As phishing, BEC, and supply-chain attacks evolve beyond legacy defences, learn how AI based email protection can block threats before they hit inboxes.
Email. Love it or loathe it. Most of us loathe it, let’s be honest. Who doesn’t dream of an inbox that magically empties itself every now and then… It’s crazy to think that the first email was sent in 1971, over half a century ago. Yet despite the huge growth in instant messaging platforms, email remains the number one communication platform for both internal and external communications, for companies the world over.
To reinforce the point, a recent study found that 89% of IT leaders rank one-to-one email as “important”, slightly ahead of collaboration tools (86%), and on par with instant messaging (IM) and video conferencing platforms. But it’s not all plain sailing, as those of us at the coal face of IT security know. That same study found that 83% of organisations reported email-related security incidents, with 48% experiencing them in the past year.
Weaponised AI: BEC/VEC Threat is Growing
Compromised email accounts are the most common cause of data breaches. Traditional email security solutions can’t effectively detect account takeovers in progress because they lack visibility into identity, behaviour, and device attributes that indicate an account has been hijacked. AI is fuelling this with cybercriminals using AI chatbots, such as ChatGPT, to launch sophisticated business and vendor email compromise attacks.
Towards the end of last year, it was widely noted in the media that the FBI claimed BEC scams cost organizations more than $55 billion between October 2013 and December 2023 (with attacks peaking in the US Q4 holiday season). As it stands, BEC continues to be one of the most financially damaging cyber threats for organisations today. A recent report found that business email compromise attacks accounted for 73% of all reported cyber incidents in 2024.
The proliferation of AI has also opened the floodgates to another flavour of email attacks – vendor email compromise. Unlike traditional phishing, VEC attacks tap into the power of AI to mimic legitimate business email threads, usually replicating tone, branding, and message history, often with high accuracy. Because these emails pass the credibility test, they bypass filters and fool even the most cautious of employees.
Because employees believe these emails are genuine, they are engaging with them at alarming rates. A new study from Abnormal AI found that 72% of employees at large enterprises engaged with fraudulent vendor emails; replying or forwarding messages that contain no links or attachments. The same report also found $300 million in attempted vendor fraud during the observation period of the study, and a staggering 98.5% of text-based advanced attacks went unreported by employees.
Whilst the incidents of VEC attacks is considerably lower at the moment than ransomware or phishing for example, the potential to do damage is far greater because the sophistication of an AI-created fraudulent email makes it so much more difficult to differentiate between legitimate messages and attacks.
Traditional SEGs No Longer Fit For Purpose
Traditional secure email gateways (SEGs) were built for an era of spam and viruses. They did their best work when organisations had on-premises email servers, not cloud solutions like Microsoft 365. These traditional email security solutions use rule and policy-based approaches to identify known indicators of compromise. With the majority of companies now utilising cloud-based email; this study has the number at 73%, the rules of the email security game have fundamentally changed, and traditional SEGs haven’t kept pace.
Added to this the cybercriminals operating today are doing so in a completely different way. It’s night and day. It’s akin to the development of TV. We’ve gone from John Logie Baird’s black and white ‘televisor’, to AI personalised OLED models. Whilst it took the TV industry 100 years to achieve this success, cybercriminals have made parallel leaps in sophistication with today’s subtle, socially engineered threats in less than a decade. Impressive on the one hand. Alarming on the other.
The simple fact is that traditional SEGs were not designed to combat today’s threats, which exploit trusted identities, hijack legitimate accounts, and blend into normal communication patterns bypassing rule-based detection with ease. AI is making it easier than ever.
AI Driving Email Security Strategy Shift
Several years ago, the phrase ‘no silver bullet’ was often used in relation to the predicament IT security teams found themselves in. It was, and still is, a pretty accurate description. Today, the phrase ‘du jour’ is ‘AI – fight fire with fire’. That seems to be pretty accurate too.
In the context of email security, AI delivers a massive step change in the art of what’s possible, because it delivers a solution that not only addresses the relatively ‘straightforward’ issue of credential verification (is this the true sender’s identity), but it also tackles the psychological manipulation element.
AI-driven tools have the capability to analyse real-time data, detecting anomalies, and adapting to new attack vectors. This helps protect a growing attack surface, including cloud services and APIs, where quick and accurate responses are essential. By continuously learning and providing actionable insights, AI-native defences empower organisations to stay ahead of cybercriminals, mitigating both known and emerging threats with agility and precision.
As a specialist in cloud and identity security we work in close partnership with companies with proven technology solutions that will help our customers tackle today’s ever-growing array of cybersecurity challenges. When it comes to email security, our partner of choice is Abnormal, whose mission is to utilise AI to protect organisations from evolving threats that target human behaviour. Its Abnormal Behaviour Platform uses “superhuman understanding of human behaviour to protect against phishing, social engineering, and account takeovers”.
Learn More
Our next BlueFort Security webinar will delve deeper into why SEGs alone can’t stop modern email attacks, and how a behaviour and identity-driven approach offers smarter, more automated protection.
We’ll discuss how to close the gaps left by legacy tools and take back control of your email security strategy.
Join us on 22nd July and learn about:
The Gaps in Traditional SEG Defences Discover how threat actors exploit human trust, internal accounts, and supply chain relationships, to bypass perimeter-based email security.
How Today’s Attacks Differ from the Past Learn why credential phishing, business email compromise (BEC), and account takeovers continue to succeed, even with SEGs in place.
Why an Identity-Aware, Behaviour-Based Approach Works Understand how behavioural baselining and identity modelling detect subtle anomalies traditional tools often miss.
The Power of Native API Integration See how direct integration with Microsoft 365 or Google Workspace enables faster detection, real-time remediation, and complete visibility without disrupting mail flow.
Key Capabilities to Stay Ahead of Attackers Explore the modern features that matter: post-delivery protection, adaptive threat detection, and automation-driven response.
Welcome
Hi Everyone,
Summer’s here, but if you think cybercriminals are off on holiday, think again. We’re seeing a real spike in threats while teams are sunning themselves or working lighter hours. Now’s not the time to take your eye off the ball. Complacency is a hacker’s best friend.
We’re also halfway through BlueFort’s 18th birthday year (yes, we’re finally old enough to celebrate properly!). It’s been a wild ride, and we couldn’t have done it without you. Some of our partners have even shared a few kind words to celebrate, my personal favourites include:
“Congratulations to BlueFort on reaching this remarkable 18-year milestone! Your commitment to cybersecurity excellence has been instrumental in our shared success. We deeply value our partnership with BlueFort, and their unique go-to market proposition” – Kara Sprague, CEO, HackerOne
“Congratulations to BlueFort on 18 incredible years! Your expertise in identity and cloud security has been a game changer for organisations across the UK and beyond, helping them to navigate an increasingly complex threat landscape with confidence. We’re proud to call you a partner and to have been on board from day one” – Nasser El Abdouli, RVP EMEA Channel Sales, F5
On the innovation front, we’re thrilled to announce our new partnership with Abnormal. Their AI-driven email and cloud threat protection is a game-changer, adding serious muscle to your defences against phishing and business email compromise. We’re always looking for the best, so you can benefit from the best.
Let’s not sugarcoat it: the UK’s had its fair share of headline-grabbing breaches lately. It’s a wake-up call for all of us to double down on identity and cloud security. Attackers are getting smarter, but so are we.
Thanks for being part of the BlueFort family. Here’s to a safe, secure, and sun-soaked Summer. Let’s keep our guard up and our spirits high!
Warm regards
Dave Henderson, CEO and Co-Founder
Insuring Against Active Directory Attacks
With identity now the number one attack vector and Active Directory (AD) under constant threat, insurers are taking a closer look at how organisations secure their identity infrastructure. As a result, cyber insurance premiums are rising and underwriters are demanding stronger proof of resilience.
In this blog, we explore why AD has become a focal point for insurers, and how one particular UK law firm customer uncovered and addressed hidden AD vulnerabilities before they became costly.
Protecting Critical Infrastructure from Emerging Supply-Chain Cyber Threats
From the Synnovis ransomware attack, to the Florida water system breach, cyber threats targeting the supply chain are no longer just business disruptions; they’re potential threats to public safety and national infrastructure.
In this post, we unpack the growing wave of digital attacks on critical infrastructure and operational technology (OT) environments, and what organisations must do to mitigate risk and maintain resilience.
A major London-based NHS trust needed to strengthen identity security while meeting stringent CAF and DSPT compliance requirements, all while managing stretched resources and tight budgets.
By partnering with BlueFort Security and Silverfort, the trust replaced its legacy MFA with a modern, scalable solution that delivered comprehensive identity protection across all users and accounts.
Tech Talk Tuesday: Why SEGs Aren’t Enough & How BlueFort Can Help Close Those Gaps
22nd July, 2pm
Email is still the #1 attack vector, but today’s threats are too sophisticated for traditional Secure Email Gateways.
Join us to explore why identity-driven, behaviour-based protection is key to stopping phishing, BEC, and account takeovers. Learn how to close critical gaps, detect subtle anomalies, and modernise your email security with API-driven tools that go beyond the perimeter.
Understanding the Data Risks of Supply Chain: How to Protect Critical Infrastructure from Emerging Threats
Watch OurOn-Demand Webinar
Supply-chain cyberattacks are no longer just an IT issue, they now pose a serious threat to core operations. In this session we explore often overlooked data threats in OT environments, including vulnerabilities linked to third-party files and external connections.
Watch now to discover why third-party data is a critical risk factor, how to navigate evolving regulatory requirements, and how to detect and remediate hidden vulnerabilities. Safeguard your infrastructure against the threats you don’t see coming.
Meet our newest Cybersecurity Consultant, Bradley Fernandes, who joined BlueFort last month. We’ve had a chat with Bradley to get to know him better as he settles into his new role.
