Abstract Violet Joint

SuperConcepts Helps Clients Plan and Protect Their Financial Futures

Company Overview

Industry: Financial Services
Sydney, Australia
Protected Mailboxes:

Super Concepts Security Environment

Phishing Targets Financial Services

Financial services was the most targeted industry for phishing attacks in Q4 2021, accounting for 23.2% of all phishing incidents. December 2021 saw the most phishing attacks ever recorded by the APWG, capping off a year in which phishing attacks tripled over 2020 rates.

Between December 2021 and May 2022, phishing emails comprised 83% of the hundreds of attacks on SuperConcepts that Abnormal detected and stopped.

Bringing the Trust Back into Email Communication

SuperConcepts helps Australians plan for retirement as the country’s largest provider of administrative services for self-managed superannuation funds (SMSFs). An SMSF is a self-managed version of the superannuation fund that’s compulsory for Australian workers, similar to a hybrid of Social Security benefits and a 401(k) in the United States. For more than 30 years, SuperConcepts has supported accounting firms, financial advisers, and individuals as they navigate the complexities of this unique retirement savings vehicle.

SuperConcepts’ business rests on two SMSF-related strategic pillars. One being SMSF administration services which ensures funds meet important tax and legal compliance obligations. The other, SuperMate, is a specialist SMSF accounting software for practitioners.

Because SMSFs receive at least 9.5% of their owners’ salaries each year to build long-term savings, security is critical for data protection, customer trust, and peace of mind for investors, financial professionals, and the SuperConcepts security team. “We deal with bank statements, tax returns, share trading forms, and fund details, so we need to be very careful,” said Jim Robinson, CIO.

In 2021, Robinson and his team of 20 were seeing more sophisticated email threats getting past Microsoft 365 and their secure email gateway. “One of the main attack vectors in financial services is email. We needed to find smart ways to protect our supply chain and our clients from email attacks,” Robinson said.

“We were looking to move to Mimecast, which was pretty cool. Then Abnormal came along and blew it out of the water with better functionality and a smarter way of doing things.”
—Jim Robinson, CIO

Identifying an API-Based Solution to Automate Email Security and Stop Attacks

Despite security awareness training, multifactor login authentication, and a SEG layered onto Microsoft 365, Robinson knew that the company was at increased risk of receiving sophisticated email attacks.

“We had this problem that was 80% fixed, but we were still getting attacks in our inboxes,” he said. “There’s an increased focus on cybersecurity in Australia and particularly in the financial services industry, and there have been a number of fines handed down to companies that didn’t do enough to protect their client data.” To prevent an email-related security incident, SuperConcepts’ team manually remediated each threat that made it past their SEG.

“We would analyze the email, and if it was malicious, we’d run reports to see how many users had received it,” Robinson said. “We’d contact those users and ask if they clicked on the message. Then we’d need to triage the email, potentially change their password, and monitor their account for suspicious activity. You could easily spend an afternoon on this type of thing.” Robinson knew this was not scalable and he needed a new approach to address these sophisticated threats and reduce his team’s manual workload.

Protecting the Entire SuperConcepts Email Ecosystem

After learning what Abnormal offers, Robinson started with the personalized risk assessment. “The integration of Abnormal with Microsoft 365 was literally the click of a button. Abnormal started ingesting data right away and learning our environment,” he said. “During the proof of value, Abnormal flagged a number of VIP spear phishing attacks reaching our CFO and CEO.”

Because Abnormal VendorBase™ monitors clients’ vendor activity and accounts for indicators of compromise, Abnormal also found a third-party attack in progress. “The attacker used an existing email chain between one of our employees and one of our vendors to send malware.” According to Robinson, after he asked the Abnormal team to explain the signals used to identify the attack, “I was like, ‘we have to have it.’ That was someone piggybacking on a legitimate email chain from a legitimate company that we have a history of doing business with. No secure email gateway can pick that up.”

Super Concepts Stats

Abnormal Behavioral Threat Detection Auto-Remediates Threats to Free Up Time

SuperConcepts has found incredible value in Abnormal’s behavioral threat detection solution. Robinson shared, “I’m really happy with the way it’s going. It picked up 1,000+ attacks that bypassed our SEG. I really like the account compromise feature that autodetects threats and locks users out of those mailboxes. That was the real cherry on top for me, because it gives me peace of mind that not only is Abnormal blocking all the attacks, but also that if one actually succeeded, Abnormal auto-remediates that mailbox.” Abnormal’s AI solution, combined with VendorBase continuous monitoring, provides comprehensive email protection in real time.

With Abnormal handling threat detection, blocking, and remediation, Robinson’s cybersecurity, risk, and compliance team can address other security topics. “Now, we don’t have to be so worried about email security,” he said. “That allows us to talk about other things like privacy and data, confidentiality, and some of the other issues that were taking a bit of a backseat to ‘don’t click on the email.’”

“Abnormal solves a problem that other software is unable to address when it comes to advanced email threats like VIP spear phishing. Abnormal’s modern approach with behavioral threat intelligence brings the trust back into email communication.”
—Jim Robinson, CIO

SuperConcepts and Its Customers are Investing and Prepared for the Future

Since Abnormal blocks advanced threats against SuperConcepts, employees and executives can focus on the future, growing their software and administrative service businesses to help Australians build their retirement funds. “Protecting our customers is the bottom line,” Robinson said. “I’m sleeping quite peacefully now, knowing that none of that spear phishing stuff is getting through and our email ecosystem is secure.”

Let us show you how Abnormal can help keep your organization safe from advanced email attacks. Request a demo today!

Related Resources

B 07 22 22 DUDEK
With Abnormal, Dudek has safer inboxes and more time to focus on solving environmental challenges for its customers.
Read More
B 07 08 22 Financial Solutions Brief
Discover the AI-based email security platform that protects financial institutions from the full spectrum of email attacks.
Read More
B 07 19 22 2022 Email Security Trends
We surveyed 300 security leaders to discover what matters most to them when it comes to email security in the current threat landscape.
Read More
B 07 06 22 SANS Whitepaper
This SANS Protects white paper explores some of the most common threats to enterprise email and shares a few ways organizations can block malicious emails from entering their environment.
Read More
B 07 06 22 Sans Webinar B
In this on-demand webinar sponsored by Abnormal Security, you'll learn how cybercriminals execute email-based attacks and how your organization can strengthen your security posture to mitigate these threats.
Watch Now
B 06 01 22 Gone Phishing
In this webinar, Graham Cluley, cybersecurity expert and host of the Smashing Security podcast, and Abnormal Security CISO Mike Britton discuss the latest in phishing attacks.
Watch Now
B 05 16 22 Elara Caring
Elara Caring's CISO consistently saw employees struggle to sort authentic messages from email attacks. He knew there was a better solution to protect patient data and improve the employee experience.
Read More
B 04 08 22 Digital Everything Customer Story
Upon integration with Abnormal, a Fortune Global 500 financial services organization learned that not only had 11,000+ advanced email attacks per month been bypassing its secure email gateway but more than 70 of its vendors had compromised accounts.
Read More
B 03 21 22 CSC Customer Story
While CSC Generation has robust security measures in place, unfortunately, the same couldn't be said for their vendors. To mitigate the risk of payment fraud via compromised vendor accounts, the organization added Abnormal to their security stack and the results spoke for themselves.
Read More
B 04 14 22 CISCO Guide to Phishing
Because phishing emails target human behavior, create a sense of urgency, and appear to come from trusted senders, they can be incredibly difficult to detect. Stopping them before they reach employee inboxes is the key to staying safe.
Download Now
H1 threat report cover
From June-December 2021, Abnormal Security discovered that nearly all types of advanced email attacks grew in frequency, with a new trend of phone fraud using email as the first contact.
Download Now
Everise case study cover
By mid-2021, Everise had more than 11,000 employees to meet new demand for outsourced services. But the shift to remote work brought new email security risks. “Our people are good at what they do, but they’re not email security specialists, and attackers know that."
Read More
Resource 03 COATS
With Abnormal ICES layered over Microsoft Defender, Coats employees are free to focus on continuing the company’s 250-year tradition of innovation, rather than sorting through emails and trying to assess the risks.
Read More
Webinar phish soc cover
Most people believe that the SOC is on the front lines, defending the castles against the forces of darkness. And while that’s true, it’s never quite as heroic as we’d like it to be.
Watch Now
Fireside chat katz cover
Legitimate email communications often contain links and attachments, and employees need to click on those links and attachments to do their jobs. Unfortunately, securing the enterprise often means stopping employees from doing so in an effort to stop bad actors from gaining access to systems or stealing money.
Watch Now
Fortune 200 wealth cover
As a leader in insurance and asset management, this Fortune 200 company recognizes that its security must protect its employees and customers from cyber attacks. Customers place their trust and their assets in the control of this company, so the security team built a robust solution reducing risk, gaining visibility, and securing user identity—the new perimeter.
Read More
Gateway church cover
Gateway chose Abnormal Security because of its uncompromising approach to prevent the email attacks that matter most. In the two years since they've deployed Abnormal, Gateway has not experienced a successful advanced email attack.
Read More
Human element whitepaper cover
The challenge of dealing with cybercrime is complex. Human factors and the human-computer interface are a central component of cybersecurity, and while technology alone will not prevent cybercrime, neither will people. People alone also can also not be relied upon as a last line of defense in an organization’s cybersecurity strategy.
Download Now
Human element webinar cover 2
Cybersecurity is largely a behavioral concern, as cybercriminals use social engineering to trick people into transferring money, entering their credentials, or providing access to sensitive data.
Watch Now
Key considerations webinar cover
Email is both a necessary communication medium, and the most vulnerable area for an attack. Year after year, adversaries find success in abusing email to gain a foothold into an organization—deploying malware, leaking valuable data, or stealing millions of dollars.
Watch Now
B Gartner Highlights 1
The Gartner Market Guide for Email Security explains what integrated cloud email security (ICES) solutions are and why they’re essential for modern enterprises. Download a copy now to learn why enterprises are moving away from the SEG.
Read More