Notifications
Clear all
Topic starter
27/06/2026 1:19 pm
TL;DR: Traditional secure email gateways are failing to stop socially engineered attacks such as supply chain compromise, executive impersonation, and account takeover, according to Abnormal AI’s on-demand webinar. The real issue is not email filtering alone, but identity trust assumptions that break when attacks bypass the SEG layer.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams reduce the impact of account takeover in email workflows?
A: Security teams should combine strong authentication, mailbox behaviour monitoring, and approval segmentation so a compromised inbox cannot automatically trigger high-risk business actions.
Q: Why do secure email gateways miss some modern phishing and impersonation attacks?
A: Secure email gateways miss many modern attacks because the message can look legitimate while the abuse happens through identity trust, trusted threads, or compromised accounts.
Practitioner guidance
- Reclassify email compromise as an identity risk. Map account takeover, executive impersonation, and supplier trust abuse into your IAM and fraud risk models so the response path includes identity verification and approval control, not only email filtering.
- Add out-of-band validation for sensitive requests. Require a separate confirmation step for payment changes, vendor banking updates, and privileged approvals when the request arrives through email, even if the message appears to come from a trusted thread.
- Monitor mailbox behaviour for takeover indicators. Watch for abnormal login geographies, forwarding-rule changes, unusual reply patterns, and sudden access to high-value threads because those signals often appear before the fraud is completed.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The specific Microsoft capability discussion used to position SEG replacement in the webinar.
- The live framing of how socially engineered attacks bypass traditional email defences in real environments.
- The webinar recording and speaker walkthrough of defense in depth considerations for practitioners.
- The CPE credit eligibility process for attendees who complete the on-demand viewing.
👉 Watch Abnormal AI's on-demand webinar on why secure email gateways fall short →
Secure email gateways and identity attacks: what should teams do?
Explore further
27/06/2026 2:37 pm
Secure email gateways are now a partial control, not a primary trust decision. The article captures a broader shift in email security: attackers do not need to defeat message filtering if they can exploit identity confidence instead. That makes the SEG useful for commodity threats, but structurally weak against trusted-thread abuse, executive impersonation, and account takeover. IAM and security teams should read this as a boundary change, not a product preference.
A few things that frame the scale:
- Organizations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases.
A question worth separating out:
Q: How do teams decide whether email security needs identity controls more than another gateway layer?
A: If the main risk is impersonation, account takeover, or abuse of trusted communication paths, identity controls matter more than adding another content filter. Teams should prioritise authentication strength, access governance, and request validation when the attacker’s path depends on being trusted rather than being detected.
👉 Read our full editorial: Secure email gateways are failing against modern identity attacks
