Josh Neame, CTO, BlueFort Security
Email. Love it or loathe it. Most of us loathe it, let’s be honest. Who doesn’t dream of an inbox that magically empties itself every now and then… It’s crazy to think that the first email was sent in 1971, over half a century ago. Yet despite the huge growth in instant messaging platforms, email remains the number one communication platform for both internal and external communications, for companies the world over.
To reinforce the point, a recent study found that 89% of IT leaders rank one-to-one email as “important”, slightly ahead of collaboration tools (86%), and on par with instant messaging (IM) and video conferencing platforms. But it’s not all plain sailing, as those of us at the coal face of IT security know. That same study found that 83% of organisations reported email-related security incidents, with 48% experiencing them in the past year.
Weaponised AI: BEC/VEC Threat is Growing
Compromised email accounts are the most common cause of data breaches. Traditional email security solutions can’t effectively detect account takeovers in progress because they lack visibility into identity, behaviour, and device attributes that indicate an account has been hijacked. AI is fuelling this with cybercriminals using AI chatbots, such as ChatGPT, to launch sophisticated business and vendor email compromise attacks.
Towards the end of last year, it was widely noted in the media that the FBI claimed BEC scams cost organizations more than $55 billion between October 2013 and December 2023 (with attacks peaking in the US Q4 holiday season). As it stands, BEC continues to be one of the most financially damaging cyber threats for organisations today. A recent report found that business email compromise attacks accounted for 73% of all reported cyber incidents in 2024.
The proliferation of AI has also opened the floodgates to another flavour of email attacks – vendor email compromise. Unlike traditional phishing, VEC attacks tap into the power of AI to mimic legitimate business email threads, usually replicating tone, branding, and message history, often with high accuracy. Because these emails pass the credibility test, they bypass filters and fool even the most cautious of employees.
Because employees believe these emails are genuine, they are engaging with them at alarming rates. A new study from Abnormal AI found that 72% of employees at large enterprises engaged with fraudulent vendor emails; replying or forwarding messages that contain no links or attachments. The same report also found $300 million in attempted vendor fraud during the observation period of the study, and a staggering 98.5% of text-based advanced attacks went unreported by employees.
Whilst the incidents of VEC attacks is considerably lower at the moment than ransomware or phishing for example, the potential to do damage is far greater because the sophistication of an AI-created fraudulent email makes it so much more difficult to differentiate between legitimate messages and attacks.
Traditional SEGs No Longer Fit For Purpose
Traditional secure email gateways (SEGs) were built for an era of spam and viruses. They did their best work when organisations had on-premises email servers, not cloud solutions like Microsoft 365. These traditional email security solutions use rule and policy-based approaches to identify known indicators of compromise. With the majority of companies now utilising cloud-based email; this study has the number at 73%, the rules of the email security game have fundamentally changed, and traditional SEGs haven’t kept pace.
Added to this the cybercriminals operating today are doing so in a completely different way. It’s night and day. It’s akin to the development of TV. We’ve gone from John Logie Baird’s black and white ‘televisor’, to AI personalised OLED models. Whilst it took the TV industry 100 years to achieve this success, cybercriminals have made parallel leaps in sophistication with today’s subtle, socially engineered threats in less than a decade. Impressive on the one hand. Alarming on the other.
The simple fact is that traditional SEGs were not designed to combat today’s threats, which exploit trusted identities, hijack legitimate accounts, and blend into normal communication patterns bypassing rule-based detection with ease. AI is making it easier than ever.
AI Driving Email Security Strategy Shift
Several years ago, the phrase ‘no silver bullet’ was often used in relation to the predicament IT security teams found themselves in. It was, and still is, a pretty accurate description. Today, the phrase ‘du jour’ is ‘AI – fight fire with fire’. That seems to be pretty accurate too.
In the context of email security, AI delivers a massive step change in the art of what’s possible, because it delivers a solution that not only addresses the relatively ‘straightforward’ issue of credential verification (is this the true sender’s identity), but it also tackles the psychological manipulation element.
AI-driven tools have the capability to analyse real-time data, detecting anomalies, and adapting to new attack vectors. This helps protect a growing attack surface, including cloud services and APIs, where quick and accurate responses are essential. By continuously learning and providing actionable insights, AI-native defences empower organisations to stay ahead of cybercriminals, mitigating both known and emerging threats with agility and precision.
As a specialist in cloud and identity security we work in close partnership with companies with proven technology solutions that will help our customers tackle today’s ever-growing array of cybersecurity challenges. When it comes to email security, our partner of choice is Abnormal, whose mission is to utilise AI to protect organisations from evolving threats that target human behaviour. Its Abnormal Behaviour Platform uses “superhuman understanding of human behaviour to protect against phishing, social engineering, and account takeovers”.
Learn More
Our next BlueFort Security webinar will delve deeper into why SEGs alone can’t stop modern email attacks, and how a behaviour and identity-driven approach offers smarter, more automated protection.
We’ll discuss how to close the gaps left by legacy tools and take back control of your email security strategy.
Join us on 22nd July and learn about:
- The Gaps in Traditional SEG Defences
Discover how threat actors exploit human trust, internal accounts, and supply chain relationships, to bypass perimeter-based email security. - How Today’s Attacks Differ from the Past
Learn why credential phishing, business email compromise (BEC), and account takeovers continue to succeed, even with SEGs in place. - Why an Identity-Aware, Behaviour-Based Approach Works
Understand how behavioural baselining and identity modelling detect subtle anomalies traditional tools often miss. - The Power of Native API Integration
See how direct integration with Microsoft 365 or Google Workspace enables faster detection, real-time remediation, and complete visibility without disrupting mail flow.
Key Capabilities to Stay Ahead of Attackers
Explore the modern features that matter: post-delivery protection, adaptive threat detection, and automation-driven response.
