Abnormal’s CISO On People-Centric Security, GenAI Phishing Scams
Expert Insights interviews Mike Britton, CISO at Abnormal Security.
Information security is a human-centered issue, Mike Britton, CISO at Abnormal Security tells Expert Insights. “Most breaches occur because someone has taken over an account. Social engineering is a very powerful mechanism for attackers.”
Abnormal Security is a provider of AI-powered email security and phishing protection solutions. It secures more than 2,000 customers and has an ARR of over $100 million USD. Abnormal is part of a new generation of cloud-native email security solutions that work directly with Microsoft 365 and Google Workspace to combat social engineering-based email threats, such as phishing attacks.
Unlike traditional email gateways which scan email content as it enters the network, Abnormal uses machine learning to analyze the content of an email message in real-time to determine if it is harmful or not. Gartner classifies this new category as ‘Integrated Cloud Email Security,’ (ICES). It is a market that has quickly become very competitive.
One of Abnormal’s differentiators, Britton says, is that it is focused on human-centric security, in a way that goes beyond just the email environment. “Email has always been what I call ‘Grand Central Station.’ It’s still the core heartbeat and the way the organization communicates with others, whether that’s partners, customers, vendors or internal employees. Email is the single common factor. But it’s not the only one.”
At RSAC 2024, Abnormal announced it was extending its account takeover protection product beyond just email security, to provide cross-platform user behavior analysis and account compromise protection. “Everybody uses a SaaS for ERP, for HR, for their CRM. SaaS is so easy to log in to, and those same flaws are there. We’re expanding our reach to not just be email security, but human centric security. We’re focused on protecting the corporate business for an organization.”
GenAI Phishing
Abnormal’s platform is built around a machine learning core that can understand the baseline for normal behavior in the organization and uses that information to prevent suspicious email events and log in attempts. “We were AI before AI was cool!” Britton says. But since generative AI launched, has there been a rise in AI-generated phishing scams?
“Attackers are able to automate their attacks,” Britton says. “They’re able to leverage generative AI to write better messages. You can see scarier attacks like deep fakes out there. It’s not mainstream yet, but we are seeing more and more use of generative AI to help craft the message. But it’s not just the bad guys. The whole world is using it. So why wouldn’t an attacker also?”
“Generative AI is here to stay. There are so many useful things you can do with it. As security, it’s our job to enable and see the benefits of it, and I think we’ll see a lot of benefits in the security space too.”
Abnormal’s second big product announcement at RSAC 2024 was a new ‘AI Security Mailbox’ product, which is essentially a co-pilot for email that triages and remediates user-reported phishing emails and generates natural language training for end employees.
With this product, Britton explains, “We will not only analyze the email, but we’ll kick back a message to the user, leveraging generative AI. It’s not a canned response, it’s context.” This context could include how many times you have spoken to the user, if the domain has DMARC configured, and tips on what to look out for in a harmful message in the future.
“Not only that,” Britton continues, “But you can email and reply back to the AI Security Mailbox, and it’ll provide more additional information. And it’s through email, not some separate console. We’re a big believer in the right training and awareness for the right person, at the right time.”
Invest In Innovation
As the CISO for a rapidly growing email security company, Britton has a stressful job. But he’s not losing any sleep over it – “I have five kids, so I feel that’s more stressful. And I use the best email security platform in the world. So, no, it doesn’t keep me up at night!”
His advice for other CISOs is to make sure that they invest in new technologies, and break with the status quo.
“I’ve been doing this so long, the problem’s not going away. Part of it, I think, is there’s a lot of CISOs who are afraid to lean into the newer technologies, afraid to break away from the status quo, afraid to look at different approaches to solving the problem.”
Prior to joining Abnormal, Britton was an Abnormal customer. “I’ve had a good track history with picking early winners. I picked Abnormal; I was customer number 20. I think I was customer number 3 for Wiz. I picked really good solutions. Maybe I’m just lucky. But a part of that is I really want to lean into technology companies that are willing to take a different approach on solving the problem that are customer obsessed and more willing to work with me and take my feedback and making the product better.”
“One piece of advice would be really lean into that. Challenge the status quo, lean into those newer technology players that are innovating faster. There’s nothing wrong with the big legacy players, but they just don’t innovate as fast as the scrappy younger, newer companies.”