Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Tessian Named Representative Vendor in the 2022 Gartner® Market Guide for Data Loss Prevention. Download →

guide icon

Tessian Blog

See All Posts
Integrated Cloud Email Security, Interviews With CISOs
Hot Takes: 8 Ways to Strengthen the CISO and CFO Relationship
By John Filitz
Thursday, August 11th, 2022
As cyber risk continues to escalate, strategic collaboration between the Chief Information Security Officer (CISO) and Chief Financial Officer (CFO) is becoming more important.    In a recent webinar discussion between Tessian’s CFO, Daniel Kim, Jason Thomas, CIO at Cole, Scott and Kissane and Steve Kinman, CISO at Snyk, we talked about the key elements to addressing cyber risk at a strategic and fundamental level.    What did we uncover? Ultimately, the CISO and CFO roles are changing, and collaboration between these two important stakeholders is essential for businesses to mitigate cyber risk, while also driving business objectives forward. The panel also outlined some of the key principles necessary for enabling a dynamic risk mitigation and business value-led partnership.
1. Focusing on cybersecurity fundamentals  The risk for a cyber breach and the costs associated with breaches are increasing. In fact, the 2022 Cost of a Data Breach Report from IBM revealed that the cost of a data breach now stands at $4.35 million, up 13% from 2020.    According to Jason Thomas, CIO at Cole, Scott and Kissane, security leaders must focus on the security fundamentals as a starting point. This includes understanding your environment i.e. classifying your assets, knowing what you have from a technology and people standpoint, as well as the degree of cyber risk faced by your organization.  
2. Quantifying cyber risk  For Daniel Kim, CFO at Tessian, moving away from a binary quantification of cyber risk is the first and important step to addressing increasing cyber risk, so too is appreciating that “the risk is never going to be zero.”    As a next step, he says, it is important that companies also appoint C-suite steering committees that should operate in a similar fashion to disaster risk committees. This would move companies out of a reactive to a proactive position on cyber risk mitigation. 
3. Prioritize cybersecurity spending   Prioritizing cybersecurity investments can often face questions of relevance from other business leaders on the value that these investments would add to the company. For Jason it is essential that company leaders ask themselves, “how much is one hour of downtime worth to the company.”   For Steve Kinman, CISO at Snyk, many companies are still struggling to adequately prioritize cybersecurity program development, stating “what I hear a lot from teams is that they’re doing a lot of ad hoc security planning…and there’s no-rollup of that information to the C-suite or board.”  Every cybersecurity initiative, he says, must be aligned with the business and its objectives.    
4. Cyber risk as a financial risk   On the growing importance of CFO and CISO relationship building, Tessian’s Dan underscores that the growing importance rests on two important aspects, namely the frequency and the impact of risk.    On frequency of risk, it is imperative that leaders understand what risks exist in their environment. This can range from natural, geopolitical, financial and cyber risk. On impact, the increasing costs associated with cybersecurity events, including loss of revenue, downtime, to the loss of data and IP, have rendered cyber risk as a financial risk, says Dan.   Combined with regulatory changes that will result in the C-suite being held personally liable for cyber breaches is essentially elevating the importance of dealing adequately with cybersecurity risk – with Dan adding, “reacting to a breach after the fact is no longer a good business model.”    
5. Healthcheck on the CISO and CFO relationship   Synk’s CISO Steve noted that for the majority of organizations a disconnect between the CISO and CFO is apparent, noting many CFOs don’t understand cybersecurity terminology and do not understand the real cyber risk facing their organizations. It’s important to shift the conversation from cyber risk to business risk.   Touching on the evolution of the CISO role, Jason states it is critical that security leaders understand the fundamental financial aspects of the business in order to prioritize investments to address these risks.     
6. The importance of ROI   Having measurable return on investment (ROI) from your security tools is non-negotiable for every business. For Jason, this entails conducting routine audits on the security tool efficacy. Not being able to get the data out of the tools and demonstrate what impact they are having leaves you unable to determine whether the tool is performing as expected and is delivering ROI.   Using  a framework that categorizes the investment by the following criteria for Dan is helpful:   investments that generate revenue investments that cut cost investments that manage risk   Every business leader – including CISOs – need to be able to translate their area of expertise and programs underway to business outcomes, according to Dan. Learning how to speak the same risk language, being the catalyst for change and making it a collaborative journey is so important to achieving business outcome success.     
7. Become an effective C-suite communicator  It’s only once a breach has happened that cybersecurity programs are prioritized. This, according to Steve, is the well-known mantra of “not wasting a breach” to increase the cybersecurity budget.    Although this approach is commonly used in the industry, there is a need for a more proactive approach. Steve cautions, however, that security and risk leaders need to be tactical with their asks for additional cybersecurity investments – you need to have a well developed and well-communicated cybersecurity strategy in place first.   Additionally, overcoming communication obstacles that may exist between the CISO and the C-suite, requires developing a set of metrics for reporting that conveys maturity of the program, rollout according to timeframes, and being able to show how risk is trending. The C-suite and board require a different type of language than most security practitioners are familiar with  – don’t go too deep on security jargon.    
8. Overcoming the cybersecurity perception problem In a 2022 Tessian study, we found that only 58% of employees believe that senior executives at their  company value cybersecurity. For Steve, recognizing that most companies recognize that cyber risk is the number 1 risk, and that’s where the acknowledgement stops.    Even large corporations don’t demonstrate how essential cybersecurity and cyber risk mitigation are to their overall growth strategies. Cyber risk needs to be intertwined in the business plan and commonly understood by all of the business units. When cybersecurity risk is not referenced in the business plan that is where the perception of cybersecurity not being valued manifests from.   Jason and Dan agree that security awareness training needs to be ongoing and doesn’t need to be overly complex. Jason uses a constant messaging approach to drive security awareness on the risks being seen in the industry and measures his team have in place to safeguard his company.  
Building a Long-Term Relationship   The importance of strategic collaboration between CFOs and CISOs is coming into sharper focus, particularly as cyber risk continues its upward trajectory.    For organizations that are behind the technology adoption curve, according to Dan, cybersecurity risk can no longer be seen as a standalone, siloed IT project, but rather it needs to be seen as key business risk facing the enterprise.   Sharing information and intelligence i.e. constant communication on breaches threat trends in the industry as well as demonstrating what measures are in place helps Jason and his team build trust with the C-Suite.     Steve advises, it can be very intimidating to think that the CFO doesn’t care about cyber risk, get over that fear, go and speak to your CFO, build that relationship.    Building an effective relationship between the CFO and CISOs takes collective effort, as well as a shared view on the extent of cyber risk facing the organization. Having a well-oiled partnership between these two important business stakeholders can both mitigate cyber risk and as well as deliver success on business objectives.     
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
ATO/BEC, Email DLP
Key Takeaways from IBM’s 2022 Cost of a Data Breach Report
By John Filitz
Wednesday, August 10th, 2022
The cost of a data breach is up 13% from 2020 totalling $4.35 million, according to IBM’s Cost of a Data Breach Report for 2022. IBM’s annual report also revealed that compromised credentials, phishing and cloud misconfiguration are the top three attack vectors. Phishing related breaches is the costliest form of attack, costing businesses $4.91 million in damages per breach.    IBM recommends investing in security tools that leverage artificial intelligence (AI) and machine learning. These next generation security tools represent the biggest breach cost mitigation measure organizations can take, reducing the overall cost of a breach by an average of $3.05 million.    Keep reading for key findings from the report.   Key findings   The cost of a breach continues to creep up year-over-year. The cost of a breach has increased to $4.35m in 2022 –  representing a nearly 13% increase from 2020. Top 3 attack vectors were identified as: compromised credentials (19%), phishing (16%) and cloud misconfiguration (15%). Phishing is the costliest form of a breach. Although compromised credentials is the leading cause of a breach, phishing is the costliest with the fallout averaging $4.91m per breach.  Business Email Compromise (BEC) is expensive. BEC attacks are the second costliest, totalling on average $4.89m per breach.  
Healthcare remains the most adversely impacted vertical. Costs of healthcare breaches have reached a record high of $10.1m. According to HIPAA, there were over 680,000 healthcare breaches in 2021, resulting in close to 45 million healthcare records being compromised. Million dollar savings. Investing in security AI and machine learning tools is the greatest breach cost mitigation organizations can take, reducing the overall cost of a breach by an average of $3.05m compared to organizations that do not have these tools in place.   The increasing frequency and costs associated with breaches is adding to inflationary pressure for goods and services. Companies that have suffered a breach are typically raising their prices for goods and services. Breaches are still taking an inordinate amount of time to contain. On average breaches are resolved within 277 days from discovery. Paying ransoms does not lead to significant cost savings for victims of a breach. Those that chose to pay ransoms saw on average $610, 000 less in breach costs than those that chose not to pay. Critical infrastructure remains vulnerable and lags in zero trust adoption. 80% of critical infrastructure organizations have not adopted zero trust strategies. The result is +$1m more costly breaches, totalling an average of $5.4m per breach. 
The importance of cloud adoption maturity and cloud security   Hybrid cloud represents a hedge against cyber risk. The study found hybrid cloud adopters discovered breaches 15 days sooner than companies that relied solely on a single public or private cloud operating model. Hybrid cloud reduces breach cost. Companies that rely on a  hybrid cloud operating model also experienced the lowest costs associated with a breach. On average breach costs for hybrid cloud adopters were $3.8 million. Cloud security adoption is lagging breaches. Almost half (45%) of all breaches originated in cloud environments, with 43% of organizations stating that they are only in the early stages of implementing security across their cloud environments.  A lack of cloud security adoption increases time to resolve a breach. On average organizations that failed to adopt adequate or any cloud security for their cloud environments required +108 days to resolve a breach.
Phishing and Business Email Compromise (BEC) are the costliest attack vectors   BEC and credential compromise breaches are insidious and difficult to discover. Email breaches have the second highest mean time to discovery at 308 days (+16% on the overall mean time), with compromised credentials topping the list with a mean time for discovery 327 days (+19%). Phishing is a lucrative scam. Phishing is the second leading attack vector for breaches (16%), and is also the costliest at $4.91m. BEC attacks come a close second, costing businesses $4.89m. 
Recommendations   Some of the key IBM recommendations include:   Adopt a zero trust security strategy and security model. Zero trust is particularly well-suited to hybrid cloud environments and hybrid and remote work operating models, protecting data by limiting accessibility and requiring context to grant access. Adopt security tools that can share and centralize data between disparate systems. Implement security tools that can centralize data security operations across multiple environments to enable security teams to detect incidents across complex hybrid multi-cloud environments. Invest in cloud native security automation tools. This includes security orchestration, automation and response (SOAR), security information and event management (SIEM), managed detection and response (MDR) tools and XDR to accelerate incident response through automation. Use best-of-breed security tools that help protect and monitor endpoints and remote employees. Remote work related breaches cost an average of $1 million more than non-remote work breaches. Leveraging endpoint and end-user focussed security solutions including endpoint protection platforms (EPP), identity and access management (IAM) and email security solutions are essential. Create and test incident response plans and playbooks. This includes creating incident response teams that are well rehearsed on testing the IR plan. Additional measures include red teaming and finding solutions that manage attack surface risk.  
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn.
Read Blog Post
Email DLP, Integrated Cloud Email Security
Tessian Recognized as a Representative Vendor in the 2022 GartnerⓇ Market Guide for Data Loss Prevention
By Negin Aminian
Tuesday, August 9th, 2022
Tessian has been recognized by Gartner in the Market Guide for Data Loss Prevention (DLP) 2022 as a Representative Vendor for next generation DLP. Gartner makes the distinction that, “DLP is a mature technology, but the emergence of tools with a focus on cloud and insider risk management use cases has provided SRM leaders with the option to invest in a next-generation data security tool.”    State of the DLP market and why email matters The need for cloud native DLP tools is growing in-step with increased public cloud adoption, and the report mentions that, “In 2021, Gartner fielded 29% more client inquiries on the topic of DLP than in 2020.” In the latest Gartner forecast, “Worldwide end-user spending on public cloud services is forecast to grow 20.4% in 2022 to $494.7 billion, up from $410.9 billion in 2021, according to the latest forecast from Gartner. In 2023, end-user spending is expected to reach nearly $600 billion.”   Email is a significant threat vector for data loss. In separate research conducted by Tessian (2022), the risk for a data loss event occurring via email is high, with nearly 60% of organizations surveyed having experienced an email data loss incident due to an employee mistake in the last 12 months. Email was also identified as the riskiest channel for data loss, followed by cloud file-sharing and instant messaging platforms.   Gartner underscores the importance of addressing data loss risk on email due to the fact that “email is one of the most prevalent means of sending information and a priority for most clients.” And in reference email security DLP capabilities, Gartner states:   “Some email security vendors’ solutions can also address accidental data loss use cases, such as the sending of email to the wrong recipients or the sending of wrong attachments. These solutions use artificial-intelligence- based algorithms to track users’ email patterns and notify users if they may be accidentally sending sensitive information.”   These intelligent email DLP capabilities are native to Tessian, having the ability to prevent misdelivered emails and misattached files from being sent, as well as preventing malicious attempts at email data exfiltration.   Key findings from the Gartner Market Guide for DLP The report identifies three key findings: “Data loss prevention programs that are not tied to specific initiatives and goals are indicative of immature data security governance. Traditional DLP vendors that focus on conventional and data specific content inspection methods, can lead to fatigue and a siloed view of data movement. Legacy DLP tools rely on detection methods that were developed for on-premises workloads. Cloud migration has complicated the vendor selection process for clients, since these legacy approaches to DLP often are no longer viable.”   Some of the key recommendations include: “Define a DLP strategy based on data risk and the needs of the business.” Invest in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user and entity behavior analytics (UEBA), and rich context for incident response. Overcome the challenges presented by a cloud-first strategy by implementing a solution to map and secure sensitive data across the hybrid environment.”
How Tessian protects against accidental and intentional data loss on email   Tessian’s unique approach to securing the email ecosystem and preventing email data loss hinges on three pillars:   Enabling intelligent and automated email security that leverages machine learning powered behavioral intelligence to detect both known and unknown threats, in real time. This prevention capability extends to automatically preventing email data loss from both malicious insider and accidental data loss use cases. Improving security operations (SecOps) efficiency by preventing data loss events from becoming incidents, reducing the time spent triaging incidents, as well as time spent configuring static DLP rules. Strengthening security culture by creating a positive end-user experience by empowering end-users to make the right cybersecurity decisions.
An intelligent approach to cloud email security  By leveraging machine learning powered behavioral detection, Tessian’s cloud email security platform is able to prevent both accidental and malicious data loss attempts from becoming incidents – ensuring data security compliance, while reducing the burden on SecOps.    Combined with contextual, in-the-moment end-user warning banners, security culture is strengthened by empowering end-users – through a range of DLP policy enforcement options – to make the right security decisions.   Want more information on how Tessian can protect your organization against email DLP? Click here to schedule a demo.
To see how the Tessian Intelligent Cloud Email Security platform prevents insider threats and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn.       Gartner, “Market Guide For Data Loss Prevention”, Ravisha Chugh, Andrew Bales, July, 19, 2022. Gartner Disclaimer: GARTNER is registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Read Blog Post
Are Phishing Tests Part of Your Security Training? How’s That Working Out?
By Andrew Webb
Tuesday, August 9th, 2022
A good security culture is critical for any organization because as the old saying goes, you’re only as strong as your weakest link. Finding that weakest link and strengthening it then is seen as crucial. And that’s why we need to talk about phishing tests.    Because rather than fostering a strong security culture, phishing testing can sometimes have a detrimental impact on your employees security awareness as well as their morale. All too often phishing testing adopts a ‘gotcha’ approach, followed by ‘punishment training’. Our recent Security Cultures Report found that only 33% have had a positive experience with phishing simulations, and 18-24 year olds are 2-3x as likely to have had a bad experience. So when we saw this tweet, we were hardly surprised.   It’s by no means an isolated incident.   How NOT to run phishing exercises #infosec pic.twitter.com/m4icf9KUrZ — Jackie Singh (CISO at ANTIFA) (@HackingButLegal) December 17, 2021
Look, I can be as vigilant as I can, but at the end of the day, it feels like the entity sending me the most phishing emails is MY OWN company, constantly sending them as tests to try to trick us. — Brian Gray 🪩🥂💖 (@urbanbohemian) June 27, 2022 Meanwhile this example from GoDaddy in 2021 seems particularly mean spirited. It’s not entirely unrealistic to expect some sort of corporate comms like this from their own internal team during the holiday season.   Dysfunctional security culture    These are classic examples of a dysfunctional security culture. The result: total fear and paralysis in the workforce that is actually affecting their ability to do their work. Work that brings in real revenue. Stopping phishing attacks by effectively shutting down the company’s ability to function normally can’t really be considered a win.    As we’ve discussed before, you can’t stop people clicking links any more than you can prevent them from sending or receiving them in the first place; for many people, that’s their job. Their inbox is a revolving door of links to documents, webpages, forms, and databases. It’s almost an unconscious muscle memory with some people.    It also has a cost to employees’ mental state, which, given the past two years, is probably already quite fragile – after all, no one should be publicly humiliated and lose their job for clicking a phishing test link.
It’s not just Dave in the Accounts team that this can happen to, even IT experts can fall foul, as this other thread on Reddit explains – look at why though… “I was just coming after lunch, joggling a few important tasks in my head and when I unlocked my laptop there were 20 new emails, so I tried to quickly skim through them”     In short, they were distracted.
Mistakes happen Phishing tests and security training more generally, delivers a poor ROI for CISOs and InfoSec teams. Security training is expensive, both in the cost to organize and run it, and the cost to the company more broadly from taking staff away from what they should be doing. It’s also… often boring, on a par with doing a tax return. What’s more, after just one day people forget more than 70% of what was taught in training, while 1 in 5 employees don’t even show up for SAT sessions. And this is despite some companies’ best effort to make it ‘fun’.   After anger comes apathy IT can fix technology but it can’t fix apathy, but that’s where people more than likely end up after phishing training. This can result in a drastic drop in responsiveness and employee effectiveness.    Thanks to research by Dr. Karen Renaud and Dr. Marc Dupuis we know that unleashing fear, uncertainty and doubt on a workforce doesn’t work. It cripples decision making, creative thought processes and the speed and agility businesses need to operate in today’s demanding world.
What does a good security culture look like?   Our 2022 Security Cultures Report found that although security leaders are prioritizing training (85% of employees in the US and UK participate in security awareness programs) just 36% of them say they’re fully paying attention. And while half (50%) do say it’s helpful, only 28% say it’s engaging. 36% say it’s out-right boring.    Perhaps that’s why 1 in 3 employees don’t even understand why cybersecurity is important, and nearly 30% don’t think they personally play a role in maintaining their company’s cybersecurity.   Look, we’re not down on phishing testing per se. If done right as a research exercise it can provide valuable insights and data points for your organization as part of a much broader suite of security measures.
But what we are down on is victim naming and blaming. Technical tests like phishing testing should be an opportunity to better train and tune your companies filters and defenses, not used to punish your people. A user failure is, uncomfortable as it may be to hear, really an technical failure – because that phishing link should never have even got in front of a person in the first place.   Internal phishing tests are misaligned with their intended outcome. Too often we use the metric to beat users over the head, when we really should be using the data to tune curriculum. The test should identify vulnerabilities, not fix them. https://t.co/a13rQ6q2sF — Brian Anderson (@btanderson72) June 23, 2022
Why ‘in the moment’ training works   How did you learn to swim? I bet you didn’t sit through an hour long presentation about it once a quarter, watch a video, then do a ‘fun’ quiz. You got in the water and worked things out ‘in the moment’. Your senses and instincts flagged potential dangers like getting out of your depth or diving too deep. Good security training is the same.    Training people away from their day to day working environments removes the connection between the danger, and where that danger is experienced. When Tessian detects a threat like a spear phishing email, employees see a warning message that they have to respond to. It’s written in plain English, and offers context around why the email was flagged.
It takes time and effort to develop a robust security culture that everyone subscribes to. That’s hard work when you’re fighting several other issues and problems. In order to foster and maintain a risk-aware workforce, security teams should play an active role in onboarding, offboarding, and day-to-day. This is especially important now, with remote and hybrid operating models being the norm.    But, according to our research, security leaders underestimate just how much they should be a part of the employee experience. But not doing so has an exponential negative impact on the organization which could result in a successful attack. Our 2022 Security Culture Report is a good place to start your journey to a stronger security culture. Download it here.
Read Blog Post
Threat Intel
Tessian Threat Intel Roundup: July 2022
By John Filitz
Friday, July 29th, 2022
Impersonation attacks are a significant contributing factor to the growing phishing challenge, with APWG reporting over 1 million phishing attacks in Q1 2022 – the highest number of attacks recorded for a quarter.   Threat actors are targeting well-known brands to carry-out sophisticated social engineering attacks and are leveraging legitimate 3rd parties to conduct their attacks. Threat actors are also using open source intelligence to impersonate and target specific individuals within companies.   Once trust has been established, the threat actor can further compromise the information system – this includes compromising vendors within the target’s supply chain – by delivering a malicious payload.   The challenge in detecting impersonation attacks is expected to become more protracted in the short term. This is due to the majority of organizations still relying on legacy rule-based email security solutions that are unable to detect sophisticated impersonation attacks.   Sign-up for our Threat Intel update to get this monthly update straight to your inbox.  
Impersonation attacks mimicking well-known and trusted brands, and will remain a mainstay for threat actors to perpetrate attack campaigns that include fraud and account compromise as key objectives.   Impersonation attacks are becoming more targeted and are leveraging open source intelligence, targeting smaller companies as well as specific individuals at those companies, with the C-suite particularly targeted.   Legitimate 3rd party services providers,  including mass-mailing services and payment providers are increasingly common methods employed by threat actors.   Account Takeover-based impersonation attacks, specifically within the supply chain ecosystem of a particular company, pose among the greatest threats. This is due to the threat actor operating within the “circle of trust” and having access to multiple targets.
The FTC has reported a sharp increase in impersonation fraud, with losses totaling $2 billion in the period October 2020 to September 2021. Some of the leading corporations are the most impersonated. In the technology space, this includes Microsoft, Google, Amazon and Apple as among among the most impersonated brands.   Email impersonation attacks come in different guises including:   Typosquatting – in this instance the threat actor sets up an email domain that appears to be legitimate – however with one or several characters replaced with look-a-like characters, for example using zero instead of “o.”   Email domain spoofing – the threat actor will manipulate the email headers so that false email address is displayed to the sender, for example the sender’s email address is “fraudster@cybercrime.com,” but the recipient sees “billgates@microsoft.com” in their inbox. Often email domain spoofing will include some degree of brand impersonation, including use of brand logos and email footers, to enhance the legitimacy of the malicious email.   Account Takeover – ATO attacks are possibly the most insidious form of impersonation attacks due to the threat actor leveraging a compromised and “trusted” email account to perpetrate an attack.   Threat actors often use a sense of urgency combined with some intelligence to get the target to carry-out their request, for example, such as requesting urgent payment of a known supplier invoice but to a bank account number controlled by the threat actor.   Malicious payloads in the form of attachments or links are also commonly used. The malicious nature of the payload is obfuscated to bypass rule-based security controls.   In the case of a malicious attachment, common obfuscation methods include changing the file name to a “.doc” or “.pdf” or in the case of a malicious link, using third-party mailing services to deliver the malicious links. This can include the use of link-redirects that will redirect the victim using a “safe” link to a safe website, which then redirects to a malicious website.   One noteworthy impersonation attack campaign included the NOBELIUM campaign detected by Microsoft Threat Intelligence. In this campaign, threat actors leveraged a legitimate mass-mailing service Constant Contact to impersonate the US International Development Aid agency (USAID) to distribute malicious URLs to a “wide variety of organizations and industry verticals.”   More recent impersonation campaigns are leveraging a combination of phishing email and a call-back number impersonating a well-known and trusted security vendor in an attempt to compromise the target via remote administration tools (RAT).
The need to upgrade email security is increasingly moving up the priority order list.   Legacy rule-based solutions are unable to detect multi-tiered impersonation attacks that remain undocumented in most threat intel engines on which legacy solutions rely.   Adaptive, machine learning powered behavioral detection is essential to detect unknown and rapidly evolving threats, including supplier based ATO attacks.   Leveraging security solutions that incorporate security awareness training as part of the active defense measures remains a key element of ensuring that end-users are in a better position to detect impersonation attacks.
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
1 in 3 Employees Do Not Understand the Importance of Cybersecurity
By Andrew Webb
Tuesday, July 26th, 2022
Our research report into security culture reveals a startling disconnect between security leaders’ views and those of employees when it comes to cybersecurity. Our survey of 2,000 employees in the UK and US revealed that just 39% say they’re very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, over two-fifths (42%) of employees said they wouldn’t know if they had caused an incident in the first place, and 25% say they just don’t care enough about cybersecurity to mention it – a sentiment that should set alarm bells ringing for security leaders.    What’s more, for some staff, this attitude is bleeding into their home life. 20% of employees say they don’t care about cybersecurity at work – over 1 in 10 say they don’t care about it in their personal lives!   It’s clear then, that a significant percentage of employees are simply not engaged with the organization’s cybersecurity procedures and how they play their part in keeping their company secure.
Turning to IT and security leaders, virtually all of the 500 leaders we surveyed (99%) agreed that a strong security culture is important in maintaining a strong security posture. And yet despite rating their organization’s security 8 out 10, on average, three-quarters of organizations experienced a security incident in the last 12 months.    There’s clearly a disconnect here between the views of the SOC team, and those in other teams around the business, and one reason for that could be the reliance on traditional training programs.   48% of security leaders say training is one the most important influences on building a positive security posture. But the reality is that employees aren’t engaged; just 28% of UK and US workers say security awareness training is engaging and only 36% say they’re paying full attention. Of those who are, only half say it’s helpful, while another 50% have had a negative experience with a phishing simulation. 1 in 5 employees don’t even show up for SAT sessions.    As indicated above, the report also reveals a disconnect when it comes to actually reporting security risks and incidents. Eighty percent of security leaders believe robust feedback loops are in place to report incidents, but less than half of employees feel the same, suggesting clearer processes are needed so that security teams have greater visibility of risk in their organization.
Boomers v Gen Z: The Generational Divide    The report also revealed stark generational differences when it comes to cybersecurity culture perceptions. The youngest generation (18- 24 year olds) is almost three times as likely to say they’ve had a negative experience with phishing simulations when compared to the oldest generation (55+). In contrast, older employees are four times more likely to have a clear understanding of their company’s cybersecurity policies compared to their younger colleagues, and are five times more likely to follow those policies.    When it comes to risky cybersecurity practices such as reusing passwords, exfiltrating company data and opening attachments from unknown sources, younger employees are the least likely to see anything wrong with these practices. 
Read Blog Post
New Study from Forrester Consulting: The Total Economic Impact™ of Tessian Cloud Email Security Platform
By Negin Aminian
Tuesday, July 19th, 2022
A commissioned study conducted by Forrester Consulting on behalf of Tessian in July 2022 reveals that a composite enterprise of 10,000 protected inboxes saw 268% Return On Investment (ROI) over three years after deploying Tessian. This amounts to over 29,600 labor hours saved.   In addition to the significant time savings, the benefit of having Tessian deployed focused on reducing email security risk against advanced email threats, as well as preventing email data loss. Additional key benefits included quantifiable improvements to the security culture of customer organizations, leading to lower click-through-rates and a greater awareness of the cyber risks posed on email. 
Tessian commissioned Forrester Consulting to conduct a Total Economic Impact™ study to examine the ROI that a composite enterprise realized by deploying Tessian over a 3 year period. The value of having Tessian deployed was distributed accordingly:   • Savings of  $3.1 million due to inbound email threat prevention, including against advanced malicious emails that upstream solutions failed to detect.   • Savings of $2.6 million from preventing email data loss incidents thanks to Tessian’s advanced email data loss protection capability.   • $2.9 million in savings from preventing accidental email from being sent – this includes preventing misdirected and miss-attached emails from being sent.   For modeling purposes Forrester Consulting used full Tessian Platform implementation for a 10,000 end-user enterprise. The study found total benefits of $8.6m, a net present value (NPV) of $6.2m, and an ROI of 268%.
Risk Reduction   Email remains the preferred delivery mechanism for devastating malware attacks, including ransomware. The FBI notes in its latest IC3 report that Business Email Compromise (BEC) has led to losses of $43 billion in the past 5 years, with 65% of these losses occurring in the period 2019 to 2021.   According to the study, this is supported by Forrester’s own research, finding that email-based phishing attacks are playing an increasingly prominent role in security breaches, rising from 23% in 2020 to 31% in 2021. This represents a 35% year-over-year increase. Of concern are the increasing sophistication of BEC, account takeover attacks (ATO), and the devastating impact that insider threats pose, particularly from a data breach perspective.   An information gap that Forrester Consulting identified in the study is the lack of research available and awareness surrounding email data loss. This was mirrored both in published research and in the enterprise. Only after deploying Tessian, did customers realize the magnitude of the data loss risk they faced.
Challenges before Tessian   Some of the key email security challenges prior to interviewed organizations choosing Tessian, included:   • A lack of detection and prevention capability of existing email security tools against advanced threats. Interviewees noted that advanced email threats are becoming more prevalent and more targeted at senior executives.   • Previous email security tools had limited or no email data loss capabilities. Due to the sensitive nature of data processed by the interviewees’ organizations, they could no longer take the risk of not addressing email data loss risk arising from either exfiltration and misdirected emails. • Existing email security solutions that relied on rule-based policies resulted in excessive and disruptive banner warnings without context and didn’t offer protection. In this noisy environment every email had to be treated as a threat, the organizations had no trust in the security efficacy of their existing email security solutions.
Solution Requirements   Prior to choosing Tessian, the features interviewees wanted in an advanced email security solution included:   • Definitive and demonstrable AI and ML capabilities. • High-quality and actionable alerts. • Advanced protection capabilities for inbound as well as outbound email. • API-based integrations into the existing security stack and email environments.  • Fast deployment and low management overhead. • Ability to scale as well as providing a flexible and strategic partnership.
Impact of Tessian   The enterprise organizations that Forrester evaluated found Tessian delivered the following:    • Halving the phishing rate for a large healthcare enterprise, while also reducing the time to diagnose and respond to phishing campaigns from 8.5 hours down to 5 hours.   • Blocking 143 malicious emails in 1 month for a financial services company, and significantly reducing the click-through-rate while improving the security awareness of employees to better identify malicious emails.   • Detecting and preventing 901 malicious emails in one month at another financial services company that had gone undetected by other upstream email security tools.
For data exfiltration, Tessian had the following impact:   • Detected and enabled fast and effective protection and response against data exfiltration attempts for a healthcare enterprise.   • Enabled a culture shift in the professional services company, reducing data exfiltration over email due to the proactive warnings provided by Tessian.      
For misdirected emails Tessian had the following impact:   • 270 instances of accidental data loss in 90 days were prevented for a professional services firm. • 243 misdirected emails and 9 incorrect attachments were detected in one month at a financial services firm.   • Significant reduction in misdirected emails at a healthcare company with the director of information security citing an overall improvement of security awareness among end-users, evidenced by fewer accidental data loss instances every month.
Additional benefits   Better security decision-making: The Forrester study also found there was better end-user security decision-making due to contextual prompts end-users receive in real time on likely malicious emails. Security administrators also leveraged the improved risk analytics to better understand how email security risk is trending in their environment.   Greater investigation efficiency and ability to demonstrate ROI to leadership: Another key benefit realized was significantly faster investigations of email security incidents, as well as a low effort in communicating the ROI of Tessian and how it is reducing email risk to the executive leadership.    Enhanced end-user experience: The user experience and positive feedback from end-users of Tessian were among the notable findings. The positive feedback was tied to the fact that Tessian makes end-users feel more secure and confident on email. This was in large part due to the context driven alerts on likely malicious emails, as well Tessian’s ability to prevent email mistakes from happening.  Improved security culture: The impact Tessian was having on improving the security culture across the organizations interviewed was significant, with one of the interviewees sharing that thanks to Tessian, their latest phishing-prone score was 10% lower than the industry benchmark.
Tessian for advanced email ecosystem protection    Although there are numerous cloud email security solutions on the market today, only Tessian  offers the most comprehensive cloud email security protection available. Thanks to our machine learning powered behavioral detection and cloud email security platform approach, Tessian offers protection against advanced email threats as well as prevents email data loss.    Combined with in-the-moment security awareness coaching, the easy ability to demonstrate ROI, and the strategic and flexible nature of our customer partnerships, leads Tessian to be among the most liked security tools by security leaders and end-users alike.   Want more information on how Tessian can protect your organization? Book a call with one of the team below or try our free email threat assessment.
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
ATO/BEC, Integrated Cloud Email Security
How to Prepare for Increasing Cyber Risk
By John Filitz
Wednesday, July 13th, 2022
Each year it seems we are met with new complex challenges and risks that few could have predicted. In turbulent times, it is prudent to take stock of what business and security leaders can control. Allocating dedicated resources to more effectively manage both known and unknown risk is fast becoming essential to shore-up organizational resiliency.   Turning the focus to the sector that is germane to what we do at Tessian, effectively managing cybersecurity risk is now more critical than ever. In fact, cybersecurity risk is now considered the number 1 risk faced by businesses according to Allianz’s 2022 Global Risk Barometer, followed by business interruption (2) and natural disasters (3).   Read on to learn more about some of the key cyber risks organizations are faced with today, and how best to mitigate it.
Cybersecurity risk is increasing The costs associated with breaches are increasing each year. The global cost and impact of cybercrime damages is expected to reach $10.5 trillion in damages by 2025 – representing a 350%+ increase from 2015.    A sign of the worsening cyber risk can be seen in the cybersecurity insurance industry. Given the high number of recent claims, up by 500% in 2021, has resulted in cyber insurance premiums seeing significant escalations – essentially doubling over the past year. And as a result of recent developments in Ukraine, leading insurers are now excluding suspected nation-state cyber attacks from coverage provisions.  
Persistent and increasing email security risk   Due to its open nature, email remains the preferred method for delivering a malicious payload, including ransomware – responsible for up to 95% of breaches. Email also attracts the greatest investment in the attacker value chain and is the riskiest channel for data loss.    Until recently, detecting and preventing email threats relied on static, rule-based solutions like Secure Email Gateways (SEGs). These solutions are only able to detect known threats because they rely on a threat detection engine of already documented threat campaigns. But threats have become more advanced and are proliferating at an alarming rate, with the net result these threats are going undetected by SEGs and are reaching victims’ mailboxes.   According to Verizon’s DBIR 2022, email-delivered social engineering attacks are growing in complexity, with phishing responsible for 60% of these attacks. In addition, the FBI reported that $43 billion has been lost globally due to Business Email Compromises (BEC) in the past 5 years, with a 65% increase in BEC fraud related losses reported globally in the period 2019 to 2021.  
The growing ransomware challenge   Advanced cyber threats like ransomware are also trending in the wrong direction. Ransomware related damages exceeded $20 billion for 2021 – representing a 57x fold increase from 2015. By 2031 ransomware damages are expected to reach $265 billion. Responsible for 75% of cybersecurity insurance claims, Ransomware-as-a-Service offerings are mainstreaming the ability to carry out devastating ransomware attacks.    Russia-based Conti ransomware gang aka Wizard Spider has been linked to 50 incidents in April 2022 alone, including attacks on the Costa Rican and Peruvian governments. Currently there is a $15million bounty on Conti from the US government – indicative of the scale of the problem. The FBI estimates that over 1,000 Conti ransomware victims have paid in excess of $150 million in ransom in the past year.    Also concerning is the increasing proliferation of wiper-malware seen in 2022 in cyber attacks against the Ukraine in 2022. Disguised as ransomware, wiper-malware essentially wipes all data from infected hosts. In response to the growing ransomware threat, CISA announced the formation of a ransomware taskforce at the end of May 2022.   
Software supply chain vulnerability   Software supply chain cyber risk is another leading concern for CIOs and CISOs. The acceleration of digital transformation and cloud adoption, and increased speed of deployment through DevOps processes, have resulted in dramatically expanding the attack surface area with vulnerable code and applications exposed online.    Software supply chain attacks remain a vulnerable element given the high impact and high reward for the attackers as has been demonstrated in the SolarWinds and Kaseya attacks. 
Final thoughts for staying safe in a volatile cybersecurity environment   Prioritizing cybersecurity program development is now a core aspect of effective organizational risk management. There however remains a collective need in the vendor and the broader business community to elevate and educate executives particularly at the board level, on the importance of proactive cybersecurity risk management.    Assume you will suffer a breach. From this risk-aware position think about the proactive steps you can take to improve your cyber resilience. The escalating email, ransomware, wiper malware and supply chain vulnerability risks underscore the imperative for investing in intelligent and agile cybersecurity defenses.   Continuously seek out innovative solutions that keep your environment safe, while at the same time ensure high degrees of employee engagement on the importance of security awareness.  
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
ATO/BEC, Email DLP, Integrated Cloud Email Security
What is an Integrated Cloud Email Security (ICES) Solution?
Thursday, July 7th, 2022
In recent years, the shift away from on-prem email platforms to cloud-based platforms has been dramatic, with Gartner estimating that 70% of organizations now use cloud productivity suites like Microsoft 365 and Google Workspace. But as email migrates from legacy on-prem approaches to the cloud, securing these cloud based services becomes the next big challenge. Enter Integrated Cloud Email Security.
What is an Integrated Cloud Email Security (ICES) Solution? The term ‘Integrated Cloud Email Security (ICES)’ was coined in the Gartner 2021 Market Guide for Email Security. ICES solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.     ICES solutions are cloud-based, and use APIs to detect anomalies in emails with advanced techniques such as natural language understanding (NLU), natural language processing (NLP) and image recognition. Using API access to the cloud email provider, these solutions have much faster deployment and time to value, analyzing email content without the need to change the Mail Exchange (MX) record.   Taking it one step further, ICES solutions can also provide in-the-moment prompts that can help reinforce security awareness training (SAT), and are able to detect compromised internal accounts. In the report, Gartner reflected on the future of ICES solutions, suggesting that they would eventually render SEGs redundant:   “Initially, these solutions are deployed as a supplement to existing gateway solutions, but increasingly the combination of the cloud email providers’ native capabilities and an ICES is replacing the traditional SEG.”
Gartner predicts that by 2023, at least 40% of all organizations will use built-in protection capabilities from cloud email providers rather than a secure email gateway (SEG)… But why?   In short, legacy SEGs are no match for the cyber threats of tomorrow. Email is responsible for 96% of cybersecurity breaches, making it the greatest threat vector. In fact, in the 12 months between July 2020 and July 2021, Tessian detected 2 million malicious emails that had bypassed SEGs. So why are traditional SEGs not fit for today’s cybersecurity landscape?
Rule-based approaches don’t cut it SEGs were developed in 2004 with on-premise email servers in mind and use a rule-based approach to threat detection. They use deny lists, allow lists and signatures for message authentication to help stop attacks – with these lists created using threat intelligence. They are reactive by design, and protect email data against threats that are already known. This means that SEGs offer no protection against zero-day attacks (a significant and growing threat vector), and are easily evaded by attackers using advanced social engineering campaigns. SEGs also fail to detect business email compromise (BEC), account takeover (ATO) and advanced spear phishing attacks.
The migration to the cloud   More and more, organizations are adopting SaaS offerings like Microsoft 365 – which have SEG capabilities natively included. This shift was well underway before the pandemic, but has since been accelerated with data suggesting that ICES solutions are here to stay and will displace SEGs from the cybersecurity stack.. The rise of offerings like Microsoft 365 and Google Workspace and the move away from SEGs comes as no surprise, with enhanced functionality at the platform level that can include:   Blocking emails from known bad senders Scanning attachments with AV Blocking emails with known bad URLs Content analysis to identify SPAM   Given these native SEG-like capabilities in cloud productivity suites, makes ICES solutions the perfect supplement to ensuring comprehensive email protection. ICES solutions are so effective because they  provide protection against many of the threats SEGs fail to detect – when used in combination with SaaS offerings like Microsoft 365.
What are the benefits of ICES solutions?   ICES solutions offer more than just threat detection. Key features of ICES solutions  can include:   BEC and ATO Attack detection using NLU, NLP, social graph analysis and image recognition Context-aware banners to warn users Phish Reporting Mail Security Orchestration, Automation and Response (MSOAR) capabilities to assist in automatic reclassification of emails and removal from inboxes
How to evaluate ICES vendors   The number of  ICES solutions available on the market is continually growing. There are a few key things you should consider when evaluating which ICES solution to use. Taking a look at your current email security framework and comparing it to your end goal, the following elements should be analyzed:   Time-to-value, return-on-investment time horizon Cost of effort to install and manage False positive rate ML- and AI-based technology to detect advanced social engineering attacks including BEC and ATO attacks Ability to analyze and map conversation history Computer vision to analyze suspicious data and links in emails User education controls to reinforce training, including context-aware banners and/or in-line prompts Ability to analyze emails prior to delivery to the end user API integration  of email events into Extended Detection and Response (XDR) or Security Information and Event Management/Security Orchestration, Automation and Response (SIEM/SOAR) solutions   Still struggling to decide? Have a look at the 2021 Gartner Market Guide to Email Security, which contains further information on ICES vendors, including Tessian.
Why choose Tessian?   Tessian was recognized as a Representative Vendor for Integrated Cloud Email Security (ICES) in the recently released 2021 Gartner Market Guide for Email Security.     What sets Tessian apart from other ICES solutions is its advanced email security and email data loss prevention (DLP) capability, including:   Advanced Spear Phishing Protection Advanced Attachment and URL Protection   Internal Impersonation & CEO Fraud Advanced Spoof Detection Counterparty & Vendor Impersonation  Brand Impersonation External Account Takeover  Invoice Fraud Bulk Remediation Automated Quarantine  Threat Intelligence   Tessian also offers protection against both malicious and accidental data loss, in-the-moment security awareness training for suspected phishing emails and in-the-moment security awareness notifications. 
To summarize, there are four key Tessian differentiators:   Threat prevention: Tessian protects against both known and unknown email attacks, including business email compromise, account takeover, spear-phishing, and all impersonation attacks that bypass SEGs, M365, and G Suite. Protection also includes class leading email DLP. Education and awareness: With Tessian’s in-the-moment training, organizations can educate and empower users to build continuous email security awareness  Reduced admin overhead: Tessian removes the burden on SOC and admins by automating repetitive tasks such as maintaining triage and review. This eliminates the need for human verification of email threats, reducing FTE requirements. Data-rich dashboards: With Tessian, security teams have clear visibility and the ability to demonstrate clear ROI     To find out more about Tessian as an ICES solution, and the key findings listed in the 2021 Gartner® Market Guide for Email Security, click here. 
Read Blog Post
Threat Intel
Tessian Threat Intel Roundup for June
By Charles Brook
Tuesday, July 5th, 2022
The Tessian Threat Intel team continues its focus on business email compromise (BEC) campaigns. We issued a Threat Advisory for a PayPal themed campaign we have been tracking since January.   The threat actors in this campaign are seeking to illicit payment fraud and potentially compromise credentials. Other key threats that we are focussing on include increasingly advanced methods for Account Takeover (ATO) and the persistent threat of email-delivered ransomware, including a spike of wiper-malware. Sign-up for our Threat Intel update to get this monthly update straight to your inbox.
  Tessian Threat Intelligence has recently tracked and observed scammers, on numerous occasions sending emails with fake invoice payment requests from payment service providers such as PayPal. From early evidence we are seeing, online fraud campaigns are on the rise, with the potential to evolve to ATO based attacks. Although the primary targets are private consumers, we are likely to see similar attacks targeting vendors and suppliers in the enterprise. The increasing sophistication and targeted nature of attacks observed across the cybercrime landscape represent the maturation of cyber crime, with threat actors targeting specific entities rather than random targets. A number of these phishing attacks are leveraging open source information, as well as relying on information gathered from previous data breaches to identify high yield targets.
  Tessian Threat Intel continues to track BEC and payment fraud campaigns with executive impersonation observed as a consistent theme.  Cryptocurrency payment fraud has already resulted in over $1billion in losses according to the FTC and is up 60x in 2021 compared to 2018. Ransomware-as-a-Service gang activity emanating from Russia is on the rise once again, with REvil re-emerging after an initial law enforcement crackdown. Wiper-malware is surging in 2022, first seen in Russian cyber attacks against Ukraine. Russian APT groups have been observed exploiting the Follina vulnerability.  Microsoft released a patch for Follina in June but we may see a spike in attachment-themed phishing abusing the vulnerability before the fix is widely implemented. Chinese APT groups have been using ransomware as a decoy to carry out espionage campaigns. Other attack campaigns that have captured our attention include the increasing phenomenon of voicemail themed phishing campaigns observed by Zscaler. We expect email delivered ransomware, including the growing prominence of wiper-malware to remain leading threats in 2022. A recently launched carding site ‘BidenCash’ gave away a list of stolen card details for free across darkweb forums to promote their store.
  Having intelligent and layered cybersecurity defenses in place, particularly securing email and the endpoint, are critical for staying safe. Leveraging behavioral cybersecurity solutions that can detect sophisticated social engineering attempts is essential, as threat actors continually develop intelligent methods to bypass rule-based security controls. Practicing good cybersecurity hygiene and regularly testing your security controls, including business continuity and disaster resilience capabilities, are of fundamental importance to cyber resilience. Conducting in-the-moment and contextual cybersecurity awareness training on advanced email threats for your employees should be prioritized  – end-users are your first line of defense.
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Email DLP
Product Update: Actionable Event Triage
By Dan Harrison
Friday, July 1st, 2022
Security and risk management teams are focused on detecting, investigating, and responding to cyber security incidents. Given the high number of security tools deployed in the environment of a typical organization, reviewing security events that could be actual incidents requires dedicated FTE resources and time. This creates two challenges.   1: A delayed response time in triaging security events and finding incidents can also result in worsening the fallout from a breach, thereby elevating the level of risk. 2: Security teams find it increasingly time consuming to handle this volume of events, potentially resulting in analyst burn out, loss of retention and a reduced quality in event investigation.   Improving the efficiency for event triage is essential to help security and risk leaders speed up investigations and remediate incidents. 
Working Smarter, Not Harder   A recent Tessian commissioned study by The Ponemon Institute found that “it can take an average of 72 hours to detect and remediate a data loss and exfiltration incident caused by a malicious insider on email and an average of almost 48 hours to detect and remediate an incident caused by employees’ negligence or error on email.”    This is why Tessian has focused on making the investigation process more efficient for our users with a new event triage workflow.
Enhanced security event management   Tessian has improved security efficiency for customers through enhanced event triage in the Tessian Portal for all of our data loss modules, Guardian, Enforcer and Architect. Our latest feature update includes:   The ability for security admins to view the full email body and attachment for a flagged email. The ability for users to label events within its workflow status. The event statuses can be marked as Open, Incident, Safe, False Positive, and Other.   These capabilities enable Tessian users to get more context on a security event and easily collaborate with team members, leading to a more efficient end-to-end investigation process. These enhanced capabilities extend across M365 and GSuite mailboxes.
Making the SOC more efficient   The new event triage enhancements demonstrated below, enables security analysts to view the email body and to more effectively triage the security events. The advantage this brings to security teams is being able to immediately access the event content, rather than requesting the email content often from a separate team. This speeds up the investigation workflow and reduces the dependency security teams have on other parts of the organization. Further enhancements include being able to assign security events to team members and labeling the event with its workflow status (open, incident, safe, false positive, other).
These new feature enhancements will enable:   • The ability to complete end-to-end investigations all within the Tessian Portal resulting in a more efficient response to security threats.   • Improved SecOps efficiency in dealing with actual events vs. false positives.   • The ability to more easily collaborate with team members through the assignment of events, helping teams remain focused on what matters most.   • Insight into the outcome of data loss events through event status tagging, helping the CISO gauge risk using real data and helping to measure Tessian’s Return on Investment
A note on privacy The ability for security teams to view the full body of emails and their attachments may pose a privacy concern to customers. In recognition of this, we have built in some privacy guard rails which customers can use to control and monitor data access. Only Tessian users who have the necessary permissions to view the full email body and attachments will be able to do so. In addition, whenever a user requests to view the email’s full body and attachment, an audit event will be created which can be viewed within the Tessian portal.
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Life at Tessian
Tessians 2022 DEI Report
By Tessian
Tuesday, June 28th, 2022
As a human first company, we want Tessian to be a place where everyone has the opportunity to bring who they are to work, and be included and valued as they are. Diversity, equity and inclusion (DEI) is so important to us, not only because it’s the right thing to do, but also because it’s essential for our success. Diversity is necessary for innovation, so prioritizing it is a really important part of our future as a company.   We recently published our second annual DEI Report, and I’ve been reflecting on our journey over the last year and the three big lessons I’ve taken into this year’s strategy.
Data. Data. Data.   We can’t just guess how we’re doing on DEI, we need data. When we first launched our 2021 DEI Strategy, it was based on analysis of a number of different kinds of data that helped act as signposts towards our DEI Focus Areas. Since then, we have improved our data set to add anonymized candidate data, and employee data about lots more personal attributes.   Anything we can explore – we do. It can be difficult to know where you’re going to find the most interesting and impactful insights before you start looking. Here’s how we do it:   We start off with a big pile of data, everything from representation to experience, to compensation to retention, all split by all the different personal attributes we collect voluntary data on. There are some standard measures we look at: pay gaps, representation vs benchmarks, significant variations in experience etc. but that often opens the door to lots of further questions, that require further data exploration We do our best to turn over every single stone and ask ourselves: is something going on here? Usually the answer is no, but it’s important that we employ that rigour everywhere, so that when the answer is yes, we don’t miss it. It’s easy to get distracted by what we assume the most significant DEI concerns are, often based on our own biases, so it’s so key to start as objectively as possible. Don’t guess or intuit where you should be focusing attention! Start with as much data as you can get, and let that guide your thinking.
If you don’t actively pay attention, anything can slip   Focus is necessary, but it’s hard. Throughout this journey, we’ve been so conscious that there are infinite dimensions of diversity to consider, and infinite topics we could focus our attention on. But resources are finite, and if we want to make an impact, we need to focus on just a few things.   As hard as it feels, focus isn’t just about deciding where you are going to focus, it’s also about deciding where you’re not going to dedicate energy. In 2021 one of those “non-focus areas” for us was gender representation. We found that we were above the benchmark compared to other companies similar to us, and there was nothing to indicate that might drop. So we put our energy into other places.   Throughout 2021, our gender representation gradually fell by 7 percentage points as we happened to hire fewer women and people from underrepresented genders. By the time the end of the year came, these few percentage points had put us below the benchmark compared to other similar companies.   Focusing on other kinds of representation, and other DEI areas meant we didn’t notice this gradual change in our gender representation, and so didn’t get ahead of it. This was a really important lesson for us this year; this time around we are paying more attention to movement in metrics even when they don’t directly relate to our focus areas for the year.   This is key to keeping focus dynamic, and adapting to the information you have today.
Working with everyone, necessity of the team activity   The final lesson I’ve taken from our DEI journey so far: DEI is necessarily a team activity. None of us can do it alone.   Once we have our focus areas, we develop tactics that we hope will address them. So far on our journey, the accountability to these tactics has been with the People & Talent team. But the more work we do, the more we realize we need the whole company 100% behind us, prioritizing this work.   Hiring is a great example of this: in a fast growing business, often representation comes down to hiring. If you’re growing but you aren’t hiring diversely, then overall representation will fall. So one of our Focus Areas this year is hiring more people from underrepresented genders and ethnicity backgrounds.   Of course, our brilliant Talent partners care so deeply about this, and are moving heaven and earth to build up a diverse pipeline of candidates. But it isn’t always easy. Building a diverse pipeline in a notoriously non-diverse industry can take time, and this is often time we feel we don’t have in such a fast-moving company. Or there might be a particular experience level we feel like a candidate should possess that limits the diversity in the candidate pool.   This is where the rest of the company comes in. In this case: the Hiring Manager and hiring team. Every single Tessian needs to be bought into our strategy so that we can resolve these challenges in the right way. One of our Tessian values is We Do The Right Thing, so it’s really important to us to take these tensions seriously and work together to make the best decisions for our people.   There are a few basic things we ask of all Tessians…   Help us reach diverse candidates by sharing our DEI work and our open roles widely…think LinkedIn, Discord, Slack. Any communities our Tessians are a part of! Continue to give us feedback on how they’re feeling, about DEI and our workplace more generally. We use an employee engagement tool, Peakon to collect this feedback so that people can stay anonymous if they choose. And most importantly: Get to know each other! Connection building is the core of belonging so we encourage lots of ways for our people to connect deeply. This is especially important in a globally distributed, hybrid team – we have to OVER deliver on opportunities to get together both in person and virtually. What’s Next?   And as with any journey like this, it’s far from over. We all have so much work to do in DEI and there are a hundred new questions swimming around our heads on where we should focus next, and how to make our DEI Strategy more effective. For example…   Goals: Right now our DEI Goals sit with the People team. Should we transition our DEI Goals to the company level, so it’s every one of us that is responsible for addressing them? We know accountability is key, but is the accountability in the right place for maximum impact?   Engagement: How much time and engagement should we be asking of our people? Do we need everyone to know every detail of our strategy? Or is it enough that they know their own role, and the WHY behind DEI at Tessian?   We’re committing to continuing to ask ourselves these hard questions and hold ourselves accountable to the very highest standards of DEI. It’s not always easy, but it is the right thing to do.   Want to join us on our journey? We’re hiring, all open roles are here. What’s it like to work at Tessian? Here’s 200 reasons you’ll love it.
Read Blog Post
Page