Save the Children Protects Its Mission with Abnormal Security

Save the Children International and its 30 member organisations help more than 100 million children each year in countries worldwide as they face issues like war, famine, and limited access to healthcare and education. "We speak up for children in parts of the world where they don't have a voice," said Gareth Packham, Global CISO. "The scale of our operation means that we can achieve more in parts of the world that are hard for other organisations to reach."

Working in unsettled areas presents unique risks. "We're concerned about phishing, ransomware, and denial-of-service attacks, and increasingly, nation-state attacks and surveillance," Gareth said. People are an issue, too, even with awareness training. “Asking a busy person to make the right decision about a hundred emails a day is a risk.”

Despite Microsoft 365's E3 security tools, phishing and BEC attacks were reaching inboxes. These attacks put at risk the organisation's reputation as well as its funds for programming, operational data, and personal data on program participants, partners, and employees.

“We work in difficult environments where the cybersecurity risks are high. The children and families we work with, our staff, and our partners need to know their data is safe with us. Abnormal plays a huge part in our ability to deliver on that mission.”
—Gareth Packham, Global CISO

According to Gareth, Save the Children needed a security solution that met three criteria. "It had to be effective. It had to deliver value because every dollar we spend on technology is a dollar we can't spend on healthcare or education for children. And it had to be light-touch in terms of implementation and how our analysts use it."

Gareth was interested in using AI, ML, and automation to support his small cybersecurity team. Among multiple POVs, Abnormal stood out. "Integration with our M365 environment occurred in a matter of minutes. We found the POV hugely illustrative in terms of the level of threats, the number of attacks, and their overall complexity.”

Abnormal’s easy integration with CrowdStrike was another point in its favour, and Save the Children saved time on RFPs by purchasing both together. Now, Abnormal's AI automation saves time on investigation and remediation and prevents end users from engaging with attacks. "Before Abnormal, it could take an analyst half a day to deal with a phishing email," he said. "Now we've had over a 98% reduction in attack emails getting through. Our cybersecurity analysts like the fact that Abnormal works in the background without manual review, but the dashboard makes it very easy to still get the information they need."

Gareth has also been pleased with the level of support from Abnormal to get the most value from the platform's data. "It’s been really beneficial for stopping attacks and providing us with threat intelligence."

“The integration between CrowdStrike's identity threat protection and Abnormal increases the value we get from each of those technology investments. That helps us allocate as much of our revenue as possible to our core mission, while protecting that mission from advanced threats.”
—Gareth Packham, Global CISO

With AI-based security and automation that enables his team to work on higher-priority tasks and lets staffers trust their inboxes, Gareth feels that Save the Children International has found a reliable partner in Abnormal. "Abnormal has shown its value to us in terms of the effectiveness of the platform,” Gareth said. "We see Abnormal as a company we want to work with over the long term."