Step Into The Future of Cybersecurity — Save your spot at the Human Layer Security Summit for free.

Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
Threat Intel, Spear Phishing
Threat Intelligence: COVID-19 Proof of Vaccination Scams
By Charles Brook
Thursday, October 21st, 2021
Scammers and threat actors are continuing to use the COVID-19 pandemic as a theme for their phishing campaigns. The latest trend? Asking people to download their ‘proof of vaccination’ or vaccine certificates. In fact, in a recent Tessian survey, 35% of US citizens and 22% of UK citizens said they’d received a ‘proof of vaccination’ phishing email this year.  That’s because (as you likely know) most businesses and travel companies are requesting that people now provide proof of vaccination or digital vaccine credentials. Attackers see this as an incentive to get targeted recipients to click links in phishing emails.  What do these emails contain?  Tessian researchers have been analyzing emails related to ‘proof of vaccination’ scams over the past six months and found that, in many of the emails, cybercriminals will apply a sense of urgency to their messages, using subject lines that include “IMPORTANT” and “OFFICIAL”.  This is a common social engineering tactic, prompting the person to act quickly so that they don’t spend too much time thinking about the consequences of complying with the request.  The call to action in 80% of the emails analyzed is to click a link to request and download a COVID-19 vaccination passport or certificate, explaining that if the recipient doesn’t have their proof of vaccination, they won’t be able to travel or must remain in quarantine. Wouldn’t you want to act fast? Most emails also contained a payload of either a malicious link or attachment which would direct the recipient to a web page designed to trick them into entering sensitive information such as personal details, credit card or banking details in order to receive their proof of vaccination.
Of the emails analyzed, 20% of them contained language indicating an intent to steal information. Once cybercriminals have this information, they can use it to access your other online accounts or commit identity fraud.  In the UK, the majority of the ‘proof of vaccination’ scams saw attackers impersonate the National Health Service (NHS), tricking their targets into thinking they’d received an email from a legitimate and trustworthy source.  Here’s an example of an email sent from a business email address using compromised credentials:
For anyone quickly glancing at this email, it looks like the real deal.  The attacker has spoofed the NHS in its display name, used the correct logo, and avoided any spelling mistakes. Only when you look at the sender’s email address can you see that it’s not actually from the NHS.  How can you avoid falling for a ‘proof of vaccination’ scam?  If you require ‘proof of vaccination’ for any of your upcoming holidays, plans, or activities, or if you have any questions, always go through direct channels with your local authority. You can find their email addresses or phone numbers via their website.  Remember;  For UK residents, the NHS App is free, the NHS Covid Pass is free, and the NHS will never ask for payment or any financial details. For US residents, COVID-19 vaccination providers cannot charge you for a vaccine or charge you for any administration fees, copays, or coinsurance.  So, if the sender of the email is asking you for money or payment information, such as bank details or card details, it is likely a scam. If it looks suspicious, avoid clicking any links or attachments. Mark the email as spam or move it to your junk folder to help improve dedication against the type of malicious email and if you’ve received the email on your work email, then report it to your IT team. Then, hit delete.
Read Blog Post
Spear Phishing
CEO Fraud Prevention: 3 Effective Solutions
Wednesday, October 20th, 2021
CEO fraud is a type of cybercrime in which the attacker impersonates a CEO or other company executive. The fraudster will most often use the CEO’s email account — or an email address that looks very similar to the CEO’s — to trick an employee into revealing sensitive data or transferring money. A report by UK Finance suggests that CEO fraud is among the main eight types of fraud attacks targeting consumers and businesses Like all types of phishing, CEO fraud attacks are very difficult for employees to spot. Some legal technical solutions, such as Secure Email Gateways (SEGs) can also struggle to detect this increasingly sophisticated type of cybercrime. But, there are still ways to prevent successful CEO fraud attacks. The key? Take a more holistic approach by combining training, policies, and technology. We’ve outlined three techniques that are crucial to help your organization defend against CEO fraud and other related types of cybercrime. Before we start: CEO fraud is a type of Business Email Compromise (BEC). If you want to learn more about BEC before diving into CEO fraud, you can check out this article: What Is Business Email Compromise? You can also get an introduction to CEO Fraud in this article: What is CEO Fraud? 1. Raise employee awareness Security is everyone’s responsibility. That means everyone – regardless of department or role –  must understand what CEO fraud looks like.  Staff training is getting tougher as CEO fraud gets more sophisticated. The FBI’s Internet Crime Complaint Centre (IC3) warns that along with CEOs, cybercriminals increasingly impersonate a broad range of actors, including vendors, lawyers, and payroll departments. So where do you start when training employees to detect CEO fraud attacks? Using real-world examples to point out common red flags can help.
What are the signs that this email is part of a CEO fraud attack?First off, note the lack of spelling errors. Poor spelling and grammar can be a phishing indicator, but this is increasingly unlikely in today’s more sophisticated cybercrime environment. Also, notice the personal touches — Sam’s familiar tone, his references to Kat working from home, and his casual email sign-off. Fraudsters go to great efforts to research their subjects and their targets, whether via hacking or simply using publicly available information. These persuasive elements aside, can you spot the red flags? Let’s break them down: The sender’s email address: The domain name is “” (which looks strikingly similar to, especially on mobile). Domain impersonation is a common tactic for CEO fraudsters. The sense of urgency: The subject line, the ongoing meeting, the late invoice—creating a sense of urgency is near-universal in social engineering attacks. Panicked people make poor decisions. The authoritative tone: “Please pay immediately”: there’s a reason cybercriminals impersonate CEOs — they’re powerful, and people tend to do what they say. Playing on the target’s trust: “I’m counting on you”. Everyone wants to be chosen to do the boss a favor. Westinghouse’s “new account details”: CEO fraud normally involves “wire transfer phishing”—this new account is controlled by the cybercriminals. Your cybersecurity staff training program should educate employees on how to recognize CEO fraud, and what to do if they detect it. Check the sender’s email address for discrepancies. This is a dead giveaway of email impersonation. But remember that corporate email addresses can also be hacked or spoofed. Feeling pressured? Take a moment. Is this really something the CEO is likely to request so urgently? New account details? Always verify the payment. Don’t pay an invoice unless you know the money’s going to the right place. Looking for a resource that you can share with your employees? We put together an infographic outlining how to spot a spear phishing email. While these are important lessons for your employees, there’s only so much you can achieve via staff training. Take it from the U.K.’s National Cyber Security Centre (NCSC): “Spotting phishing emails is hard, and spear phishing is even harder to detect. Even experts from the NCSC struggle.  The advice given in many training packages, based on standard warnings and signs, will help your users spot some phishing emails, but they cannot teach everyone to spot all phishing emails.” Humans are often led by emotion, and they’re not good at spotting the small giveaways that might reveal a fraudulent email. Sometimes, even security experts can’t! (More in this here: Pros and Cons of Phishing Awareness Training.) 
2. Implement best cybersecurity practice Beyond staff training, every thriving company takes an all-around approach to cybersecurity that minimizes the risk of serious fallout from an attack. Many companies choose to implement a cybersecurity framework, such as the CIS Critical Security Controls or the NIST Cybersecurity Framework, to help them adopt security controls and protections in a systematic and comprehensive way. Here are some important security measures that will help protect your company’s assets and data from CEO fraud: Put a system in place so employees can verify large and non-routine wire transfers, ideally via phone Protect corporate email accounts and devices using multi-factor authentication (MFA) Ensure employees maintain strong passwords and change them regularly Buy domains that are similar to your company’s brand name to prevent domain impersonation Regularly patch all software Closely monitor financial accounts for irregularities such as missing deposits Deploy an email security solution All the above points are crucial cybersecurity controls. But let’s take a closer look at that final point — email security solutions. 3. Deploy intelligent inbound email security CEO fraud attacks overwhelmingly take place via email (along with 96% of all phishing attacks).  That’s why deploying an email security solution is one of the most effective steps you can take to prevent this type of cybercrime. But not just any email security solution.  Legacy solutions like Secure Email Gateways (SEGs), spam filters, and Microsoft and Google’s native tools generally can’t spot sophisticated attacks like CEO fraud. Why? Because they rely almost entirely on domain authentication and payload inspection. This means they tend to check publicly available records to verify the authenticity of an email address, and examine any attachments to see if they contain malware. Social engineering attacks like CEO fraud easily evade these mechanisms. Tessian is different. Tessian Defender uses machine learning (ML), anomaly detection, behavioral analysis, and natural language processing (NLP) to detect a variety of signals indicative of CEO fraud. Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects both the content and metadata of inbound emails for any signals suggestive of CEO fraud. For example, suspicious payloads, anomalous geophysical locations, out-of-the-ordinary IP addresses and email clients, keywords that suggests urgency, or unusual sending patterns.  Once it detects a threat, Tessian alerts employees that an email might be unsafe, explaining the threat in easy-to-understand language.
Click here to learn more about how Tessian Defender protects your team from CEO fraud and other email-based cybersecurity attacks. You can also explore our customer stories to see how they’re using Tessian Defender to protect their people on email and prevent social engineering attacks like CEO Fraud.
Read Blog Post
Human Layer Security
Fear Isn’t The Motivator We Think It Is…
Tuesday, October 19th, 2021
The ground is shaking under one of cybersecurity’s favorite acronyms. Dr. Karen Renaud, Chancellor’s Fellow at the University of Strathclyde and Dr. Marc Dupuis, Assistant Professor at the University of Washington Bothell believe that fear, uncertainty and doubt (FUD) aren’t all they are cracked up to be.  In their recent Wall Street Journal Article, ‘Why Companies Should Stop Scaring Employees About Security’, they unpack the use of scaremongering in cybersecurity training and tell us how fear truly impacts decision making. Listen to the full podcast here, or read on for Dr. Karen Renaud’s & Dr. Marc Dupuis’s top three takeaways. Too much fear burns people out and makes them less responsive to fear appeals KR: The literature tells us that when people are targeted by a fear appeal they can respond in one of two ways. They can either engage in a danger-control response or a fear-control response.  A danger-control response is generally aligned with what the designer of the appeal intended. So if a fear appeal is trying to encourage a user to back up their files, a danger-control response would involve the user making the backup.  Alternatively, a fear-control response sees the user try to combat the fear. They don’t like the feeling of fear, so they act to stop feeling it – they attack the fear rather than the danger itself. This response is undesirable as the user might go into denial or become angry with the person or organisation who has exposed them to the fear appeal. Ultimately, the user is unlikely to take the recommended action. When we consider events such as the COVID-19 pandemic, you can see how adding cybersecurity fear appeals to people’s pre-existing fear runs the risk of users feeling overwhelmed and having a fear-control response. People are already seeing so many fear appeals that they are likely to go into denial and refuse to take the message on board.  Fear appeals can encourage people to take more risks MD: I have a three-and-a-half-year-old son. Unlike my daughter, if I tell him to not do something like stand on a chair, and explain that he might crack his head open if he does, he’ll do it. So, he’ll climb on the chair, and then if he doesn’t crack his head open he’ll say ‘See daddy, I didn’t crack my head open!’, and in his mind, my warning has been disproved. This scenario with my son speaks to another point on fear appeals – we scare people to try and get them to not do something, but when they do it anyway and nothing bad happens it only reinforces the idea that the consequences aren’t that bad. KR: You can see examples of this kind of thing throughout history. If you look back at the German bombings of London during the second world war, something similar happened. Though the goal of the Germans was to get Britain to capitulate, the bombings provoked a totally different response – the British people became more defiant. People get afraid of being afraid, and we need to consider this when designing cybersecurity training and messaging.
MD: We are all responsible for changing the narrative in cybersecurity away from fear, uncertainty, and doubt (FUD), and it starts with conversations like this. It is easy to criticize something, but the question we then need to answer is… what can we replace it with? We know self-efficacy is the major player – but what is that going to look like? I believe that approaches will vary between organisations but the underlying concepts will be the same, such as creating a less punitive system and building a sense of togetherness. KR: When you treat your users as a problem it informs the way you manage them. Currently, many organisations see their employees as a problem – they’ll train them, they’ll constrain them, and then they’ll blame them when things go wrong! Unfortunately, this method stops users from being part of the solution and creates the very problem you’re trying to solve.  To improve cybersecurity, it is crucial that you make everyone feel like they’re part of the defense of the organisation. My research with the Technical University of Darmstadt looked into what kind of things we could do to make this happen, and it really comes down to a few core principles: Encourage collaboration and communication between colleagues – So we can support each other. Build resilience as well as resistance – Currently, there is a huge focus on resisting security threats, but we also need to know how to bounce back when things do go wrong.  Flexible and responsive security training and awareness policies – We treat security training and awareness policies as a one-size-fits-all, but this is outdated. We need to ask people if what we are proposing is possible for them and the role that they do, and adapt accordingly.  Learn from successes, not just mistakes – What did some people spot in a phishing message that others didn’t? Teach other people those techniques. Recent examples in other industries, such as safety, have shown that putting the power into employees’ hands can be revolutionary. We are yet to see it done in cybersecurity, but I’m certain that it is right around the corner.   Want more insights like this? Make sure you subscribe to RE: Human Layer Security on Apple and Spotify.
Read Blog Post
Spear Phishing
What is CEO Fraud? How to Identify CEO Email Attacks
Friday, October 15th, 2021
As we’ll explain below, there are several different methods used by cybercriminals to carry out a CEO fraud attack. But they all have one thing in common: money. Most often, a CEO fraud email will urgently request the employee to pay a supplier’s “invoice” using new account details. Cybercriminals use sophisticated techniques and meticulous research to make the attack as persuasive as possible.  Why do cybercriminals impersonate CEOs and other high-level executives? Two reasons: Power: CEOs have the authority to instruct staff to make payments. Status: Employees tend to do what CEOs ask. No one wants to upset the boss. CEO fraud vs. other types of cybercrime There’s some confusion about CEO fraud and how it relates to other types of cybercrime. Let’s clear a few things up before looking at CEO fraud in more detail. CEO fraud is related to the following types of cybercrime: Social engineering attack: Any cyberattack in which the attacker impersonates someone that their target is likely to trust. Phishing: A social engineering attack conducted via email (there are other forms of phishing, such as “smishing” and “vishing” via SMS and phone). Spear phishing: A phishing attack targeting a named individual. Business Email Compromise (BEC): A phishing attack conducted via a hacked or spoofed corporate email account.
These types of cyberattack all utilize email and impersonation—two critical elements of a CEO fraud attack. CEO fraud is not to be confused with “whaling”: a phishing attack where the cybercriminal targets—rather than impersonates—a CEO or other senior company employee. More on that in this article: Whaling: Examples and Prevention Strategies. CEO Fraud techniques As explained above, CEO fraud is related to Business Email Compromise. That’s because the attacker needs to make it look like they’re a senior employee of your company—so any email they send must appear to have come from a company account. There are three main ways cybercriminals can compromise a CEO’s email account: Hacking: Forcing entry into the CEO’s business email account and using it to send emails. This is the CEO fraud technique that’s most difficult to detect. Spoofing: Sending an email from a forged email address and evading authentication techniques such as DMARC. Impersonation: Using an email address that looks similar to a CEO’s email address. This can take the form of a “display name impersonation attack.” Once the threat actor has taken control of a CEO’s email account—or has convincingly impersonated their email address—they use one of the following techniques to attack the target organisation: Wire transfer phishing: The attacker asks the target to pay an invoice. According to the FBI, businesses lose billions of dollars per year via this type of phishing attack. Gift certificate phishing: The attacker asks the targets to buy them gift certificates. Gift certificates can be harder to trace than a bank transfer. Check out this (hilarious) example “from” Tessian’s own CEO. Malicious payload: The email contains an innocent-looking attachment that installs malware on the target company’s systems. Anatomy of a CEO fraud attack Now let’s take a look at an example of a CEO fraud attack to help you better understand the process. Like all social engineering attacks, CEO fraud attacks exploit people’s feelings of trust and urgency. When the CEO is “in a meeting” or “at a conference” and needs an urgent favor, employees don’t tend to second-guess them.  Here’s how a CEO fraud email might look. Now, for the sake of the example, imagine your boss is Thomas Edison. Yes, that Thomas Edison.
There are a few things to note about this CEO fraud email: Note the subject line, “Urgent request,” and the impending payment deadline. This sense of urgency is ubiquitous among CEO fraud emails. The fraudster uses Thomas’s casual email tone and his trademark lightbulb emoji. Fraudsters can do a great impersonation of a CEO by scraping public data (plenty is available on social media!) or by hacking their email and observing their written style. Cybercriminals do meticulous research. Thomas probably is in Florida. “Filament Co.” might be a genuine supplier and an invoice might even actually be due tomorrow. There’s one more thing to note about the email above. Look at the display name — it’s “Thomas Edison”. But anyone can choose whatever email display name they want. Mobile email apps don’t show the full email address, leaving people vulnerable to crude “display name impersonation” attacks. Cybercriminals can also set up a fake email domain impersonating your company’s real domain name. The domain is the part of the email address after the “@” sign. A cybercriminal impersonating Bill Gates, for example, might purchase a domain such as “” or “”.  Likewise, using “freemail impersonation”, a less sophisticated attacker might simply set up an email account with any free email provider using the CEO’s name (think “”). It sounds crude, but such attacks really can work. We explain domain impersonation in more detail – including plenty of examples – in this blog: Inside Email Impersonation: Why Domain Name Spoofs Could be Your Biggest Risk. How common is CEO fraud? It’s fair to say that cybercrime has gone into overdrive in recent years. Data from the FBI’s Internet Crime Complaint Center (IC3), released March 2021, shows a record-breaking number of cybercrime complaints in 2020. The IC3 reports a 69% increase in the number of complaints since 2019, with reported losses exceeding $4.1 billion dollars. The main cause of cybercrime reported to the IC3 was—you guessed it—phishing. So it’s clear that cybercrime, particularly phishing, is pervasive—and increasingly so. But what about CEO fraud itself? CEO fraud once dominated the cybercrime landscape. However, there is some evidence that cybercriminals are moving away from CEO fraud and towards a broader range of more sophisticated social engineering attacks. In 2020, the FBI noted that while CEO fraud previously dominated BEC, cybercriminals now impersonate a broader range of actors, including vendors, lawyers, and payroll departments. And a report by UK Finance suggests that while CEO fraud is still among the main eight types of fraud attacks targeting consumers and businesses, there was a 14% percent drop in CEO fraud attacks between the first half of 2020 and the first half of 2021. (So it’s not all doom and gloom…) These days, employees don’t only have to be wary of CEO fraud attacks. They also need to watch out for more advanced cybercrime techniques like Account Takeover (ATO), deepfakes, and ransomware. But CEO fraud is still a big deal. And as with all other types of social engineering attacks, there’s evidence that CEO fraud attacks are becoming more sophisticated and easier for threat actors to carry out. For example, in March 2021, a CEO fraud “phishing kit” was discovered that enabled cybercriminals to easily host fake Office 365 login pages in the cloud storage tool Backblaze. Want to know how to protect yourself and your business from CEO fraud? Read our article: How to Prevent CEO Fraud Attacks.
Read Blog Post
Human Layer Security
Here’s What’s Happening at our SIXTH Human Layer Security Summit on Nov 4th
By Andrew Webb
Thursday, October 14th, 2021
November 4th sees Tessian’s sixth Human Layer Security Summit. Nearly 3000 people tuned in to our last summit in June, and the event is rapidly establishing itself as an industry ‘must attend’.    We started our flagship event summits with one goal in mind, to bring security leaders together to network, share learnings and discuss a new wave of security that is ‘Human First’. This Fall summit will be our biggest and best yet, and is packed with the latest insights from industry experts, all in just a few hours.    If you’ve not already reserved your place, do it now, because here’s what’s packed into just three hours on November 4th.
🎣 Fighting Phishing: Everything We Learned From Analyzing 2 Million Malicious Emails   Unless you’ve been at the beach this past month, you can’t have failed to notice Tessian’s recent Spear Phishing Threat Landscape 2021 report based on two million emails flagged by Tessian Defender as malicious.    Tessian’s CISO, Josh Yavor, is joined by two industry experts; James McQuiggan, Security Awareness Advocate at KnowBe4, and Jason Lang, from TrustedSec. Together they’ll dig into the report’s findings in greater detail, and identify the what, how, who, why, and when of today’s spear phishing landscape.    If you can only make one session, make it this one.       🏗 How to Build A High-Impact Security Culture For ‘Oh Sh*t’ Moments    You don’t have a cybersecurity issue… until you do. At Tessian, we call that an ‘Oh Sh*t’ moment.    Kim Burton, Security Education InfoSec Manager Cisco, details how the right culture in your company can help stop that from ever happening. She’ll explain how to create and enable a positive security culture so you can help people sort through information and be confident in their approach to security.    The result: your people become your greatest asset, and develop, as Kim puts it, a security spider sense!      🤖 Threats Of The Future Are Here: Hacking Humans with AI-as-a-Service   These days you can get seemingly everything as a service, and that includes Ai. Ed Bishop, our co-founder and CTO, discusses this new threat with the team from GovTech Singapore. Eugene Lim, Glenice Tan, Tan Kee Hock and Timothy Lee explain how their latest research repurposed easily-accessible personality analysis AIaaS products to generate persuasive phishing emails.   The emails were automatically personalized based on a target’s social media information and created by state-of-the-art natural language generators. The results mean that even low-skilled, limited resource actors could use these methods to execute effective AI-assisted phishing campaigns at scale.   And as Wired reported, an AI wrote better phishing emails than humans in a recent test. This is sure to be a fascinating technical session, so book your place now and learn how to protect your organisation from these emerging threats.    😩 DLP Has Failed The Enterprise. What Now?   Look someone has to say it… Legacy DLP solutions are complex, have limited visibility, give you a constant headache with false positives, and users hate it. And don’t get us started on the ROI…    In this session you’ll hear from leading experts including not-for-profit health care provider, PeaceHealth, on why now is the time to rip and replace your DLP solution.      👮Why Human Layer Security is the Missing Link in Enterprise Security    We’re thrilled to have guest speaker, Jess Burn, from Forrester joining us to offer up her insights on why human layer security is the missing link for Enterprises. She’ll offer her insights on what the top priorities for Enterprise Security and Risk Management leaders over the next 12 months, as well as tell us how Human Layer Security fits into the wider tech stack solutions. Jess brings with her a wealth of experience as a senior analyst at Forrester serving security and risk professionals. Hosted by Henry Trevelyan Thomas, VP of Customer Success at Tessian.         💭 Security Philosophies from Trailblazers; Q&A with leading CISOs   Closing out our summit, Tim Sadler, CEO and Co-Founder of Tessian, invites two security heavyweights center stage to discuss their guiding philosophies that have led them to security success in their organizations.    With decades of experience between them, Jerry Perullo (CISO, ICE NYSE) and DJ Goldsworthy (Director, Aflac) will discuss how they position security as a value driver, not a cost-center in their orgs, and how they keep their teams innovating and approaching security creatively to build agile models.      So what are you waiting for?   That’s a pretty awesome schedule full of world-class insights, advice, and experience from experts who’ve secured their people and business against attacks. We believe learning directly from others experiences’ is the best way to drive the security industry forward, so our aim is to bring as many diverse speakers together. The only thing missing is you. 
Read Blog Post
Human Layer Security
21 Virtual Cybersecurity Events To Attend This Fall and Winter
Tuesday, October 12th, 2021
This list of cybersecurity events is updated every month and includes in-person events, virtual summits, and one-off webinars. Highlights for fall/winter include: Human Layer Security Summit — November 4, 2021 Black Hat Europe 2021 — November 8, 2021 CyberSecure — November 16-17, 2021 Hybrid Identity Protection (HIP) Conference — December 1-2, 2021 Keep reading for more 17 more events, and to learn more about each (including speakers, sessions, cost, and how to sign-up). SANS Webcast(s) – Ongoing If you don’t already know, SANS hosts daily webinars (sometimes several a day!). Topics include network security, insider risk management, to social engineering, bug bounties, risk management frameworks, ransomware, and more. Better still, these webinars are hosted by and feature some of security’s most prolific trailblazers like Dough Graham, AJ Yawn, Russel Eubanks, and more. Cost to Attend: Free Core BTS Security Conference, October 12, 2021 The Core BTS Security Conference focuses on fundamental cybersecurity issues as they relate to today’s threat landscape. This conference will provide practical sessions aimed at security and business executives, security architects, and data security managers. Subjects for panels and sessions include ransomware, zero-trust, and third-party risk. Speakers include Nat Smith, Senior Director Analyst at Gartner, Microsoft’s Chris Reinhold, and Leo Wentline, Director of Tech Support & Services at KidsPeace. Cost: Free Virtual Cybersecurity & Fraud Summit: Toronto, October 12-13, 2021 This conference from the Information Security Media Group (ISMG) offers a global perspective on the intersection between fraud and cybersecurity. On the agenda are fraud and breach prevention, zero-trust security, connected devices, and many more contemporary security issues. Speakers include Taher Elgamal, CTO Security at Salesforce, Nicole Ford, CISO and VP at Carrier, and Karim Rajwani, SVP and COO, Financial Crimes Risk Management at Scotiabank. Cost: Free SecureWorld Texas Virtual Conference: October 14, 2021 SecureWorld’s Texas conference turns digital with 20+ educational sessions aimed at security professionals of all levels of experience. Learn about zero-trust, security validation, the intersection between security and privacy, and more. Speakers include Nancy Rainosek, CISO for the State of Texas, Eve Maler, CTO at ForgeRock, and Jon Ehret, VP Strategy & Risk at RiskRecon (Mastercard). DevSecCon London — October 20-21, 2021 Integrating security into development is a critical front in the battle against cybercrime. DevSecCon showcases new ideas and approaches in DevSecOps—the collaboration of DevOps and security.  2021’s agenda is still in development—but expect some big industry names discussing issues from supply chain to customer experience. Cost to attend: TBA Women in Cybersecurity: A Special Careerbuilder Event — October 21, 2021 This event from George Washington University aims to champion female leaders in cybersecurity and help more women enter into this flourishing industry. Panelists include Teri Takai, Vice President at the Center for Digital Government, and Lydia Payne-Johnson, Director of IT Security, Information Management, and Risk at George Washington University. Cost: Free Virtual Houston CyberSecurity Conference — October 21, 2021 Aimed at C-suite executives and CISOs, FutureCon’s Virtual House CyberSecurity Conference will offer talks and guidance on how to tackle the global cybercrime epidemic. Speakers include Brian Contos VP & CISO Mandiant Advantage, Rachel Arnold “The Human API,” and Jonathan Kimmitt, Chief Information Security Officer at the University of Tulsa. And if you drink on weekdays (no judgment here), there’s even a private CISO happy hour featuring blind bourbon tasting at 5 pm CDT. Cost: $100 VIRTUAL Eastern CyberSecurity Conference — October 28, 2021 FutureCon’s VIRTUAL Eastern CyberSecurity Conference is for advanced cybersecurity professionals and includes training in cutting-edge tech to fight cyber threats. Sessions include a keynote on success as a cybersecurity leader, how to stop cyber threats against remote workers, and best practices in PAM security and data privacy. Speakers include Keith O’Sullivan, SVP, Chief Information Security Officer at Standard Industries, Otavio Freire, CTO and Co-Founder at SafeGuard Cyber, and Anthony Johnson Managing Partner at Delve Risk.  Cost: Free Tessian Human Layer Security Summit — November 4, 2021 Tessian’s 6th Summit will provide insights from top CISOs, Infosec leaders, and cyber visionaries leading with the new wave of Human Layer Security.  From fighting phishing to building a high-impact security culture, speakers will offer practical solutions to help protect employees from themselves using cutting-edge technical and organizational solutions. The event will benefit anyone involved in securing your organization—from data protection officers to CISOs. Speakers include Tim Sadler, CEO and Co-Founder of Tessian, James McQuiggan, Security Awareness Advocate at KnowBe4, and Eugene Lim, Associate Cybersecurity Specialist, GovTech Singapore. Learn more about the speakers and sessions here. Cost: Free CyberSec&AI Connected 2021 — November 4-5, 2021 AI is everywhere—and governments are increasingly keen to regulate it. But AI cybersecurity is an aspect of AI that many people overlook. Take the upcoming EU AI Regulation—many AI providers will need to provide an assessment of the security of their AI systems. But few people understand the implications of this requirement. The CyberSec&AI Connected conference will consider important issues in the AI context, like differential privacy, bias, and advanced persistent threats. Speakers include Alessandro Acquisti, Professor at Carnegie Mellon University, Jaya Baloo Chief Information Security Officer at Avast, and Nicholas Carlini, Research Scientist at Google Brain Cost to attend: €130 (standard), with discounts for groups, students, and academics. Black Hat Europe 2021 — November 8, 2021 Black Hat Europe is the European iteration of the Black Hat Briefings—a day filled with 30-40-minute cutting-edge presentations on security. The Black Hat Briefings have been running for over 24 years. These briefings are a chance for computer security leaders to share insights into the latest research, developments, and issues across industries. See you there! Cost to attend: TBA InfoSec World Digital — November 9-10, 2021 InfoSec World Digital features a broad range of sessions aimed at cybersecurity professionals of all levels, including cloud security, risk mitigation, and privacy. The event offers opportunities for learning, networking, and—of course—earning CPE credits. Speakers include Robert Herjavec Cybersecurity Expert & CEO of Herjavek Group, Cathy Lanier, SVP & Chief of Security at the NFL, and Roland Cloutier, TikTok Global CSO. Cost: $545 Miami Cybersecurity Conference — November 9-10, 2021 Data Connectors brings together industry leaders for a day of cybersecurity training and discussion, covering topics such as the state of secure identity, remote work, and rethinking data protection in the age of ransomware. Speakers include Merritt Baer. Principal Security Architect at Amazon Web Services, Jameeka Green Aaron, CISO at Auth0, and James J.W. Grant, Chief Information Officer of the State of Florida. Cost: Free Hack In Paris 2021 — November 15-19, 2021 Hack in Paris is a two-part event. From November 15-17, there are training sessions delivered by CISOs, CIOs, and other experts. Then between November 18-19, there are talks and workshops. This year’s schedule has yet to be announced, but the conference has been running for a decade and remains popular. Last year featured sessions on harnessing AI to accelerate machine exploits, hacking GPS trackers, and IoT reverse engineering. Cost to attend: €144.00 for the conference (early bird and student discounts available), with individual prices for training sessions. CyberSecure — November 16-17, 2021 CyberSecure is run by MIT Technology Review and this November the focus is on ransomware. The best defense against ransomware is taking a coordinated approach to developing your cyber-resilience. CyberSecure will explore how to take the first steps, incorporate AI into your security toolkit, and ensure your ransomware program is financially efficient. Speakers include Sandra Joyce, EVP, Head of Global Intelligence at FireEye Mandiant, Timothy Brown, CISO & Vice President of Security at SolarWinds, Caroline Wong, Chief Strategy Officer at Cobalt. Cost: $650 Cyber Security and Cloud Expo Amsterdam — November 23-24, 2021 The Cyber Security and Cloud Expo in Amsterdam is a large exposition covering areas such as security strategy, data protection, identity and trust, and more. The in-person event is followed by virtual content between November 30 – December 1 for those unable to attend in-person. Speakers include Angelos Varthalitis, CISO at Transdev Netherlands, Ariel Lemelson, Head of Cyber Detection & Response at, and Daniela Almeida Lourenço, BISO at Cost: Expo pass: Free; Day 1 or 2 Gold Pass: €499; Both Days Gold Pass: €699; Ultimate Pass: €949; Virtual Pass: €299 Canada West Region Virtual Cybersecurity Summit — November 23, 2021 This one-day conference brings together local CISOs and subject matter experts to deliver panels on a broad range of cybersecurity topics. The event will feature sessions on supply chain and third-party risk management, compliance and automation in cybersecurity, managing insider threats, and much more. Cost to attend: Free (subject to approval) Gartner Security & Risk Management Summit EMEA — November 29–December 1, 2021  Gartner’s EMEA security conference is available online this year and provides practical sessions for CISOs, security executives, risk management leaders, security architects and planners, and network, application, data security managers. The summit offers a huge variety of sessions built around 12 tracks, focusing on topics such as business enablement, infrastructure protection strategies, security and technology architecture, and more. Speakers include John Amaechi. Organizational Psychologist and Founder of APS, and a range of experts from Gartner, including Eric Ahlm, Mario de Boer, and Jon Amato. Cost: Standard price: €1,275; Public-sector price: €850 Hybrid Identity Protection (HIP) Conference — December 1-2, 2021 Hybrid workplaces are becoming the norm, and holding some data in the cloud is almost ubiquitous among modern organizations. With sessions on the future of cloud security, recovery in hybrid infrastructures, and deploying a zero-trust infrastructure, the Hybrid Identity Protection (HIP) Conference will help your security team learn cutting-edge techniques for protecting data in hybrid environments. Speakers include Andy Greenberg, Senior Writer at WIRED, Juliet Okafor CEO & Founder at RevolutionCyber, and Holger Zimmermann, Technical Specialist – Security & Compliance at Microsoft. Cost: Free International Conference on Cyber Security and Privacy in Communication Networks (ICCS) 2021 — December 9-10, 2021 The International Conference on Cyber Security and Privacy in Communication Networks (ICCS) presents the latest research on cyberthreat analysis, privacy, and security from academia, government, and industry thinkers. In the conference’s seventh year, delegates can expect talks on cloud security, databases security, digital signature techniques, and much more. Cost to attend: Various prices, with discounts available for student and faculty staff, ranging from £35 GBP to £240 GBP. Atlanta CyberSecurity Conference — December 15, 2021 FutureCon’s Atlanta CyberSecurity Conference will be held both in-person and online this year, and it aims to educate C-suite executives and CISOs on building cyber-resilient organizations that can thrive in the global cybercrime epidemic. The conference features presentations from some major names in tech, including Cisco, Axio, and Bitglass. Speakers include Kenneth Foster, Head Global Cyber Risk Governance Fiserv, and James Azar, Host of The CyberHub Podcast, CISO Talk Cost: Virtual: $100; In-person: $200
Read Blog Post
Introducing Tessian Architect: The Industry’s Only Intelligent Data Loss Prevention Policy Engine
By Ed Bishop
Monday, October 11th, 2021
Legacy Data Loss Prevention is quickly becoming an antiquated technology that isn’t evolving to meet the needs of enterprise organizations. Most of these solutions rely heavily on rules, create massive overhead for admin teams, and typically require constant manual fine-tuning to manage the myriad of false alerts.  And even with legacy DLP in place, data breaches continue to happen.  Perhaps the most important aspect to consider with legacy data loss prevention, is that static policies are often not as effective as we need them to be. They tend to be severely limited, and often restrict employees far more than what is necessary. These cumbersome solutions are based on known signatures, which don’t account for unknown anomalies, or consider the friction and latency they produce when implemented.  Here at Tessian, we believe that the next generation of Data Loss Prevention is fundamentally about shifting away from a static, rules-based approach, to a dynamic, behavioral approach that can address the specific context of each potential incident.  We have seen first hand how Data Loss Prevention has become too reliant on static rules and places far too much burden on admin to identify, investigate and remediate sensitive data loss. That’s why we built Guardian and Enforcer, to automatically prevent both accidental data loss and sensitive data exfiltration to unauthorized accounts.  However, we have also seen that custom policies, when combined with dynamic behavioral analysis, plays an important role for an organization’s DLP strategy. When policies are used, they should be intelligent where applicable, be easy to configure and manage, and leverage end-user remediation to reduce administrative burden. Now with Tessian Architect, enterprises can now deploy powerful intelligent DLP policies. Architect completes Tessian Guardian and Enforcer and provides the market’s best-in-class Email DLP platform.
Here Are Some of the Top Use Cases Architect Can Address Detect hidden content in Excel spreadsheets to prevent accidental disclosure of sensitive data Use regular expressions to detect specific data types and identify high severity breaches by defining unique match thresholds (e.g. more than 5 unique records) Warn on sensitive attachments without Microsoft Information Protection labels, and detect when attachments labelled as ‘Confidential’ are sent to unauthorized accounts Educate and remind users when a sensitive attachment has been labelled as ‘Public’ or ‘General’  Set up intelligent information barriers to prevent sensitive data sharing between teams Detect PII/PHI shared externally in bulk Detect financial data such as credit card numbers and bank account numbers Detect unencrypted personal health information shared externally Block attachments containing high volumes of PII from being sent to unauthorized accounts Use Architect to migrate and simplify DLP policies from legacy tools and consolidate related policies using powerful logic blocks. Use Architect to enhance rule-based legacy DLP policies with machine learning such as Tessian’s sensitivity algorithm and minimise the number of false positives
How Does Tessian Architect Work? Let’s take a deeper look at the product.  Create Custom Policies or Deploy Pre-built Tessian DLP Policies These new DLP capabilities allow administrators to quickly and easily build DLP policies to meet basic and advanced data loss requirements, including establishing and maintaining regulatory compliance.  Choose from pre-built policies that solve for your specific use cases or industry requirements, or build your own policies to meet your unique organization’s needs. Use community policies to adopt best practices sources from industry leaders in the Tessian Network. Policies may contain any number of DLP conditions and can be simple or complex, rely entirely on machine learning, basic rules, or both. Testing, tuning and rolling out policies can be done within hours, not days, weeks, or months. Test a policy change in production in as little as one minute. 
Analyze Email DLP Policy Performance Across Your Security Environment Quickly view real-time policy performance and determine what types of data loss are most prevalent in your organization. Insights are provided such as the number of data loss events detected, as well as information about those data loss incidents within specified time periods.
Policy Editor Provides Maximum Protection for Sensitive Data Build advanced, nested-logic policies and consolidate multiple policies that are related to similar topics. This is needed for advanced use cases to allow companies to consolidate and simplify policies as they’re migrating legacy DLP policies.
Integrate with Any Data Classification System, including Microsoft Information Protection (MIP)  Combine the machine learning and behavioral approach of Tessian with Microsoft Information Protection and data classification to further protect against sensitive data loss. Tessian detects sensitive attachments without Microsoft Information Protection labels. In addition, Tessian will also detect when data labeled “confidential” is about to be sent to unauthorized parties.
In-the-Moment Educational Warnings to Stop Accidental Data Loss and Sensitive Data Exfiltration in Real-Time Tessian warnings act as in-the-moment training for employees, continuously educating them about exfiltration, reinforcing your policies, and nudging them toward safe email behavior. Automatically build individualized policies at scale to reduce high-risk email use and track trends in unsafe activity over time.
Benefits of Tessian Architect 1. Automatically Stop Sensitive Data Exfiltration to Unauthorized Parties: Whether it’s an employee negligently sending emails to unauthorized or personal accounts, or individuals maliciously stealing company intellectual property, Tessian automatically stops sensitive data from being sent to any unauthorized recipients. 2. Automated and Pre-built DLP Policies: Take the guesswork out of building DLP policies with Tessian’s policy library, with the flexibility to build your own to adhere to your organization’s unique data protection requirements. 3. Reduce Admin Burden by Order of Magnitude: Reduce admin overhead with end-user remediation and powerful policy logic that simplifies DLP configurations. Cut through noisy DLP alerts and gain new visibility of high severity incidents and anomalous activity. 4. Ensure Regulatory Compliance: Protect against non-compliant activity and prevent users from sharing confidential data with non-business, personal addresses /unauthorized recipients; track and block compliance breaches in real-time. 5. Clear ROI: Many solutions simply report on data loss events; they don’t actually reduce sensitive data exfiltration and risk to the organization. Tessian is different. Security leaders can easily build and deploy DLP policies and show how those policies are proactively helping to improve the organization’s security posture. The benefit? You’ll become a trusted partner across your organization.
Learn more about Data Loss Prevention for the Human Layer  Tessian uses behavioral analysis to address the problem of accidental or intentional data loss by applying human understanding to data exfiltration incidents. Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required. Enforcer: Automatically prevents data exfiltration and other non-compliant activities on email  Human Layer Security Intelligence: Comprehensive visibility into employee risks, threat insights, and tools that enable rapid threat investigation and proactive risk mitigation Human Layer Risk Hub: Enables security and risk management teams to deeply understand their organization’s email security posture, including individual user risk levels and drivers Learn more about Tessian Interested in learning more about Tessian Architect? Current Tessian customers can get in touch with their Customer Success Manager. Not yet a Tessian customer? Learn more about Tessian Architect, or book a demo now.
Read Blog Post
Human Layer Security
New Technology Integration: Sumo Logic Tessian App
Tuesday, October 5th, 2021
Tessian is excited to announce a new integration with Sumo Logic that allows customers to understand their risk through out-of-the-box monitoring and analytics capabilities.
Benefits of the Sumo Logic integration Easily and instantly gain visibility into data loss, email security, and insider risks that could potentially lead to data breaches   Quickly analyze incidents in real time, enabling fast prioritization and remediation of threats posed by employee’s risky behavior Combine Tessian’s human risk intelligence with additional data sources to detect anomalies and gain a holistic picture of organizational risk Easily learn your top targeted employees or risky employees and take proactive remedial actions How to install and use the Sumo Logic Tessian App Security leaders who use both Tessian and Sumo Logic can access and install the app in the Sumo Logic app catalog. Pre-built dashboards include:  Tessian Overview Dashboard: visibility into all Tessian modules in one pane of glass
Tessian Defender Dashboard: visibility into inbound email security events and common threat types, along with your top targeted users
Tessian Guardian Dashboard: visibility into the number of prevented misdirected email, users and flag reasons
Tessian Enforcer Dashboard: visibility into sensitive data exfiltration by providing insights into attempted and prevented unauthorized email attempts including users behind these attempts
Learn more Want to learn more about Tessian’s integrations? Click here.
Read Blog Post
Engineering Team
A Solution to HTTP 502 Errors with AWS ALB
By Samson Danziger
Friday, October 1st, 2021
At Tessian, we have many applications that interact with each other using REST APIs. We noticed in the logs that at random times, uncorrelated with traffic, and seemingly unrelated to any code we had actually written, we were getting a lot of HTTP 502 “Bad Gateway” errors. Now that the issue is fixed, I wanted to explain what this error means, how you get it and how to solve it. My hope is that if you’re having to solve this same issue, this article will explain why and what to do.  First, let’s talk about load balancing
In a development system, you usually run one instance of a server and you communicate directly with it. You send HTTP requests to it, it returns responses, everything is golden.  For a production system running at any non-trivial scale, this doesn’t work. Why? Because the amount of traffic going to the server is much greater, and you need it to not fall over even if there are tens of thousands of users.  Typically, servers have a maximum number of connections they can support. If it goes over this number, new people can’t connect, and you have to wait until a new connection is freed up. In the old days, the solution might have been to have a bigger machine, with more resources, and more available connections. Now we use a load balancer to manage connections from the client to multiple instances of the server. The load balancer sits in the middle and routes client requests to any available server that can handle them in a pool.  If one server goes down, traffic is automatically routed to one of the others in the pool. If a new server is added, traffic is automatically routed to that, too. This all happens to reduce load on the others.
What are 502 errors? On the web, there are a variety of HTTP status codes that are sent in response to requests to let the user know what happened. Some might be pretty familiar: 200 OK – Everything is fine. 301 Moved Permanently – I don’t have what you’re looking for, try here instead.  403 Forbidden – I understand what you’re looking for, but you’re not allowed here. 404 Not Found – I can’t find whatever you’re looking for. 503 Service Unavailable – I can’t handle the request right now, probably too busy. 4xx and 5xx both deal with errors.  4xx are for client errors, where the user has done something wrong. 5xx, on the other hand, are server errors, where something is wrong on the server and it’s not your fault.  All of these are specified by a standard called RFC7231. For 502 it says: The 502 (Bad Gateway) status code indicates that the server, while acting as a gateway or proxy, received an invalid response from an inbound server it accessed while attempting to fulfill the request. The load balancer sits in the middle, between the client and the actual service you want to talk to. Usually it acts as a dutiful messenger passing requests and responses back and forth. But, if the service returns an invalid or malformed response, instead of returning that nonsensical information to the client, it sends back a 502 error instead.  This lets the client know that the response the load balancer received was invalid.
The actual issue Adam Crowder has done a full analysis of this problem by tracking it all the way down to TCP packet capture to assess what’s going wrong. That’s a bit out of scope for this post, but here’s a brief summary of what’s happening: At Tessian, we have lots of interconnected services. Some of them have Application Load Balancers (ALBs) managing the connections to them.  In order to make an HTTP request, we must open a TCP socket from the client to the server. Opening a socket involves performing a three-way handshake with the server before either side can send any data.  Once we’ve finished sending data, the socket is closed with a 4 step process. These 3 and 4 step processes can be a large overhead when not much actual data is sent. Instead of opening and then closing one socket per HTTP request, we can keep a socket open for longer and reuse it for multiple HTTP requests. This is called HTTP Keep-Alive. Either the client or the server can then initiate a close of the socket with a FIN segment (either for fun or due to timeout).
The 502 Bad Gateway error is caused when the ALB sends a request to a service at the same time that the service closes the connection by sending the FIN segment to the ALB socket. The ALB socket receives FIN, acknowledges, and starts a new handshake procedure. Meanwhile, the socket on the service side has just received a data request referencing the previous (now closed) connection. Because it can’t handle it, it sends an RST segment back to the ALB, and then the ALB returns a 502 to the user. The diagram and table below show what happens between sockets of the ALB and the Server.
How to fix 502 errors It’s fairly simple.  Just make sure that the service doesn’t send the FIN segment before the ALB sends a FIN segment to the service. In other words, make sure the service doesn’t close the HTTP Keep-Alive connection before the ALB.  The default timeout for the AWS Application Load Balancer is 60 seconds, so we changed the service timeouts to 65 seconds. Barring two hiccoughs shortly after deploying, this has totally fixed it. The actual configuration change I have included the configuration for common Python and Node server frameworks below. If you are using any of those, you can just copy and paste. If not, these should at least point you in the right direction.  uWSGI (Python) As a config file: # app.ini [uwsgi] ... harakiri = 65 add-header = Connection: Keep-Alive http-keepalive = 1 ... Or as command line arguments: --add-header "Connection: Keep-Alive" --http-keepalive --harakiri 65 Gunicorn (Python) As command line arguments: --keep-alive 65 Express (Node) In Express, specify the time in milliseconds on the server object. const express = require('express'); const app = express(); const server = app.listen(80); server.keepAliveTimeout = 65000
Looking for more tips from engineers and other cybersecurity news? Keep up with our blog and follow us on LinkedIn.
Read Blog Post
Spear Phishing, Remote Working, Data Exfiltration
Cybersecurity Awareness Month 2021: 12+ Free Resources
By Maddie Rosenthal
Thursday, September 30th, 2021
October is Cyber Awareness Month, and this year’s theme is “Do your part. #BeCyberSmart.”   Fun fact: Cyber Awareness Month started back in 2004, the same year a former AOL software engineer stole 92 million screen names and email addresses and sold them to spammers. Sadly, that’s peanuts compared to more recent breaches. Incidents involving insider threats are at an all-time high, phishing incidents are doubling and even tripling in frequency year-on-year, and the cost of a breach is now over $4 million. This is all to say that cybersecurity is more important than ever. And at Tessian, we live by the motto that cybersecurity is a team sport. So, to help you educate and empower your employees, we’ve put together a toolkit with over a dozen resources, including:
You can download them all for free, no email address or other information required. But, that’s far from the only content we have to share… CEO’s Guide to Data Protection and Compliance By 2024, CEOs will be personally responsible for data breaches. So it’s essential they (and other execs) understand the importance of privacy, data protection and cybersecurity best practices. To help you out, we’ve published an eBook which breaks down: How different regulations have changed how businesses operate  How cybersecurity and compliance can be leveraged as a business enabler The financial and operational costs of data breaches OOO Templates OOO emails can contain everything a hacker needs to know to craft a targeted spear phishing attack… Where you are How long you’ll be gone Who to get in touch with while you’re away Your personal phone number Use these templates as a guide to make sure you don’t give too much away👇🏼
Human Layer Security Knowledge Hub Cyber Awareness Month is all about raising awareness and sharing best practices, and we know the #1 source of trusted information and advice for CISOs are…other CISOs….  That’s why we’ve created a hub filled with dozens of fireside chats and panel discussions about enterprise security, spear phishing, data loss prevention, leadership, and the human element. Sign-up for free and hear from some of the biggest names in the industry.   You Sent an Email to the Wrong Person. Now What? Did you know at least 800 emails are sent to the wrong person in organizations with 1,000 employees every year. While it’s easy to shrug something like this off as a simple mistake, the consequences can be far-reaching and long-term. Learn more, including how to prevent mistakes like this.   6 Best Cybersecurity Podcasts While we’re partial to our own podcast – RE: Human Layer Security – we’ve learned from the best in the business.  To get our fix of cybersecurity breaking news, threat intel, and inspiring interviews, we regularly tune into these podcasts: The CyberWire Daily The Many Hats Club WIRED Security Get the full breakdown here.   How to Get Buy-In For Security Solutions As a security or IT leader, researching and vetting security solutions is step one. Step two involves convincing key stakeholders like the CEO, CFO, and the board that the product needs to be implemented, that it needs to be implemented now, and that it’s worth the cost.  This is easier said than done… So, how do you communicate risk and make a compelling case to (eventually) get buy-in from executives? We talked to security leaders from some of the world’s most trusted and innovative organizations to find out what they do to get buy-in from CxOs.  Here’s a summary of their tips.    Ultimate Guide to Staying Secure While Working Remotely While most of us have been working remotely or in a hybrid environment for well over a year, we know that more than half of IT leaders believe employees have picked up bad cybersecurity behaviors since working remotely. This eBook offers plenty of helpful reminders, including: The risk involved in sending work emails “home” Why using public Wi-Fi and/or your personal device as a hotspot aren’t good ideas Best practice around using cloud storage to share documents How to physically protect your devices Top tips for businesses setting up remote-working policies What Does a Spear Phishing Email Look Like? We know you’re working hard to train employees to spot advanced impersonation attacks…but every email looks different. A hacker could be impersonating your CEO or a client. They could be asking for a wire transfer or a spreadsheet. And malware can be distributed via a link or an attachment. But it’s not all bad news. While – yes – each email is different, there are four commonalities in virtually all spear phishing emails.  Download the infographic now to help your employees spot the phish.   The Risks of Sending Data to Your Personal Email Accounts  Whether it’s done to work from home (or outside of the office), to print something, or to get a second opinion from a friend or partner, most of us have sent “work stuff” to our personal email accounts.  And, while we might think it’s harmless…it’s not. In this article, we explore the reasons why employees might send emails to personal accounts, why sending these emails can be problematic, and how security leaders can solve the problem.  Looking for more helpful content? Sign-up to our weekly newsletter, or follow us on LinkedIn and Twitter (or do all three!).
Read Blog Post
​​Tessian Officially Named a 2021 UK’s Best Workplace™ in Tech
By Laura Brooks
Thursday, September 30th, 2021
We’re excited to announce that Tessian has been recognized as one of the 2021’s UK’s Best Workplaces™ in Tech. The list includes 98 organizations which were selected after Great Place to Work® UK analyzed the responses of UK-based tech employees via its Trust Index© employee survey.  This recognition confirms that Tessian is a great workplace for all employees, and that staff at the company feel a strong sense of trust, fairness, pride, and wellbeing. Earlier this month, we celebrated the hiring of our 200th employee and, as part of the celebrations, employees shared 200 reasons why they love working here.   These included: Working for an innovative company that is defining a new category in cybersecurity and transforming security strategies at global enterprises.  Tessian’s ‘choice first’ working policy which allows employees to choose where they work – remotely, in the office, or hybrid.  Company days off, called Refreshian Days for staff to switch off and focus on their mental wellbeing. Throughout July and August 2021, every employee also logged off at 1pm on Fridays for a “Refreshian Summer”. A dedication to diversity, equity and inclusion (DEI), with a transparent DEI strategy and access to Employee Resource Groups including Plus, an LGBTQ+ network, and Tes-She-An, a space created to support Tessians who identify as women.  Every employee gets shares in the company.  Tessian is hiring! Check out the open positions 👉🏼 here 👈🏼
Read Blog Post
Customer Stories, DLP
Customer Story: How Tessian Helped a Private Equity Firm Achieve Threat Visibility Through A Platform Approach
By Maddie Rosenthal
Tuesday, September 28th, 2021
With over 35 years of investment history, this private equity firm headquartered in Boston, MA, currently has more than 130 investments and nearly 200 employees. Having been a customer since 2018, the firm’s Senior Security Administrator shared how Tessian Guardian and Tessian Enforcer have helped him and his team prevent outbound threats while reducing admin overhead.  Tessian Solutions Enforcer:  Automatically prevents data exfiltration and other non-compliant activities on email. Enforcer can be easily configured to silently track, warn, or block sensitive emails. Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required.
Security Environment After Deploying Tessian The benefits of the platform approach The less tools security teams have to manage, the better. Especially since it can be difficult to get a single view of risk when having to pull insights from multiple sources. That’s why the firm bought into Tessian; it solves multiple use cases across one platform, including data exfiltration, accidental data loss, and advanced impersonation attacks.  And, with Human Layer Risk Hub, their security team gets granular visibility into employee risk and insights into individual risk levels and drivers. Today, they can differentiate between employees at different levels of risk, and evolve to support each group in unique, personalized ways through training, policies, and in-platform tools.  Find answers faster with Tessian integrations Integrations with other tools are key. And, while Tessian integrates with well over a dozen products, including SIEM/SOARs, SSO tools, and directory management tools,  these are the two Tessian integrations that stand out for the firm’s Senior Security Administrator: Azure Directory: While Azure Directory (AD) groups are a source of truth, building and maintaining them takes a lot of time and effort. Worse still, many security solutions don’t connect with AD groups, which makes zeroing in on an incident or potential risk that applies to a wider group of users is impossible. This forces security teams to look at each individual mailbox or user and aggregate them, which can take days. But, because Tessian syncs with AD, all you need to do is select the group. That means you can find what you’re looking for and take action right away. SIEM Integrations:  Tessian seamlessly integrates with SIEMs like Splunk and Rapid7. In  future, this will allow the firm’s security team to import valuable Tessian data for a more complete picture of their security posture.  According to their security team, the key to effectively garnering insights from data platforms is to decide what data is the most meaningful. That way, SOC teams can reduce the noise, focus on what’s truly valuable, and make informed security decisions.
Empower users without getting in the way Because Tessian is powered by machine learning instead of rules, it’s able to detect data exfiltration attempts and misdirected emails with incredible accuracy. In fact, on average, employees receive just two warning messages per month. That means when an email is flagged, they pay attention. Better still, Tessian gets smarter over time, and evolves in tandem with changing relationships. As data becomes more accurate, false positives decrease. And with a decrease in false positives, comes an increase in trust.
Want to learn more about how Tessian can help you prevent data loss on email? Book a demo now.
Read Blog Post