Notifications
Clear all
Topic starter
27/06/2026 1:13 pm
TL;DR: EAB says its security team blocked thousands of phishing and business email compromise attacks across a partner ecosystem of 2,500+ education institutions after modernising email security and moving away from a legacy SEG, according to Abnormal AI. The case shows why email-layer controls now need to be judged on ecosystem reach, not inbox filtering alone.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- EAB collaborates with over 2,500 institutions to drive transformative change through data-driven insights.
Questions worth separating out
Q: How should security teams reduce business email compromise risk in partner-heavy environments?
A: They should treat email as an identity and workflow risk, not only a content-filtering problem.
Q: Why do legacy email gateways struggle with modern phishing campaigns?
A: Legacy gateways often depend on signatures, reputation, and static policy checks, which are weak against impersonation, compromised senders, and context-driven social engineering.
Practitioner guidance
- Map identity-changing workflows that start in email Identify every process where an email can trigger password resets, vendor updates, payment changes, access changes, or exception approvals.
- Add out-of-band checks for high-risk requests Use a second channel for any request that can move money, alter privileges, or modify partner data.
- Review SEG performance against abuse tactics Test whether the current email stack can block impersonation, compromised-account abuse, and low-and-slow BEC rather than only bulk spam.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The live case study behind EAB's email security changes and the operational context for the partner ecosystem.
- Specific tactics used to stop phishing and BEC messages before they reached inboxes.
- Workflow and process changes that reduced manual effort for executives and IT teams.
- The security rationale behind moving away from a legacy SEG in a high-volume education environment.
👉 Watch Abnormal AI's webinar on EAB's email security changes →
Legacy email security and BEC: what EAB's case shows?
Explore further
27/06/2026 2:28 pm
Legacy email security is increasingly a trust-management problem, not a filtering problem. EAB's case shows that the real issue is not whether the gateway can catch obvious spam, but whether the programme can absorb phishing and BEC attempts across a partner ecosystem without relying on message appearance alone. Once identity-related workflows and external trust relationships become the target, inbox inspection is only one control layer. Practitioners should treat email as part of identity governance, not as a separate security silo.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: How do teams know if email security is actually protecting the business?
A: They should measure whether suspicious messages are being stopped before they reach decision-makers and whether risky workflows still depend on inbox trust. If phishing still reaches the people who can approve changes, or if partner requests bypass verification, the programme is reducing noise but not materially lowering business compromise risk.
👉 Read our full editorial: EAB's email security masterclass shows the SEG is not enough
