Abstract Yellow Hills

Global 500 Financial Organization Moves to "Digital Everything" to Enhance Customer Experience and Email Security

Company Overview

Industry: Financial Services
Protected Mailboxes:

Digital Everything Customer Story Summary

Advanced Supply Chain Threats and Fraud Avoided

Attacks via third-party vendors increased 156% against companies between July 2020 and June 2021. Cybercriminals now exploit the vendor-customer email channel to impersonate trusted vendors and commit invoice fraud, billing account update fraud, and RFQ scams against vendors’ clients. Upon integration, Abnormal found compromised accounts within 70+ of the organization’s vendors, closing a gap that could have led to costly attacks.

Transforming Global Business Operations To Deliver "Digital Everything"

As a leading Global 500 financial services company, the organization is responsible for nearly a trillion dollars in asset management, investor interests, and a global workforce. Its insurance, investment, financial advisory, and asset management services are trusted by customers across Canada, the United States, Asia, and Europe. With millions of customers, it’s important to this financial organization to protect their wealth, reduce their risk, and help them to reach their goals and live more rewarding, healthier lives.

To maintain this trust and continue to foster growth, the organization is transforming its global business operations to deliver “digital everything.” This requires a fresh look at each line of business and its supporting technologies, people, and functions to identify opportunities to reorganize, replatform, and accelerate their rate of digital change to become quicker and more competitive.

During this transformation, the security operations team has a critical role in protecting assets, processes, and people. The team knew that even though the organization wasn’t having to deal with successful email attacks yet, they should keep looking for ways to enhance protection for their more than 34,000 inboxes worldwide. “Email is the most vulnerable area we have because it requires humans to decide quickly whether or not to click a link or open an attachment. Blocking malicious emails before they reach a human is key,” said the company’s Director of Threat Intelligence.

The organization’s proactive mindset led it to Abnormal. Rather than wait for an attack to succeed, “we took the next step in our email security evolution,” said the Associate VP of Security Operations.

"As we move into a ‘digital everything’ world, protecting our customers and employees is the top priority. We’re moving faster and becoming more competitive, and we need to ensure that our security can keep pace. Abnormal makes that happen."
—AVP of Security Operations

Revealing and Stopping Thousands More Email Attacks

Abnormal quickly uncovered a volume of email threats the organization hadn’t expected—more than 70 compromised vendors and more than 11,000 advanced email attacks per month bypassing the company’s secure email gateway. “We were fortunate that we did not have any problems because Abnormal showed us that we had been interacting with compromised vendors and that thousands of attacks were bypassing our other two layers.”

Abnormal is the organization’s final line of defense against advanced email threats and those that matter most, with IronPort dedicated to anti-spam, FireEye detecting advanced threat malware, and Abnormal providing protection against business email compromise and other socially-engineered attacks that the other two layers aren’t able to detect.

As one of the organization’s security engineers explained, “Abnormal is catching things that our other two security platforms should’ve caught. It’s like this big wall of safety that complements and exceeds what the other tools are doing.”

Behavior-Based Protection Against Supply Chain Compromise

The fact that so many attacks were slipping through at an organization with two layers of email security already in place shows how sophisticated these threats have become. These attacks impersonate trusted vendors and avoid the known bad signals that other email security solutions are built to identify, like malicious payloads and suspicious links. Abnormal takes a different approach, using machine learning and natural language processing to separate known good email behaviors from those that signal fraud.

Before the company implemented Abnormal, these next-generation attacks were getting through, particularly when they were delivered as text-only emails designed to elicit responses regarding payment data or sensitive account information. “Plain-text business email compromise attacks were getting through. The tools ahead of Abnormal are looking for a file or signature, but Abnormal is really understanding the context with next-generation, next-level machine learning. That’s what is different and it’s why Abnormal is catching these attacks, despite being the last line of defense,” said one security engineer.

Digital Everything Customer Story Stats

Avoiding $14 Million in Fraud Losses and Saving Time with Abnormal

When Abnormal was first implemented in read-only mode to understand the depth of the issue, the platform’s comparison of vendor emails to its proprietary VendorBase™ immediately detected fraudulent vendor interactions. In many cases, these emails were originating from compromised vendor accounts, and the organization had no way of knowing that the emails contained false payment information designed to steal funds or account data. Within the first six months, Abnormal detected 77 of these attacks through VendorBase, saving the organization an estimated $14 million in losses.

“Abnormal is seeing attacks that are mutating and that are more targeted or crafted, where other security solutions are only able to see something if it’s been detected elsewhere first. The entire platform is proactive, and it has really opened my eyes to what was actually reaching our user inboxes,” said one of the company’s security engineers working with Abnormal. Now, the security team can see email threats accurately and they spend less time addressing them, thanks to Abnormal’s automatic remediation features.

"Abnormal autoremediates our largest threats. It’s immediate and proactive rather than reactive. Everyone that we show it to inside the organization is blown away."
—AVP of Security Operations

Abnormal Provides Proactive Email Security for a Global Brand Transformation

Abnormal’s advanced email fraud detection and proactive remediation capabilities are an ideal fit for an organization with a strong cybersecurity culture and a commitment to data privacy. Thanks to the company’s ongoing testing that led them to Abnormal, the security team is now confident they can stop the most dangerous attacks.

That allows the team to focus on securing the organization’s transformation initiatives and maintain the trust the company has built with millions of worldwide customers over its long life. As the Director of Security Engineering put it, “Part of the ROI on Abnormal from a security perspective is the return on our good name because we’re not in the news because of a breach.”

Let us show you how Abnormal can help keep your organization safe from advanced email attacks. Request a demo today!

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Resources

B 06 01 22 Gone Phishing
In this webinar, Graham Cluley, cybersecurity expert and host of the Smashing Security podcast, and Abnormal Security CISO Mike Britton discuss the latest in phishing attacks.
Watch Now
B 05 16 22 Elara Caring
Elara Caring's CISO consistently saw employees struggle to sort authentic messages from email attacks. He knew there was a better solution to protect patient data and improve the employee experience.
Read More
B 03 21 22 CSC Customer Story
While CSC Generation has robust security measures in place, unfortunately, the same couldn't be said for their vendors. To mitigate the risk of payment fraud via compromised vendor accounts, the organization added Abnormal to their security stack and the results spoke for themselves.
Read More
B 04 14 22 CISCO Guide to Phishing
Because phishing emails target human behavior, create a sense of urgency, and appear to come from trusted senders, they can be incredibly difficult to detect. Stopping them before they reach employee inboxes is the key to staying safe.
Download Now
H1 threat report cover
From June-December 2021, Abnormal Security discovered that nearly all types of advanced email attacks grew in frequency, with a new trend of phone fraud using email as the first contact.
Download Now
Everise case study cover
By mid-2021, Everise had more than 11,000 employees to meet new demand for outsourced services. But the shift to remote work brought new email security risks. “Our people are good at what they do, but they’re not email security specialists, and attackers know that."
Read More
Resource 03 COATS
With Abnormal ICES layered over Microsoft Defender, Coats employees are free to focus on continuing the company’s 250-year tradition of innovation, rather than sorting through emails and trying to assess the risks.
Read More
Webinar phish soc cover
Most people believe that the SOC is on the front lines, defending the castles against the forces of darkness. And while that’s true, it’s never quite as heroic as we’d like it to be.
Watch Now
Fireside chat katz cover
Legitimate email communications often contain links and attachments, and employees need to click on those links and attachments to do their jobs. Unfortunately, securing the enterprise often means stopping employees from doing so in an effort to stop bad actors from gaining access to systems or stealing money.
Watch Now
Fortune 200 wealth cover
As a leader in insurance and asset management, this Fortune 200 company recognizes that its security must protect its employees and customers from cyber attacks. Customers place their trust and their assets in the control of this company, so the security team built a robust solution reducing risk, gaining visibility, and securing user identity—the new perimeter.
Read More
Gateway church cover
Gateway chose Abnormal Security because of its uncompromising approach to prevent the email attacks that matter most. In the two years since they've deployed Abnormal, Gateway has not experienced a successful advanced email attack.
Read More
Human element whitepaper cover
The challenge of dealing with cybercrime is complex. Human factors and the human-computer interface are a central component of cybersecurity, and while technology alone will not prevent cybercrime, neither will people. People alone also can also not be relied upon as a last line of defense in an organization’s cybersecurity strategy.
Download Now
Human element webinar cover 2
Cybersecurity is largely a behavioral concern, as cybercriminals use social engineering to trick people into transferring money, entering their credentials, or providing access to sensitive data.
Watch Now
Key considerations webinar cover
Email is both a necessary communication medium, and the most vulnerable area for an attack. Year after year, adversaries find success in abusing email to gain a foothold into an organization—deploying malware, leaking valuable data, or stealing millions of dollars.
Watch Now
B Gartner Highlights 1
The Gartner Market Guide for Email Security explains what integrated cloud email security (ICES) solutions are and why they’re essential for modern enterprises. Download a copy now to learn why enterprises are moving away from the SEG.
Read More