Mailbox is now available as an add-on product to Abnormal Inbound Email Security.

Are you interested in learning more about how you can utilize AI Security Mailbox to engage your employees in a meaningful way to improve security awareness? Schedule a demo today!