Joining Abnormal Security
And the future of cybersecurity detection technology moving forward
I recently decided to join Abnormal Security’s product management team and am now going through onboarding. As I am getting more hands-on with the exceptional detection technology that was built here, I’d like to discuss the rapidly changing cybersecurity environment and more about my decision-making process.
BEC- top cybersecurity problem
The threat landscape is shifting. Many attacks now target individuals within an organization to gain access to corporate systems. From an attacker’s point of view, it is much cheaper to generate an attack against individuals versus devices or company assets. According to Andreessen Horowitz, hacking into devices and physical assets is equivalent to a 2.5 million dollar spend as opposed to hacking an individual person that ranges from 1.25 to 350 dollars, depending on the account.
The ramifications are that the new attack surface- is actually your life. Personalized attacks can come from lots of different vectors, including email and social media accounts.The personal information on social media platforms and known email patterns in enterprise organizations make it easy for attackers to wide spread phishing emails across companies. With the fact that the human layer is the weakest link in any security chain, individuals are constantly targeted by social engineering and phishing attacks to gain access to company accounts.
As a result, social engineering attacks are on the rise. Business Email Compromise (BEC) is commonly cited as one of the top three problems in the cyber security industry today, with the FBI evaluating it as a 26B dollar problem. As these attacks become more popular, the complexity of detecting and remediating them grows as well.
More data — better precision over time
During my time at a larger email security vendor, I noticed how the BEC problem is now top of mind for customers. Advisory boards repeatedly mentioned these attacks as a major risk for their organizations.
Many of these attacks look simple to detect on the surface, but were actually very challenging to deal with. Unlike emails with files or URLs that can be scanned, these emails had to be analyzed based on data related to the sender and message language. In these types of challenges, the more data you can collect, the better your detection engine gets. We just did not have enough context and former communication data to determine if its a targeted attack or a rare known sender.
As part of my work, I noticed Abnormal Security as an emerging startup that deals with BEC. Their approach to the problem was different from traditional security vendors, who were built to detect advanced threats in files, URLs and the raw email from the received date. Abnormal developed a behavioral analysis engine detecting social engineering attacks based on data gathered from many signals over time; from communication patterns to tone and intent. With robust data collection, Abnormal Security reduces uncertainty and turns suspicious behavior to accurate detection.
Another key challenge I experienced with social engineering attacks is the difficulty in explaining them to customers. One of Abnormal’s key advantages lies in its user experience and simplification.With a focus on explainability, the product makes sure every team member can understand why this is a social engineering attack, and why it was flagged.
So why Abnormal? And why email security still?
As I was talking to more and more customers, I realized that the shift to Microsoft 365 and Gsuite was larger than I first thought. Even the most cloud adverse companies suddenly had migration plans to move their email infrastructure to the cloud. As I researched more , I recognized a few things:
- These collaboration platforms offer similar features to traditional email security solutions
- The added cost of these collaboration platforms to the IT and security budget is significant
- More and more email security solutions are trying to improve email protection as an added product to these collaboration platforms
With these points in mind, I think the shift to collaboration platforms is actually a very large event in the email security market. Security teams will likely re-evaluate their spending based on the best added value they can get alongside these platforms, and focus on their top email security problems as a guidance to their spending criteria. A company like Abnormal, which built an incredible product to protect social engineering attacks, can utilize the technology and amplify all of email security on these platforms to the best extent.
Mentorship and career growth
With my insights in mind, I started talking to the CPO at Abnormal. During my interview process, I had a chance to speak with almost all of the senior management team in the company, which helped me understand essential quantitative data around the company’s vision and strategy. During the interview process, I evaluated their growth plans and appreciated the forward looking mindset the company has, as well as the experience and expertise of the leadership team. The people I met during my interview process were one of the largest factors of my decision to join the team.
As someone who wishes to go the entrepreneurial route in the future, it was important for me to immerse myself in an environment where I can contribute, but also learn, grow and be mentored. Fortunately, the senior executive team brings years of experience in both entrepreneurship and product development at some of the most successful companies in the public markets today. In the last few weeks of onboarding I am realizing that this is probably one of the top places to learn best practices across the board!
The opportunity in the email security market continues to rise with the threat landscape shifting, and I am very excited to take a part of this journey as an Abnormal Security team member! And the best part is- we are still hiring!
