Notifications
Clear all
Topic starter
27/06/2026 1:10 pm
TL;DR: Public sector employees and volunteers are facing rising business email compromise and credential phishing pressure, with Abnormal Security’s on-demand webinar framing how threat actors are adapting to government environments and why inbox protection has become a higher priority. The central issue is that traditional controls still assume user attention will absorb most of the risk, which is no longer a safe assumption.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should public sector teams reduce business email compromise risk?
A: Public sector teams should combine phishing-resistant MFA, tight recovery controls, and rapid containment for suspicious inbox activity.
Q: Why are government employees and volunteers attractive phishing targets?
A: Government employees and volunteers often have access to trusted workflows, sensitive records, or downstream approvals, while their security training and oversight can vary.
Practitioner guidance
- Harden government email authentication Require phishing-resistant MFA for staff, contractors, and volunteers who can access government systems, and remove fallback authentication paths that allow easy account recovery after compromise.
- Link inbox alerts to identity response Connect mailbox compromise detections to conditional access, session revocation, and help desk escalation so that a suspicious login can trigger immediate containment across connected services.
- Review volunteer and short-tenure access Audit identities with short service windows or inconsistent oversight, then verify that offboarding, access review, and credential reset steps are completed before access is no longer needed.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- Fireside chat context from Mike Britton and Jeff Brown on how state-level security teams are handling the threat landscape.
- Practical discussion of how public sector employees become vulnerable to business email compromise and credential phishing.
- Operational framing for doing more with less in a constrained government security environment.
- Election-period preparation considerations for organisations expecting a higher volume of attacks.
👉 Watch Abnormal AI's webinar on public sector credential phishing and BEC →
Credential phishing in government inboxes: what teams need to know?
Explore further
27/06/2026 2:24 pm
Public sector phishing is an identity governance problem, not a mail filter problem. The article’s central warning is that attackers are increasingly targeting the people and workflows that governments rely on most, especially employees and volunteers. That means the real control question is whether identity governance can still contain damage after one inbox is touched. Practitioners should treat email compromise as a gateway condition for broader identity misuse, not as a narrow messaging incident.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- A separate finding from the same research shows that only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs.
A question worth separating out:
Q: Who should be accountable when a phishing email leads to account takeover?
A: Accountability should sit with the teams that own identity recovery, email protection, and access governance together, not with end users alone. If a phished inbox can still trigger resets or approvals, the failure is systemic. Government security leaders should align email response, IAM, and incident handling so the first compromise does not become a broader trust failure.
👉 Read our full editorial: Public sector credential phishing is intensifying government inbox risk
