Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Jan 31 Live Webinar | How to Keep Socially Engineered Attacks From Sneaking Into Email | Save Your Seat →

Email DLP, Data Exfiltration
How Tessian Stops Your Data Leaving When Staff Do
by Andrew Webb Wednesday, January 11th, 2023
 As our recent research revealed, 71% of security leaders told us that resignations increase security risks for their organization, and 45% said incidents of data exfiltration increased in 2022, as people took data when they left their jobs. As we head into 2023, the current economic climate coupled with restructuring in most sectors can only add to these concerns. There’s also the security strain felt by everyone who remains the organization as they try to backfill roles and do their jobs under what might be sometimes difficult circumstances. Other challenges include users being more remote, security teams having too many incidents to investigate, and in the colder months – plain old flu. Misdirected #email today (fortunately not at all sensitive – phew) driven by flu-brain 🤒 served as a near miss to remind me why the #security work being done by the team at @Tessian is so important — Sabrina Castiglione (@Castiglione_S) January 9, 2023
Tessian can help remedy insider risks such as these, both malicious exfiltration and accidental data loss, in several ways. Let’s deal with the malicious ones first. As an integrated cloud email security solution, Tessian comes with a variety of policies straight out of the box. Or you can design your own custom policies based on specific actions, teams or data points. 
For example, you might want a policy to flag for severe data exfiltration from staff who you know are leaving. Not only that, you can decide what action to take and simply track exfiltration attempts, warn the user or require justification from their manager before releasing the email. Different teams might have different levels of controls; teams that handle highly sensitive information like sales data or company code or IP, might have more sensitive controls than say marketing. 
How to stop accidental data loss Then of course there’s accidental data loss. Despite training, turning off auto-complete, and Accidental data loss remains a problem for organizations. According to our  Psychology of Human Error report  two in five respondents (40%) have sent work emails to the wrong person. This isn’t just embarrassing, it can result in a loss of business. The same report found that nearly a third (29%) of businesses have lost a client or customer as a result of email recipient errors. Tessian can stop these misdirected emails too, providing in the moment alerts to warn users that something’s not quite right. At Tessian, we’ve built a comprehensive and intelligent cloud email security platform that deploys in seconds via a single API. Using deep content inspection and your historical email data. Tessian forms a behavioral intelligence model that understands how your people use email. We know who they contact, what they send and receive, and what projects they’re working on. Simply put, we know when an incident occurs because we understand how your people usually behave.
Read Blog Post
Email DLP, ATO/BEC
How Tessian stops Impersonation Attacks
by Andrew Webb Friday, December 2nd, 2022
Every cyber attack that gets through hurts your organization’s staff, but impersonation attacks are particularly damaging to the individual who’s targeted. In this example, we see how Tessian can stop these types of attacks and protect staff so they can do their best work. 
While attackers will target almost anyone in an organization to gain access, teams in areas closest to the money – namely the finance team.  Finance teams handle hundreds of invoice payments a month, and are responsible for your organization’s cash flow. And when it comes to payroll they interact with every other employee in the company. This is why they represent high value targets to attackers.  There are four types of impersonation; multi-persona, brands, individuals, and vendors. And we’ll look at the last one – vendors – In this example. You can see how the Tessian Cloud Email Security Platform has flagged this email to Calvin in the  finance team asking for an invoice payment. OSINT tools and the victim organization’s own blog and social media might reveal a typical third party that they’ve worked with, in this fictitious example, it’s a supplier called Darkhill Health.  There are several reasons why Tessian has flagged this as a potential impersonation attempt and stopped it from reaching Calvin’s inbox. Let’s look at them in more detail.  Firstly, examination of the URL reveals the letter i in @darkhill-health has been replaced with the number 1.  Furthermore, we can see there is an unusual display name, Philip Davis rather than the typical Philip J Davis found in other emails from Darkhill Heath.  There’s also a fake use of the RE: reply in the subject line, giving the impression that this is part of a sequence of email exchanges, even though it’s the first email in the chain from this fake domain. Finally, and this is one of the hardest things for legacy solutions to determine, there is suspicious financial intent as the sender is requesting updated payment details. Our own State of Spear Phishing report shows that the most successful attacks happen just after lunch, or towards the end of the working day, when people are at their most distracted. Sent at 5:16pm on a Thursday, with just the right sense of urgency, and you can see how your employees could easily fall victim to this type of attack.
How Tessian stops these attacks.  Tessian utilizes behavioral intelligence to gain a deeper understanding of each internal and external relationship. Using deep content inspection, as well as  your historical email data, Tessian forms a behavioral intelligence model that understands how your people use email within the organization. It knows who they contact, what they send and receive, and what projects they’re working on. This advanced behavioral intelligence sits in a single cloud-based email security platform protecting your organization from both advanced incoming threats like the one above AND also stopping sensitive data leaving the organization.  All of this means this attack is stopped dead in its tracks, and never reaches Calvin’s inbox, so he can carry on with his day.
Read Blog Post
Email DLP, Data Exfiltration, ATO/BEC
What is email security and why it’s important
by John Filitz Thursday, October 20th, 2022
Fact: email is responsible for up to 90% of breaches, consequently email security is at the core of keeping your organization and its data safe and secure.   As cyber risk continues to increase, having robust email threat prevention in place can mean the difference of preventing threat actors from gaining a foothold and establishing initial access. It can also provide critical visibility and control over data within the organization, significantly reducing insider risk.   Why email security deserves greater attention   It might seem like a basic question, but when you drill into what email security is and what it entails, it is fundamentally about data security. With the typical organization sending and receiving hundreds and thousands of emails on a monthly basis, explains why email is regarded as the lifeblood of organizations.    From a security standpoint, given the critical data transportation role played by email, helps explain why email security is increasingly being regarded as one of the cornerstones of data security.  Another security consideration is the open architecture character of email – making email an accessible attack vector. Anyone can send an email to any individual or organization making the threat vector extremely attractive to exploit. Want to email the CEO of a company? Their name is probably in the public domain and so their email is likely to be firstname.lastname@companyname.com  or some combination thereof.
Email cyber risks are increasing    The open nature of email explains why threat actors are continuously at work in developing email-based social engineering campaigns. These campaigns are developed by using open-source information sources such as social media accounts, company PR statements and news mentions.    Recent research also points to threat actors mining dark web data dumps obtained from previous breaches for personally identifiable information (PII) to be used in impersonation campaigns.    Another attack vector that is gaining prominence is credential related compromises. A credential compromise that leads to an account takeover (ATO) of a vendor in the supply chain or even an internal email account is particularly challenging to detect.    Threat actors typically leverage ATO for purposes of carrying out second stage attacks that can include email requests for invoices to be paid (invoice fraud), or delivering a malicious payload via email.   Insider threats within organizations present another threat vector on email. In fact, until the recent roll-out of behavioral-based data loss prevention (DLP), being able to detect and prevent data loss on email was near impossible.   The challenge with data loss on email is that it can occur in a multitude of seemingly innocuous ways, for example, an employee attaching the incorrect file and sending this out via email, or sending the email to the unintended recipient. More malicious acts of insider threat could include a disgruntled employee that exfiltrates sensitive company data via email, or a threat actor that has gained access via an impersonation or ATO attack.
Rule-based solutions no longer provide adequate protection   Threat actors can bypass rule-based email security controls like Secure Email Gateways (SEGs) that rely on a threat detection engine of already documented indicators of compromise. This results in effectively chancing your email security on threat detection approach of established indicators of compromise – with no protective capability against zero day attacks.   We know that threat actors don’t work this way.    Threat actors are continuously refining their attack campaigns. The result is that attack social engineering campaigns are becoming ever-more sophisticated and are increasingly able to bypass rule-based detection systems.  Some of the tried and tested methods for compromise include creating spoofed domains, leveraging compromised accounts, as well as procuring a wide-array of exploit kits on the dark web.    Phishing-as-a-Service (PhaaS) is now sold alongside Ransomware-as-a-Service (RaaS) on the dark web. The commercialization of these exploit kits and threat actors services are removing the barriers to entry for carrying out attacks.  On the PhaaS front, the most recent offering is the so-called Caffeine PhaaS exploit kit that enables anyone to procure the kit and launch phishing attacks against targets. The service offering includes pre-built phishing templates, available in multiple languages. 
The time for advanced email protection is now    No organization can afford to neglect increasing email security risk. Only by leveraging behavioral based cybersecurity solutions will advanced email attacks be detected and prevented. This includes insider threats that leads to data loss.    Tessian’s Intelligent Cloud Email Security Platform has behavioral intelligence at its core – using Natural Language Processing (NLP) and Natural Language Understanding (NLU) – to detect advanced external and internal threats, as they manifest and in real-time. This includes threats that have been able to circumvent rule-based security controls such as SEGs.
Read Blog Post
Remote Working, Data Exfiltration, ATO/BEC
Cybersecurity Awareness Month 2022: 12+ Free Resources
by Andrew Webb Sunday, September 25th, 2022
October is Cyber Awareness Month, and this year’s theme is “Do your part. #BeCyberSmart.”   Fun fact: Cyber Awareness Month started back in 2004, the same year a former AOL software engineer stole 92 million screen names and email addresses and sold them to spammers. Sadly, that’s peanuts compared to more recent breaches. Incidents involving insider threats are at an all-time high, phishing incidents are doubling and even tripling in frequency year-on-year, and the cost of a breach is now over $4 million. This is all to say that cybersecurity is more important than ever. And at Tessian, we live by the motto that cybersecurity is a team sport. So, to help you educate and empower your employees, we’ve put together a toolkit with over a dozen resources, including:
You can download them all for free, no email address or other information required. But, that’s far from the only content we have to share… CEO’s Guide to Data Protection and Compliance By 2024, CEOs will be personally responsible for data breaches. So it’s essential they (and other execs) understand the importance of privacy, data protection and cybersecurity best practices. To help you out, we’ve published an eBook which breaks down: How different regulations have changed how businesses operate  How cybersecurity and compliance can be leveraged as a business enabler The financial and operational costs of data breaches OOO Templates OOO emails can contain everything a hacker needs to know to craft a targeted spear phishing attack… Where you are How long you’ll be gone Who to get in touch with while you’re away Your personal phone number Use these templates as a guide to make sure you don’t give too much away👇🏼
Human Layer Security Knowledge Hub Cyber Awareness Month is all about raising awareness and sharing best practices, and we know the #1 source of trusted information and advice for CISOs are…other CISOs….  That’s why we’ve created a hub filled with dozens of fireside chats and panel discussions about enterprise security, spear phishing, data loss prevention, leadership, and the human element. Sign-up for free and hear from some of the biggest names in the industry.   You Sent an Email to the Wrong Person. Now What? Did you know at least 800 emails are sent to the wrong person in organizations with 1,000 employees every year. While it’s easy to shrug something like this off as a simple mistake, the consequences can be far-reaching and long-term. Learn more, including how to prevent mistakes like this.   6 Best Cybersecurity Podcasts While we’re partial to our own podcast – RE: Human Layer Security – we’ve learned from the best in the business.  To get our fix of cybersecurity breaking news, threat intel, and inspiring interviews, we regularly tune into these podcasts: The CyberWire Daily The Many Hats Club WIRED Security Get the full breakdown here.   How to Get Buy-In For Security Solutions As a security or IT leader, researching and vetting security solutions is step one. Step two involves convincing key stakeholders like the CEO, CFO, and the board that the product needs to be implemented, that it needs to be implemented now, and that it’s worth the cost.  This is easier said than done… So, how do you communicate risk and make a compelling case to (eventually) get buy-in from executives? We talked to security leaders from some of the world’s most trusted and innovative organizations to find out what they do to get buy-in from CxOs.  Here’s a summary of their tips.    Ultimate Guide to Staying Secure While Working Remotely While most of us have been working remotely or in a hybrid environment for well over a year, we know that more than half of IT leaders believe employees have picked up bad cybersecurity behaviors since working remotely. This eBook offers plenty of helpful reminders, including: The risk involved in sending work emails “home” Why using public Wi-Fi and/or your personal device as a hotspot aren’t good ideas Best practice around using cloud storage to share documents How to physically protect your devices Top tips for businesses setting up remote-working policies What Does a Spear Phishing Email Look Like? We know you’re working hard to train employees to spot advanced impersonation attacks…but every email looks different. A hacker could be impersonating your CEO or a client. They could be asking for a wire transfer or a spreadsheet. And malware can be distributed via a link or an attachment. But it’s not all bad news. While – yes – each email is different, there are four commonalities in virtually all spear phishing emails.  Download the infographic now to help your employees spot the phish.   The Risks of Sending Data to Your Personal Email Accounts  Whether it’s done to work from home (or outside of the office), to print something, or to get a second opinion from a friend or partner, most of us have sent “work stuff” to our personal email accounts.  And, while we might think it’s harmless…it’s not. In this article, we explore the reasons why employees might send emails to personal accounts, why sending these emails can be problematic, and how security leaders can solve the problem.  Looking for more helpful content? Sign-up to our weekly newsletter, or follow us on LinkedIn and Twitter (or do all three!).
Read Blog Post
Email DLP, ATO/BEC
Key Takeaways from IBM’s 2022 Cost of a Data Breach Report
by John Filitz Wednesday, August 10th, 2022
The cost of a data breach is up 13% from 2020 totalling $4.35 million, according to IBM’s Cost of a Data Breach Report for 2022. IBM’s annual report also revealed that compromised credentials, phishing and cloud misconfiguration are the top three attack vectors. Phishing related breaches is the costliest form of attack, costing businesses $4.91 million in damages per breach.    IBM recommends investing in security tools that leverage artificial intelligence (AI) and machine learning. These next generation security tools represent the biggest breach cost mitigation measure organizations can take, reducing the overall cost of a breach by an average of $3.05 million.    Keep reading for key findings from the report.   Key findings   The cost of a breach continues to creep up year-over-year. The cost of a breach has increased to $4.35m in 2022 –  representing a nearly 13% increase from 2020. Top 3 attack vectors were identified as: compromised credentials (19%), phishing (16%) and cloud misconfiguration (15%). Phishing is the costliest form of a breach. Although compromised credentials is the leading cause of a breach, phishing is the costliest with the fallout averaging $4.91m per breach.  Business Email Compromise (BEC) is expensive. BEC attacks are the second costliest, totalling on average $4.89m per breach.  
Healthcare remains the most adversely impacted vertical. Costs of healthcare breaches have reached a record high of $10.1m. According to HIPAA, there were over 680,000 healthcare breaches in 2021, resulting in close to 45 million healthcare records being compromised. Million dollar savings. Investing in security AI and machine learning tools is the greatest breach cost mitigation organizations can take, reducing the overall cost of a breach by an average of $3.05m compared to organizations that do not have these tools in place.   The increasing frequency and costs associated with breaches is adding to inflationary pressure for goods and services. Companies that have suffered a breach are typically raising their prices for goods and services. Breaches are still taking an inordinate amount of time to contain. On average breaches are resolved within 277 days from discovery. Paying ransoms does not lead to significant cost savings for victims of a breach. Those that chose to pay ransoms saw on average $610, 000 less in breach costs than those that chose not to pay. Critical infrastructure remains vulnerable and lags in zero trust adoption. 80% of critical infrastructure organizations have not adopted zero trust strategies. The result is +$1m more costly breaches, totalling an average of $5.4m per breach. 
The importance of cloud adoption maturity and cloud security   Hybrid cloud represents a hedge against cyber risk. The study found hybrid cloud adopters discovered breaches 15 days sooner than companies that relied solely on a single public or private cloud operating model. Hybrid cloud reduces breach cost. Companies that rely on a  hybrid cloud operating model also experienced the lowest costs associated with a breach. On average breach costs for hybrid cloud adopters were $3.8 million. Cloud security adoption is lagging breaches. Almost half (45%) of all breaches originated in cloud environments, with 43% of organizations stating that they are only in the early stages of implementing security across their cloud environments.  A lack of cloud security adoption increases time to resolve a breach. On average organizations that failed to adopt adequate or any cloud security for their cloud environments required +108 days to resolve a breach.
Phishing and Business Email Compromise (BEC) are the costliest attack vectors   BEC and credential compromise breaches are insidious and difficult to discover. Email breaches have the second highest mean time to discovery at 308 days (+16% on the overall mean time), with compromised credentials topping the list with a mean time for discovery 327 days (+19%). Phishing is a lucrative scam. Phishing is the second leading attack vector for breaches (16%), and is also the costliest at $4.91m. BEC attacks come a close second, costing businesses $4.89m. 
Recommendations   Some of the key IBM recommendations include:   Adopt a zero trust security strategy and security model. Zero trust is particularly well-suited to hybrid cloud environments and hybrid and remote work operating models, protecting data by limiting accessibility and requiring context to grant access. Adopt security tools that can share and centralize data between disparate systems. Implement security tools that can centralize data security operations across multiple environments to enable security teams to detect incidents across complex hybrid multi-cloud environments. Invest in cloud native security automation tools. This includes security orchestration, automation and response (SOAR), security information and event management (SIEM), managed detection and response (MDR) tools and XDR to accelerate incident response through automation. Use best-of-breed security tools that help protect and monitor endpoints and remote employees. Remote work related breaches cost an average of $1 million more than non-remote work breaches. Leveraging endpoint and end-user focussed security solutions including endpoint protection platforms (EPP), identity and access management (IAM) and email security solutions are essential. Create and test incident response plans and playbooks. This includes creating incident response teams that are well rehearsed on testing the IR plan. Additional measures include red teaming and finding solutions that manage attack surface risk.  
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn.
Read Blog Post
Email DLP, Integrated Cloud Email Security
Tessian Recognized as a Representative Vendor in the 2022 GartnerⓇ Market Guide for Data Loss Prevention
by Negin Aminian Tuesday, August 9th, 2022
Tessian has been recognized by Gartner in the Market Guide for Data Loss Prevention (DLP) 2022 as a Representative Vendor for next generation DLP. Gartner makes the distinction that, “DLP is a mature technology, but the emergence of tools with a focus on cloud and insider risk management use cases has provided SRM leaders with the option to invest in a next-generation data security tool.”    State of the DLP market and why email matters The need for cloud native DLP tools is growing in-step with increased public cloud adoption, and the report mentions that, “In 2021, Gartner fielded 29% more client inquiries on the topic of DLP than in 2020.” In the latest Gartner forecast, “Worldwide end-user spending on public cloud services is forecast to grow 20.4% in 2022 to $494.7 billion, up from $410.9 billion in 2021, according to the latest forecast from Gartner. In 2023, end-user spending is expected to reach nearly $600 billion.”   Email is a significant threat vector for data loss. In separate research conducted by Tessian (2022), the risk for a data loss event occurring via email is high, with nearly 60% of organizations surveyed having experienced an email data loss incident due to an employee mistake in the last 12 months. Email was also identified as the riskiest channel for data loss, followed by cloud file-sharing and instant messaging platforms.   Gartner underscores the importance of addressing data loss risk on email due to the fact that “email is one of the most prevalent means of sending information and a priority for most clients.” And in reference email security DLP capabilities, Gartner states:   “Some email security vendors’ solutions can also address accidental data loss use cases, such as the sending of email to the wrong recipients or the sending of wrong attachments. These solutions use artificial-intelligence- based algorithms to track users’ email patterns and notify users if they may be accidentally sending sensitive information.”   These intelligent email DLP capabilities are native to Tessian, having the ability to prevent misdelivered emails and misattached files from being sent, as well as preventing malicious attempts at email data exfiltration.   Key findings from the Gartner Market Guide for DLP The report identifies three key findings: “Data loss prevention programs that are not tied to specific initiatives and goals are indicative of immature data security governance. Traditional DLP vendors that focus on conventional and data specific content inspection methods, can lead to fatigue and a siloed view of data movement. Legacy DLP tools rely on detection methods that were developed for on-premises workloads. Cloud migration has complicated the vendor selection process for clients, since these legacy approaches to DLP often are no longer viable.”   Some of the key recommendations include: “Define a DLP strategy based on data risk and the needs of the business.” Invest in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user and entity behavior analytics (UEBA), and rich context for incident response. Overcome the challenges presented by a cloud-first strategy by implementing a solution to map and secure sensitive data across the hybrid environment.”
How Tessian protects against accidental and intentional data loss on email   Tessian’s unique approach to securing the email ecosystem and preventing email data loss hinges on three pillars:   Enabling intelligent and automated email security that leverages machine learning powered behavioral intelligence to detect both known and unknown threats, in real time. This prevention capability extends to automatically preventing email data loss from both malicious insider and accidental data loss use cases. Improving security operations (SecOps) efficiency by preventing data loss events from becoming incidents, reducing the time spent triaging incidents, as well as time spent configuring static DLP rules. Strengthening security culture by creating a positive end-user experience by empowering end-users to make the right cybersecurity decisions.
An intelligent approach to cloud email security  By leveraging machine learning powered behavioral detection, Tessian’s cloud email security platform is able to prevent both accidental and malicious data loss attempts from becoming incidents – ensuring data security compliance, while reducing the burden on SecOps.    Combined with contextual, in-the-moment end-user warning banners, security culture is strengthened by empowering end-users – through a range of DLP policy enforcement options – to make the right security decisions.   Want more information on how Tessian can protect your organization against email DLP? Click here to schedule a demo.
To see how the Tessian Intelligent Cloud Email Security platform prevents insider threats and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn.       Gartner, “Market Guide For Data Loss Prevention”, Ravisha Chugh, Andrew Bales, July, 19, 2022. Gartner Disclaimer: GARTNER is registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Read Blog Post
Email DLP, Integrated Cloud Email Security, ATO/BEC
What is an Integrated Cloud Email Security (ICES) Solution?
Thursday, July 7th, 2022
In recent years, the shift away from on-prem email platforms to cloud-based platforms has been dramatic, with Gartner estimating that 70% of organizations now use cloud productivity suites like Microsoft 365 and Google Workspace. But as email migrates from legacy on-prem approaches to the cloud, securing these cloud based services becomes the next big challenge. Enter Integrated Cloud Email Security.
What is an Integrated Cloud Email Security (ICES) Solution? The term ‘Integrated Cloud Email Security (ICES)’ was coined in the Gartner 2021 Market Guide for Email Security. ICES solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.     ICES solutions are cloud-based, and use APIs to detect anomalies in emails with advanced techniques such as natural language understanding (NLU), natural language processing (NLP) and image recognition. Using API access to the cloud email provider, these solutions have much faster deployment and time to value, analyzing email content without the need to change the Mail Exchange (MX) record.   Taking it one step further, ICES solutions can also provide in-the-moment prompts that can help reinforce security awareness training (SAT), and are able to detect compromised internal accounts. In the report, Gartner reflected on the future of ICES solutions, suggesting that they would eventually render SEGs redundant:   “Initially, these solutions are deployed as a supplement to existing gateway solutions, but increasingly the combination of the cloud email providers’ native capabilities and an ICES is replacing the traditional SEG.”
Gartner predicts that by 2023, at least 40% of all organizations will use built-in protection capabilities from cloud email providers rather than a secure email gateway (SEG)… But why?   In short, legacy SEGs are no match for the cyber threats of tomorrow. Email is responsible for 96% of cybersecurity breaches, making it the greatest threat vector. In fact, in the 12 months between July 2020 and July 2021, Tessian detected 2 million malicious emails that had bypassed SEGs. So why are traditional SEGs not fit for today’s cybersecurity landscape?
Rule-based approaches don’t cut it SEGs were developed in 2004 with on-premise email servers in mind and use a rule-based approach to threat detection. They use deny lists, allow lists and signatures for message authentication to help stop attacks – with these lists created using threat intelligence. They are reactive by design, and protect email data against threats that are already known. This means that SEGs offer no protection against zero-day attacks (a significant and growing threat vector), and are easily evaded by attackers using advanced social engineering campaigns. SEGs also fail to detect business email compromise (BEC), account takeover (ATO) and advanced spear phishing attacks.
The migration to the cloud   More and more, organizations are adopting SaaS offerings like Microsoft 365 – which have SEG capabilities natively included. This shift was well underway before the pandemic, but has since been accelerated with data suggesting that ICES solutions are here to stay and will displace SEGs from the cybersecurity stack.. The rise of offerings like Microsoft 365 and Google Workspace and the move away from SEGs comes as no surprise, with enhanced functionality at the platform level that can include:   Blocking emails from known bad senders Scanning attachments with AV Blocking emails with known bad URLs Content analysis to identify SPAM   Given these native SEG-like capabilities in cloud productivity suites, makes ICES solutions the perfect supplement to ensuring comprehensive email protection. ICES solutions are so effective because they  provide protection against many of the threats SEGs fail to detect – when used in combination with SaaS offerings like Microsoft 365.
What are the benefits of ICES solutions?   ICES solutions offer more than just threat detection. Key features of ICES solutions  can include:   BEC and ATO Attack detection using NLU, NLP, social graph analysis and image recognition Context-aware banners to warn users Phish Reporting Mail Security Orchestration, Automation and Response (MSOAR) capabilities to assist in automatic reclassification of emails and removal from inboxes
How to evaluate ICES vendors   The number of  ICES solutions available on the market is continually growing. There are a few key things you should consider when evaluating which ICES solution to use. Taking a look at your current email security framework and comparing it to your end goal, the following elements should be analyzed:   Time-to-value, return-on-investment time horizon Cost of effort to install and manage False positive rate ML- and AI-based technology to detect advanced social engineering attacks including BEC and ATO attacks Ability to analyze and map conversation history Computer vision to analyze suspicious data and links in emails User education controls to reinforce training, including context-aware banners and/or in-line prompts Ability to analyze emails prior to delivery to the end user API integration  of email events into Extended Detection and Response (XDR) or Security Information and Event Management/Security Orchestration, Automation and Response (SIEM/SOAR) solutions   Still struggling to decide? Have a look at the 2021 Gartner Market Guide to Email Security, which contains further information on ICES vendors, including Tessian.
Why choose Tessian?   Tessian was recognized as a Representative Vendor for Integrated Cloud Email Security (ICES) in the recently released 2021 Gartner Market Guide for Email Security.     What sets Tessian apart from other ICES solutions is its advanced email security and email data loss prevention (DLP) capability, including:   Advanced Spear Phishing Protection Advanced Attachment and URL Protection   Internal Impersonation & CEO Fraud Advanced Spoof Detection Counterparty & Vendor Impersonation  Brand Impersonation External Account Takeover  Invoice Fraud Bulk Remediation Automated Quarantine  Threat Intelligence   Tessian also offers protection against both malicious and accidental data loss, in-the-moment security awareness training for suspected phishing emails and in-the-moment security awareness notifications. 
To summarize, there are four key Tessian differentiators:   Threat prevention: Tessian protects against both known and unknown email attacks, including business email compromise, account takeover, spear-phishing, and all impersonation attacks that bypass SEGs, M365, and G Suite. Protection also includes class leading email DLP. Education and awareness: With Tessian’s in-the-moment training, organizations can educate and empower users to build continuous email security awareness  Reduced admin overhead: Tessian removes the burden on SOC and admins by automating repetitive tasks such as maintaining triage and review. This eliminates the need for human verification of email threats, reducing FTE requirements. Data-rich dashboards: With Tessian, security teams have clear visibility and the ability to demonstrate clear ROI     To find out more about Tessian as an ICES solution, and the key findings listed in the 2021 Gartner® Market Guide for Email Security, click here. 
Read Blog Post
Email DLP
Product Update: Actionable Event Triage
by Dan Harrison Friday, July 1st, 2022
Security and risk management teams are focused on detecting, investigating, and responding to cyber security incidents. Given the high number of security tools deployed in the environment of a typical organization, reviewing security events that could be actual incidents requires dedicated FTE resources and time. This creates two challenges.   1: A delayed response time in triaging security events and finding incidents can also result in worsening the fallout from a breach, thereby elevating the level of risk. 2: Security teams find it increasingly time consuming to handle this volume of events, potentially resulting in analyst burn out, loss of retention and a reduced quality in event investigation.   Improving the efficiency for event triage is essential to help security and risk leaders speed up investigations and remediate incidents. 
Working Smarter, Not Harder   A recent Tessian commissioned study by The Ponemon Institute found that “it can take an average of 72 hours to detect and remediate a data loss and exfiltration incident caused by a malicious insider on email and an average of almost 48 hours to detect and remediate an incident caused by employees’ negligence or error on email.”    This is why Tessian has focused on making the investigation process more efficient for our users with a new event triage workflow.
Enhanced security event management   Tessian has improved security efficiency for customers through enhanced event triage in the Tessian Portal for all of our data loss modules, Guardian, Enforcer and Architect. Our latest feature update includes:   The ability for security admins to view the full email body and attachment for a flagged email. The ability for users to label events within its workflow status. The event statuses can be marked as Open, Incident, Safe, False Positive, and Other.   These capabilities enable Tessian users to get more context on a security event and easily collaborate with team members, leading to a more efficient end-to-end investigation process. These enhanced capabilities extend across M365 and GSuite mailboxes.
Making the SOC more efficient   The new event triage enhancements demonstrated below, enables security analysts to view the email body and to more effectively triage the security events. The advantage this brings to security teams is being able to immediately access the event content, rather than requesting the email content often from a separate team. This speeds up the investigation workflow and reduces the dependency security teams have on other parts of the organization. Further enhancements include being able to assign security events to team members and labeling the event with its workflow status (open, incident, safe, false positive, other).
These new feature enhancements will enable:   • The ability to complete end-to-end investigations all within the Tessian Portal resulting in a more efficient response to security threats.   • Improved SecOps efficiency in dealing with actual events vs. false positives.   • The ability to more easily collaborate with team members through the assignment of events, helping teams remain focused on what matters most.   • Insight into the outcome of data loss events through event status tagging, helping the CISO gauge risk using real data and helping to measure Tessian’s Return on Investment
A note on privacy The ability for security teams to view the full body of emails and their attachments may pose a privacy concern to customers. In recognition of this, we have built in some privacy guard rails which customers can use to control and monitor data access. Only Tessian users who have the necessary permissions to view the full email body and attachments will be able to do so. In addition, whenever a user requests to view the email’s full body and attachment, an audit event will be created which can be viewed within the Tessian portal.
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Email DLP, ATO/BEC
Key Takeaways from Verizon’s 2022 Data Breach Investigation Report
by John Filitz Thursday, May 26th, 2022
Verizon just released its annual Data Breach Investigation Report for 2022. Some highlights include the most targeted industries, the role of human error, insight on social engineering and the devastating impact that insider risk poses to your organization. The report also reveals email as a significant attack vector, and the preferred method for delivering malicious payloads. Ransomware is becoming a protracted security challenge, so too is the role of supply chains and the risk posed by misconfiguration.   Keep reading for key findings from the report.
Industries and attacks vectors   Top 3 industry verticals that suffered a breach. Finance, Professional Services and Healthcare suffered the highest proportion of breaches for the year.   Human error remains a significant breach risk factor. 82% of breaches involved the human element – either due to compromised credentials, phishing, misuse or error.   Securing end-users and systems should be prioritized equally. The 4 main paths to a breach include:   Credential compromise Phishing Exploiting vulnerabilities Botnets Top 2 targeted IT assets. Web applications (56% of breaches) and mail servers (28%) are the two most targeted IT assets by threat actors.
Social engineering, insider risk and attack motivations   Social engineering attacks are growing in complexity. Phishing (+60%) remains the dominant method for executing social engineering attacks, followed by the use of stolen credentials (+30%) and pretexting (27%).   Protecting against threat actors is a complex challenge. External threat actors account for 80% of breaches, and insiders 20%.   Insider breaches are the most devastating from a records exposure perspective. Insider breaches result in 10:1 more compromised records being exposed than external breaches do.   Money heist. Financial or personal gain is the key motive for over 80% of external threat actors.
Email is a significant attack vector   Email is the most preferred channel for threat actors. Email remains the #1 delivery mechanism for malware, including ransomware.   Email attracts the greatest investment in the attacker value chain. Email development, email addresses and email distribution see the highest share of investment from threat actors for carrying out a breach.   Office docs are the preferred trojan horse. Office docs are the preferred file for delivering malicious payloads, usually delivered via email.   BEC attacks come in different flavors. Phishing was responsible for 41% of BEC attacks, while credential theft was responsible for 43%. And pretexting, a component of phishing, is becoming increasingly prominent, responsible for 27% of social engineering breaches.   Don’t take solace in low phish rates. Even low phish rates of less than 3% can have devastating impacts on large organizations in terms of total records compromised.
Additional key findings   Ransomware attacks are trending in the wrong direction. The scourge of ransomware is accelerating at an unprecedented pace, up 13% YoY, representing the equivalent annual increase of the past 5 years combined.   The integrity of supply chains is in sharp focus. Supply chains are responsible for 62% of system intrusions.   As IT complexity increases so too does misconfiguration risk.  In a cloud based world, misconfiguration remains a mainstay vulnerability, responsible for 13% of breaches.
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Email DLP
New Report From The Ponemon Institute: Data Loss Prevention on Email in 2022 Report
by Negin Aminian Wednesday, May 18th, 2022
New research from the Ponemon Institute reveals that nearly 60% of organizations experienced data loss or exfiltration caused by an employee mistake on email in the last 12 months. Email was revealed as the riskiest channel for data loss in organizations, as stated by 65% of IT security practitioners. This was closely followed by cloud file-sharing services (62%) and instant messaging platforms (57%).    Key findings The Ponemon Institute surveyed 614 IT security practitioners across the globe to also reveal that:  Employee negligence, because of not following policies, is the leading cause of data loss incidents (40%)  Over a quarter (27%) of data loss incidents are caused by malicious insiders  It takes up to three days for security and risk management teams to detect and remediate a data loss and exfiltration incident caused by a malicious insider on email  Almost one in four (23%) organizations experience up to 30 security incidents involving employees’ use of email every month (for example, email was sent to an unintended recipient)
The most common types of confidential and sensitive information lost or intentionally stolen include: customer information (61%); intellectual property (56%); and consumer information (47%). User-created data (sensitive email content, text files, M&A documents), regulated data (credit card data, Social Security numbers, national ID numbers, employee data), and intellectual property were identified as the three types of data that are most difficult to protect from data loss.    The top two consequences for data loss incidents were revealed as non-compliance with data protection regulations (57%) and damage to an organization’s reputation (52%). One of our previous studies found that almost one-third (29%) of businesses lost a client or customer because of an employee sending an email to the wrong person. 
Lack of visibility creates data loss challenges    Organizations cannot protect what they can’t see. A lack of visibility of sensitive data that employees transferred from the network to personal email was cited as the most common barrier (54%) to preventing data loss. Further, over half of respondents (52%) report being unable to identify legitimate data loss incidents and standard employee data handling behaviors.     As a result, it takes security teams 72 hours, on average, to detect and remediate a data loss and exfiltration incident caused by a malicious insider on email, and almost 48 hours to detect and remediate an incident caused by a negligent employee.   Greater education required for employees    The majority of organizations (73%) are concerned that employees do not understand the sensitivity or confidentiality of data they share through email. In addition, marketing and public relations departments are most likely to put data at risk when using email (61%), closely followed by production/manufacturing (58%) and operations (57%).    Despite these risks, organizations do not have adequate training in place. While 61% have security awareness training, only about half of IT security leaders say their programs properly address the sensitivity and confidentiality of the data that employees can access on email.    “This study showcases the severity of data loss on email and the implications it has for modern enterprises,” said Larry Ponemon, chairman and founder of Ponemon Institute. “Our findings prove the lack of visibility organizations have into sensitive data, how risky employee behavior can be on email and why enterprises should view data loss prevention as a top business priority.”
Tessian’s Chief Information Security Officer, Josh Yavor, said, “Most security awareness training programs focus on inbound threats, yet fail to adequately address the handling of sensitive data internally. But data loss – whether accidental or intentional – is a major threat and should be treated as a top priority.    “To create awareness and mitigate data loss incidents, organizations need to be proactive in delivering effective data loss prevention training while also gaining greater visibility into how employees handle company data. Security awareness training that directly addresses common types of data loss – including what’s okay to share with personal accounts and what’s not okay to take with you when you leave a company – and a culture that builds trust and confidence among employees will improve security behaviors and limit the amount of data that flows out of the organization.”  
Read Blog Post
Email DLP, Data Exfiltration
Insider Threat Statistics You Should Know: Updated 2022
by Maddie Rosenthal Friday, May 13th, 2022
Between 2018 and 2020, there was a 47% increase in the frequency of incidents involving Insider Threats. This includes malicious data exfiltration and accidental data loss. The latest research, from the Verizon 2021 Data Breach Investigations Report, suggests that Insiders are responsible for around 22% of security incidents.   Why does this matter? Because these incidents cost organizations millions, are leading to breaches that expose sensitive customer, client, and company data, and are notoriously hard to prevent.   In this article, we’ll explore: How often these incident are happening What motivates Insider Threats to act The financial  impact Insider Threats have on larger organizations The effectiveness of different preventive measures     If you know what an Insider Threat is, click here to jump down the page. If not, you can check out some of these articles for a bit more background. What is an Insider Threat? Insider Threat Definition, Examples, and Solutions Insider Threat Indicators: 11 Ways to Recognize an Insider Threat Insider Threats: Types and Real-World Examples
How frequently are Insider Threat incidents happening?   As we’ve said, incidents involving Insider Threats have increased by 47% between 2018 and 2020. A 2021 report from Cybersecurity Insiders also suggests that 57% of organizations feel insider incidents have become more frequent over the past 12 months.   But the frequency of incidents varies industry by industry. The Verizon 2021 Breach Investigations Report offers a comprehensive overview of different incidents in different industries, with a focus on patterns, actions, and assets.   Verizon found that: The Healthcare and Finance industries experience the most incidents involving employees misusing their access privileges The Healthcare and Finance industries also suffer the most from lost or stolen assets The Finance and Public Administration sectors experience the most “miscellaneous errors” (including misdirected emails)—with Healthcare in a close third place !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
There are also several different types of Insider Threats and the “who and why” behind these incidents can vary. According to one study:   Negligent Insiders are the most common and account for 62% of all incidents. Negligent Insiders who have their credentials stolen account for 25% of all incidents Malicious Insiders are responsible for 14% of all incidents.   !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   Looking at Tessian’s own platform data, Negligent Insiders may be responsible for even more incidents than most expected. On average, 800 emails are sent to the wrong person every year in companies with 1,000 employees. This is 1.6x more than IT leaders estimate. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   Malicious Insiders are likely responsible for more incidents than expected, too. Between March and July 2020, 43% of security incidents reported were caused by malicious insiders.   We should expect this number to increase. Around 98% of organizations say they feel some degree of vulnerability to Insider Threats. Over three-quarters of IT leaders (78%) think their organization is at greater risk of Insider Threats if their company adopts a permanent hybrid working structure. Which, by the way, the majority of employees would prefer.   What motivates Insider Threats to act?   When it comes to the “why”, Insiders – specifically Malicious Insiders – are often motivated by money, a competitive edge, or revenge. But, according to one report, there is a range of reasons malicious Insiders act. Some just do it for fun. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   But, we don’t always know exactly “why”. For example, Tessian’s own survey data shows that 45% of employees download, save, send, or otherwise exfiltrate work-related documents before leaving a job or after being dismissed.  While we may be able to infer that they’re taking spreadsheets, contracts, or other documents to impress a future or potential employer, we can’t know for certain.   Note: Incidents like this happen the most frequently in competitive industries like Financial Services and Business, Consulting, & Management. This supports our theory. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); How much do incidents involving Insider Threats cost?   The cost of Insider Threat incidents varies based on the type of incident, with incidents involving stolen credentials causing the most financial damage. But, across the board, the cost has been steadily rising. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   Likewise, there are regional differences in the cost of Insider Threats, with incidents in North America costing the most and almost twice as much as those in Asia-Pacific. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   But, overall, the average global cost has increased 31% over the last 2 years, from $8.76 million in 2018 to $11.45 in 2020 and the largest chunk goes towards containment, remediation, incident response, and investigation. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   But, what about prevention? How effective are preventative measures?   As the frequency of Insider Threat incidents continues to increase, so does investment in cybersecurity. But, what solutions are available and which solutions do security, IT, and compliance leaders trust to detect and prevent data loss within their organizations?   A 2021 report from Cybersecurity Insiders suggests that a shortfall in security monitoring might be contributing to the prevalence of Insider Threat incidents.   Asked whether they monitor user behavior to detect anomalous activity: Just 28% of firms responded that they used automation to monitor user behavior 14% of firms don’t monitor user behavior at all 28% of firms said they only monitor access logs 17% of firms only monitor specific user activity under specific circumstances 10% of firms only monitor user behavior after an incident has occurred   And, according to Tessian’s research report, The State of Data Loss Prevention, most rely on security awareness training, followed by following company policies/procedures, and machine learning/intelligent automation. But, incidents actually happen more frequently in organizations that offer training the most often and, while the majority of employees say they understand company policies and procedures, comprehension doesn’t help prevent malicious behavior. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   That’s why many organizations rely on rule-based solutions. But, those often fall short.   Not only are they admin-intensive for security teams, but they’re blunt instruments and often prevent employees from doing their jobs while also failing to prevent data loss from Insiders.   So, how can you detect incidents involving Insiders in order to prevent data loss and eliminate the cost of remediation? Machine learning. How does Tessian detect and prevent Insider Threats?   Tessian turns an organization’s email data into its best defense against inbound and outbound email security threats.   Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises. It understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity. Tessian Enforcer detects and prevents data exfiltration attempts Tessian Guardian detects and prevents misdirected emails Tessian Defender detects and prevents spear phishing attacks   Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network.   Oh, and it works silently in the background, meaning employees can do their jobs without security getting in the way.   Interested in learning more about how Tessian can help prevent Insider Threats in your organization? You can read some of our customer stories here or book a demo.
Read More
Email DLP, Compliance
30 Biggest GDPR Fines So Far (2020, 2021, 2022)
Thursday, May 5th, 2022
The EU General Data Protection Regulation (GDPR) is among the world’s toughest data protection laws. Under the GDPR, the EU’s data protection authorities can impose fines of up to up to €20 million (roughly $20,372,000), or 4% of worldwide turnover for the preceding financial year – whichever is higher.   Since the GDPR took effect in May 2018, we’ve seen over 900 fines issued across the European Economic Area (EEA) and the U.K. GDPR fines have ramped up significantly.   Let’s take a look at the biggest GDPR fines, explore what caused them, and consider how you can avoid being fined for similar violations. 
The biggest GDPR fines of 2020, 2021, and 2022 (so far)   1. Amazon — €746 million ($877 million) Amazon’s gigantic GDPR fine, announced in the company’s July 2021 earnings report, is nearly 15 times bigger than the previous record. The full reasons behind the fine haven’t yet been confirmed, but we know the cause has to do with cookie consent.   And this isn’t the first time Amazon has been punished due to the way it collects and shares personal data via cookies. In late 2020, France fined Amazon €35 million after the tech giant allegedly failed to get cookie consent on its website.   How the fine could have been avoided: It’s tempting to force users to “agree” to cookies—or make opting out of cookies difficult—to collect as much personal data as possible. But regulators have shown some serious appetite for enforcing the EU’s cookie rules recently. If Amazon had obtained “freely given”, informed, and unambiguous opt-in consent before setting cookies on its users’ devices, the company probably could have avoided this huge GDPR fine.   4. Facebook — €265 million ($275 million) Facebook owner Meta was fined €265 million ($275 million) by the Irish Regulator the Data Protection Commission for breaching data protection rules after it was revealed that Facebook personal data had been made available on an online hacking forum. This included the full names, phone numbers, birth dates and locations of Facebook users using the site in 2018 and 2019. How the fine could have been avoided: Meta admitted the data had been scraped using legitimate tools designed to help people find their friends through their phone numbers. Facebook was fined for “failing to apply Data Protection by Design and Default” as stipulated by the EU update to General Data Protection Regulation (GDPR). Designing this function to be more secure would have avoided the fine.   2. WhatsApp — €225 million ($255 million) Mere months after Amazon’s colossal GDPR fine knocked Google off the number one GDPR fine spot, WhatsApp pushed Google into third place with a penalty nearly five times as large as the search giant’s previous record. Ireland slammed WhatsApp with A €225 million GDPR penalty after claiming that the messaging service had failed to properly explain its data processing practices in its privacy notice. Ireland is not known for issuing large fines, despite being the European home of nearly every US-based big tech firm. And even this penalty arrived only after other EU data protection authorities used the “one-stop-shop” mechanism to argue that it should have been higher. So what did WhatsApp do wrong? It’s complicated, and the company is appealing the decision. But it boils down to WhatsApp’s alleged failure to explain its legal basis for certain data processing—“legitimate interests.”   How the fine could have been avoided: The Irish DPA said that WhatsApp’s somewhat opaque privacy notice was at fault here—the company should have provided privacy information in an easily accessible format using language its users could understand. If you’re relying on “legitimate interests,” you must make sure you explain what those interests are in respect of each relevant processing operation.     3. Google Ireland — €90 million ($102 million) The French data protection authority (the CNIL) hit Google Ireland with this substantial fine on Jan 6 2022. The fine relates to the way Google’s European arm implements cookie consent procedures on YouTube. The Google Ireland fine was one of two fines issued as part of the same decision, with the other being levied against California-based Google LLC (which operates Google Search).   So what’s the issue? In a nutshell, the CNIL said that Google should have made it easier for YouTube users to refuse cookies. YouTube sets cookies on our devices to track our online activity for marketing purposes. It’s easy to accept cookies on YouTube, but harder to refuse them. The CNIL noted that refusing cookies required a user to make several clicks, whereas accepting cookies required just one click.   The CNIL justified the relatively high fine by pointing to the large number of people using YouTube and the huge profits that Google derives from the service. But wait a minute—doesn’t Google run its EU operations out of Ireland? How come the Irish regulator didn’t deliver this fine?   The reason, the CNIL contended, is that cookie regulation primarily falls under the ePrivacy Directive, not the GDPR, so regulators can take direct action against website operators in their jurisdiction rather than referring everything back to the organization’s “main establishment.” But the decision still qualifies as a “GDPR fine” because it’s the GDPR that determines how website operators obtain consent.   How the fine could have been avoided: Under the GDPR, consent must be “freely given”: equally easy to accept or refuse: if you can accept with one click, you should also be able to refuse with one click.     4. Facebook (again) — €60 million ($68 million) This fine came from the French data protection authority, the CNIL, on Jan 6, 2022. The social media giant earned this €60 million penalty owing to—you guessed it—failing to obtain proper cookie consent from its users.   The issue here mainly related to the unclear way in which Facebook provided a cookie opt-out. Like with Google (see above and below), accepting cookies on Facebook is a piece of cake—just click “accept.” Refusing them is a little more complicated.   How the fine could have been avoided: The CNIL drew attention to how Facebook’s cookie consent interface seemed to offer no option except “Accept Cookies”—even when it appeared that users were actually refusing them. The CNIL reflected that this language” necessarily generates confusion and that the user may have the feeling that it is not possible to refuse the deposit of cookies and that they have no way to manage it. Don’t confuse your users. Keep language simple and straightforward whenever you’re providing privacy information.     5. Google LLC — €60 million ($68 million) This Jan 6 fine against Google’s California headquarters came alongside the CNIL’s €90 million penalty against the search giant’s European establishment (see fine number 3, above). That larger sanction was levied against Google’s non-compliant setting of cookies on the YouTube platform.   Google LLC was hit with this €60 million blow on the same day for precisely the same reason—but in relation to its search website rather than its video-sharing platform.   How the fine could have been avoided: The takeaway in both Google cases is clear: make sure it’s as easy for your users to accept cookie consent as it is for them to refuse it.
6. Google – €50 million ($56.6 million)  Google’s fine, levied in 2019 and finalized after an unsuccessful appeal in March 2020, was the largest on record until August 2021.  The case related to how Google provided privacy notice to its users—and how the company requested their consent for personalized advertising and other types of data processing. How the fine could have been avoided: Google should have provided more information to users in consent policies and granted them more control over how their personal data is processed.     7. H&M — €35 million ($41 million) On October 5, 2020 the Data Protection Authority of Hamburg, Germany, fined clothing retailer H&M €35,258,707.95 — the second-largest GDPR fine ever imposed at the time. H&M’s GDPR violations involved the “monitoring of several hundred employees.” After employees took vacation or sick leave, they were required to attend a return-to-work meeting. Some of these meetings were recorded and accessible to over 50 H&M managers. Senior H&M staff gained ”a broad knowledge of their employees’ private lives… ranging from rather harmless details to family issues and religious beliefs.” This “detailed profile” was used to help evaluate employees’ performance and make decisions about their employment.   How the fine could have been avoided: H&M appears to have violated the GDPR’s principle of data minimization — don’t process personal information, particularly sensitive data about people’s health and beliefs, unless you need to for a specific purpose. H&M should also have placed strict access controls on the data, and the company should not have used this data to make decisions about people’s employment.     8. TIM – €27.8 million ($31.5 million) On January 15, 2020, Italian telecommunications operator TIM (or Telecom Italia) was stung with a €27.8 million GDPR fine from Garante, the Italian Data Protection Authority, for a series of infractions and violations that have accumulated over the last several years.  TIM’s infractions include a variety of unlawful actions, most of which stem from an overly aggressive marketing strategy. Millions of individuals were bombarded with promotional calls and unsolicited communications, some of whom were on non-contact and exclusion lists.   How the fine could have been avoided: TIM should have managed lists of data subjects more carefully and created specific opt-ins for different marketing activities.   9. Enel Energia — €26.5 million ($29.3 million) On January 19th, 2022 the Italian data protection authority (‘Garante’) publicized its decision to fine the multinational electric and gas supplier Enel Energia €26.5 million for a range of GDPR violations including failing to get user consent or inform customers before using their personal data for telemarketing calls. The complex investigation was triggered after Garante had received numerous complaints concerning the receipt of unwanted promotional calls among other problems. The investigation covered Enel Energia’s business partners and included four separate requests for cumulative information, from December 2018 to July 2020, concerning a total of 135 files. Garante also reported that Enel Energia had not sufficiently cooperated with the investigation by failing to respond adequately (if at all) to a number of requests. How the fine could have been avoided: Enel Energia should have provided more information to users in consent policies and granted them more control over how their personal data is processed. Once caught out, Enel Energia could have also lessened the consequences had they responded to requests by investigators.   10. British Airways – €22 million ($26 million) In October, the ICO hit British Airways with a $26 million fine for a breach that took place in 2018. This is considerably less than the $238 million fine that the ICO originally said it intended to issue back in 2019.  So, what happened back in 2018? British Airway’s systems were compromised. The breach affected 400,000 customers and hackers got their hands on log-in details, payment card information, and travelers’ names and addresses.   How the fine could have been avoided: According to the ICO, the attack was preventable, but BA didn’t have sufficient security measures in place to protect their systems, networks, and data. In fact, it seems BA didn’t even have basics like multi-factor authentication in place at the time of the breach.    Going forward, the airline should take a security-first approach, invest in security solutions, and ensure they have strict data privacy policies and procedures in place.   11. Marriott – €20.4 million ($23.8 million) While this is an eye-watering fine, it’s actually significantly lower than the $123 million fine the ICO originally said they’d levy. So, what happened?  383 million guest records (30 million EU residents) were exposed after the hotel chain’s guest reservation database was compromised. Personal data like guests’ names, addresses, passport numbers, and payment card information was exposed.  Note: The hack originated in Starwood Group’s reservation system in 2014. While Marriott acquired Starwood in 2016, the hack wasn’t detected until September 2018. How the fine could have been avoided: The ICO found that Marriott failed to perform adequate due diligence after acquiring Starwood. They should have done more to safeguard their systems with a stronger data loss prevention (DLP) strategy and utilized de-identification methods. 
12. Clearview AI — €20 Million ($20.5 Million) In what is shaping up to be a busy year for the Italian data protection authority, Clearview AI has been issued a fine of €20 Million by Garante. The fine came on 10 February 2022, after several issues in connection with Clearview’s facial recognition products.  A number of infringements were found including the unlawful processing of personal biometric and geolocation data, and the breaching of several fundamental principles of the GDPR, such as transparency, purpose limitation, and storage limitation. Like Enel Energia, the company also failed to respond to requests in a complete and timely manner. How the fine could have been avoided: Less is more – Clearview should have only collected and held on to data with a clear purpose, and been transparent about this decision-making with their customers. Better co-operation in the investigation would have also decreased the fine. 13. Meta (Facebook) Ireland — €17 Million ($18.2 Million) On March 15th, 2022 the Irish Data Protection Commission (DPC) fined Meta Platforms Ireland €17 Million for issues which meant it could not readily demonstrate the security measures that it implemented to protect EU users’ data. This failure was spotted in 2018 after twelve personal data breaches were reported to the DPC. This is the third fine of 2022.  How the fine could have been avoided: In this case, these shortcomings were spotted before a more widespread breach occurred. To prepare for future threats, Meta should take a security-first approach, invest in security solutions, and ensure they have strict data privacy policies and procedures in place.   14. Wind — €17 million ($18.2 million) On July 13, Italian Data Protection Authority imposed a fine of €16,729,600 on telecoms company Wind due to its unlawful direct marketing activities. The enforcement action started after Italy’s regulator received complaints about Wind Tre’s marketing communications. Wind reportedly spammed Italians with ads — without their consent — and provided incorrect contact details, leaving consumers unable to unsubscribe. The regulator also found that Wind’s mobile apps forced users to agree to direct marketing and location tracking and that its business partners had undertaken illegal data-collection activities.  How the fine could have been avoided: Wind should have established a valid lawful basis before using people’s contact details for direct marketing purposes. This probably would have meant getting consumers’ consent — unless it could  demonstrate that sending marketing materials was in its “legitimate interests.” For whatever reason you send direct marketing, you must ensure that consumers have an easy way to unsubscribe. And you must always ensure that your company’s Privacy Policy is accurate and up-to-date.   15. Vodafone Italia — €12.3 million ($14.5 million) Vodafone Italia’s November 2020 fine was issued in relation to a vast range of alleged GDPR violations, including provisions within Articles 5, 6, 7, 16, 21, 25, 32, and 33. So what did Vodafone do that resulted in so many GDPR violations?  The company’s data processing issues included failing to properly secure customer data, sharing personal data with third-party call centers, and processing without a legal basis—all brought to light after complaints about the company’s telemarketing campaign. How the fine could have been avoided: Vodafone’s marketing operations may have triggered the Italian DPA’s investigation, but the company’s data management and security were the fundamental issues here. Vodafone might have avoided this large fine by conducting regular audits of its data and properly documenting all relationships with third-party data processors.   16. Notebooksbilliger.de — €10.4 million ($12.5 million) German electronics retailer notebooksbilliger.de (NBB) received this significant GDPR fine on January 8, 2021. The penalty relates to how NBB used CCTV cameras to monitor its employees and customers. The CCTV system ran for two years, and NBB reportedly kept recordings for up to 60 days. NBB said it needed to record its staff and customers to prevent theft. The Lower Saxony DPA said the monitoring was an intrusion on its employees’ and customers’ privacy. How the fine could have been avoided: The NBB’s fine reflects strict attitudes towards CCTV monitoring in parts of Germany. The regulator said NBB’s CCTV program was not limited to a specific person or period. Using CCTV isn’t prohibited under the GDPR, but you must ensure it is a legitimate and proportionate response to a specific problem. The UK’s ICO has some guidance on using CCTV in a GDPR-compliant way.   17. Austrian Post — €9 million ($10.23 million) Austria’s largest GDPR fine hit in September 2021, when Austrian Post received a €9 million sanction for allegedly failing to facilitate data subject rights requests properly. If a data subject hoped to access, delete, or rectify personal data held by the Austrian Post, the company provided a variety of mediums by which to make a request, including a web form, mail, or phone number. The one means of communication that Austria Post did not recognize, however, was email—and the Austrian DPA said that the mail carrier should have allowed data subjects to submit a rights request via any medium they preferred. How the fine could have been avoided: Austrian Post (which is planning to appeal the fine) should have processed data subject rights requests however they arrived—forcing data subjects to use a particular communication method and excluding email is not an acceptable way to facilitate their rights. 18. Eni — €8.5 million ($10 million) Eni Gas e Luce (Eni) is an Italian gas and oil company that was found to have made marketing phone calls without a proper legal basis. While telemarketing is covered by the ePrivacy Directive, this is another example of how any processing of personal data without a proper legal basis can lead to a GDPR fine. How the fine could have been avoided: Eni should have ensured it had a proper legal basis for telemarketing before calling any of its customers or leads. In this case, the Italian DPA said that the proper lawful basis would have been consent.
19. Vodafone Spain — €8.15 million ($9.72 million) Vodafone’s €8.15 million fine, issued by the Spanish DPA (the AEPD) on March 11, 2021, is actually made up of four fines for violating the GDPR and other Spanish laws covering telecommunications and cookies. The Vodafone fine stands as Spain’s biggest yet—in a year that has seen the AEPD issue several substantial GDPR penalties. The fine results from 191 separate complaints regarding Vodafone’s marketing activity. Vodafone was alleged not to have taken sufficient organizational measures to ensure it was processing people’s personal data lawfully. How the fine could have been avoided: Vodafone’s complex series of legal violations all appear to have one thing in common: a lack of organization and control over personal data used for marketing purposes.   Whenever you outsource any processing activity to a third party—for example, a marketing agency—you must ensure you have a clear legal basis for doing so. Keep clear records, maintain data processing agreements with contractors, and regularly audit your processing activities to ensure they are lawful.   19. REWE International — €8 Million ($8.8 Million) The Austrian Data Protection Authority (DPA) has fined Austrian food retailer REWE International €8 million after the mismanaging of the data of users involved in its loyalty program, jö Bonus Club. The subsidiary had been collecting users’ data without their consent and using it for marketing purposes. However, REWE is set to appeal the decision, arguing that jö Bonus Club operates independently as a separate subsidiary, Unser Ö-Bonus Club. This comes hot off the heels of a 2021 fine after jö Bonus Club unlawfully collected millions of members’ data and sold it to third parties. The offense saw jö Bonus Club pay €2 Million. How the fine could have been avoided: There are a few things that could be done to stop these recurring fines – seeking consent from customers and applying the fundamental GDPR principles of transparency, purpose limitation, and storage limitation are good places to start. 20. Google – €7 million ($8.3 million) From a GDPR enforcement perspective, 2020 was not a good year for Google.  Along with the company losing its appeal against French DPA in January, March saw the Swedish Data Protection Authority of Sweden (SDPA) fining Google for neglecting to remove a pair of search result listings under Europe’s GDPR “right to be forgotten” rules.  How the fine could have been avoided: Google should have fulfilled the rights of data subjects, primarily their right to be forgotten. This is also known as the right to erasure. How? By “ensuring a process was in place to respond to requests for erasure without undue delay and within one month of receipt.”    You can find more information about how to comply with requests for erasure from the ICO here.  21. Caixabank — €6 million ($7.2 million) This fine against financial services company Caixabank is the largest fine ever issued by the Spanish DPA (the AEPD).    The AEPD finalized Caixabank’s penalty on January 13, 2021, breaking Spain’s previous record GDPR fine, against BBVA — issued just one month earlier. This suggests a significant toughening of approach from the Spanish DPA.   The first issue, which accounts for €4 million of the total fine, related to how Caixabank established a “legal basis” for using consumers’ personal data under Article 6. Second, Caixabank was fined €2 million for violating the GDPR’s transparency requirements at Articles 13 and 14.  How the fine could have been avoided: The AEPD said Caixabank relied on the legal basis of “legitimate interests” without proper justification. Before you rely on “legitimate interests,” you must conduct and document a “legitimate interests assessment.”  The company also failed to obtain consumers’ consent in a GDPR-compliant way. If you’re relying on “consent,” make sure it meets the GDPR’s strict “opt in” standards. The AEPD criticized Caixabank’s privacy policy as providing vague and inconsistent information about its data processing practices. Make sure you use clear language in your privacy notices and keep them consistent across websites and platforms.   22. Cosmote Mobile Telecommunications — €6 Million ($6.6 Million) In February 2022 the Greek data protection authority, the Hellenic Data Protection Authority (HDPA) fined Cosmote Mobile Telecommunications €6 Million.  The fine was issued after a hack in September 2020 led to customers’ private information being exposed, but the buck didn’t stop there. It was revealed that the company was illegally processing customer data – an activity that exacerbated the issues caused by the hack. To make matters worse, the private data was not fully pseudonymized, making it easier for hackers to identify individuals from the data. Cosmote’s parent company, OTE group was then given an additional fine of €3.25 million after the Cosmote investigation determined that OTE should have been included in the process from the beginning but had not been. How the fine could have been avoided: Unfortunately, this domino effect is not an uncommon occurrence that only highlights the importance of abiding by GDPR rules and principles. For a start, Cosmote should be only processing data legally, with purpose, and with proper encryption to ensure best customer security.  Secondly, this example demonstrates how devastating a hack can be. It has been reported that the hack that caused this breach was a phone hack – meaning secure internet connections, improved physical security and investing in security solutions are all good ways to prevent this from happening.   23. BBVA (bank) — €5 million ($6 million) This fine against financial services giant BBVA (Banco Bilbao Vizcaya Argentaria) dates from December 11, 2020.  The BBVA’s penalty is the second biggest that the Spanish DPA (the AEPD) has ever imposed, and it shares many similarities with the AEPD’s largest-ever penalty, against Caixabank, issued the following month. Taken together with the record fine against Caixabank, it’s tempting to conclude that the Spanish DPA has its eye on the GDPR compliance of financial institutions. How the fine could have been avoided: The AEPD fined BBVA €3 million for sending SMS messages without obtaining consumers’ consent. In most circumstances, you must ensure you have GDPR-valid consent for sending direct marketing messages. The remaining €2 million of the penalty related to BBVA’s privacy policy, which failed to properly explain how the bank collected and use its customers’ personal data. Make sure you include all the necessary information under Articles 13 and 14 in your privacy policy.
24. Fastweb — €4.5 million ($5.5 million) Italy’s DPA (the Garante) fined telecoms company Fastweb €4.5 million on April 2 2021 for engaging in unsolicited telephone marketing without consent. In particular, the Garanta noted that Fastweb was using “fraudulent” telephone numbers that the company had not registered with Italy’s Register of Communication Operators. How the fine could have been avoided: Fastweb’s fine derives from telemarketing rules that are set out in Italy’s implementation of the ePrivacy Directive, rather than the GDPR. However, the company still appears to have violated the GDPR by failing to obtain valid consent. It’s important to remember this interplay between the EU’s main privacy laws. The ePrivacy Directive requires you to obtain consent for certain activities, but the GDPR sets the standard of consent—and the standard is very high.   25. Dutch Tax and Customs Administration — €3.7 Million ($4 Million) In April 2022, The Dutch Tax and Customs Administration was fined €3.7 Million after the illegal processing of personal data in the Fraud Signaling Facility (FSV) – a blacklist on which the Tax and Customs Administration kept records of fraud. For more than six years, the Tax and Customs Administration had been wrongly putting people on the FSV – around 270,000 people in total – with major consequences for those on the list. The investigation revealed a number of GDPR violations including widespread discrimination, with employees instructed to base the risk of fraud in part on people’s appearance and nationality. “People were often wrongly labeled as fraudsters, with dire consequences,” Dutch Data Protection Authority Chairman Aleid Wolfsen said in a statement. “The tax authorities have turned lives upside down with FSV.” This is the highest fine that the Dutch Data Protection Authority (AP) has ever imposed, and reflects the seriousness of the violations as well as the number of people affected and the timespan over which the violations occurred. How the fine could have been avoided: In this extraordinary case, the issues spread beyond data security, with intent and impact both being malicious. It looks like The Dutch Tax and Customs Administration could do with brushing up on not just GDPR rules, but discrimination and equality laws as well.   26. Eni Gas e Luce — €3 million ($3.6 million) This fine is one of two imposed on the Italian gas and oil company Eni in December 2019. This is a complicated case involving the creation of new customer accounts—but it boils down to the failure of Eni to obey the GDPR’s principle of accuracy.   How the fine could have been avoided: Data protection is about more than just privacy—it also covers issues like records management. Eni should have ensured its customer records were kept accurate and up-to-date.     27. Capio St. Göran AB — €2.9 million ($3.4 million) Capio St. Goran is a Swedish healthcare provider that received a GDPR fine following an audit of one of its hospitals by the Swedish DPA. The audit revealed that the company had failed to carry out appropriate risk assessments and implement effective access controls. As a result, too many employees had access to sensitive personal data. How the fine could have been avoided: Conducting a data protection impact assessment (DPIA) is mandatory under the GDPR for controllers undertaking certain risky activities or handling large-scale sensitive data.   Eni should have conducted such an assessment to determine which staff required access to medical records. Access to sensitive personal data should be restricted to those who strictly require it.   28. Iren Mercato — €2.85 million ($3.4 million) In June 2021, the Italian DPA fined energy company Iren Mercato for carrying out a telephone marketing campaign without obtaining proper consent. The phone calls were conducted by a third party marketing company acting as a data processor.   How the fine could have been avoided: Many of the fines on our list relate to telemarketing and the failure to obtain GDPR-valid consent.   Remember that even when using third-party services to conduct marketing campaigns, you could still be directly liable under the GDPR if you fail to establish a valid legal basis for processing personal data.   29. Foodinho — €2.6 million ($3 million) Groceries delivery service Foodinho received this substantial fine in June 2021, after the Italian DPA found the company had failed to obey the GDPR’s rules on “automated processing,” in this case the use of an algorithm to determine employees’ wages and workflow.   The company was also found to have violated the GDPR’s principle of “lawfulness, fairness, and transparency” by failing to provide employees with adequate information.   How the fine could have been avoided: Foodinho’s fine mainly relates to a relatively niche area of GDPR compliance—”solely automated processing with legal or similarly significant effects.”    In short, if you’re making purely AI-driven decisions about people that could impact on their finances, employment, or access to services, you must ensure you provide a human review of such decisions.   30. National Revenue Agency (Bulgaria) — €2.6 million ($3 million) This August 2019 fine against Bulgaria’s National Revenue Agency was issued after the organization suffered a data breach affecting 5 million people. The breached data included people’s names, contact details, and tax information. The Bulgarian DPA found that the agency failed to take effective technical and organizational measures to protect the personal data under its control.   How the fine could have been avoided: The Bulgarian National Revenue should have conducted a thorough risk assessment of its processing operations and taken effective steps to safeguard personal data.   While it’s not clear what caused this data breach, it’s worth noting that the FBI’s Internet Crime Control Center cites email as the number one threat vector in cybercrime. By securing your company’s email systems, you’re cutting off one of your major vulnerabilities and significantly reducing the likelihood of a data breach.
What else can organizations be fined for under GDPR?    While the biggest fines involve marketing activities, failure to remove personal data when requested by EU citizens, and unlawfully requiring employees to have their biometric data recorded, there are a number of ways in which a breach can occur.    In fact, so far this year, misdirected emails have been the primary cause of data loss reported to the ICO. But, how do you prevent an accident? By focusing on people rather than systems and networks.   How does Tessian help organizations stay GDPR compliant?
Powered by machine learning, Tessian understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity, including misdirected emails. Tessian also detects and prevents spear phishing attacks and data exfiltration attempts on email.    Importantly, though, Tessian doesn’t just prevent breaches. Tessian’s key features – which are both proactive and reactive – align with the GDPR requirement “to implement appropriate technical and organizational measures together with a process for regularly testing, assessing and evaluating the effectiveness of those measures to ensure the security of processing” (Article 32).   To learn more about how Tessian helps with GDPR compliance, you can check out this page, our customer stories or book a demo. 
Read Blog Post