Notifications
Clear all
Topic starter
27/06/2026 1:11 pm
TL;DR: Email remains a primary attack path for malware, data theft, and fraud, and the webinar argues that legacy controls are no longer enough to stop modern campaigns, according to Abnormal AI. The practical shift is toward integrated detection and response that can adapt to changing email threat patterns rather than relying on static filters.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams defend against modern email attacks that bypass legacy filters?
A: They should use layered detection that combines message content, sender reputation, user behavior, and post-delivery response.
Q: Why do email threats matter to IAM and PAM teams, not just email teams?
A: Email often starts the chain that leads to account takeover, approval abuse, or privileged access misuse.
Practitioner guidance
- Map email alerts to identity workflows Route suspicious mailbox activity into IAM, PAM, and incident response processes so credential resets, session revocation, and vendor verification happen together instead of in separate queues.
- Test detection against business-context attacks Run simulations that use thread hijacking, invoice fraud, and executive impersonation rather than only obvious phishing templates, then measure whether the platform detects the behavior before user action.
- Review delegated access and mailbox permissions Audit shared inboxes, forwarding rules, service mailbox access, and approval paths to make sure email cannot be used to bootstrap unauthorized access into SaaS or cloud workflows.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The live question-and-answer discussion with Jake Williams and Mike Britton on how modern email threat patterns differ from legacy attacks.
- Practical examples of the technical capabilities modern email security providers are expected to support in real deployments.
- Discussion of how AI, machine learning, and data science are used to detect costly attacks that evade rule-based filters.
- The on-demand viewing path and CPE eligibility details for practitioners who need to validate the session for training credit.
👉 Watch Abnormal AI's on-demand webinar on modern email threats →
Email threats are evolving fast, are your controls keeping up?
Explore further
27/06/2026 2:25 pm
Email abuse is an identity problem before it is a messaging problem. The webinar's core message is that modern email threats exploit trust, attention, and business process, not just inbox delivery. Once a message can trigger credential theft, payment diversion, or delegated access, the boundary between email security and identity security disappears. Practitioners should treat mailbox abuse as a precursor to access compromise, not a separate class of risk.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
- The same research found that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, with 38% reporting no or low visibility and 47% reporting only partial visibility.
A question worth separating out:
Q: What should teams do when email is being used to bootstrap access into business systems?
A: Treat email permissions, forwarding rules, shared mailboxes, and approval chains as part of access governance. Then verify that suspicious mail events can trigger credential review, session revocation, and vendor confirmation before business action is completed. That reduces the chance that a message becomes a path into SaaS, cloud, or privileged workflows.
👉 Read our full editorial: Modern email threats demand integrated defense, not legacy controls
