Step Into The Future of Cybersecurity — Save your spot at the Human Layer Security Summit for free.

Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
Customer Stories

Read our latest Customer Stories, interviews and news. Learn how Tessian protects organisations in Financial Services, Legal, Technology and other markets.

Customer Stories DLP
Customer Story: How Tessian Helped a Private Equity Firm Achieve Threat Visibility Through A Platform Approach
By Maddie Rosenthal
28 September 2021
With over 35 years of investment history, this private equity firm headquartered in Boston, MA, currently has more than 130 investments and nearly 200 employees. Having been a customer since 2018, the firm’s Senior Security Administrator shared how Tessian Guardian and Tessian Enforcer have helped him and his team prevent outbound threats while reducing admin overhead.  Tessian Solutions Enforcer:  Automatically prevents data exfiltration and other non-compliant activities on email. Enforcer can be easily configured to silently track, warn, or block sensitive emails. Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required.
Security Environment After Deploying Tessian The benefits of the platform approach The less tools security teams have to manage, the better. Especially since it can be difficult to get a single view of risk when having to pull insights from multiple sources. That’s why the firm bought into Tessian; it solves multiple use cases across one platform, including data exfiltration, accidental data loss, and advanced impersonation attacks.  And, with Human Layer Risk Hub, their security team gets granular visibility into employee risk and insights into individual risk levels and drivers. Today, they can differentiate between employees at different levels of risk, and evolve to support each group in unique, personalized ways through training, policies, and in-platform tools.  Find answers faster with Tessian integrations Integrations with other tools are key. And, while Tessian integrates with well over a dozen products, including SIEM/SOARs, SSO tools, and directory management tools,  these are the two Tessian integrations that stand out for the firm’s Senior Security Administrator: Azure Directory: While Azure Directory (AD) groups are a source of truth, building and maintaining them takes a lot of time and effort. Worse still, many security solutions don’t connect with AD groups, which makes zeroing in on an incident or potential risk that applies to a wider group of users is impossible. This forces security teams to look at each individual mailbox or user and aggregate them, which can take days. But, because Tessian syncs with AD, all you need to do is select the group. That means you can find what you’re looking for and take action right away. SIEM Integrations:  Tessian seamlessly integrates with SIEMs like Splunk and Rapid7. In  future, this will allow the firm’s security team to import valuable Tessian data for a more complete picture of their security posture.  According to their security team, the key to effectively garnering insights from data platforms is to decide what data is the most meaningful. That way, SOC teams can reduce the noise, focus on what’s truly valuable, and make informed security decisions.
Empower users without getting in the way Because Tessian is powered by machine learning instead of rules, it’s able to detect data exfiltration attempts and misdirected emails with incredible accuracy. In fact, on average, employees receive just two warning messages per month. That means when an email is flagged, they pay attention. Better still, Tessian gets smarter over time, and evolves in tandem with changing relationships. As data becomes more accurate, false positives decrease. And with a decrease in false positives, comes an increase in trust.
Want to learn more about how Tessian can help you prevent data loss on email? Book a demo now.
Customer Stories DLP
Customer Story: How Tessian Combines Data Loss Prevention With Education in Financial Services
20 September 2021
Having deployed Tessian at the end of 2020, Israel Bryski, Head of Information Security at an investment management firm headquartered in NYC, shared how Tessian has helped him and his team improve their security posture while changing employee behavior long-term.  The firm, which was formed in the early 1980s, has offices across Spain, Germany, the UK, and Singapore, and currently has 200 employees managing retirement plans and investments for roughly 30,000 current and former Mckinsey employees. Their journey to Tessian Before working with Tessian, the firm had their developers build a custom Outlook add-in to prevent accidental data loss via misdirected emails  Every time someone would send an outbound email to an external domain, they would get a pop-up asking them, “Are you sure to send to this domain?” But, because there was no context in the pop-up, it wasn’t as effective as it could have been immediately following roll-out. Employees were still blindly ignoring the warning, and accidentally sending emails to the wrong person.  At the same time, the security team was also struggling to make security awareness training engaging and relevant to employees Solution Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required. Human Layer Risk Hub: Enables security and risk management teams to deeply understand their organization’s email security posture, including individual user risk levels and drivers
Security Environment After Deploying Tessian Explaining the “why” behind policies to change behavior For Israel and his team, education is key.  Having learned from their custom-built Outlook Add-In which warned employees when an email was being sent to the wrong email address, but didn’t offer insight into the “why”, the team wanted to find a solution that offered context and that would bolster their security awareness training programs. They found that in Tessian and, since deployment, they’ve actually seen a change in behavior and a reduction in data loss incidents. 
Learn more about why in-the-moment warnings are so effective. Because Tessian is powered by machine learning instead of rules, it’s able to detect data exfiltration attempts and misdirected emails with incredible accuracy. In fact, on average, employees receive just two warning messages per month. That means when an email is flagged, they pay attention. Better still, Tessian gets smarter over time and evolves in tandem with changing relationships. As data becomes more accurate, false positives decrease. And with a decrease in false positives, comes an increase in trust.
Preventing accidental data loss without impeding productivity  Since deploying Tessian, over 100 data loss incidents have been prevented.  Israel shared an example:  Someone at the firm created a goodbye video for a senior exec who was retiring; they meant to send it to a colleague for them to play the video in the goodbye meeting. When the sender put the address in the To field, they typed in the first letters, and another external vendor’s email popped up that was cached. They didn’t pay attention, added that address to the email, and tried to send it.  When he went to send the email, he got the Guardian pop-up asking him if that vendor’s address was really meant to be part of the group of recipients. He read the contextualized warning, removed that particular vendor, and added the correct recipient.  It goes to show: Tessian does more than prevent breaches. It also saves employees from red-faced embarrassment. Israel and his team have gotten kudos from quite a few people in the firm. One exec in particular was always casting a shadow over the different security tools that had been deployed. He explained, saying “When we got kudos from him, that was a big win in my book! He actually sees the value of Tessian, why we’re purchasing new technology, and why we’re constantly evaluating new solutions on the market that can augment and complement our security program.” 
Interested in learning more about how Tessian can help prevent accidental data loss in your organization? You can read some of our customer stories here or book a demo.
Human Layer Security Customer Stories DLP
16 Ways to Get Buy-In For Cybersecurity Solutions
By Maddie Rosenthal
20 August 2021
As a security or IT leader, researching and vetting security solutions is step one. What’s step two, then? Convincing key stakeholders like the CEO, CFO, and the board that the product needs to be implemented, that it needs to be implemented now, and that it’s worth the cost.  This is easier said than done, but security is business-critical.   So, how do you communicate risk and make a compelling case to (eventually) get buy-in from executives? We talked to security leaders from some of the world’s most trusted and innovative organizations to find out what they do to get buy-in from CxOs. Here’s a summary of their tips. You can download this infographic with a quick summary of all of the below tips. This is perfect for sharing with peers or colleagues. Or, download this eBook. 1. Familiarize yourself with overall business objectives While cybersecurity has historically been a siloed department, today, it’s an absolutely essential function that supports and enables the overall business. Think about the consequences of a data breach beyond lost data. Organizations experience higher rates of customer churn, reputations are damaged, and, with regulatory fines and the cost of investigation and remediation, there can be significant revenue loss.  The key, then, is to attach cybersecurity initiatives to key business objectives. The security leaders we interviewed recommended starting by reviewing annual reports and strategic roadmaps. Then, build your business case. If customer retention and growth are KPIs for the year, insist that cybersecurity builds customer trust and is a competitive differentiator. If the organization is looking for higher profits, make it clear how much a breach would impact the company’s bottom line. (According to IBM’s latest Cost of a Data Breach, the average cost of a data breach is $4.24 million.) 2. Create specific “what-if” scenarios A lot of security solutions are bought reactively (after an incident occurs), but security leaders need to take a proactive approach. The problem is, it’s more challenging for CxOs and the board to see the value of a solution when they haven’t yet experienced any consequences without it.  As the saying goes, “If it ain’t broke, don’t fix it”.  That’s why security leaders have to preempt push-back to proactive pitches by outlining what the consequences would be if a solution isn’t implemented so that stakeholders can understand both probability and impact. For example, if you’re trying to get buy-in for an outbound email security solution, focus on the “what-ifs” associated with sending misdirected emails  which – by the way- are sent 800 times a year in organizations with 1,000 employees. Ask executives to imagine a situation in which their biggest clients’ most sensitive data lands in the wrong inbox.  What would happen?  Make sure you identify clear, probable consequences. That way, the situation seems possible (if not likely) instead of being an exaggerated “worst-case scenario”.  3. Work closely with the security vendor You know your business. Security vendors know their product. If you combine each of your expertise – and really lean on each other – you’ll have a much better chance of making a compelling case for a particular solution. Ask the vendor for specific resources (if they don’t exist, ask them to create them!), ask for product training, ask if you can speak with an existing customer. Whatever you need to get buy-in, ask for it. Rest assured, they’ll be happy to help.  4. Collaborate and align with other departments It takes a village and cybersecurity is a “people problem”.  That means you should reach out to colleagues in different departments for advice and other input. Talk to the folks from Risk and Compliance, Legal, HR, Operations, and Finance early on.  Get their opinion on the product’s value. Find out how it might be able to help them with their goals and initiatives. In doing so, you might even be able to pool money from other budgets. Win-win! 5. Consider how much the executive(s) really know about security To communicate effectively, you have to speak the same language. And, we don’t just mean English versus French. We mean really getting on the same level as whomever you’re in conversation with. But, to do that, you have to first know how much your audience actually knows about the topic you’re discussing. For example, if you look into your CEO’s background and find out that he or she studied computer science, you’ll be able to get away with some technical jargon. But, if their background is limited to business studies, you’ll want to keep it simple. Avoid security-specific acronyms and – whatever you do – don’t bury the point underneath complex explanations of processes.  In short: Don’t succumb to the Curse of Knowledge. 
6. Use analogies to put costs into perspective  One of the best ways to avoid the Curse of Knowledge and give abstract ideas a bit more context is to use analogies. It could be the ROI of a product or the potential cost of a breach. Either way, analogies can make big, somewhat meaningless numbers more tangible and impactful. For example, imagine you’re trying to convince your CFO that the cost of a solution is worth it. But, the 6-digit, one-time cost is a hard sell. What do you do? Break the overall cost down by the product’s lifespan. Then, divide that number by the number of employees it will protect during that same period.  Suddenly, the cost will seem more manageable and worth the investment. 7. Invite key stakeholders to events or webinars  Before you even start pitching a particular solution, warm-up executives with educational webinars or events that aren’t product-specific. This will give CxOs a chance to better understand the problem, how it might apply to them, and how other people/organizations are finding solutions. Bear in mind: most vendors will have at least 1 (generally 2+) webinars or events during the standard sales cycle.  8. Prepare concise and personalized briefing materials Individual stakeholders will be more likely to consider a particular solution if the problem it solves is directly relevant to them. How? Combine tips #1, #2, #3, and #5. After taking some time to understand the business’ overall objectives, take a closer look at individual peoples’ roles and responsibilities in meeting those objectives. Then, dig a bit deeper into how much they know about cybersecurity. Imagine you’re meeting with a COO with some technical experience whose focus is on maintaining relationships with customers. His or her briefing documents should contain minimal technical jargon and should focus on how a data breach affects customer churn.  The bottom line: make it about them. 9. Share these documents in advance of any formal meetings While this may seem obvious, the security leaders we spoke to made it clear that this is an essential step in getting buy-in. No one wants to feel caught off guard, unprepared, or rushed.  To avoid all of the above, make sure you share any documents relevant to the solution well in advance of any formal meetings. But, don’t just dump the documents on their desk or in their inbox. Outline exactly what each document is, why it’s relevant to the meeting, and what the key takeaways are. You want to do whatever you can to help them absorb the information, so make sure you make yourself available after sharing the documents and before the meeting, just in case they have any questions or need additional information. 10. Build a strong security culture Before we dive into why building a strong security culture can help you get buy-in, we want to make it clear that this isn’t something that can happen overnight. This is a long-term goal that requires the help of the entire organization. Yes, everyone. So, how do you build a strong security culture? Start by ensuring that security and IT teams are committed to helping – not blaming – employees. There has to be a certain level of mutual trust and respect.  Beyond that, employees have to accept responsibility for the overall security of the organization. They have to understand that their actions – whether it’s clicking on a phishing email or using a weak password – have consequences.  If they do accept this responsibility, and if they genuinely care about following policies and procedures and helping secure data and networks, high-level executives will care, too. They’ll therefore be more likely to sign-off on solutions. 11. Keep an eye on security trends outside of your industry  Some industries – specifically Healthcare, Financial Services, and Legal – are bound to compliance standards that formalize the need for effective security solutions. That means that, compared to other industries like Retail or Manufacturing, they’ll be required to have more robust strategies in place. What they’re doing now, the rest of us will be doing in 12 months. Keep this in mind. If you notice that organizations operating in the most highly regulated industries are all taking data loss prevention (DLP) seriously, you’ll be able to make a strong case that this is something that should be on your radar, too. 12. Approach non-executive stakeholders early on While – yes – getting buy-in from CxOs and the board is important, security leaders also need to get buy-in from non-executive stakeholders working in IT, infrastructure, etc.  After all, those are the people who will actually be responsible for deploying the solution and maintaining it.By approaching them early on (and assuming they’re interested in the solution, too) you’ll be able to paint a clear picture of the process after the solution has been signed off on.  How long will it take? Who’s involved? Will employees’ workflow be disrupted? These are all important questions to answer.  13. Match like-for-like people from both sides If you’re scheduling a meeting with executives from your side and key people from the vendor’s side, make sure you’re bringing in people that “match” in terms of function and seniority level. For example, if you work at a start-up and the founder of your company wants to be involved in the buying process, ask the vendor’s founders to join, too. Likewise, if the Head of Infrastructure is joining from your side, ask someone in a similar function to join from the other side. Why? Like-for-like people will be best placed to answer one another’s questions.  And, with that in mind…. 14. Preempt questions and prepare answers No one likes to be put on the spot. To avoid being asked a question that you don’t know the answer to, spend a good amount of time considering all the questions different stakeholders may ask and drafting well-thought-out answers. (Better yet, fit the answers into briefing documents or the presentation itself!) Remember, people are generally concerned with how a problem/solution affects them directly. That means the CEO will have different questions than the CFO, who will have different questions than the Head of IT.  15. Get specific customer references from the vendor We mentioned in tip #3 that you should lean on the vendor, especially when it comes to specific resources and customer references. And, we mentioned in tip #11 that you should match like-for-like people in meetings. It should make sense, then, that specific customer references will be more powerful than generic ones. For example, if you’re the CISO at a 4,000-person tech firm in North America, and you’re trying to convince you’re CTO that you need to implement a new solution, you should share a case study (or customer reference) from the vendor that outlines how their product has helped an organization in the same industry, that’s the same size, and in the same region. Ideally, it will also feature quotes from the CTO. Why? Professionals trust and rely on their peers when making difficult decisions. 16. Be conscious (and considerate of) peoples’ time  Decisions about security solutions can involve a lot of different people. That means you’ll have to balance several conflicting schedules and fight for time. Your best bet? Book meetings with all relevant people at once and get the vendor involved at the same time. Ahead of the meeting, share an agenda along with any relevant documents (see tip #8).  Are you a security leader who wants to offer advice to your peers? We’d love to hear from you! Please get in touch with madeline.rosenthal@tessian.com. And, if you’re looking for more advice, check out these blogs: How to Communicate Cybersecurity ROI Advice from Security Leaders for Security Leaders: How to Navigate New Remote-Working Challenges How to Create an Enduring and Flexible Cybersecurity Strategy
Customer Stories
Advanced Inbound and Outbound Threat Protection for an International Law Firm
11 June 2021
Company: Penningtons Manches Cooper Industry: Legal Company Size: 1,000 employees Solutions: Enforcer, Guardian, Defender Environment: Hybrid Platform: Outlook Customer since: 2016 About Penningtons Manches Cooper Penningtons Manches Cooper is a leading UK and international law firm which provides high quality legal advice to both businesses and individuals. The firm has UK offices in the City of London, Basingstoke, Birmingham, Cambridge, Guildford, Oxford and Reading with an overseas network stretching from Asia to South America through their presence in Singapore, Piraeus, Paris, Madrid and São Paulo. With 130 partners and over 880 people in total, Penningtons Manches Cooper is acknowledged as a dynamic and forward-thinking practice which combines legal services with a responsive and flexible approach.  They have established a strong reputation in a variety of sectors, particularly private wealth, shipping, technology and property.  Penningtons Manches Cooper lawyers are also recognised for their expertise in life sciences, education, retail, sports and entertainment and international trade. Before Tessian…. Before deploying Tessian in 2016, Marcus Shepherd, Best Practice Operations, and Richard Mullins, IT Security Engineer, both suspected Penningtons Manches Cooper had a more significant problem with email data breaches than was being reported. Marcus explained, saying “It was pretty clear that, together with the rest of the industry back then, we had a problem with email data breaches but had no visibility as to the extent of it. We had reporting processes in place, but had a hunch that the actual number of incidents was higher than those being reported by employees. Part of the problem was education. Complete understanding of what constituted a data breach and the possible consequences of data breaches – even with very basic personal details – was not fully understood then.  A lot of employees were not clear that if something had taken place, it needed to be reported.” While they were leveraging some standard rules in Outlook for inbound threats, they were relying on employee training, rule-based systems, and self-reporting to prevent outbound threats like misdirected emails and data exfiltration (both accidental and malicious).
According to Marcus and Richard, they lacked visibility and control over threats, employees were struggling with alert fatigue, and their security team was inundated with more false positives than they could investigate.  Must-have features…. In evaluating solutions, the firm was originally looking for three key features. Effectiveness: Because data loss incidents were a concern, their top priority was to find a solution that would accurately predict data loss incidents on email. But unsurprisingly, they were wary of any solution that might trigger false positives. This would distract partners and cause alert fatigue. Ease-of-use: They wanted a tool that would be easy to deploy and not require a large security team to manage it day-to-day.   Education: It can be difficult to encourage fee-earners to prioritize security considerations when dealing with busy and demanding clients. The pop-ups triggered by rule-based tools weren’t offering employees the information they needed to understand how to handle data safely or why it was so important to do so. Marcus and Richard wanted a tool that offered context and complemented training and awareness programs.
With Tessian…. As an innovative firm with a proactive security team, Penningtons Manches Cooper was an early adopter of Tessian and deployed Tessian Guardian and Tessian Enforcer in 2016 to prevent misdirected emails and data exfiltration on email. In 2019 – as soon as it was released to market – they deployed Tessian Defender. Tessian offers advanced threat protection  Since deploying Tessian, Richard and Marcus have seen Tessian Enforcer reduce loss of IP from people leaving the firm, have seen over 3,000 interventions where Tessian Guardian has prevented a potential data breach by flagging a misdirected email, and have seen Tessian Defender prevent advanced impersonation attacks including CEO Fraud and Business Email Compromise.  “Tessian is a vital part of our security stack when it comes to cyber awareness, risk and compliance, and information protection. It’s an essential perimeter defense – and sometimes the last line of defense,” Richard said.  Tessian surfaces rich insights about employee behavior on email With Human Layer Risk Hub, Penningtons Manches Coopers’ security team has clear visibility of threats.  “Tessian is doing the heavy lifting for us now. We’re no longer looking through spreadsheets with hundreds or thousands of events. With Human Layer Risk Hub, we get incredible visibility within the portal into high-risk users and high-risk events. We can now identify users whose behavior could put us at risk, whether it’s via misdirected emails, unauthorized emails, or spear phishing attacks. This all helps massively with incident response since our security and compliance teams do not have limitless resources,” Richard said.  In-the-moment warnings reinforce security awareness training and reduce risk over time Tessian’s in-the-moment warnings offer context about why an email is being flagged as malicious or suspicious. They’re written in clear, easy-to-understand language and help nudge employees towards safer behavior over time.
The platform is easy to deploy and manage day-to-day  Tessian deploys within minutes, learns within hours, and starts protecting in a day. Richard and Marcus experienced this during their initial deployment and again during their merger with Thomas Coopers LLP in 2019.  Marcus explained, saying that “Deploying Tessian across new users after the merger was seamless. We got everyone connected immediately which helped us extend our security culture right away”.  Low flag rates and false positives mean Tessian doesn’t get in the way  It was important for Marcus and Richard to find a tool that worked, without distracting, frustrating, or confusing especially busy lawyers.  With Tessian, they no longer struggle with high rates of false positives.
Tessian sets the benchmark for technology partners From the outset, Richard and Marcus have been proactive in helping shape Tessian’s product roadmap to serve them, other law firms, and customers across industries.   “In terms of a relationship with a supplier, Tessian is the benchmark for continuous improvement and adapting to the threat landscape. We have a huge amount of engagement and feedback with Tessian which has helped to improve our email security posture. They actively want to go on our journey with us and are always willing to listen to our concerns or requirements,” Richard said.
Customer Stories
Why Schroders Adopted Tessian 5 Years Ago, And How The Platform Has Evolved Since Then
By Maddie Rosenthal
24 March 2021
Company: Schroders Industry: Financial Services Seats: 6,500 Solutions: Guardian, Enforcer, Defender About Schroders   As a global active asset manager, Schroders has over 200 years of experience in investment and innovation and remains committed to creating a better future by investing responsibly for their clients. Across five business areas – including Private Assets & Alternatives, Solutions, Mutual Funds, Institutional and Wealth Management, Schroders invests in a wide range of assets and geographies and is responsible for £574.4 billion (€641.7 billion/$785.1 billion) in client assets, managed locally by 42 investment teams worldwide.  As a global business with over 5,500 talented staff across 35 locations, Schroders is able to stay close to their clients and understand their needs.  Schroders was an early adopter of Tessian, having first deployed the platform back in 2016. Since then, they’ve been using Tessian Guardian, Enforcer, and Defender for both inbound and outbound email security to help prevent accidental data loss, malicious data exfiltration, and inbound threats like spear phishing and Business Email Compromise (BEC). We talked to Rob Hyde, Chief Information Security Officer, and Mike Vieira, Perimeter and Cloud Security Capability Lead, to find out why Schroders initially chose Tessian, how the solution has evolved over the years, and how their security posture has improved as a result.   1. There is no “silver bullet” when it comes to email security   When we asked security leaders what threat vector they’re most concerned about protecting,  nearly half said email. For Rob, this isn’t a surprise.  “All big financial firms recognize that email-based processes are prone to human error. But we can’t take email out of the equation. There’s training, but people of course make mistakes despite being advised not to. So, what can you do? You either stop using email, or you find a product like Tessian that removes some of the risk,” he explained. As a part of their DLP strategy, Schroders uses Tessian Guardian to prevent employees from sending emails to the wrong person and from attaching the wrong files to emails; they use Tessian Enforcer to prevent employees from sharing sensitive information outside of the company network.  For Rob and Mike, Tessian Enforcer has been invaluable, especially once employees made the switch to remote working in early 2020. Mike explained, “Tessian Enforcer proved incredibly valuable after we made the shift to remote working. It allowed us to get a bird’s eye view of how employees were handling data and helped us understand what policies we needed to reinforce, what policies we needed to change altogether, and even gave us a better idea of what tools and technology would help our employees do their jobs more efficiently outside of the office”. Importantly, though, when it comes to locking down email, there is no silver bullet.  Training is necessary. Policies are essential. And rule-based DLP solutions have their place. So, what makes a solution really stand out? Its ability to complement and bolster other solutions, while also filling in the gaps.  Tessian is that solution for Schroders.
2. Rule-based and legacy solutions are admin-intensive with a low ROI  While the static nature of rules has been a pain point for Schroders, it isn’t the only drawback of legacy DLP solutions.  “Traditional DLP has a low return on investment, and it’s expensive to run. It does stop some malicious emails, but it’s very low volume,” Rob explained. Tessian is different, though. “On the other end of the spectrum, you have Tessian. If you look at Guardian, for example, it’s stopping data loss every day. Now, misdirected emails aren’t malicious activity, but the consequences are no less severe and the ROI is clear and easy to calculate. All we have to do is look at the number of employees who were going to do something – like send an email to the wrong person, move sensitive data outside of the company – but didn’t because of the solution.” he said.
For Rob and Mike, the ROI of Tessian is compounded by the fact that it’s effortless for their team to maintain. Because it’s proactive in preventing data loss and detecting inbound threats, there’s virtually no intervention or investigation required. 
3. Security solutions should enable employees, not restrict them  As one of the most successful asset management companies in Europe, it’s incredibly important to Rob and Mike that cybersecurity doesn’t come at the cost of reduced productivity or employee disruption.  “It’s a fine line. You want to give employees the freedom and flexibility to do their job. You don’t want to restrict too much, especially on email. But, equally, you have to help them understand their responsibility and the role they play in keeping the company secure,” Rob explained. Tessian satisfies both needs. In-the-moment warnings are helpful, not annoying and, because the platform is powered by machine learning, threats are detected with incredible accuracy; flag rates and false positives are much lower than other solutions, with just 1-2 emails emailed flagged per employee, per month.
Better still, this supports Schroders’ ethos of trust and enables Rob to support the organization. He explained, saying that “we trust our employees. They want to do the right thing. But we have to support them. Tessian helps us do that. The warning messages are well-written and give our users a chance to make better, more informed decisions”.
Learn more about how Tessian prevents human error on email Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships. Tessian Guardian automatically detects and prevents misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts Tessian Defender automatically detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of an organization’s email network. That means it gets smarter over time to keep you protected, wherever and however your work. Interested in learning more about how Tessian can help prevent email mistakes in your organization? You can read some of our customer stories here or book a demo.
Schroders Case Study hbspt.cta.load(1670277, '57be6462-e7f3-4e36-ab06-cf44b24cb0cc', {"region":"na1"});
Customer Stories
How Tessian Gave GoCardless Better Control and Visibility of Their Email Threats
By Maddie Rosenthal
18 February 2021
Company: GoCardless Industry: Financial Services Seats: 450 Solutions: Guardian, Enforcer, Defender About GoCardless  GoCardless is a global leader in recurring payments. The GoCardless global payments network and technology platform takes the pain out of getting paid for more than 55,000 businesses worldwide, from multinational corporations to small businesses.  Each year GoCardless processes $18 billion of payments across more than 30 countries. GoCardless is headquartered in the UK, with additional offices in Australia, France, Germany, and the United States.  To help prevent accidental data loss, malicious data exfiltration, and inbound threats like spear phishing and Business Email Compromise, GoCardless has deployed Tessian Guardian, Enforcer, and Defender as their complete inbound and outbound email security solution. We talked to Punit Rajpara, Head of IT, and Benjamin Ayers, IT Engineer, to find out why GoCardless chose Tessian and how their security posture has improved since deployment.  1. Mistakes are inevitable, and self-reporting isn’t enough.  43% of people admit to making a mistake at work that compromised cybersecurity. For Punit and Ben, this isn’t a surprise.  “Whether you like it or not, people make mistakes. It’s inevitable. It could be an accident – like sending a spreadsheet or proposal to the wrong person. Or it could be something more intentional and malicious, like a bad leaver. Whatever it is, we – and all other businesses, really – need to accept that and be prepared for it. At GoCardless, we’d like to be proactive rather than wait for something bad to happen,” Punit explained. That’s why he and his team had a process in place for employees to follow if and when mistakes did happen: reporting. But, after a Proof of Value with Tessian, they realized self-reporting wasn’t enough.
2. Their existing security stack offered limited protection, visibility, and control. GoCardless had several email security solutions in place, many of which were native tools like Google’s rule-based DLP. But these tools alone just weren’t effective enough.
But HLS-I was just one of the features that met their criteria. Their ideal solution needed to be low-maintenance, too. They found that in Tessian. “Tessian was clearly designed with end-users in mind. It’s really allowed us to empower our users to protect themselves without much – if any – admin overhead. That was essential for us,” Ben said. This is especially important for GoCardless since empowerment is an integral part of their ethos.  What about inbound? GoCardless – who have security training and awareness programs in place to help employees spot phishing emails – wasn’t looking for spear phishing protection. But, they immediately saw the value of Tessian Defender. Punit explained, saying “We didn’t come to Tessian for inbound protection. Just outbound. But when we saw how effective Tessian Defender was – especially at reinforcing training – we quickly realized how valuable it would be to have one single platform that covered both inbound and outbound. If we can solve two problems together, why do just one? That was a deciding factor for us”.  3. A breach would have devastating consequences. Since deploying Tessian Guardian to prevent misdirected emails, Tessian Enforcer to prevent data exfiltration, and Tessian Defender to prevent spear phishing, Punit and Ben have seen how their security posture can improve.  But, in order to get buy-in, it was important they outlined the consequences of a breach. For GoCardless, just a few include: Exposed client data  GDPR fines and penalties  Customer churn Customer litigation Loss of VC funding Loss of license  Reputational damage That’s not to say, though, that they had to weigh the cost of the solution against the potential cost of a breach.
 Learn more about how Tessian prevents human error on email Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships. Tessian Guardian automatically detects and prevents misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts Tessian Defender automatically detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of an organization’s email network. That means it gets smarter over time to keep you protected, wherever and however your work. Interested in learning more about how Tessian can help prevent email mistakes in your organization? You can read some of our customer stories here or book a demo.
GoCardless Case Study hbspt.cta.load(1670277, 'a3c10d11-c5e4-4fac-96d8-af18dbb965b8', {"region":"na1"});
Spear Phishing Customer Stories
How Tessian Is Preventing Advanced Impersonation Attacks in Manufacturing
By Maddie Rosenthal
12 January 2021
Company: SPG Dry Cooling Industry: Manufacturing Seats: 368 Solutions: Defender About SPG Dry Cooling SPG Cooling is an innovative, global leading manufacturer of air-cooled condensers that has been providing exceptional quality equipment to coal, oil, and gas industrial plants for over a century. They employee a global workforce and have over 1,000 customer references. We talked to Thierry Clerens, Global IT Manager at SPG Dry Cooling, to learn more about the problems Tessian helps solve and why he chose Tessian Defender over other solutions.  Problem: The most advanced threats can slip past other controls  Phishing is a big problem across all industries.  But, because inbound email attacks are becoming more and more sophisticated and hackers continue using tactics like domain impersonation and email spoofing, Thierry knew he needed to implement a new solution that could stop the phishing emails that might slip past his O365 controls and trained employees. He cited one specific incident where a hacker impersonated a company in SPG Cooling’s supply chain and attempted to initiate a wire transfer.  How? A tiny, difficult-to-spot change in the domain name.  “They created a fake domain with exactly the same name as the real user. But the top-level domain .tr was missing at the end. So it was just .com. No user – not even IT! – is looking at the domain name that closely. They tried to get us to deliver money to another account,” Thierry explained. While the attack wasn’t successful (SPG Dry Cooling has strong policies and procedures in place to confirm the legitimacy of requests like this) he wanted to level-up his inbound email security and help users spot these advanced impersonation attacks. So, he invested in Tessian. Thierry explained why. 
Tessian Defender analyzes up to 12 months of historical email data to learn what “normal” looks like. It then uses natural language processing, behavioral analysis, and communication analysis to determine if a particular email is suspicious or not in real-time. To learn more, read the data sheet.  Problem: You can’t train employees to spot all phishing attacks Tessian also helps employees get better at spotting malicious emails with in-the-moment warnings (written in plain English) that reinforce training by explaining exactly why an email is being flagged. Here is an example:
This feature is especially important to Thierry, who values phishing awareness training but understands it has to be ongoing.  “We like to empower our users and we like that, with Tessian, our users learn and become better and better and better. That’s what we’re trying to do at SPG Dry Cooling. We’re trying to train and educate our users as much as possible. We’re trying to be innovative in the ways that we get our users, our company, our members, everybody, to better themselves,” he said. In evaluating solutions, he wanted something that would protect his people, while also empowering them to make smarter security decisions. He found that in Tessian, explaining that “the most interesting feature for me is the user education. You have to train your users. You have to help them get better at spotting threats by helping them understand the threats. Tessian does that.” Problem: It’s nearly impossible for IT teams to manually investigate all potential inbound threats Before Tessian, Thierry and his team had to manually investigate all emails that employees flagged as suspicious. With limited time and resources – and given the fact that “some are really good and are even hard for IT people to find” – it was nearly impossible for them to keep up. 
Thierry explained that Tessian extends the capabilities of his team. How?  It automatically detects and prevents threats Domains can be added to the denylist in a single click, before they even land in employee’s mailboxes Tessian dashboards make it easy for IT to see trends and create targeted security campaigns to help educate users.  Tessian was also easy to deploy. “As a part of our proof of concept, Tessian started ingesting historical data about employee’s IP addresses, what emails they normally send, who they normally communicate with. We saw how it was helping in just a few weeks. After that, we connected Tessian to Office 36. It took just 15 minutes,” he said.  Learn more about how Tessian prevents human error on email Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships. Tessian Guardian automatically detects and prevents misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts Tessian Defender automatically detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of an organization’s email network. That means it gets smarter over time to keep you protected, wherever and however your work. Interested in learning more about how Tessian can help prevent email mistakes in your organization? You can read some of our customer stories here or book a demo.
SPG Dry Cooling Case Study hbspt.cta.load(1670277, '18e021b3-d228-43a7-9fa6-e3f44190d20c', {"region":"na1"});
Customer Stories DLP
Why Caesars Entertainment Chose Tessian as Their Complete Outbound Email Security Solution
By Maddie Rosenthal
07 January 2021
Company: Caesars Entertainment UK Industry: Entertainment Seats: 250 Solutions: Guardian and Enforcer  About Caesars Entertainment UK  In 2006, Caesars Entertainment – the world’s largest casino entertainment company, best known for properties such as Caesars Palace, Planet Hollywood, and Harrahs – acquired London Clubs International. The current seven casinos in the UK form Caesars Entertainment UK. While the organization is passionate about delivering exceptional gaming entertainment and proud to offer customers unrivaled networks and benefits, they’re also active in the community, sponsoring and supporting a number of charities, including YGAM, GamCare, and The Gordon Moody Association. To help prevent both accidental data loss and malicious data exfiltration, Caesars has deployed Tessian Guardian and Enforcer as a complete outbound email security solution to protect 250 employees. Tessian solves three key problems for Caesars, which we explore in the Q&A interview below. Or, you can keep reading for a summary of the discussion.  1. An honest mistake on email almost caused a data breach Oftentimes, cybersecurity solutions are purchased retroactively, meaning after a breach has occurred. But, for Charles Rayer, Group IT Director at Caesars Entertainment UK, Tessian was a proactive investment, elicited by a near-miss. Here’s what happened: A customer relations advisor was sending emails to the casino’s VIPs. But, in one email, the employee accidentally attached the wrong document, which was a spreadsheet containing personal information related to some of their top 100 customers.   Luckily, they also spelled the email address incorrectly, so it was never actually sent. Nonetheless, it was a wake-up call for Charles and his team.
So, what would the consequences have been if the email had actually gone through? Charles explained, saying, “We’re covered by the GDPR and the Sarbanes-Oxley Act because we’re a public listing with US parent companies which means, had the email been sent, we would have had to report it which is a long process. And, even though we had security solutions in place, we would have most likely recieved a fine.  But for us, the biggest issue would have been the reputational damage. If that personal information did fall into the wrong hands, what would they do with it? Would they use it for their own personal benefit? Would they use it against us?”  With Tessian Human Layer Security Intelligence, Charles now has clear visibility of misdirected emails – what he previously considered an “iceberg threat” – and, because Tessian Guardian automatically prevents emails from being sent to the wrong person, Charles feels confident that a simple mistake won’t cost Caesars its reputation.  “It’s an issue of human error. We truly believe people are 100x more likely to accidentally mishandle data than to do it deliberately. So how do you solve it? There are thousands of solutions that categorize emails, look for strings of numbers, and identify keywords based on rules. But they don’t help in this situation. Tessian does. It knows – and continues learning – what conversations you normally have with people and can pick-up when something’s off. That’s the feature that really stood out to us.” Charles said.  To learn more about how Tessian Guardian uses historical email analysis, real-time analysis, natural language processing, and employee relationship graphs to detect and prevent misdirected emails, download the data sheet.  2. Other solutions triggered 10x as many false positives as real events  While – prior to deploying Tessian  – Charles didn’t have any technology in place to prevent misdirected emails, he did have a solution in place to prevent unauthorized emails. But, because it triggered so many false positives, he and his security team were drowning in alerts, making it impossible to investigate even a fraction of the alleged incidents in real time.  It was also disruptive for employees to interact with day-to-day. “I would say on average, we saw 10x as many false positives as real incidents of data exfiltration. Some days you’d have 100 incidents logged, and not one of them would be of merit. It was a deluge of junk, with the occasional useful bit of information,” he explained.  Charlies pointed out that Tessian, on the other hand, flags just 5-6 unauthorized emails a day company-wide with a false positive rate that’s marginal now, and will only get smaller as it continues to learn from employee behavior and relationships. Yes, that means it gets smarter over time.  How? Enforcer analyzes historical email data to understand what “normal” content, context, and communication patterns look like. The technology uses this understanding alongside real-time analysis to accurately predict whether or not outbound emails are data exfiltration attempts.  That means Charles and his team can actually investigate each and every incident and, when employees do see a warning, they interact with it instead of ignoring it.
Want to learn more about how Tessian Enforcer’s machine learning algorithms get smarter over time? You can get more information here.  3. Employees in the entertainment industry handle highly sensitive data – but not all of them As Charles pointed out, employees working in the entertainment industry – especially those who work in customer service – handle a lot of sensitive information. That means that mistakes – like sending a misdirected email or emailing a contract to a personal email address to print at home – can have big consequences. It also means employees may be motivated to exfiltrate data for a competitive advantage or financial gain.  Charles has seen all of the above.  “Not just our sector, but all sectors in the entertainment industry are based around customer service and personal contact. That means we have to know a lot about our customers. And that information is valuable. It’s information people want which means we have to make sure we protect it,” he explained.  But, not all employees have access to the same type of information. Customization, therefore, was important to Charles, who said, “We have a number of employees who don’t actually have access to sensitive information and a number of employees who don’t email anyone external. So there’s no point deploying across the entire company. We wanted to focus on people who deal with customers.  Likewise, not everyone who has been onboarded is in the same internal email group, which means we have to apply different controls and rules to different people. We can do all of this easily with Tessian.” While Tessian does offer 100% automated threat prevention, we know that for security strategies to be truly effective, technology and in-house policies have to work together. With Tessian Constructor, security leaders can create personalized rules and policies for individuals and groups.  Learn more about how Tessian prevents human error on email Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships. Tessian Guardian automatically detects and prevents misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts Tessian Defender automatically detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of an organization’s email network. That means it gets smarter over time to keep you protected, wherever and however your work. Interested in learning more about how Tessian can help prevent email mistakes in your organization? You can read some of our customer stories here or book a demo.
Caesars Case Study hbspt.cta.load(1670277, 'ff80e5bd-f870-47e7-b210-ba27519c7e77', {"region":"na1"});
Human Layer Security Customer Stories
Recap: Tessian Webinar, How to Build a Security Culture in Today’s Working World
By Monica Nio
04 November 2020
In our most recent research report, Securing the Future of Hybrid Working, we revealed that 75% of IT decisions makers believe the future of work will be “remote” or hybrid” – where employees could work wherever and however they’d like. So, we wanted to find out: How that might affect an organization’s security culture Why a positive security culture is even more important when employees are remote  How automation can help ease the burden on thinly-stretched IT teams while empowering employees to make smarter security decisions We explored these topics with Rachel Beard, Principal Security Technical Architect at Salesforce, and Ray Chery, SVP and Co-Head of Security Softwares at Jefferies. The discussion was led by Trevor Luker, Tessian’s VP of Information Technology.  Want to watch the full video? You can view it on-demand here. Otherwise, read our notes below for key takeaways and quotes from the panelists.  Want to learn more about our guest speakers and their companies? Skip down to the bottom of the page. And, if you want to be the first to know about future virtual events, subscribe to our newsletter.  5 key takeaways from the Tessian webinar We have to re-learn how to communicate in a hybrid work structure. Gone are the days of just walking up to our colleagues and asking if they sent that suspicious email or tapping someone in IT on the shoulder to clarify a new security policy.  That means security and business leaders need to arm their teams with tools to collaborate and frequently check-in to make sure each and every employee feels comfortable with their new remote set-up. The key to a positive security culture is making employees feel like they play an active role in protecting the organization’s systems and data. But how? Instill the value of privacy and security from the outset with training and other programs and initiatives. Watch the full webinar for more insights into exactly what Rachel and Ray do at Salesforce and Jefferies.   There are benefits and drawbacks to hybrid work. According to Rachel and Ray, productivity is on the rise, which is great news. Teams are aligning on shared goals and initiatives, despite being physically distant. But people are missing the “human” interaction and camaraderie of an in-person office and many are finding it difficult to separate their personal and professional lives. It’s essential you tackle this problem head on and prioritize employee wellbeing.  Automated tools can make security accessible for everyone. This also contributes to a positive security culture by reducing IT teams’ workload. More on this in the summarized Q&A below. Jefferies uses Tessian to prevent misdirected emails. Ray’s team loves Tessian for its “noise-to-value ratio”. So, what makes Tessian so easy to use? Our technology is powered by machine learning, which means our solutions automatically detect and prevent threats like data exfiltration, misdirected emails, and spear phishing with accuracy and ease.  To find out more about how Rachel and Ray think about security culture, Trevor asked them both several questions about their perspective on automation and how to make employees a part of the solution.  We summarized their answers below. Remember, you can watch the full interview here. Q. Prior to COVID, Jefferies went from 5% to 99% of their employees working remote. Will this change be permanent? Ray: “We’re all more comfortable with getting things done from home; we’ve had to grow accustomed to it over the course of the last couple months. [However], our IT team is planning on going back to being in the office 2 or 3 of the 5 days every week. And part of that is driven by the fact that the interaction with the team is different virtually. Teams that really do interact more collaboratively feel the need to still be in the office. I definitely think hybrid work is here to stay.”  Q. Would you say that increased employee workload makes your organization more vulnerable? Ray: “We’re all doing a million things at once. When you’re stretched that thin all the time, folks tend to make mistakes, are more likely to click on an email that they’re not supposed to, or may not be reading things as thoroughly as they need to. The risks are definitely enhanced given that everyone is working from home now.”  Looking for more insights into why people make mistakes and how businesses can prevent errors before they turn into breaches? Check out our research, The Psychology of Human Error. Q. How can automation save your IT team’s time? Rachel: “At Salesforce, we’ve always had a lot of self-service mechanisms. We have Concierge as our service where you can go searching for the information that you need and open a ticket only if you need advanced help. But now, we’re looking at other ways that our customers can do the same. That way, IT can be more available for the highly specialized activities, and some of the more routine ones can be addressed by the employees themselves.”  Ray: “Ultimately, there’s no patch for human error. Humans are going to make mistakes. I think as much automation as we can incorporate into our security stack is really for the better. It removes repetitive errors, streamlines incident management, and reduces the boring stuff that our security analysts need to do. Instead of formally writing tickets and reaching out to me as an employee every time I violate an email rule, we can set it up as such so there’s a pop-up instead.” 
Q. Can tools add to an organization’s security culture in a positive way? Rachel: “Yes, when you have the guidelines and boundaries in a really transparent way. It makes everything more safe for everybody. You just have to think about how to implement that so that you allow your users to be able to do their work effectively and not get in their way too much or become an obstacle while protecting your sensitive data.”  Q. How has Tessian’s Guardian helped with Jefferies’ security culture in today’s working world? Ray: “We’re doing so many things now at home. And at home, we’re more exposed and more likely to make mistakes. We love Tessian because it’s very low-impact [on obstructing employees’ work]. It is a product that delivers with accuracy. Our IT team likes the noise-to-value ratio. When I think about the misaddressed email capabilities alone – we’re all sending a million emails a day – it’s very easy for us to send an email to the wrong person. The way that Tessian handles it in a seamless way is really great.”  Learn how Guardian can help your organization prevent accidental data loss. View Guardian’s page now. For more insights and personal anecdotes, watch the full video now.  About Rachel Rachel Beard is the Principal Security Technical Architect at Salesforce. Rachel joined Salesforce in 2014 and is a Principal Security Technical Architect.  Rachel’s areas of expertise are Salesforce security, data privacy, and compliance. She has over 14 years experience at Salesforce, spanning everything from System Administrator to Developer and even Product Marketing. Rachel is also the volunteer coordinator for Wet Nose Rescue, a leader of a Pride ERG at Salesforce, and a chair on the Diversity & Inclusion Committee at her local public school.  About Ray Ray Chery is the SVP and Co-Head of Security Software at Jefferies. Ray Chery is Senior Vice President and Co-Head of Security Software in Jefferies’ Technology Investment Banking Division. Based in San Francisco, Ray focuses primarily on enterprise security software. He has advised on more than $50B in transaction value over his 14-year career as a technology banker and has worked with and advised companies such as Bomgar, Carbonite, CrowdStrike, DigiCert, Forcepoint, Gigamon, Imperva, Plexxi, Sailpoint and Tufin.  He has also served on the Young Professional Advisory Council (YPAC) and continues to volunteer with Make-A-Wish Greater Bay Area. About Jefferies Jefferies, the global investment banking firm, has served companies and investors for over 55 years. Headquartered in New York, with offices in over 30 cities around the world, the firm provides clients with capital markets and financial advisory services, institutional brokerage and securities research, as well as asset and wealth management. About Salesforce Salesforce is a customer relationship management solution that brings companies and customers together. It’s one integrated CRM platform that gives all your departments — including marketing, sales, commerce, and service — a single, shared view of every customer.
Human Layer Security Customer Stories
Recap: Q&A With Chris Kovel, CTO, PJT Partners
By Maddie Rosenthal
02 November 2020
In case you missed it, Chris Kovel, Chief Technology Officer at PJT Partners, recently joined Robyn Savage, Customer Success Manager at Tessian, for a Q&A about what threats are top of mind and how Tessian helps PJT Partners keep data secure. While you can watch the full video on-demand, we’ve compiled our notes for a high-level overview of their 30-minute discussion. Want to learn more about Chris or PJT Partners? Skip down to the bottom of the page. And, if you want to be the first to know about future virtual events, subscribe to our newsletter.  4 things we learned from Chris  There are three “types” of threat actors. The outsider with intent, the insider with intent, and the well-intentioned employee. In terms of what keeps Chris up at night, it’s often the well-intentioned employee who sends misdirected emails.  While most of us have fired off an email to the wrong person, that doesn’t mean there aren’t serious consequences. There are. If data is leaked (especially in highly regulated industries like Financial Services, Healthcare, and Legal) organizations could face hefty fines for non-compliance, lose customer trust, and suffer a damaged reputation. But… 90% of emails don’t contain sensitive information. That’s why it’s so important that security and compliance leaders develop a process for classifying data as a part of their larger data loss prevention strategy.  PJT Partners uses Tessian for both inbound and outbound email security to detect and prevent misdirected emails, insider threats, and advanced impersonation attacks.  To find out a bit more about what’s top of mind for Chris and how Tessian fits into his overall security strategy, Robyn asked Chris several questions. We’ve summarized them below. Don’t forget, you can watch the full interview here. Q. Are there certain employees who you view as particularly risky or at-risk? “There are absolutely higher value targets that we have to pay more close attention to… But the controls we put in place are for the firm, right? They’re put in place to help everybody.  The leak can happen at any level. It could be a low-level junior banker, it can be someone in the technology department, it can be a partner of the firm.” Q. How has COVID affected your organization and your approach to cybersecurity? “Bankers and everyone else are using technology more than they’ve ever used it before. That means devices are a key for doing business now, whether it’s pulling up a quick video or sending documents. But email still actually accounts for the lion’s share of their communication. Fortunately, Tessian has some really great tools in place to protect users on devices in the same way they’re protected on desktop.” Want to learn more about how to keep your devices secure? Check out our Remote Worker’s Guide to BYOD Policies. Q. Shifting to inbound, what features make Tessian an especially appealing and effective solution at PJT? “Frankly, Tessian is extraordinarily clever in how it detects advanced impersonation. The amount of suspicious emails that Defender flags for us is quite staggering.” “You can spoof an email address in any way, shape, or form so having a product that basically says, “this one email doesn’t look like the others” or “this email likely isn’t actually coming from this person” is really helpful to the larger firm and individual users. In-the-moment warnings are helping our employees get better at actually recognizing which emails are legit and which aren’t and our administrators can help them work through it.”
For more insights and personal anecdotes, watch the full video now.  About Chris Chris Kovel is the Chief Technology officer at  PJT Partners. Prior to joining PJT Partners, Chris spent the previous 25 years at Morgan Stanley in the technology department. In Chris’ last role at Morgan Stanley, he was primarily focused on Artificial Intelligence, Analytics and Data for the Wealth Management division.  Over the course of the 25 years at Morgan Stanley, Chris developed significant technologies for Investment Banking, Capital Markets, Wealth Management, Research & Sales Distribution. Chris holds two patents for banking and trading technologies. Chris led the project and team that won the 2018 Banking Technology Award for Artificial Intelligence for the Next Best Action implementation. Prior to joining Morgan Stanley, Chris worked for Lotus Development Corporation. Chris received his BA from Skidmore College About PJT Partners PJT Partners is a premier global advisory-focused investment bank headquartered in New York City. Their team of senior professionals deliver a range of services to corporations, financial sponsors, institutional investors, alternative investment managers, and governments around the world. 
Human Layer Security Spear Phishing Customer Stories DLP Data Exfiltration
How Tessian Is Preventing Breaches and Influencing Safer Behavior in Healthcare
By Maddie Rosenthal
28 October 2020
Company: Cordaan Industry: Healthcare Seats: 6,300 Solutions: Guardian, Enforcer, Defender  About Cordaan Cordaan – one of the largest healthcare providers in Amsterdam – provides care to over 20,000 people from 120 locations across Amsterdam. They do this with the help of 6,000 employees and more than 2,500 volunteers. Cordaan also works in association with research institutes and social organizations.  To help protect the organization’s people, sensitive data, and networks, Cordaan has deployed Tessian Guardian, Enforcer, and Defender to protect over 6,300 employees on email.  Tessian solves three key problems for Cordaan, which we explore in detail in the video below. Keep reading for a summary of the discussion. Problem: Healthcare employees are especially vulnerable to inbound attacks  When it comes to inbound attacks like spear phishing and business email compromise, the healthcare industry is among the most targeted. It also has the highest costs associated with data breaches. Why? According to Cas de Bie, the Dutch healthcare provider’s Chief Information Officer, it’s not just because organizations operating in this industry handle highly sensitive data. It also has a lot to do with the very nature of the work: helping people. 
Combine this empathetic approach with the stress of a global pandemic, and you’re left with an incredibly vulnerable workforce. With Tessian, Cas is now confident Tessian will identify spear phishing emails before his employees respond to them and that employees’ workflow won’t be disrupted in the process.  When talking about inbound attacks, Cas said “It’s all about awareness. While people probably do know what they’re supposed to do when it comes to email security, it’s different in real life. It’s hard to decide in the moment. Of course, they don’t do it on purpose. They want to make the right decision. Tessian helps them do that.” Problem: Reactive and rule-based solutions weren’t preventing human error on email in the short or long-term To ensure GDPR-compliance, Cordaan prioritized investment in privacy and security solutions. But, according to Cas, “standard” email security, spam filtering solutions, and encryption alone just weren’t enough. They weren’t keeping malicious emails out of inboxes, and they weren’t preventing data loss from insiders. They also weren’t doing anything to improve employee security reflexes in the long-term. 
So, to level-up Cordaan’s email security, Cas was looking for a solution that was: Technologically advanced User-friendly Proactive With Tessian, he found all three. Powered by contextual machine learning and artificial intelligence, our solutions can detect and prevent threats and risky behavior before they become incidents or breaches. How? With the in-the-moment warnings – triggered by anomalous email activity – that look something like this.
These warnings help nudge well-intentioned employees towards safer behavior and ensure data stays within Cordaan’s perimeter. And, because Tessian works silently in the background and analyzes inbound and outbound emails in milliseconds, it’s invisible to employees until they see a warning.   This was incredibly important to Cas, who said that “The added value of Tessian is that it influences behavior. That really resonated with the board and helped me make a strong business case. While I can’t show how cybersecurity creates revenue, I can show – via a risk management calculation – the potential fines we could avoid because of our investment in Tessian”.  Problem: Cordaan’s security team had limited visibility into – and control over – data loss incidents on email  While Cordaan had invested in other email security solutions, Cas and his team still lacked visibility into the frequency of data loss incidents on email. But, after deploying Tessian for a Proof of Value, the scope of the problem became crystal clear.
The reality is that employees do actually send unauthorized and misdirected emails more frequently than expected. (We explore this in detail in our report, The State of Data Loss Prevention 2020.) But, the good news is that this behavior can be influenced and corrected—all without access restrictions that make it harder (or impossible) for employees to do their jobs.  Cas explained it well, saying that “Of course there are things that we have to police and prohibit. But, most of the time, people aren’t doing things maliciously. So it’s nice that – with Tessian – we can take a more nuanced approach. We can influence behavior and help our employees do the right thing.” Learn more about how Tessian prevents human error on email Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships. Tessian Guardian automatically detects and prevents misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts Tessian Defender automatically detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of an organization’s email network. That means it gets smarter over time to keep you protected, wherever and however your work. Interested in learning more about how Tessian can help prevent email mistakes in your organization? You can read some of our customer stories here or book a demo.
Cordaan Case Study hbspt.cta.load(1670277, '61cef6a6-03b0-4491-a81d-6e751eb924e8', {"region":"na1"});
Human Layer Security Spear Phishing Customer Stories DLP Compliance Data Exfiltration
18 Actionable Insights From Tessian Human Layer Security Summit
By Maddie Rosenthal
09 September 2020
In case you missed it, Tessian hosted its third (and final) Human Layer Security Summit of 2020 on September 9. This time, we welcomed over a dozen security and business leaders from the world’s top institutions to our virtual stage, including: Jeff Hancock from Stanford University David Kennedy, Co-Founder and Chief Hacking Officer at TrustedSec Merritt Baer, Principal Security Architect at AWS Rachel Beard, Principal Security Technical Architect at Salesforce  Tim Fitzgerald, CISO at Arm  Sandeep Amar, CPO at MSCI  Martyn Booth, CISO at Euromoney  Kevin Storli, Global CTO and UK CISO at PwC Elvis M. Chan, Supervisory Special Agent at the FBI  Nina Schick, Author of “Deep Fakes and the Infocalypse: What You Urgently Need to Know” Joseph Blankenship, VP Research, Security & Risk at Forrester Howard Shultz, Former CEO at Starbucks  While you can watch the full event on YouTube below, we’ve identified 18 valuable insights that security, IT, compliance, and business leaders should apply to their strategies as they round out this year and look forward to the next.
Here’s what we learned at Tessian’s most recent Human Layer Security Summit. Not sure what Human Layer Security is? Check out this guide which covers everything you need to know about this new category of protection.  1. Cybersecurity is mission-critical Security incidents – whether it’s a ransomware attack, brute force attack, or data leakage from an insider threat – have serious consequences. Not only can people lose their jobs, but businesses can lose customer trust, revenue, and momentum. While this may seem obvious to security leaders, it may not be so obvious to individual departments, teams, and stakeholders. But it’s essential that this is communicated (and re-communicated).  Why? Because a company that’s breached cannot fulfill its mission. Keep reading for insights and advice around keeping your company secure, all directly from your peers in the security community. 2. Most breaches start with people People control our most sensitive systems and data. It makes sense, then, that most data breaches start with people. But, that doesn’t mean employees are the weakest link. They’re a business’ strongest asset! So, it’s all about empowering them to make better security decisions. That’s why organizations have to adopt people-centric security solutions and strategies.
The good news is, security leaders don’t face an uphill battle when it comes to helping employees understand their responsibility when it comes to cybersecurity… 3. Yes, employees are aware of their duty to protect data Whether it’s because of compliance standards, cybersecurity headlines in mainstream media, or a larger focus on privacy and protection at work, Martyn Booth, CISO at Euromoney reminded us that most employees are actually well aware of the responsibility they bear when it comes to safeguarding data.  This is great news for security leaders. It means the average employee will be more likely to abide by policies and procedures, will pay closer attention during awareness training, and will therefore contribute to a more positive security culture company-wide. Win-win. 4. But, employees are more vulnerable to phishing scams outside of their normal office environment  While – yes – employees are more conscious of cybersecurity, the shift to remote working has also left them more vulnerable to attacks like phishing scams.  “We have three “places”: home, work, and where we have fun. When we combine two places into one, it’s difficult psychologically. When we’re at home sitting at our coffee table, we don’t have the same cues that remind us to think about security that we do in the office. This is a huge disruption,” Jeff Hancock, Professor at Stanford University explained.  Unfortunately, hackers are taking advantage of these psychological vulnerabilities. And, as David Kennedy, Co-Founder and Chief Hacking Officer at TrustedSec pointed out, this isn’t anything new. Cybercriminals have always been opportunistic in their attacks and therefore take advantage of chaos and emotional distress.  To prevent successful opportunistic attacks, he recommends that you: Reassess what the new baseline is for attacks Educate employees on what threats look like today, given recent events Identify which brands, organizations, people, and departments may be impersonated (and targeted) in relation to the pandemic But, it’s not just inbound email attacks we need to be worried about.  5. They’re more likely to make other mistakes that compromise cybersecurity, too This change to our normal environment doesn’t just affect our ability to spot phishing attacks. It also makes us more likely to make other mistakes that compromise cybersecurity. Across nearly every session, our guest speakers said they’ve seen more incidents involving human error and that security leaders should expect this trend to continue. That’s why training, policies, and technology are all essential components of any security strategy. More on this below. 6. Security awareness training has to be ongoing and ever-evolving At our first Human Layer Security Summit back in March, Mark Logsdon, Head of Cyber Assurance and Oversight at Prudential, highlighted three key flaws in security awareness training: It’s boring It’s often irrelevant It’s expensive What he said is still relevant six months on and it’s a bigger problem than ever, especially now that the perimeter has disappeared, security teams are short-handed, and individual employees are working at home and on their own devices. So, what can security leaders do?  Kevin Storli, Global CTO and UK CISO at PwC highlighted the importance of tailoring training to ensure it’s always relevant. That means that instead of just reminding employees about compliance standards and the importance of a strong password, we should also be focusing on educating employees about remote access, endpoints, and BYOD policies. But one training session isn’t enough to make security best practice really stick. These lessons have to be constantly reinforced through gamification, campaigns, and technology.  Tim Fitzgerald, CISO at Arm highlighted how Tessian’s in-the-moment warnings have helped his employees make the right decisions at the right time.  “Warnings help create that trigger in their brain. It makes them pause and gives them that extra breath before taking the next potentially unsafe step. This is especially important when they’re dealing with data or money. Tessian ensures they question what they’re doing,” he said.
7. You have to combine human policies with technical controls to ensure security  It’s clear that technology and training are both valuable. That means your best bet is to combine the two. In discussion with Ed Bishop, Tessian Co-Founder and CTO, Merritt Baer, Principal Security Architect at AWS and Rachel Beard, Principal Security Technical Architect at Salesforce, both highlighted how important it is for organizations to combine policies with technical controls. But security teams don’t have to shoulder the burden alone. When using tools like Salesforce, for example, organizations can really lean on the vendor to understand how to use the platform securely. Whether it’s 2FA, customized policies, or data encryption, many security features will be built-in.  8. But…Zero Trust security models aren’t always the answer While – yes – it’s up to security teams to ensure policies and controls are in place to safeguard data and systems, too many policies and controls could backfire. That means that “Zero Trust” security models aren’t necessarily the best way to prevent breaches.
9. Security shouldn’t distract people from their jobs  Security teams implement policies and procedures, introduce new software, and make training mandatory for good reason. But, if security becomes a distraction for employees, they won’t exercise best practice.  The truth is, they just want to do the job they were hired to do!  Top tip from the event: Whenever possible, make training and policies customized, succinct, and relevant to individual people or departments.  10. It also shouldn’t prevent them from doing their jobs  This insight goes back to the idea that “Zero Trust” security models may not be the best way forward. Why? Because, like Rachel, Merrit, Sandeep, and Martyn all pointed out: if access controls or policies prevent an employee from doing their job, they’ll find a workaround or a shortcut. But, security should stop threats, not flow. That’s why the most secure path should also be the path of least resistance. Security strategies should find a balance between the right controls and the right environment.  This, of course, is a challenge, especially when it comes to rule-based solutions. “If-then” controls are blunt instruments. Solutions powered by machine learning, on the other hand, detect and prevent threats without getting in the way. You can learn more about the limitations of traditional data loss prevention solutions in our report The State of Data Loss Prevention 2020.  11. Showing downtrending risks helps demonstrate the ROI of security solutions  Throughout the event, several speakers mentioned that preemptive controls are just as important as remediation. And it makes sense. Better to detect risky behavior before a security incident happens, especially given the time and resources required in the event of a data breach.  But tracking risky behavior is also important. That way, security leaders can clearly demonstrate the ROI of security solutions. Martyn Booth, CISO at Euromoney, explained how he uses Tessian Human Layer Security Intelligence to monitor user behavior, influence safer behavior, and track risk over time. “We record how many alerts are sent out and how employees interact with those alerts. Do they follow the acceptable use policy or not? Then, through our escalation workflows that ingest Tessian data, we can escalate or reinforce. From that, we’ve seen incidents involving data exfiltration trend downwards over time. This shows a really clear risk reduction,” he said. 12. Targeted attacks are becoming more difficult to spot and hackers are using more sophisticated techniques As we mentioned earlier, hackers take advantage of psychological vulnerabilities. But, social media has turbo-charged cybercrime, enabling cybercriminals to create more sophisticated attacks that can be directed at larger organizations. Yes, even those with strong cybersecurity. Our speakers mentioned several examples, including Garmin and Twitter. So, how do they do it? Research! LinkedIn, company websites, out-of-office messages, press releases, and news articles all provide valuable information that a hacker could use to craft a believable email. But, there are ways to limit open-source recon. See tips from David Kennedy, Co-Founder and Chief Hacking Officer at TrustedSec, below. 
13. Deepfakes are a serious concern Speaking of social media, Elvis M Chan, Supervisory Special Agent at the FBI and Nina Schick, Author of “Deep Fakes and the Infocalypse: What You Urgently Need to Know”,  took a deep dive into deepfakes. And, according to Nina, “This is not an emerging threat. This threat is here. Now.” While we tend to associate deepfakes with election security, it’s important to note that this is a threat that affects businesses, too.  In fact, Tim Fitzgerald, CISO at Arm, cited an incident in which his CEO was impersonated in a deepfake over Whatsapp. The ask? A request to move money. According to Tim, it was quite compelling.  Unfortunately, deepfakes are surprisingly easy to make and generation is outpacing detection. But, clear policies and procedures around authenticating and approving requests can ensure these scams aren’t successful. Not sure what a deepfake is? We cover everything you need to know in this article: Deepfakes: What Are They and Why Are They a Threat? 14. Supply chain attacks are, too  In conversation with Henry Treveleyan Thomas, Head of Customer Success at Tessian, Kevin Storli, Global CTO and UK CISO at PwC discussed how organizations with large supply chains are especially vulnerable to advanced impersonation attacks like spear phishing. “It’s one thing to ensure your own organization is secure. But, what about your supply chain? That’s a big focus for us: ensuring our supply chain has adequate security controls,” he said. Why is this so important? Because hackers know large organizations like PwC will have robust security strategies. So, they’ll look for vulnerabilities elsewhere to gain a foothold. That’s why strong cybersecurity can actually be a competitive differentiator and help businesses attract (and keep) more customers and clients.  15. People will generally make the right decisions if they’re given the right information 88% of data breaches start with people. But, that doesn’t mean people are careless or malicious. They’re just not security experts. That’s why it’s so important security leaders provide their employees with the right information at the right time. Both Sandeep Amar, CPO at MSCI and Tim Fitzgerald, CISO at Arm talked about this in detail.  It could be a guide on how to spot spear phishing attacks or – as we mentioned in point #6 – in-the-moment warnings that reinforce training.   Check out their sessions for more insights.  16. Success comes down to people While we’ve talked a lot about human error and psychological vulnerabilities, one thing was made clear throughout the Human Layer Security Summit. A business’s success is completely reliant on its people. And, we don’t just mean in terms of security. Howard Shultz, Former CEO at Starbucks, offered some incredible advice around leadership which we can all heed, regardless of our role. In particular, he recommended: Creating company values that really guide your organization Ensuring every single person understands how their role is tied to the goals of the organization Leading with truth, transparency, and humility
17. But people are dealing with a lot of anxiety right now Whether you’re a CEO or a CISO, you have to be empathetic towards your employees. And, the fact is, people are dealing with a lot of anxiety right now. Nearly every speaker mentioned this. We’re not just talking about the global pandemic.  We’re talking about racial and social inequality. Political unrest. New working environments. Bigger workloads. Mass lay-offs.  Joseph Blankenship, VP Research, Security & Risk at Forrester, summed it up perfectly, saying “We have an anxiety-ridden user base and an anxiety-ridden security base trying to work out how to secure these new environments. We call them users, but they’re actually human beings and they’re bringing all of that anxiety and stress to their work lives.” That means we all have to be human first. And, with all of this in mind, it’s clear that….. 18. The role of the CISO has changed  Sure, CISOs are – as the name suggests – responsible for security. But, to maintain security company-wide, initiatives have to be perfectly aligned with business objectives, and every individual department, team, and person has to understand the role they play. Kevin Storli, Global CTO and UK CISO at PwC touched on this in his session. “To be successful in implementing security change, you have to bring the larger organization along on the journey. How do you get them to believe in the mission? How do you communicate the criticality? How do you win the hearts and minds of the people? CISOs no longer live in the back office and address just tech aspects. It’s about being a leader and using security to drive value.” That’s a tall order and means that CISOs have to wear many hats. They need to be technology experts while also being laser-focused on the larger business. And, to build a strong security culture, they have to borrow tactics from HR and marketing.  The bottom line: The role of the CISO is more essential now than ever. It makes sense. Security is mission-critical, remember? If you’re looking for even more insights, make sure you watch the full event, which is available on-demand. You can also check out previous Human Layer Security Summits on YouTube.
Page