Step Into The Future of Cybersecurity — Save your spot at the Human Layer Security Summit for free.

Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
DLP

Read our latest articles, tips and industry-specific news around Data Loss Prevention (DLP). Learn about the implications of data loss on email.

Human Layer Security Spear Phishing DLP Data Exfiltration
Insider Threat Indicators: 11 Ways to Recognize an Insider Threat
By Maddie Rosenthal
12 June 2020
Detecting and preventing Insider Threats isn’t easy. Why? Because unlike external bad actors, Insiders – whether a disgruntled employee, a distracted freelancer, or a rogue business partner – have legitimate access to systems and data. That means they’re in an ideal position to exfiltrate data. So, how do you spot one? To start, you have to know what an Insider threat is and understand the different methods and motives behind these data exfiltration attempts. What is an Insider Threat? We’ve covered this in detail in this article: What is an Insider Threat? Insider Threat Definition, Examples, and Solutions. But, to summarize:
Insider Threats can be malicious or the result of negligence.  Malicious Insiders knowingly and intentionally steal data and generally do so for one of three reasons: financial incentives, a competitive edge, or because they’re dissatisfied at work. Negligent Insiders are just your average employees who have made a mistake. For example, they could send an email to the wrong person, misconfigure a system, fall for a phishing email, or lose their work device.   How often do incidents involving Insider Threats happen? More often than you might think. In fact, there’s been a 47% increase in incidents over the last two years. We discuss seven recent examples in this blog: Insider Threats: Types and Real-World Examples.   While every incident is different, there are some tell-tale signs of an Insider Threat.  Insider Threat indicators: Malicious Insiders Malicious Insiders may act suspiciously well before they actually exfiltrate any data. For example: 1. Declining performance or other signs of dissatisfaction As we’ve said, one reason why Insiders exfiltrate data is that they’re dissatisfied at work. It could be because of a poor performance appraisal, because they were denied a promotion or raise, or because of a disagreement with a co-worker or manager.  Whatever the reason, 1 in 10 Insider Threats is motivated by a grudge. Look out for a consistent or sudden decline in performance or attitude and for employees who become angry or combative. Employees who are actively looking for other jobs should also be on your radar. While they could simply be moving on to a new opportunity, they may be inclined to steal data in order to impress or bribe a new or potential employer.  Don’t believe us? 45% of employees download, save, send, or otherwise exfiltrate work-related documents before leaving a job or after being dismissed. This number nearly doubles in highly competitive industries like Financial Services and Business, Consulting, & Management.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); 2. Unusual working hours While passion and enthusiasm are generally considered positive attributes when talking about an employee, these can occasionally be early signs of bad intent. For example, if an employee consistently volunteers for extra work, regularly works in the office late, comes in early, or attempts to perform work that’s outside of the scope of their normal duties, they could be trying to gain access to sensitive systems or data.  Then, of course, there are signs of the data exfiltration attempt itself. For example: 3. Large data transfers or downloads There are a number of ways to exfiltrate data, including email, Cloud Storage, USB sticks. In fact, 23% of insiders exfiltrate data via USBs and 24% exfiltrate data via laptops/tablets. Nevertheless email is the threat vector most IT leaders are concerned about. After all, it only takes one click to transfer dozens of files.  But, monitoring data movement is a challenge. How can you realistically monitor every email sent and received within your organization? With Tessian Human Layer Security Intelligence, it’s easy.  Security, IT, and compliance leaders can get detailed insights around employee behavior in a single click. No manual investigation required. 
4. Multiple failed logins (or other abnormal login activity) Whether it’s an employee trying to access networks or systems they don’t have access to or an employee with legitimate access logging in more frequently than usual, login activity can offer security teams clues about Malicious Insiders. Certainly the employee could simply be curious and may even be going above and beyond to get their job done, but these behaviors could also be indicative of nefarious intent and should be investigated.  5. Upgraded privileges or sharing access When someone is promoted or there’s some other shift in the structure of an organization, it makes sense that access to systems and data might change. But, what about when someone’s privileges or access are escalated without a clear reason why? It could be an administrator granting him or herself more privileged access or it could be a team effort. For example, an administrator could be bribed to upgrade another employee’s access. Both are signs of a Malicious Insider. Finally, there are signs that the Insider has successfully exfiltrated data or is still successfully exfiltrating data. For example: 6. Unexpected changes in financial circumstances 86% of breaches are financially motivated.  Whether it’s a list of customer email addresses being sold on the Dark Web or trade secrets being sold to a competitor, data is valuable currency. So, if you hear of or notice an employee suddenly and unexpectedly paying off debt or making expensive purchases, you may need to investigate the source of the additional income. It could be a sign that they’re profiting from company or customer data. 7. Consistent (and unusual) overseas travel Like many of the other indicators on this list, there could be a perfectly good reason why an employee travels overseas. He or she could be going on vacation, visiting friends or family, or may be traveling for work. But, as we’ve seen, it could also be a sign of corporate or foreign espionage. Case in point: A former engineer at a massive aerospace company frequently traveled to China, claiming he was lecturing. In reality, he was acting as an agent of the People’s Republic of China and was selling trade secrets. This went on for nearly 30 years before he was caught and later convicted.  Insider Threat indicators: Negligent Insiders While certain behaviors exhibited by Malicious Insiders may set off alarm bells for security teams before exfiltration attempts occur, Negligent Insiders can be harder to preempt.  Nonetheless, there are four key things to look out for. 8. Failure to comply with basic security policies Whether it’s consistently using weak passwords, refusing to enable 2FA, or frequently downloading tools or software that haven’t been approved by security teams, an employee who disregards security policies could be more likely to accidentally exfiltrate data than one who consistently plays by the book.  That’s why reminding employees of existing policies and procedures is so important. 9. Low engagement in security awareness training Most employees (and even some security leaders!) would agree that security awareness training is “boring”. And, while that may be the case, training is absolutely essential. It could be training around how to spot a phish (see below) or training around new and existing compliance standards or data privacy laws. Employees who either don’t attend training at all or who perform poorly on assessments related to that training should be closely monitored and be re-targeted with tailored programs. You can read more about how to up-level your training and create a positive security culture here. 10. History of falling for phishing attacks Phishing and other social engineering attacks are designed for one of three reasons: to extract sensitive information or credentials, to install malware onto a network, or to initiate a wire transfer. If the attack is successful – meaning the target (an employee) falls for the scam – there could be serious consequences.  That means any employee who falls for a scam should be reminded of phishing tools and techniques and may need to be more closely monitored. 11. General carelessness or haste Accidents happen. Whether it’s firing off an email to the wrong person or accidentally leaving a computer unblocked, we all make mistakes. Nonetheless, they aren’t trivial and any employee who consistently makes mistakes will need to be reminded of security best practices and may, in some cases, need to be monitored with more stringent policies.  How can you detect and prevent Insider Threats?  When it comes to detecting and preventing Insider Threats, there are a number of solutions, including: Training Physical and Digital Monitoring  DLP tools and software  Importantly, all of these have a place in security strategies. Training should be used to reinforce existing policies, especially for those employees who consistently break the rules or make mistakes.  Security teams should be diligent in their physical and digital data monitoring and should always look out for the above warning signs. And DLP tools like rule-based solutions, endpoint scanning, firewalls, and anti-phishing software do, in some instances, help curb the problem of data loss. But, as we’ve said, incidents involving Insider Threats are on the rise which means security stacks are missing something. What they’re missing is protection for their people and at Tessian, we call it Human Layer Security. How does Tessian prevent Insider Threats? Tessian turns an organization’s email data into its best defense against inbound and outbound email security threats. Powered by machine learning, our Human Layer Security technology understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity. Tessian Enforcer detects and prevents data exfiltration attempts Tessian Guardian detects and prevents misdirected emails Tessian Defender detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network. Oh, and it works silently in the background, meaning employees can do their jobs without security getting in the way.  Interested in learning more about how Tessian can help prevent Insider Threats in your organization? You can read some of our customer stories here or book a demo. 
Human Layer Security Spear Phishing DLP Data Exfiltration
Introducing Tessian Human Layer Security Intelligence
By Ed Bishop
11 June 2020
Attention Security, Compliance. and IT leaders: You can now continuously and proactively downtrend Human Layer risks in your organization with zero manual investigation. How? With Tessian Human Layer Security Intelligence.
Why did Tessian create Human Layer Security Intelligence? 88% of data breaches are caused by human error.  To combat that, Tessian built, created, and developed Defender to prevent spear phishing, Business Email Compromise, and other targeted impersonation attacks; Guardian to prevent accidental data loss; and Enforcer to prevent data exfiltration. But, detection and prevention are only one part of the solution. To be truly effective, solutions have to proactively and consistently improve an organization’s broader security posture.  Security leaders should be able to: Comprehensively understand the risks within their organization Benchmark those risks against peers Reduce the burden of manual investigation, especially for thinly-stretched teams  Move swiftly from investigation to remediation Easily view the outcome of remediation efforts to understand the ROI on security products   Tessian Human Layer Security Intelligence does all of the above.  We provide our customers with real-time insights into risks on email and give security teams the tools they need to downtrend those risks. 
What are the key benefits of Human Layer Security Intelligence? We’ve already mentioned some of the key challenges that security, compliance, and IT leaders are up against. So, how does Human Layer Security Intelligence make your jobs easier? Predict. Track and compare trends, preempt incidents, and influence employee behavior to improve overall security posture.
Improving security visibility is key.  With HLS Intelligence, Tessian customers can easily and automatically get detailed insights into inbound and outbound security threats and employee actions.  Why does this matter? It allows security leaders to know precisely where to focus their efforts and which corrective actions to take in order to best allocate their resources.  For example, with clear visibility of employee behavior, it will be easy to spot those employees who frequently attempt to send company data to their personal email accounts to work from home. That way, security teams can then offer additional, targeted training and issue helpful reminders of existing security policies. Beyond that, customers will also be able to benchmark their risk levels against industry peers. This will help organizations identify strengths and successes and help highlight how and where they can improve their security posture.  Prevent. Investigate and communicate risks quickly and easily with detailed event threat breakdowns.
Most solutions are a blackbox when it comes to understanding the threats detected. And, without knowing the “who, what, when, and why” behind security events, mitigation can be difficult.  In an effort to pin down the “who, what, when, and why”, security and IT teams spend countless hours aggregating data, analyzing data, and investigating incidents. But, this is a slow, manual process which means remedial response times are often longer than they should be. Not with Tessian’s HLS Intelligence.  HLS Intelligence offers a curated list of high priority events so security leaders can immediately zero in on those that are most critical. No manual investigation required.  It’s simple: View detailed breakdowns and automated analysis of security events Take immediate action Generate reports with a single click to communicate detected and prevented risks to stakeholders.  Protect. Take the burden out of remediation with robust mitigation tools. 
While the goal is to prevent incidents from happening in the first place, robust mitigation tools are an essential part of any security solution.  With email quarantine and post-delivery protection like bulk email removal and single-click clawback, it’s easier than ever for security teams to take action.  And, with shared threat intelligence across the entire Tessian ecosystem, machine learning models automatically update and protect all Tessian Defender customers from all blocked domains. That means Tessian customers automatically benefit from Tessian’s network effect and new threats can be prevented before they’re even seen in your environment. How Can I Use Human Layer Security Intelligence? The benefits of Tessian Human Layer Security Intelligence are best understood in the context of real situations. So, let’s look at three example use cases. Use Case #1: Thwart burst attack campaigns and block COVID-19-related impersonation domains.  Several employees receive an email that appears to be from a health organization with advice around COVID-19. The email automatically triggers a warning advising employees that the email is suspicious based off of the content and sender information.  Simultaneously, you’re alerted of the burst attack and are able to first delete the email from user inboxes and then block the domain. Each of these two actions requires a single click. But, it’s not just your organization that’s protected from the threat. All Tessian customers will benefit as the domain is automatically blocked across the Tessian ecosystem. Use Case #2: Reduce data loss and increase secure behavior. In reviewing outbound events, you notice two employees are frequently sending emails with attachments to their personal accounts. When presented with a warning that explains why the action is being flagged as suspicious, they opt to send the email anyway. Why? Because these exfiltration attempts aren’t intentionally malicious, they’re simply trying to ensure they have access to the documents they need to work, wherever they are.  Instead of implementing a blanket rule that blocks all emails to freemail accounts across the company, you can take a more targeted approach. You can use this as an opportunity to reinforce security awareness training and in-house policies and explain why the email is considered unauthorized despite the employees’ good intentions.  You can also offer alternatives that would enable the employees to access relevant documents without having to email attachments to themselves. Use Case #3: Predict employee exits and prevent data exfiltration. In reviewing outbound events, you notice a spike in data exfiltration attempts by an employee. In the last week, he’s sent upwards of 20 attachments to a recipient he has no previous email history with. With this information in mind, you approach his line manager and find out that two weeks ago, the employee was denied a promotion and subsequent raise. You now have oversight of the “who, what, why, and when”.  This employee is planning on resigning and is taking company data with him. To prevent any further data exfiltration attempts, you can create custom filters specifically for that user, including customized warning messages or you could create a filter that would automatically block any future exfiltration attempts. For example, you could block email communications containing attachments to specific a domain or block emails containing attachments altogether, depending on the severity of the previous incidents.  Learn more Interested in learning more about Tessian Human Layer Security Intelligence and how it can help you strengthen your defense against human error on email? Get in touch with your Customer Success contact. Not yet a Tessian customer? Book a demo! 
DLP Data Exfiltration
What is Data Exfiltration on Email and How Do You Prevent It?
By Maddie Rosenthal
04 June 2020
While there are various ways in which someone can exfiltrate data – which we’ve covered in What is Data Exfiltration? Tips for Preventing Data Exfiltration Attacks – email is the biggest risk. In fact, it’s the threat vector IT leaders are most concerned about protecting.  In this article we’ll answer three key questions: What is data exfiltration on email? Why is it so dangerous? How can organizations prevent it from happening?  What is data exfiltration on email? In order to understand what data exfiltration on email is, we should start with what data exfiltration is more broadly. Data exfiltration is the act of sensitive data deliberately being moved from inside an organization to outside an organization’s perimeter without permission. This can be done through the digital transfer of data, the theft of documents or servers, or via an automated process.  Data and sensitive information found in spreadsheets, calendars, trading algorithms, planning documents, and customer PII can be moved outside of an organization’s perimeter via email in one of two ways: Someone inside the organization (like an employee, exiting employee, contractor, or business partner) emailing data to their own personal accounts or to a third-party. External bad actors targeting employees with phishing or spear phishing scams. While these email attacks can be designed for the purpose of initiating a wire transfer, they’re often ploys to extract sensitive information or credentials or to install malware onto a network.
Why is data exfiltration on email so dangerous? We’ve already mentioned that email is the threat vector IT leaders are most concerned about protecting. But why? There are two key reasons: it’s easy to access (email accounts today are managed on laptops, smartphones, tablets, and even watches) and the underlying technology behind email hasn’t evolved since its inception in the 1970s. That means there are core security features missing that modern communication platforms have as a standard, including the ability to redact or recall and encryption-by-default.  This makes it one of the go-to mediums for data exfiltration. In fact, according to one report, 10% of all insiders and 10% of all external bad actors use email to steal data. And, if data is successfully exfiltrated, the consequences can be tremendous. = Case in point: A major US health insurance provider agreed to pay $115 million to settle a class-action lawsuit after it was discovered that an employee had stolen data on 18,000 Medicare members, including names, ID numbers, Social Security numbers, health plan IDs, and dates of enrollment.  Interested in learning more about incidents like this? Read 6 Examples of Data Exfiltration on our blog.  How can I prevent data exfiltration on email? Data exfiltration is a big problem for organizations.  Whether it’s an exiting employee emailing data to their personal accounts on their way out (which 45% of employees admit to doing) or a hacker targeting someone with privileged access to networks and data via a phishing email, security, IT, and compliance leaders must find a way to prevent sensitive information from leaving their organization.  there are several solutions available, but few succeed in preventing data exfiltration attempts on email. Blocking or blacklisting domains What it is: Data exfiltration prevention has often been simplified to stopping communication with certain accounts/domains (namely freemail accounts like @gmail). Why it doesn’t work: This is a blunt approach that impedes on employee productivity. There are many legitimate reasons to communicate with freemail accounts, such as updating private clients, managing freelancers, or emailing friends and family about non-work issues. What’s more, a determined insider could easily circumvent this by setting up an account with its own domain. Secure Email Gateways (SEGs) What it is: SEGs are essentially more sophisticated spam filters. They’re used to block malicious inbound email threats like phishing attacks. Why it doesn’t work: While SEGs may be effective in blocking bulk phishing emails, they can’t stop all spear phishing emails. That means the most targeted attacks can still get through and employees could easily fall victim to an attack and unknowingly exfiltrate data to a bad actor. (Not sure what the difference is between phishing and spear phishing? Read this.) Rule-Based solutions What it is: Organizations could implement rule-based solutions that take the form of “if-then” statements. These “if-then” statements involve keywords, email addresses, and regular expressions that look for signals of data exfiltration. For example, “If an email contains the word “social security number”, then quarantine the email and alert IT.” Why it doesn’t work: Rule-based solutions are impossible to maintain because data changes in value and sensitivity over time. Beyond that, you simply can’t define or predict human behavior with rules. That’s why 85% of IT leaders say rule-based DLP is admin-intensive and just 18% say it’s the most effective way to prevent data loss.  Training  What it is: Because it’s people who control our data, training is a logical solution to data exfiltration. In fact, 61% of organizations have training every 6 months or more frequently.  Why it doesn’t work: While training does help educate employees about data exfiltration and what the consequences are, it’s not a long-term solution and won’t stop the few bad eggs from doing it. You also can’t train away human error.  Machine Learning What it is: Machine learning (ML) models trained on historical email data understand the intricacies and fluctuations of human relationships over time. That means ML models can constantly update their “thinking” to determine whether an action looks like exfiltration or not.  Why it does work: This is the “human” way forward. At Tessian, we call it Human Layer Security. Machine-intelligent software recognizes what looks suspicious, much like a trained security professional could. However, unlike humans, it can do this thousands of times per second without missing information or getting tired.  How does Tessian prevent data exfiltration on email? Tessian uses stateful machine learning to prevent data exfiltration on email by turning an organization’s own data into its best defense against inbound and outbound email security threats.   We currently protect customers across industries, including those that are highly regulated like Legal and Financial Services. Our Human Layer Security platform understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity like data exfiltration attempts and targeted phishing attacks.  Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network.  Tessian Enforcer detects and prevents data exfiltration attempts by: Analyzing historical email data to understand normal content, context, and communication patterns Establishing, mapping, and continuously updating every employee’s business and non-business email contacts into relationship graphs  Performing real-time analysis of outbound emails before they’re sent to automatically predict whether the email looks like data exfiltration. This is based on insights from relationship graphs, deep inspection of the email content, and previous user behavior Alerting users when data exfiltration attempts are detected with clear, concise, contextual warnings that reinforce security awareness training Click here to download the data sheet. Tessian Defender detects and prevents data exfiltration attempts by: Analyzing historical email data to understand normal content, context, and communication patterns Establishing, mapping, and continuously updating every employee’s business and non-business email contacts into relationship graphs  Performing real-time analysis of inbound emails in real-time to automatically predict whether the email looks unsafe. This is based on insights from relationship graphs, deep inspection of the email content, and previous user behavior Alerting users when targeted email attacks are detected with clear, concise, contextual warnings that reinforce security awareness training Click here to download the data sheet.
DLP
How Does Data Loss Prevention Work?
By Maddie Rosenthal
02 June 2020
There’s been a 47% increase in data loss incidents over the last two years; this includes accidental data loss and deliberate data exfiltration by negligent or disgruntled employees or contractors. While every incident of data loss or leakage may not result in a breach, many do, and the cost can be tremendous. That’s why today, data loss prevention (DLP) is one of the top spending priorities for IT leaders.
We’ve covered data loss prevention broadly in this blog: What is Data Loss Prevention (DLP) – A Complete Overview of DLP, but in this article, we’ll detail how exactly DLP works.  How does DLP work? DLP software monitors, detects, and blocks sensitive data from leaving an organization.  Monitor  DLP solutions monitor different entry and exit points of a corporate network, such as user devices, email clients, servers, or gateways within the network to safeguard data in different forms, including data in motion, data in use, and data at rest.  Data in motion refers to data that is sent and received over your network.  Data in use refers to data that you are using in your computer memory.  Data at rest refers to data that is stored in a database, file, or a server.  Detect If security software detects anything suspicious, such as an email attachment containing credit card details or an attempt to print confidential documents, a predefined response will kick in.  Note: This predefined response will depend on the solution itself and how it’s configured. Block Most DLP solutions offer organizations the ability to block potentially risky communications or to simply flag the anomaly for administrators to follow up on. Properly configured DLP allows organizations to block sensitive information while permitting non-sensitive communications to continue.  Again, this depends entirely on the solution and how it’s configured. So, how do current solutions prevent data loss? How do current solutions prevent data loss? While all DLP solutions will monitor, detect, and block data, there are still several different solutions.  Unfortunately, many fall short. Manually labeling and tagging sensitive data How it works: Security teams can manually label and tag sensitive data. This way, it can be monitored (and blocked) when it is seen moving outside the network.  Why it’s ineffective: This approach relies entirely on employees tagging data correctly. Given how much data organizations handle, the manual process of tagging isn’t viable; employees may label incorrectly or, worse, not do it at all. Rule-Based solutions How it works: The majority of DLP solutions rely on rules that take the form of “if-then” statements. These “if-then” statements involve keywords, email addresses, and regular expressions that look for signals of data exfiltration or accidental data loss. For example, “If an employee attempts to download a file larger than 1.0 MB, then block the download and alert IT.” Why it’s ineffective: Similar to tagging, rule-based solutions are impossible to maintain because data changes in value and sensitivity over time. Beyond that, you simply can’t define or predict human behavior with rules. That’s why 85% of IT leaders say rule-based DLP is admin-intensive and just 18% say it’s the most effective way to prevent data loss.  Blocking or blacklisting domains, channels, or software     How it works: DLP has often been simplified to simply stopping communication with certain accounts/domains (namely freemail accounts like @gmail) or blocking access to certain tools and software (like DropBox, for example).  Why it’s ineffective: This is a blunt approach that impedes on employee productivity. There are many legitimate reasons to communicate with freemail accounts, such as updating private clients, managing freelancers, or emailing friends and family about non-work issues. What’s more, a determined insider could easily circumvent this by setting up an account with its own domain. Machine Learning How it works: Machine learning models are trained off human behavior which means they understand the intricacies and fluctuations of human relationships over time. This way, they can determine whether an action looks like deliberate exfiltration or accidental data loss and prevent it before it happens.  Why it IS effective: This is the “human” way forward. Machine-intelligent software recognizes what looks suspicious, much like a trained security professional could. However, unlike humans, it can do this thousands of times per second without missing information or getting tired.  How to choose a DLP solution Importantly, before a DLP solution is even considered, security teams have to determine which data is considered most sensitive and which threat vectors are a priority. Step 1: Prioritize your data Here are just a few of the things security teams should consider: Industry. DLP efforts should start with the most valuable or sensitive information. What is sensitive within your organization? Naturally, those working in Financial Services will have different priorities than those working in Manufacturing. Compliance standards and data protection regulations.GDPR, CCPA, and HIPPA are just a few pieces of legislation that CISOs have to consider when putting together a DLP strategy. In addition to identifying which data is the most valuable for your organization, you have to consider which data you’re obligated to protect by law. How employees communicate. After identifying which data you want to protect and which data you have to protect, you have to figure out how that data is being stored, managed and transmitted by people and teams. Is it via the Cloud? On email? Through text messages? This will help determine which type of DLP solution you need. Step 2: Identify the biggest threat vectors Based on how your employees communicate, you can decide which type of DLP solution is right for your organization.  For example: Network DLP monitors traffic entering and leaving an organization’s network. Endpoint DLP is installed on devices (for example, company laptops or mobile phones) and checks that information is not taken off the device and placed on, or sent to, a non-authorized device. Email DLP is integrated into the email client itself and monitors emails as they are sent.  While these safeguard different threat vectors, they all do the same thing: monitor, detect, and block sensitive data from leaving an organization.  Did you know that email is the top priority for IT leaders? In fact, according to Tessian’s new research report The State of Data Loss Prevention 2020, almost half (47%) said it’s the threat vector they’re most concerned about protecting.  How Does Tessian Next-Gen DLP Work?  Tessian turns an organization’s email data into its best defense against inbound and outbound email security threats. Powered by machine learning, our Human Layer Security technology understands human behavior and relationships, enabling it to automatically detect and prevent dangerous activity like data exfiltration attempts and misdirected emails. Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network. No rules needed.  Tessian Enforcer detects and prevents data exfiltration attempts by: Analyzing historical email data to understand normal content, context, and communication patterns Establishing, mapping, and continuously updating every employee’s business and non-business email contacts into relationship graphs  Performing real-time analysis of outbound emails before they’re sent to automatically predict whether the email looks like data exfiltration. This is based on insights from relationship graphs, deep inspection of the email content, and previous user behavior Alerting users when data exfiltration attempts are detected with clear, concise, contextual warnings that reinforce security awareness training Tessian Guardian detects and prevents misdirected emails by: Analyzing historical email data to understand normal content, context, and communication patterns Establishing, mapping, and continuously updating every employee’s business and non-business email contacts into relationship graphs  Performing real-time analysis of outbound emails before they’re sent to automatically predict whether the email looks like it’s being sent to the wrong person. This is based on insights from relationship graphs, deep inspection of the email content, and previous user behavior Alerting users when a misdirected email is detected with clear, concise, contextual warnings that allow employees to correct the recipients before the email is sent
Human Layer Security DLP
Tessian Recognized by 451 Research as a “451 Firestarter”
01 June 2020
We are proud to say that Tessian has received a 451 Firestarter award from leading technology research and advisory firm 451 Research.   The 451 Research Firestarter program recognizes exceptional innovation within the information technology industry. Introduced in 2018 and awarded quarterly, the program is exclusively analyst-led, allowing its team of technology and market experts to highlight organizations they believe are significantly contributing to the overall pace and extent of innovation in the technology market.  In its recent spotlight report, 451 Research said: “Most existing data discovery and data loss prevention (DLP) tools try to discover ‘personally identifiable information’ (PII) like credit card, driver’s license and social security numbers using RegEx searches, fingerprinting or optical character recognition (OCR). In contrast, Tessian’s focus is on finding bad behavior rather than finding sensitive data or PII, by applying machine learning techniques to historical email messages (headers, body and attachments) in order to distinguish between ‘safe’ and ‘unsafe’ emails.”
Earlier this year, 451 Research wrote a report stating that the “the DLP market is ripe for change” and that modern enterprises are looking for next-generation solutions that can detect and prevent both inbound email attacks and outbound email threats. Being recognized as a 451 Firestarter is a recognition of Tessian’s innovative approach to data loss protection. You can learn more about how Tessian is addressing DLP shortcomings here: 451 Research: Market Insight Report. Book a Demo To learn more about how we prevent inbound and outbound email threats and why world-leading businesses like Arm, Man Group, Evercore, and Schroders trust Tessian to protect their people on email, book a demo.
Human Layer Security DLP
Guide: How to Stop Data Loss Across 1 Million New Offices
By Maddie Rosenthal
28 May 2020
Now more than ever, security, IT, and compliance leaders are leaning on each other for support in navigating new challenges around remote-working. And, why wouldn’t they? While some organizations have operated virtually for months and even years before the outbreak of COVID-19, others had never operated a remote workforce. That means they’ve had to – very quickly – equip their teams with new devices and tools, implement new policies and procedures, and update security stacks. Of course, they’re doing all of this while trying to maintain “business as usual” which means trying to monitor and prevent data loss company-wide. That’s exactly why we’ve been hosting virtual events: to pool the wisdom of experienced security and IT leaders and share back with the broader community While you can access our library of webinars here (and register for our next virtual event here), we’ve compiled key takeaways below from our most recent webinar: How to Stop Data Loss Across 1 Million New Offices.  Here’s the actionable advice from Mark Settle, the former CIO of Okta and Karl Knowles, the Global Head of Cyber at HFW.
1. Prioritize email Even with collaboration tools like Slack, email is still King. Or, as Mark put it “email is the central nervous system of almost every company. You really can’t escape it”. Over 124 billion emails are sent and received everyday and employees spend 40% of their time on email. And, when you consider what’s being sent back and forth in emails (spreadsheets, invoices, client information, and other structured and unstructured data) it’s no wonder IT and security leaders consider it the number one threat vector for data loss. Whether it’s a disgruntled employee purposely exfiltrating data or a negligent employee who accidentally sends sensitive information to the wrong person, email is a leaky pipe.  Interested in learning more about how data is lost on email? Read this blog: A Complete Overview of DLP on Email. 2. Clearly communicate what constitutes “data loss” It’s employees who have to take on the role of protecting a company’s most important asset: data. But, unfortunately, many are blissfully unaware of what’s actually considered a data loss incident. It’s not their fault. It’s up to IT leaders – especially now as employees are adjusting to their new work environments – to really communicate what data is sensitive and how that data must be handled.  While those working in Healthcare or Financial Services may be well-versed in what data can and can’t be stored and shared, because of industry-specific compliance standards, the “average” professional may not be. For example: if you don’t tell employees that sending company data to their personal email accounts is considered unauthorized and could lead to a data breach, they’ll never know that they shouldn’t do it. Likewise, many employees don’t realize that sending an email to the wrong person could be classified as a data loss incident.  3. Don’t blame employees, empower them As we’ve said, employees are the gatekeepers of a company’s most sensitive systems and data. But, many aren’t familiar with security best practices or the implications of a breach. And, beyond that, many simply don’t have the necessary tools to work securely. It’s up to IT and security leaders to empower them to do so. How? According to Karl, it comes down to training and technology.
4. Re-think security awareness training Earlier this year at the world’s first Human Layer Security Summit, Mark Logsdon, Head of Cyber Assurance & Oversight at Prudential, explained there are three fundamental problems with training: It’s boring It’s often irrelevant It’s expensive Karl Knowles and Mark Settle shared many of these sentiments. The bottom line is: In order for training to be effective, it has to really resonate. And, for it to really resonate, employees have to understand the who, what, and why behind security policies and procedures. They recommend using different methods and mediums to communicate risks and preventative strategies and – perhaps most importantly – ensure you aren’t overloading them. That means breaking complex subjects down into more manageable pieces and translating technical jargon and concepts into language that’s easier to understand. Top Tip from Karl: Nominate Cyber Champions as a way to gamify training and encourage a positive security culture.  5. Know the limitations of rule-based DLP solutions and invest in technology that proactively adapts DLP isn’t just a challenge now that workforces are remote. It’s been a consistent pain point for IT and security teams for a long time and for several reasons. One of the biggest problems around DLP is that rule-based solutions aren’t adaptive. Not only are they admin-intensive to set-up, but they’re virtually impossible to maintain. You can read more about The Drawbacks of Traditional DLP on Email on our blog.  Learn more about Why DLP is Failing in Tessian’s latest report: The State of Data Loss Prevention 2020. That’s why Karl and Mark recommend investing in technology that’s fast and evolving. The technology is machine learning. Tessian’s DLP solutions (Tessian Enforcer and Tessian Guardian) are powered by machine learning which is why Karl – a customer – considered Tessian an extension of his cyber team.
Interested in learning more about how Tessian can help you detect and prevent data loss wherever your employees are working? Book a demo. And, for more advice, keep up with our blog, LinkedIn, and Twitter for guides, industry news, and events. 
Human Layer Security DLP
The State of Data Loss Prevention 2020: What You Need to Know
28 May 2020
Today, Tessian released The State of Data Loss Prevention 2020, a comprehensive report that explores new and perennial challenges around data loss prevention.
Our findings reveal that data loss on email is a bigger problem than most realize, that remote-working brings new challenges around DLP, and that the solutions currently deemed most effective may actually be the least. Why does this report matter? IT, security, and compliance readers have a lot to gain by reading this report. To really understand why, we have to look at the current landscape. Insider threats are a growing problem While email threats from external bad actors (like spear phishing and business email compromise) dominate headlines, email threats from insiders are steadily rising. In fact, there’s been a 47% increase in incidents over the last two years. This includes accidental data loss and deliberate data exfiltration. According to Verizon’s 2020 Data Breach Investigations Report “It is a bit disturbing when you realize that your employees’ mistakes account for roughly the same number of breaches as external parties who are actively attacking you.” The DLP market is booming and is on track for significant growth. Why? Because it’s one of the top spending priorities for IT leaders with 21% planning to acquire DLP tools within the next year.  Remote-working makes DLP even more challenging Over the last eight weeks, workforces around the world have transitioned from office-to-home. That means the perimeter has disappeared and past strategies have become obsolete. COVID-19 has been deemed a “field day for Insider Threats”. There are more opportunities than ever for employees to exploit privileged access to data, working from home can reduce the vigilance of employees handling confidential data, and there’s been a marked increase in COVID-19 phishing attacks. While some organizations will encourage their employees to migrate back to offices, many (including Facebook) have already opted to maintain remote-working set-ups.  Interested in learning more about the methods and motives of Insider Threats? Read our blog: What is an Insider Threat? Insider Threat Definitions, Examples, and Solutions. The implications of a data breach are far-reaching  The consequences of a data breach aren’t limited to lost data and revenue loss. Organizations also experience a 2-7% churn rate after a breach. Data privacy regulations add insult to injury. In the first quarter of 2020 alone, GDPR fines totaled nearly €50 million. But, we had to look beyond third-party research and conduct our own.  What will I learn? We analyzed Tessian platform data and commissioned OnePoll to survey 2,000 professionals (1,000 in the US and 1,000 in the UK) and 250 Information Technology (IT) leaders. We also interviewed IT, security, and compliance leaders about their own experiences with DLP. Here’s what we found out: !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
Data loss incidents are happening as much as 38x more often than IT leaders currently estimate. 800 misdirected emails are sent every year in organizations with 1,000 employees. 27,500 emails containing company data are sent to personal accounts every year in organizations with 1,000 employees. 84% of IT leaders say DLP is more challenging when their workforce is working remotely. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
While 91% of IT leaders say they trust their employees to follow security policies while working from home, almost half (48%) of employees say they’re less likely to follow safe data practices when working from home. Email is the threat vector IT leaders are most concerned about. 54% of employees say they’ll find a workaround if security software or policies prevent them from doing their job and 51% say security tools and software impede their productivity.  While IT leaders believe security awareness training is the most effective way to prevent data loss, machine learning is the better option.  Dozens more insights in the full report, including segmented data around industry, company size, age, and region.  How can I access The State of Data Loss Prevention 2020? IT leaders must have visibility over how their employees are handing and mishandling data on email in order to implement effective DLP strategies.  Our report shines a light on the problems and best solutions.  You can access the full report via our microsite. And, if you’re interested in learning more, save your spot at Tessian Human Layer Security Summit on June 18.
Human Layer Security DLP
451 Research: Tessian Uses Machine Learning for Better DLP
11 May 2020
According to a new report from 451 Research, “the DLP market is ripe for change” and Tessian could be the next-generation solution organizations need to detect and prevent both inbound email attacks and outbound email threats.  Key findings from the report include: DLP is ranked at the top of a list of over 20 security categories that are expected to see a “significant” increase in spending in the next 12 months Tessian uses stateful machine learning across four different products to prevent human error on email with use cases for both inbound and outbound email threats including anti-phishing and advanced impersonation attacks, accidental data loss, and malicious data exfiltration Tessian is both complementary and competitive to traditional DLP offerings 
DLP: An Unsolvable Problem While the DLP market is saturated with products – from traditional DLP vendors like Broadcom, McAfee, Forcepoint, and Digital Guardian to newer entrants like ArmorBlox, Altitude Networks, and Code42, the consensus is that DLP is, in many ways, failing. According to the report, “DLP technology has developed a reputation as much for inaccuracy, false positives, and poor performance as it has for protecting data.” That may be why DLP remains one of the top spending priorities for IT leaders, with 13% of those surveyed by 451 Research saying they expect to see a “significant increase” in spending over the next 12 months and a further 11% saying they expect to see a “slight increase.” It’s clear organizations need a better way to prevent data loss.  Tessian believes it’s because DLP efforts aren’t addressing the real problem, which is that 88% of data breaches are caused by human error.   Tessian’s Approach to Data Loss Prevention Instead of focusing on the machine layer, Tessian focuses on the human layer and, in doing so, has developed the world’s first Human Layer Security platform.
Our Human Layer Security platform consists of four main products: Tessian Defender, which prevents advanced inbound attacks like spear phishing, Tessian Guardian, which prevents accidental data loss caused by misdirected emails, Tessian Enforcer, which prevents data exfiltration attempts on email. Organizations that implement any of these solutions also get Tessian Constructor, which allows admins to create blacklists, whitelists, and custom filters to ensure email usage remains compliant.  Each of these products applies stateful machine learning techniques to historical email messages (headers, body, and attachments) to understand relationships and establish normal behavior profiles that can be used to distinguish between safe and unsafe emails.  No rules required. According to 451 Research, Tessian succeeds in preventing data loss where others fall short.  “While [most existing DLP tools] are good at finding personally identifiable information (PII), finding and blocking actions such as employees sending files to a personal email account are surprisingly challenging and are quickly out-of-date, so predefined rules are not that effective.” You can read the full report here. Book a Demo By leveraging new capabilities in AI and machine learning, Tessian, according to 451 Research,“delivers more effective DLP” by preventing human error on email.  To learn more about how we prevent inbound and outbound email threats and why world-leading businesses like Arm, Man Group, Evercore, and Schroders trust Tessian to protect their people on email, book a demo.
DLP
The Drawbacks of Traditional DLP on Email
By Maddie Rosenthal
24 April 2020
For many organizations, Data Loss Prevention (DLP) is at once one of the most important components of their security framework and the biggest headache for administrators. Why? Because most risks to data security actually come from within an organization, which means security teams have to classify and monitor data across hundreds – even thousands – of different entry and exit points of a corporate network. This includes user devices like laptops and mobile devices, email clients, servers, and gateways within the network. While “DLP” applies to more than email, email has become one of the most important vectors to safeguard.
Why is email the number one threat vector for data loss? Employees spend 40% of their digital time on email sending memos, spreadsheets, invoices, and other sensitive information and data (structured and unstructured alike). When you combine this with the fact that the underlying technology behind email hasn’t evolved since its inception and its ease-of-access – email accounts today are accessible on laptops, smartphones, tablets, smartwatches and even cars – it’s easy to see why 90% of data breaches start on email. A major US health insurance provider had to pay out $115 million in a class-action lawsuit after an employee stole the data of over 18,000 members over the course of nine months. How? Via email. The data exfiltrated included the members’ ID numbers, names, social security numbers, and other personal information.  Of course, not all incidents of data loss make headlines. According to Tessian data, over 700 misdirected emails are sent in organizations with 1,000 people every year.  This goes to show that businesses must be vigilant in assessing risk around both data loss and data exfiltration and, in doing so, must implement security measures that decrease their likelihood of suffering a breach. Unfortunately, that’s easier said than done. Data sent through email is hard to regulate As security leaders know, preventing data loss requires not only advanced security tools but also buy-in from the entire organization. Here are three reasons why data sent through email is hard to regulate:  Billions of emails are sent and received every day. According to research, over 124 billion business emails are sent and received every day. That means it’s virtually impossible for IT teams – often resource-constrained themselves – to monitor all of those emails for incidents that could (or do) result in data loss.  Organizations hold a lot of data. Whether it’s employees’ social security numbers, insurance policies for clients, or bank account details for suppliers, organizations across industries deal with more data than most of us can imagine. What’s more, it’s stored in various ways, from spreadsheets to project proposals. Limiting access to this data is one solution, but IT teams run the risk of limiting employee productivity in doing so. People make mistakes and break the rules. Human error is the number one cause of breaches under GDPR. Whether it’s an employee sending an email to the wrong person or a disgruntled employee intentionally exfiltrating data, there are numerous ways in which sensitive data can fall into the wrong hands. Unfortunately, to err is human and even training can’t eliminate this risk entirely.  Data vs. human behavior When you consider the objective of DLP, you realize there are two distinct approaches to take. Data-centric approach: Rule-based solutions use the content of an email to perform analysis. These rules consider keywords, attachments, seniority level, and even the role or department of an employee to identify sensitive information and keep it within the organization. Human-centric approach: Instead of focusing only on the data, human-centric approaches like those offered by Tessian seek to understand complex and ever-evolving human relationships in order to protect sensitive information. While both approaches have their merits, there are some clear shortcomings to a data-centric approach.
Why current DLP solutions are failing There are several different approaches organizations can take in preventing data loss. But, given the fact that security breaches have increased by 67% in the last five years, it’s worth noting the drawbacks of each solution.  Blocking accounts/domains: In this approach, particular domains (particularly free mail domains like @gmail.com or @yahoo.com) are blocked by the company. Why? These emails will undoubtedly be attached to people outside of the organization and, oftentimes, are actually the personal email accounts of employees themselves. Drawbacks: There are legitimate reasons to send and receive emails from people or organizations outside of your company’s network and with “freemail” domains. Employees might need to communicate with a client or manage freelancers. They may also simply be trying to send documents “home” to work after hours or over the weekend. Unfortunately, it’s not difficult for employees to find workarounds, regardless of their intentions.  Blacklisting email addresses: Security teams can create a list of non-authorized email addresses and simply block all emails sent or received.  Drawbacks: Because blacklisting requires constant updating, it’s very time- and resource-intensive. Beyond that, though, this is a very reactive measure. Email addresses will only be added to a blacklist after they’ve been known to be associated with unauthorized communications, which means data exfiltration attempts may be successful before IT and security teams are able to take steps towards remediation.  Focusing on Keywords: This method uses words and phrases to alert administrators of suspicious email activity. For example, IT and security teams can create rules to identify keywords like “social security numbers” or “bank account details”, which will then signal an email should be quarantined or blocked before sent. Drawbacks: The person trying to exfiltrate data – like social security numbers or bank account details – can circumvent keyword tracking tools by sending the email and the attached data in an encrypted form. Tagging Data: After classifying data, an organization may attempt to tag sensitive data, allowing administrators to track it as it moves within and outside of a network.  Drawbacks: Again, this system is time- and resource-intensive and relies on employees accurately identifying and tagging all sensitive data. Data could be misclassified or simply overlooked, allowing it to move freely within and out of a network. Additionally, employees often get fatigued with enforced tagging which could lead to default tagging everything as sensitive.  You can find more information about email tagging in this guide. The challenge with all of the above is that they are based on rules. But human behavior can’t be predicted or controlled by rules. That means that the more effective solution is one that’s adaptable and can discern the variations in human behavior over time. A solution like this relies on machine-intelligent software that learns from historical email data to determine what is and isn’t anomalous in real-time. What’s the best solution? Tessian uses contextual machine learning to prevent data exfiltration. Our machine learning models look at evolving patterns in data and constantly reclassifies email addresses based on changing relationships between employees and third-parties like vendors and suppliers.  This way, Tessian can determine whether a communication is legitimate information sharing or exfiltration. To learn more about data exfiltration and how Tessian is helping organizations like Arm keep data safe, talk to one of our experts today.
DLP Compliance
5 Things Every CISO Should Know About CCPA’s Impact on Their InfoSec Programs
24 April 2020
The California Consumer Privacy Act (or “the CCPA” for short) is California’s new data privacy law that came into effect on January 1, 2020.   This is the first of its kind in the US, and it’s going to impact your InfoSec program.  The purpose of this new law from a privacy perspective is to give consumers greater control over their personal information (PI). How? By giving consumers key privacy rights. You may be familiar with some of these rights, including: The right to know what PI a business is collecting about you  The right to know what these businesses do with that PI (via a privacy notice) The right to request access to that data  The right to have PI deleted  But, some rights are new, including: The right to request a business stops “selling” your PI The right to not be treated differently when making such a request While it’s essential consumers know their rights, security and compliance leaders need to pay attention, too. After all, failure to comply will result in fines up to $7,500 per violation.  So, if you’re a CISO, here’s everything you need to know about CCPA. Important Note: The California Privacy Rights Act (CPRA) – also known as Proposition 24 – passed on November 3, 2020. The CPRA amends the CCPA, pushing the state statute closer to the GDPR. The CPRA creates a general purpose limitation on personal information use, limiting a business’s use and sharing of personal information to the purposes for which it was collected and for purposes of which the consumer has been informed. While – yes- the CCPA already contains similar notice requirements with respect to the purposes for which personal information will be processed, the CPRA offers California regulators additional enforcement options. What does this mean for you? Organizations must ensure compliance with the CPPA – integrating the demands of the CPRA – before it takes effect on January 1, 2023. The CCPA is one of the strictest consumer privacy laws in the US and it’s become the new standard Unlike Europe, the US doesn’t have a federal consumer privacy law. Instead, the US privacy landscape is made up of a smattering of both state and sectoral laws. As the CCPA ties enforcement to “California residents”, it may apply to services provided outside of California to Californians. Because it’s virtually impossible to know with absolute certainty who or where your customers are, it can become tricky to determine who you offer CCPA rights to and who you don’t. The result? Many companies have given CCPA rights to everyone.
The CCPA includes an obligation for your infosec program Indeed, when it comes to security, the CCPA only specifies that a business must “implement and maintain reasonable security procedures and practices appropriate to the nature of the information” it processes.   Importantly, though, what those “reasonable” security procedures are and how they differ based on the information involved remains undefined.   But, what we do know is that if your business experiences a data breach and a Californian consumer’s PI is taken by an unauthorized person, your business could be on the hook for failing to implement reasonable security procedures. In addition to fines, the CCPA grants Californian consumers the right to sue you. This is called a private right of action.  While there is still much to be determined as to what “reasonable” means, the onus rests on you, as CISO, to review your infosec program and make sure you’re comfortable you’re doing your best to reach this “reasonable” standard. Looking at the NIST (800-53 or CSF), ISO 27001, and CIS controls are a great place to start.  The bottom line: businesses need to protect their data. Implementing a DLP solution is a necessary step all businesses need to take.
If a data breach happens on your watch, you may be held responsible for damages Statutory damages are new for Californian data privacy law.  Now, consumers can sue you for a data breach and they don’t have to show harm, meaning we could see a rise in data privacy class actions.   This CCPA private right of action promises to shake up the data breach class action landscape in which such actions have generally been settled for small amounts or dismissed due to lack of injury. Because, demonstrating and quantifying damages caused by a data breach can be difficult to show. With the CCPA, companies are vulnerable to potentially staggering damages in relation to a breach. Of course, this is in addition to revenue loss, damaged reputation, and lost customer trust. The CCPA allows consumers to seek statutory damages of between $100 and $750 (or actual damages if greater) against a company in the event of a data breach of PI that results from the company’s failure to implement reasonable security procedures. Putting this into context, a data breach affecting the PI of 100 California consumers may result in statutory damages ranging from $10,000 to $75,000, and a data breach affecting the PI of one million California consumers may result in statutory damages ranging from $100 million to $750 million.  These potential statutory damages dwarf almost every previous large data breach settlement in the US, and have the potential to see higher awards than we’ve seen with GDPR. It’s worth noting, though, that there is a 30-day cure period in which businesses can in some way remedy a data breach after receiving written notice from the consumer.  But, because the CCPA doesn’t define “cure,” it’s unclear how a business can successfully “cure” data security violations.  Prevention is better than cure. Your best chance of avoiding a breach and/or hefty fines afterward is to ensure your business has ‘reasonable’ security procedures implemented, including policies and other DLP solutions. While cybersecurity ROI is notoriously hard to measure, it’ll no doubt pale in comparison to the cost of a breach.  Learn how to communicate cybersecurity ROI to your CEO here. A successful private right of action by a consumer only applies to certain PI A couple of things need to happen before a Californian consumer can pursue this private right of action, including: The right only applies to data that is not encrypted or redacted. In other words, de-identified data or encrypted data is not subject to the private right of action or class action lawsuit.   The right only applies to limited types of PI – not the expansive definition found in the CCPA. This is a much more limited definition of PI than contemplated by the CCPA and, in practice, the majority of businesses’ data stores will not include this level of sensitive data.  The right does not apply if there has only been unauthorized access to data. There must also be exfiltration. This means that unsecured access to a cloud storage system on its own will not give rise to the right. There must also have been theft and unauthorized disclosures. For example, by an insider threat or nefarious third-party.   The harm to the consumer must flow from a violation of the business’s duty to implement reasonable security procedures. It will, therefore, be key for businesses to show a documented assessment of their security procedures in light of CCPA and to ensure a robust security program is in place to protect against data loss. If you are GDPR compliant, your infosec program is likely compliant The GDPR, somewhat similar to the CCPA, is vague when it comes to cybersecurity.  It makes data security a general obligation for all companies processing personal data from the European Union (EU) by requiring controllers and processors to implement “appropriate technical and organizational measures to ensure a level of security appropriate to the risk”.  This means that companies controlling or processing EU personal data should have implemented comprehensive internal policies and procedures to be in compliance with the GDPR. This likely makes them CCPA-ready, but IT leaders should still review their security programs. The most important thing to know is that businesses affected by the CCPA will now be responsible for not only knowing what data they hold, but also how it’s controlled. In order to ensure compliance, the first step should be revisiting your cybersecurity program. And, while it may be surprising to some, cybercriminals actually aren’t your biggest threat when it comes to data loss. It’s actually your own employees. After all, it’s your people who control all of the data within your organization. But, you can empower them to work securely and prevent data loss with Tessian.
Prevent data loss with Tessian To err is human which means your employees may make mistakes that could lead to a potential breach under CCPA.  Traditionally legacy technology has leveraged hardware and software focused on the machine layer to fight cybersecurity risks. This, of course, doesn’t address the biggest problem, though: The Human Element.  Tessian leverages intelligent machine learning to secure the Human Layer in order to understand human relationships and communication patterns. Once Tessian knows what “normal” looks like, Tessian can automatically predict and prevent dangerous activity, including accidental data loss and data exfiltration.  People shouldn’t have to be security experts to do their job. Taking advantage of Tessian solutions can help your organization mitigate your employee’s mistakes and keep them productive which is a key component of a robust security program.
DLP
How to Communicate Cybersecurity ROI to Your CEO
20 April 2020
CIOs, CISOs, and other IT leaders have a long list of internal and external factors to consider when putting together a cybersecurity strategy. If the ever-evolving threat landscape wasn’t challenging enough to keep up with on its own, there’s also a growing number of privacy regulations and compliance standards to satisfy and a market that’s more saturated with products than ever before. There’s also the issue of budgets. Oftentimes, it’s difficult to measure and communicate cybersecurity ROI which means justifying security investment can be challenging, especially when most organizations are facing significant budget cuts in light of COVID-19. Cybersecurity is, however, a business-critical function. It’s not a nice-to-have, but a must-have.  We’ve put together 3 tips to help you demonstrate the business value of cybersecurity solutions and get buy-in from your CEO.
Reframe cybersecurity solutions as business enablers While cybersecurity has historically been a siloed department, it’s becoming more and more integrated with overall business functions.  To see how far-reaching the implications of a cybersecurity strategy are, let’s consider the consequences of a data breach:  Lost data Lost intellectual property Revenue loss Losing customers and/or their trust Regulatory fines Damaged reputation These consequences directly affect a business’s bottom line.  But, cybersecurity solutions don’t have to be limited to prevention or remediation. In fact, cybersecurity can actually enable businesses and become a unique selling point in and of itself.  With regulations like HIPAA, CCPA, and GDPR dictating how organizations handle sensitive data, your cybersecurity framework can actually support growth by being a strong competitive differentiator. By investing in cybersecurity tools and personnel and being transparent about how your organization protects data, you’ll actually bolster credibility and trust amongst prospects and existing customers and clients.
Lead with facts and figures specific to your organization A critical aspect of communicating ROI is evidence. It’s important you come armed with the right evidence and, whenever possible, quantify the threats and the risk.  For example, you could start with the more general statistics that 90% of data breaches start on email and that misdirected emails were the number one incident reported under GDPR. Then you could use Tessian’s Breach Calculator to determine your organization’s potential exposure. According to our data, on average, 707 misdirected emails are sent every year in businesses with 1,000 people. Referencing this specific number will make the risk more tangible and the need for a solution more urgent.  Likewise, if you’re pitching for new inbound email security solutions, a phishing simulation could help demonstrate the likelihood of a successful attack. Or, if you need to make a case for network vulnerabilities, hiring a penetration tester could help prove that there are, in fact, chinks in your armor.  Curious how many misdirected or unauthorized emails are sent in your organization? Book a demo to find out. 
Engage with the larger organization Communicating the value (and necessity) of cybersecurity measures to your larger organization isn’t easy. Not only are technical risks hard to translate across departments, but policies and procedures can often be seen as a hindrance to employee productivity.  But, if you can engage with the larger organization and create a positive security culture, you’ll have a better chance of getting buy-in from C-level executives. How? More and more, CISOs are relying on gamification, positive reinforcement, and interactive content like videos and podcasts to promote their strategies. Whatever the method or medium, the most important thing is that risks and responsibilities – which the entire organization bears the burden of – are communicated so that everyone, regardless of department or level of seniority, can understand.  The benefits of this are two-fold. Not only will you demonstrate the value of cybersecurity via in-house evangelists, but you’ll also empower security-aware employees to become your biggest cybersecurity asset. (You can read more about the importance of empowering your people and protecting the Human Layer here.) This, in turn, helps your overall objective to prevent data loss and data exfiltration. Get more advice from security leaders for security leaders Ultimately, communicating security ROI relies on translating cyber risk to business risk, and making security a guiding principle for your larger organization. This is more important today than ever with new risks and challenges related to remote-working.  Looking for more advice? We constantly update our blog with new tips and best practices around security. We also found this article: The 5-Step Framework for CISOs Starting in a New Company very helpful, especially when it comes to negotiating budgets and delegating risk owners.
Human Layer Security DLP Data Exfiltration
How Can Organizations Empower People to Prevent Data Exfiltration?
By Maddie Rosenthal
24 March 2020
As data has become valuable currency, data exfiltration is a bigger issue now than ever before. And, while it’s a complex problem to solve, it’s not a losing game. Techniques and technologies have been evolving and today we are better able to control and prevent data exfiltration. To successfully prevent data exfiltration, you have to understand the various moving parts. When it comes to protecting data, there are three key challenges: People Processes Technology
Preventing Data Exfiltration With People: The Role of Training Since old-school software and keyword tracking tools have proven largely ineffective at preventing exfiltration, some security teams have proposed that rather than relying only on software, people should be trained on how to safely manage data and information.  Training allows employees to learn about internal policies, regulations like GDPR and CCPA, and other best practices around data. But, it’s important that organizations reinforce training with practical applications. Some training will reinforce company policies and compliance with data privacy regulations. but the majority of training and awareness programs center on teaching employees about inbound threats like phishing attacks and BEC. Very few training and awareness programs educate employees about outbound security risks like accidental and deliberate data loss.  Preventing Data Exfiltration With Processes: In-Situ Learning To really empower employees to work securely and prevent data exfiltration, organizations have to look beyond compliance training to in-situ learning opportunities provided by contextual warnings, triggered by suspicious activity.  Beyond preventing breaches, these warnings help promote safe behavior by asking employees to pause and think “Am I making the right decision?” But, too many warnings or pop-ups may have the opposite effect. Take, for example, pop-ups that prompt you to accept cookies on websites. Because most of us encounter these on every website we visit, we ignore them or blindly click to consent. This is called alert fatigue; the more pop-ups you see, the less you care about them. The same applies to in-situ learning. If employees encounter notifications warning against risky behavior on 25% of emails they send, they’ll stop paying attention to them. So, what’s the solution? Warnings should only trigger when there’s a genuine security risk. That means security software must be able to distinguish between normal emails and suspicious ones with the utmost accuracy. Warning notifications should also contain relevant and easy-to-comprehend information about why the email has been flagged to help reinforce security training with context.  Tessian Enforcer, Guardian, and Defender do just that. 
Preventing Data Exfiltration With Technology: Machine Learning Even with training and in-situ learning, organizations need a final line of defense against data exfiltration. For many organizations, that last line of defense is rule-based technology.  But, rule-based solutions are blunt instruments.  The best way to illustrate this is through an example.  To prevent data exfiltration on email, an organization might block communications with freemail accounts (for example, @gmail, @yahoo, etc.). But, imagine the marketing department outsources work to a freelancer. In that case, the freelance worker may use a freemail account. When the employee attempts to communicate with this trusted third-party, the email would be blocked and the employee will be unable to carry out their work. Unlike rule-based solutions, ML-based solutions like Tessian are agile.  Tessian’s machine learning algorithms are trained off of historical email data to understand evolving human relationships on email. Instead of relying on rules to flag suspicious emails, it relies on context from millions of data points from the past and present. That way, solutions like Tessian Enforcer and Tessian Guardian are able to uniquely understand every email address in an organization’s network and can, therefore, automatically (and accurately) identify whether a recipient is a trusted third-party or an unauthorized non-business account.   Learn More About How Tessian Empowers People to Work Securely Preventing data exfiltration requires well-trained employees and intelligent solutions. To learn more about how Tessian combines in-situ learning with machine learning to reinforce training and prevent data loss, request a demo.  
Page