Notifications
Clear all
Topic starter
27/06/2026 1:24 pm
TL;DR: Email remains a high-risk attack channel, and Abnormal AI’s Vision 2023 conference focused on how cybercrime and cybersecurity are changing through sessions on CISO concerns, business email compromise, and Microsoft 365 protection, with on-demand access and up to 7 ISC2 CPE credits. The core takeaway is that email governance still depends on identity controls, because attacker success often begins where authentication, trust, and user behaviour intersect.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- The Vision 2023 virtual conference was designed to help security leaders learn how the future of cybercrime and cybersecurity is changing.
Questions worth separating out
Q: How should security teams reduce business email compromise risk in Microsoft 365?
A: Security teams should combine conditional access, mailbox governance, OAuth consent restriction, and workflow verification for high-risk actions.
Q: Why do email attacks remain effective even when organisations use MFA?
A: MFA protects the login step, but many email attacks exploit the trust placed in a compromised or impersonated mailbox after authentication.
Practitioner guidance
- Review mailbox delegation and forwarding rules Audit who can redirect mail, create hidden forwarding paths, or act on behalf of executives and finance users.
- Tie email alerts to business approval workflows Link suspicious message detection to controls around payments, password resets, and privileged approvals so that a risky email cannot become an approved action without additional verification.
- Harden OAuth consent and session policy settings Restrict risky app consent, review long-lived sessions, and check for persistence paths that allow an attacker to remain active after the first mailbox compromise.
What to expect at the briefing
Abnormal AI's full article covers the operational detail this post intentionally leaves for the source:
- Session-level content on preparing for future cyber threats and leadership concerns that shape the conference agenda.
- On-demand access to each recorded talk for teams that want the original speaker context and full discussion.
- Coverage of business email compromise and Microsoft 365 protection themes from the conference programme.
- ISC2 CPE eligibility details for practitioners tracking continuing education requirements.
👉 Read Abnormal AI's Vision 2023 sessions on email security and BEC →
BEC and email security in 2023: what should IAM teams notice?
Explore further
27/06/2026 2:45 pm
Email remains one of the easiest identity trust boundaries to abuse. Business email compromise works because organisations still assume inbox identity is equivalent to business intent. That assumption breaks the moment attackers can impersonate, redirect, or inherit trust inside an email workflow. The result is not just a phishing problem, but a failure of identity assurance at the point where human approval is converted into business action.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, including 38% with no or low visibility and 47% with only partial visibility, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: How do you know if email identity controls are actually working?
A: Look for reduced unauthorized forwarding, fewer risky delegation grants, lower rates of unexpected OAuth consent, and faster containment when suspicious business requests appear. Effective controls change behaviour before an attacker can convert email access into a financial or access-management event.
👉 Read our full editorial: Email security and BEC threats remain a live CISO concern
