Notifications
Clear all
Topic starter
27/06/2026 1:09 pm
TL;DR: Abnormal Security’s CISO fireside chat says visible executives are easier impersonation targets and that social engineering remains effective because attackers can bypass controls by deceiving employees, according to Abnormal AI. The practical lesson is that identity and email controls must assume human trust is a live attack surface, not a perimeter side issue.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams reduce executive impersonation risk?
A: Security teams should add verification steps that do not depend on recognising the sender, such as callback procedures, second-channel confirmation, and approval rules for sensitive requests.
Q: Why do social engineering attacks still work against mature security programmes?
A: They work because mature controls often stop at authentication, while the real attack happens in the human approval layer.
Practitioner guidance
- Add out-of-band verification for high-risk requests Require a second channel confirmation for payments, password resets, gift card requests, wire changes, and unusual access approvals.
- Treat executive visibility as an identity risk input Score public exposure, role authority, and approval privilege together when assessing who is most likely to be impersonated.
- Harden help desk and privilege workflows against impersonation Use challenge steps, callback procedures, and manager approval for requests involving account recovery, MFA resets, or elevated access.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The live social engineering demonstration targeting ISMG's Tom Field and the exact deception sequence used.
- Mike Britton and Rachel Tobac's discussion of how attackers bypass security controls through trust and urgency.
- Practical defensive techniques for organisations that need to protect executives, approvers, and help desk workflows.
- The on-demand viewing path and CPE eligibility details for practitioners who need the session in full.
👉 Watch Abnormal AI's fireside chat on executive impersonation and social engineering →
Executive impersonation: what security teams need to change now?
Explore further
27/06/2026 2:22 pm
Human identity risk now includes public persona exposure. Executive impersonation is not random phishing. It is a governance problem created when public visibility, role authority, and informal approval habits combine into an exploitable trust profile. Security teams should treat visible leadership presence as part of identity risk, because the attacker’s inputs are often already public.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: Who should own impersonation risk when it affects finance, help desk, and identity teams?
A: Ownership should be shared across IAM, PAM, security awareness, and the business functions that approve sensitive actions. The risk spans identity, messaging, and process controls, so it cannot be solved by one team alone. A common escalation path and control standard are essential.
👉 Read our full editorial: Social engineering and executive impersonation are getting harder to stop
