Industry: Environmental Consulting and Engineering
Location: Encinitas, California
Protected Mailboxes: 1000+
Credential Phishing Wave Flooded Inboxes
The FBI reported that phishing attacks more than doubled from 2019 to 2020, and then increased again by 34% the following year. These attacks increasingly use identity impersonation rather than malicious links and attachments to steal credentials from executives and other employees.
The result for Dudek was more realistic-looking phishing messages reaching their people, particularly the CFO and CEO.
Finding a True Partner, Not Just a Provider
Dudek has spent more than four decades driving progress by engineering solutions for the environmental challenges faced by government agencies, transportation authorities, universities, healthcare organizations, and the construction industry. Dudek’s portfolio includes renewable energy consulting, environmental impact reporting, engineering services for high-speed rail line development, wildfire protection plans, and many other projects.
The firm started as a two-person consulting practice in Encinitas, California in 1980. Now, CIO Brian Nordmann said, “We’re a fast-growing firm doing projects in nearly every state. We’ve got over 500 people in our offices and 200 more in the field across the United States at any time.” While rapidly growing, Dudek prides itself on listening carefully to clients, communicating and collaborating effectively with them, always centering on their clients’ best interests, and being a reliable, easy-to-work-with partner.
In 2020, as many companies saw a rise in advanced email attacks, Dudek realized that credential phishing attacks were a growing problem for its employees and executives. “With the tools we had in place, phishing emails were making it through our defenses, and we were scrambling to remediate issues as they were happening,” Nordmann said. He and the Dudek IT department spent several months methodically evaluating their options. They wanted something cost-effective and quick to deploy that would invisibly protect employees from advanced email attacks. They also wanted to find a solution provider that would be easy to work with, like Dudek.
“At Dudek, we deliver efficiencies throughout our projects, and we seek the same from our partners. We were impressed by Abnormal’s API model, the fact that we could set it up with a 30-minute call, and that it worked seamlessly with our Microsoft 365 environment.”
—Brian Nordmann, CIO
Dudek Needed a New Solution to Keep Threats Out of Its CFO’s Inbox
Dudek’s email security originally relied on Microsoft 365 detection tools to save the cost of a secure email gateway. “We had Exchange Online Protection and Defender for Office 365, and we built up what became an unwieldy rule set to try to keep threats out,” said Stephen Lister, IT Systems Architect. “The result was too many threats getting through, plus too many false positives.”
Sophisticated threats were the hardest to identify. “Our CFO and her team were heavily targeted with messages including details that made it look like a vendor requesting payment. With such a high volume of clients and vendor messages to handle, these emails made their jobs much harder,” Nordmann said.
As recipients reported these emails, the workload shifted to IT. “Before Abnormal, when a malicious phishing email got in, I’d search, find it, and manually purge it,” said Eric Williams, IT Systems Administrator. “Eliminating one phishing email from the environment could take anywhere from 30 minutes to an hour, and we were dealing with it multiple times each week.”
Easy-to-Use Solution Required No Training and Delivered Key Insights
Dudek’s goal was to find a Microsoft-compatible solution for advanced email threats. “We have a cloud-first approach to keep our infrastructure lightweight, and Microsoft is our go-to partner for infrastructure as a service and productivity,” Nordmann said. “We were impressed by Abnormal’s API model, the fact that we could set it up with a 30-minute call, and that it worked seamlessly with our Microsoft 365 environment.”
Abnormal provided other advantages, too. “With Abnormal, we didn’t have to train people on the new email solution,” Lister said. “And during our proof of value trial, Abnormal showed us what they found, why they found it, and what they would have stopped.” Williams agreed. “A lot of the other vendors we looked at generated false positives and missed attacks and they couldn’t explain why.”
Abnormal Delivers Immediate Value by Protecting Vendor Relationships
Abnormal’s commitment to engaging with clients proved its value quickly. Soon after Dudek implemented the product, the company was hit with an advanced email attack. “Shortly after we installed Abnormal, we experienced a vendor email compromise (VEC) attack that hijacked a legitimate three-way email conversation about an invoice between a vendor, our accounting department, and our IT department,” said Mark Baldus, IT Infrastructure and Operations Manager.
“The attacker took over the vendor’s email account and tried to steer a large amount of money their way. The conversation had started out legitimate but then we had questions. We worked with the Abnormal team to confirm the compromise and determine the exact point when the conversation was intercepted. That prevented a large transaction from going the wrong way,” Baldus said.
Vendor email compromise attacks can be especially hard to detect because they exploit trusted relationships and known identities. Abnormal’s VendorBase™ continuously assesses the risk and reputation of each vendor across the entire customer ecosystem, monitors the tone and content for changes from known-good behavior, and stops attacks to prevent financial losses.
Abnormal also quickly resolved Dudek’s longstanding credential phishing problem. “Before Abnormal, we got five or six phishing tickets a day. With Abnormal, I’ve only seen one, and it had already gone to quarantine,” said Baldus, who oversees Dudek’s help desk. “Abnormal is just what we needed—a full-service tool that automatically does what we were doing manually before.
“We feel very confident that we have a partner in Abnormal. They not only make sure our email security solution is working optimally, but they also listen when we have feedback.”
—Brian Nordmann, CIO
Dudek Finds Partner That Frees Them to Focus on Growth and Client Service
The Abnormal team works with Dudek to ensure they get the most from their email security solution. “The company has been very responsive to our questions and proactive about checking in to validate the solution,” Nordmann said.
With Abnormal, Dudek has safer inboxes and more time to focus on work. “Our CFO said she’s noticed the decrease in emails that she would have had to report,” Nordmann said. “It has been transformational,” Lister added. “Abnormal has lifted a huge burden off our email team and our end users.”