Protecting Sustainable Community Development with Human Behaviour AI

Like many construction businesses, Berkeley Group was a target of phishing and business email compromise attacks. “Attackers wanted credentials and cash, so we saw lots of impersonations of our executive team," said Ash Hughes, Head of Security. In addition to Microsoft 365ʼs native email security tools and a secure email gateway SEG, the company focused on security awareness training and education. “We relied a lot on end users to report suspicious emails,ˮ he added. “But when a user followed a compromised link, we had to respond manually to protect our data. We also needed to prevent reputational and financial damage if attackers hijacked an email chain or divert payments,ˮ Hughes said.

“The context Abnormal provides—the way it tags indicators within an email, and the threat intelligence on who has interacted with the email—is so valuable. Having all that information at a glance in the Abnormal portal delivers huge efficiencies for our security team.ˮ
— Ash Hughes, Head of Security, Berkeley Group

“We had a SEG and Microsoft, but we still had an influx of phishing attacks,ˮ Hughes said. He learned about Abnormal's human behaviour AI approach at an event for security professionals. In addition to stopping attacks, Hughes knew that the ideal solution would make Berkeley Groupʼs small in-house security team more efficient. “Most SOC teams have about 45 security tools, but we needed to get the most value from three or four primary tools,ˮ Hughes said. “We booked a half-hour call to set up our Abnormal POV. It only took five minutes, so my team got 25 minutes back right away. Within a week, Abnormal was using content and context to detect attacks we never caught with our previous tools.ˮ

Abnormal detection of shifts in email behaviour has improved Berkeley Groupʼs security posture. “Before, we might get an alert or user report hours after the email arrived,ˮ Hughes said. “Now we donʼt have to race to investigate because Abnormal blocks risky emails from users' mailboxes, and if the platform does miss something, it auto-remediates all similar emails by pulling them from inboxes.ˮ The platformʼs API architecture was a huge selling point for Hughes and his team. “I didnʼt need to add new hardware or change our email flow. Abnormal integrated with Microsoft seamlessly, and we control that connection so we know where that data endpoint is,ˮ he said. In addition, Abnormalʼs autonomous AI-enabled analysts to focus on other issues, while end users can focus on their work, knowing they can trust the messages in their inboxes.

"Whether it's QR code attacks, new malicious URL strategies, or new ways of phishing our end users, the speed with which Abnormal has detected emerging and evolving threats to keep them out of inboxes has been fantastic."
— Ash Hughes, Head of Security, Berkeley Group

In addition to better email security and more efficiency, Berkeley Group now has a security partner thatʼs invested in helping them reach their goals as needs and threats evolve. “From day one, the Abnormal team was interested in building a relationship and understanding how they could make our experience better, including offering to make feature requests to meet our needs,ˮ Hughes said. “The platformʼs performance and ease of use, and the Abnormal teamʼs responsiveness set Abnormal apart from other email security providers.ˮ