Step Into The Future of Cybersecurity — Save your spot at the Human Layer Security Summit for free.

Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
Human Layer Security

90% of data breaches are caused by human error. Stay up to date on the latest tips, guides, and industry news on Human Layer Security.

Human Layer Security
Tessian Recognized as a Representative Vendor in 2021 Gartner Market Guide for Data Loss Prevention
By Ed Bishop
22 July 2021
Gartner has released their Market Guide for Data Loss Prevention, and we are honored to be included as a Representative Vendor. According to the latest Market Guide for Data Loss Prevention “The enterprise DLP market is mature, but integrated DLP and cloud-provider-native DLP solutions offer emerging capabilities that are much needed by security and risk management leaders starting DLP programs.” “This research offers guidance on market trends and their impact on data security strategies.”.  You can get the entire report here. Key takeaways from the Gartner Market Guide for Data Loss Prevention According to Gartner, “The market for DLP technology includes offerings that provide visibility into data usage and movement across an organization, as well as dynamic enforcement of security policies based on content and context at the time of actions on data. DLP technology seeks to address data-related threats, including the risks of inadvertent or accidental data loss and the exposure of sensitive data, using monitoring, alerting, warning, blocking and other remediation features.” Accidental data loss is a problem that was often simply considered the cost of doing business and impossible to solve — until now. With Gartner’s acknowledgment of accidental data loss, we believe that the industry is seeing a fundamental shift in this thinking, and clearly shows that more enterprises understand that it represents a massive DLP risk. In addition to this broad overview of DLP technology capabilities, Gartner recommends security and risk management leaders with a responsibility for data security and compliance should: “Define a DLP strategy, select DLP products and execute proofs of concept with the objective of supporting a process, rather than finding solutions to address narrow needs.” “Identify pre-existing DLP capabilities in the security products that their organization already owns, and use these to fulfill DLP requirements. How has the DLP vendor landscape changed over the last year?  As Gartner states, since the previous 2020 edition of the Market Guide for Data Loss Prevention, there have been several notable changes in the vendor landscape. In fact, Gartner fielded “32% more client inquiries on the topic of DLP than in 2019”. Here at Tessian, we believe that this is due to more enterprises beginning to reevaluate their DLP programs with the move to Microsoft 365 and more cloud-based applications. They also found “many DLP vendors providing managed DLP services, which remain appealing to many organizations, specifically small and midsize enterprises and those with limited resources to allocate to the implementation of a DLP program.”  Likewise, “Many DLP vendors also provide data classification services, which are essential for successful DLP implementation. The labeling and tagging of data simplifies the DLP process, as organizations can easily distinguish sensitive data from nonsensitive data”.
This fits well with our observations of the industry and aligns with what our customers express as well.  Tessian’s approach for the new era of data loss prevention Forward-thinking enterprises increasingly view legacy DLP tools as a strategic risk and are looking for alternatives. In fact, 85% of security leaders say DLP is admin-intensive.  Recent M&A activity has led to uncertainty in the market (Symantec acquired by Broadcom, Forcepoint acquired by PE firm) and enterprise DLP has seen little innovation in the last few years. For example, we see Microsoft’s strategy as providing “baseline” DLP across all interfaces in their ecosystem (Email, Chat, File-sharing, Web, Endpoint) and this is commoditizing the rule-based approach offered by legacy tools.  As a result, enterprises are phasing out irrelevant legacy DLP tools and are considering what to replicate, remove, or re-think. This includes Microsoft 365, as many organizations are now assessing Microsoft DLP overlap with their existing legacy DLP stack. Many enterprises will use some vendors’ built-in DLP to address basic use cases but look to Tessian to solve critical and advanced human-centric risks to solve the bulk of their DLP challenges, including data loss caused by human error which Legacy DLP is unable to prevent. Over time, enterprises will adopt a hybrid approach and leverage integrations to get the most out of their investments in each product. Tessian’s Data Loss Prevention in our Human Layer Security Platform offers outbound protection on email (the threat vector most security leaders are concerned about protecting) and satisfies criteria outlined in the report — anomaly detection, data protection, post delivery protection, and offers these protection for both web and mobile devices. Here’s how. Powered by machine learning, our Human Layer Security platform understands normal email behavior by analyzing content, context, and communication patterns from historical email data to establish trusted relationship graphs. Tessian can then detect anomalies in real-time using those employee relationship graphs alongside deep content analysis, natural language processing, and behavioral analysis.  Tessian Guardian automatically detects and prevents accidental data loss from misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts and ensures compliant email activity
Importantly, in addition to threat prevention, Tessian offers several features that help ease the burden on SOC and compliance teams, and give key stakeholders peace of mind.  Automated protection: Tessian automatically detects and prevents data loss. No rules, re-configuration, maintenance of allow/denylists, or manual investigation required.   Data-rich dashboards: With Tessian, security teams have clear visibility of data loss incidents, who triggered them, and what data was involved. This demonstrates clear ROI and makes auditing and reporting easy.  In-the-moment training: When a potential data loss incident is detected, real-time warnings are triggered that explain exactly why the email was flagged. These warnings are written in plain, easy-to-understand language which reinforce training and policies and help employees improve their security reflexes over time
Gartner, Market Guide for Data Loss Prevention, June 2021 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Human Layer Security
The Ultimate Guide to Human Layer Security
By Tim Sadler
08 July 2021
There’s a big problem in cybersecurity. Despite stricter data compliance standards, incredible technological innovation, and more investment from businesses, data breaches are at an all-time high.  In fact, businesses are at risk of insider and outsider threats, with a reported 67% increase in the volume of security breaches over the past five years. Why is this happening? Because, historically, security solutions have focused on securing the machine layer of an organization: networks, endpoints and devices.  But the majority of these solutions provide blunt protection, rely on retroactive threat detection and remediation, and don’t protect a businesses’ most important asset: its employees.   So, when you can get a firewall to protect your network, and EDR to protect your devices, what do you get to protect your people? Human Layer Security.
What is Human Layer Security?
Tessian’s Human Layer Security technology understands human behavior and relationships, enabling it to detect and prevent dangerous activity. Importantly, Tessian’s technology learns and adapts to how people work without getting in the way or impeding productivity. We created this category over four years ago, and its been the thesis for both our Series B fundraise and, most recently, our Series C fundraise. Today, Tessian solutions are deployed at enterprise companies across industries,  detecting and preventing millions of inbound and outbound threats on email, including malicious data exfiltration attempts, accidental data loss via misdirected emails and misattached files, and spear phishing attacks. 
Why do we need Human Layer Security? Your employees now control both your systems and your data. But people make mistakes, people break the rules, and people can be deceived. 88% of data breaches are caused by human error, with AIG reporting “human errors and behavior continue to be a significant driver of cyber claims.”  It makes sense. Employees can transfer millions of dollars to a bank account in a few clicks and can share thousands of patient records in an Excel file in a single email. You can read more about The Psychology of Human Error here. So, instead of expecting people to do the right thing 100% of the time, we think it’s better to preempt these errors by detecting and preventing them from happening in the first place. Each of our solutions – Tessian Enforcer, Tessian Guardian, and Tessian Defender – is uniquely positioned to do just that. People break the rules Whether done maliciously or accidentally, people in every organization can (and do) break the rules. Those rules can be related to anything, from a password policy to how sensitive information is stored. But, what about rules related to data exfiltration? Oftentimes, employees are blissfully unaware. They’re not familiar with the policies themselves or the consequences of poor data handling. So, they think nothing of emailing company information to their personal email account to print at home, for example.  But not all employees are well-intentioned. Case in point: In late-2019, an employee at a cybersecurity and defense company sold 68,000 customer records to scammers. This isn’t an isolated incident. According to one report, 45% of employees say they’ve taken work-related documents with them after leaving or being dismissed from a job and, according to another, more than half of UK employees admitted to stealing corporate data. A quarter of those would be willing to do so for less than £1,000. Tessian Enforcer prevents data exfiltration attempts (both malicious and negligent. Looking for more real-world examples of malicious and negligent insiders? Read this article.
People make mistakes From a simple typo to a misconfigured firewall, mistakes are inevitable at work. To err is human! In fact, 43% of employees say they’ve made a mistake at work that compromised cybersecurity.  Unfortunately, though, the consequences of these mistakes can be severe. Imagine an employee sends a misdirected email. Penalties and fines could be incurred, customer trust could plummet, and reputational damage could be long-lasting. And those are just the consequences to the larger organization. Individuals will likely suffer, too.  We all know the sinking feeling of making a mistake. But, misdirected emails cause employees more than red-faced embarrassment and anxiety. These accidents put people at risk of losing their jobs.   Tessian Guardian detects and prevents misdirected emails and misattached files so that the right email and the right files are always shared with the right person.
People can be deceived  Businesses of all sizes and across industries work with a web of suppliers, contractors, and customers. And, most use email to communicate. That means it’s easy for hackers to impersonate internal and external contacts.  Business Email Compromise (BEC) attacks increased by over 100% in the last two years.  Worse still, the odds are against businesses and their employees. While a hacker only has to get it right once, we are expected to get it right every time. So, what happens if one employee is successfully tricked one time by a spear phishing email and wires money, shares credentials, or otherwise helps a hacker gain access to your network? The average breach costs organizations $3.92 million. But, these costs can be avoided with technology like Tessian Defender that detects and prevents advanced impersonation attacks.
Why focus on email? At Tessian, our mission is to secure the human layer. And we know that to be truly effective, Human Layer Security must protect people whenever and however they handle data.  But, we’re starting with email. It’s the most popular (we spend 40% of our time on it) and riskiest (most breaches happen here) communication channel. It’s also the threat vector IT leaders are most worried about.
You’re probably wondering how Tessian compares to other solutions and how our technology would fit in your larger security framework. We’ll tell you.  Tessian vs. Rule-Based Technology Traditional email security solutions are blunt instruments that tend to be disruptive for employees and admin-intensive for security teams who have to continuously create and maintain thousands of rules.  Don’t believe us? 85% of IT leaders say rule-based DLP is admin-intensive and over half of employees say they’ll find a workaround if security software or policies make it difficult or prevent them from doing their job.  The fact is, manually classifying emails, tagging emails sent to external contacts, encryption, and pesky pop-ups are roadblocks that slow the pace of business and create friction between security teams and other departments.   Worse still, these older technologies just can’t be configured to adequately defend against all the ways people make mistakes or cut corners on email. Tessian is automated. No rule-writing, manual investigation, or configuration required. Tessian vs. Training Training is a necessary part of every security strategy. But, the majority of employees aren’t trained frequently enough and lessons don’t always stick. Employees also tend to struggle applying what they’ve learned in training to real-world situations.  But we can’t blame employees. The average person isn’t a security expert and hackers are crafting more and more sophisticated attacks. It’s hard for even the most security-conscious among us to keep up. That’s why security leaders need to invest in technology that bolsters training and reinforces policies and procedures. That way, employees can improve their security reflexes over time.   That’s where Human Layer Security comes in. Tessian warnings act as in-the-moment training for employees. And, because Tessian only flags 1 in 1,000 emails on average, when a pop-up does appear, employees pay attention. Learn more about why security awareness training (SAT) alone isn’t effective enough in this article: SAT is Dead. Long Live SAT.
Tessian Human Layer Security technology Tessian deploys within minutes, learns within hours, and starts protecting in a day. Human Layer Security works by understanding and adapting to human behavior. Our machine learning algorithms analyze historical email data and build a unique security identity for every employee based on relationships and communication patterns.  The best part is: these ML models get smarter and better over time as more data is ingested. This helps the technology establish what normal (and abnormal) looks like and allows Tessian to automatically predict and prevent security breaches on email across devices.    For every inbound and outbound email, our ML algorithms analyze millions of data points, including: Relationship History: Analyzing past and real-time email data, Tessian has a historical view on all email communications and relationships. For example, we can determine in real-time if the wrong recipient has been included on an outbound email; if a sensitive attachment is being sent to a personal, non-business email account; if an inbound email with a legitimate-looking domain is a spoof Content & context: Using natural language processing to analyze historical email data, Tessian understands how people normally communicate on email and what topics they normally discuss. That way, our solutions can automatically detect anomalies in subject matter (i.e. project names) or sentiment (i.e. urgency), which might indicate a threat. Best of all, all of this analysis happens silently in the background and employees won’t know it’s there until they need it. Tessian stops threats, not business. And not flow. And, with Human Layer Risk Hub, our customers can now deeply understand their organization’s security posture with granular visibility into employee risk and insights into individual user risk levels and drivers. This is the only solution that offers protection, training, and risk analytics all in one platform, giving security and compliance leaders a clear picture of your organization’s risk and the tools needed to reduce that risk. First, you protected our networks. Then, you protected our devices. Now, you can protect your people with Tessian’s Human Layer Security.
Human Layer Security
10 Cybersecurity Events & Webinars in July to Sign Up For
07 July 2021
With cybersecurity threats on the rise, it’s time to strengthen your organization’s defenses. In-person events and online webinars can help. They give security, compliance, and business professionals a chance to discuss what’s top of find, share advice, and network. To help you learn and level-up your cyber strategy, we’ve selected ten cybersecurity events to attend throughout July.  There’s something on our list for every niche—whether you’re a CISO, an infosec analyst, or just someone who wants to learn more about this crucially important discipline. With some pandemic restrictions still in place, many of our events are taking place online, but be sure to confirm this before you attend. Hardwear.io Security Trainings and Conference: July 5-10, 2021 Register here: https://hardwear.io/usa-2021/register.php This six-day event features in-depth training sessions on all things hardware security, including assessing and exploiting PLCs, reverse engineering integrated circuits, and attacking Secure Boot. Who should attend? Hardware security is a pretty niche field, so you won’t want to miss this event if you’re involved in this sector—it’ll be a great opportunity to learn from your peers and get in a (virtual) room with like-minded professionals. Confirmed speakers Yongdae Kim, Professor in the Department of Electrical Engineering at KAIST Colin O’Flynn, CTO, NewAE Technology Inc. Mathieu Stephan, Electronics Engineer, ViaSat Inc. The Official Cyber Security Summit, St. Louis/Oklahoma City (Online): July 7, 2021 Register here: https://cybersecuritysummit.com/summits/ Having run for nearly 30 years, this conference has earned the right to call itself The Official Cyber Security Summit. With sessions on insider threats, the future of cloud security, and the rise of ransomware, this event is a great way to learn from and engage with infosec leaders. Who should attend? The Official Cyber Security Summit is a great place for CISOs and other security professionals looking for an eclectic program to help them develop their knowledge and careers—and earn eight CPE credits in the process. Confirmed speakers Deron McElroy, Chief of Cybersecurity Services, Cybersecurity and Infrastructure Security Agency, US DHS Quinn Carman, Director of Operations, The NSA, Red Team Richmond Cyber Security Forum: July 7, 2021 Register here: https://www.richmondevents.com/ The Richmond Cyber Security Forum offers a mix of keynotes, workshops, and personal development sessions. You’ll get to meet and mingle with peers, and secure some face-to-face time with the U.K.’s cybersecurity industry leaders. Who should attend? There are two main reasons to attend this event: as a delegate—to exchange ideas with like-minded security professionals in an informal setting, or as a supplier—to gain access to 100 senior decision-makers in the cyber sector. Confirmed speakers The conference agenda is available on request. Previous speakers include: Sophie Hackford, Co-Founder, 1715 Labs Jamie Woodruff, Ethical Hacker David Rowan, former Editor, Wired UK. IAPP Asia Privacy Forum: July 12, 2021 Register here: https://iapp.org/conference/iapp-asia-privacy-forum/ The International Association of Privacy Professionals (IAPP) is the best-respected industry accreditation body for privacy—and they sure know how to put on a great conference. This IAPP event will consider how privacy regulation is developing in Asia in terms of consumer rights, privacy-enhancing tech, data management, and more. Who should attend? If your company operates in Asia, then your Data Protection Officers, privacy counsels, and any other privacy or security-focused professionals will benefit from attending this event—to keep abreast of the latest regulatory developments in the region. Confirmed speakers Tan Kiat How, Commissioner, Personal Data Protection Commission of Singapore Raymund Liboro, Chairman and Commissioner, Philippines National Privacy Commission Stephen Kai-yi Wong, Privacy Commissioner, Privacy Commissioner for Personal Data, Hong Kong, China ISMG Virtual Cybersecurity Summit: Government: July 13-14, 2021 Register here: https://www.ismgcorp.com/ismg-summit/registration Recent high-profile cyberattacks on public agencies and critical infrastructure have sharpened governments’ focus on cybersecurity. Information Security Media Group (ISMG)’s conference provides insights from the people responsible for driving public policy on decision-making. Who should attend? Most sessions at the ISMG Virtual Cybersecurity Summit: Government focus on the role of the CISO. This event is an opportunity for security leaders in your organization to gain insight into the upcoming changes and challenges that might arise from government intervention in cybersecurity. Confirmed speakers Brandon Wales, Acting Director, Cybersecurity and Infrastructure Security Agency (CISA) Jim Weaver, Secretary for Information Technology/State CIO, State of North Carolina Dave Lewis, Global Advisory CISO, Duo Security at Cisco Infosecurity Europe: July 13-15, 2021 Register here: https://rfg.circdata.com/publish/InfoSec2021/simplereg.aspx Infosecurity Europe is the meeting place for infosec’s “finest minds”, with a great range of sessions from a truly impressive line-up. The conference will feature panels on building security-awareness culture, mitigating the risk of insider threats, developing a “human-centric” approach to cybersecurity, and more. Who should attend? Infosecurity Europe will cover everything from basic security principles to advanced practice, so CISOs and IT leaders should not miss this event—and should make sure anyone in their organization with a stake in cybersecurity attends with them. Confirmed speakers Mikko Hypponen, Researcher, F-Secure Dr. Kevin Jones, Global CISO, Airbus Dr. Victoria Baines, Visiting Research Fellow, University of Oxford p.s., we’ll be there! More information about our speaking slot and (virtual) booth coming soon.  Policing Cybercrime Digital Conference: July 16, 2021 Register here: https://westminsterinsight.com/booking/3632 Nearly half of all crime in England and Wales is committed online. The Policing Cybercrime conference brings together cybercrime experts to explore how law enforcement and other stakeholders can respond to online threats. Who should attend? Attend the Policing Cybercrime Digital Conference if you want to understand how society is responding to the cybercrime epidemic—whether you’re involved in law enforcement, government, the justice system, private industry, international organizations, or academia.  Confirmed speakers Stuart Hyde QPM, Vice President Development, Society for the Policing of Cyberspace Virginia Eyre, Deputy Director Cyber Policy, Home Office Nigel Leary, T/Deputy Director, National Cyber Crime Unit, National Crime Agency International Conference on Networks and Communications (NCO 2021): July 24-25, 2021 Register here: https://icaita2021.org/nco/ The seventh International Conference on Networks and Communications (NCO 2021) is a forum for experts to share their knowledge of computer networks and data communications, including network security, cloud computing, and machine learning. Who should attend? The conference is well-suited to CISOs looking to understand the latest technical developments in their field, together with engineers, computer scientists, and academics. Confirmed speakers Haluk Altay, Turkish Aerospace, Turkey Vikas Thammanna Gowda, Wichita State University, USA Hoda Nematy, Malek-Ashtar University of Technology, Tehran RANT Radio: Mutated Cyber: July 28, 2021 Register here: https://events.rantcommunity.com/RANTRadiowithTrendMicro While many industries have suffered due to COVID-19, cybercrime has prospered. RANT Radio’s Mutated Cyber conference will explore “the ‘was’, ‘is’ and ‘will be’ of cybercrime in a post-pandemic age.” Who should attend? CISOs and CEOs with teams working from home should learn a lot from this conference, which will focus on how the pandemic has caused a rise in social engineering attacks. Confirmed speakers Donna Goddard, Director, Cyber Information Security, London Stock Exchange Group (LSEG) Kathryn Cardose, Senior Manager, Security Operations, Virgin Money Myla Pilao, Director Technical Marketing, Trend Micro Black Hat USA: July 31-August 3 2021 Register here: https://blackhat.informatech.com/2021/ Black Hat USA is 24 years old, and there’s a good reason this event has stuck around for so long. Black Hat USA provides a package of advanced training courses, on infosec topics as diverse as vulnerability research, securing Windows infrastructure, using adversarial AI for hacking—plus briefings from infosec thought leaders. Who should attend? Black Hat USA is a must-attend for any infosec professional looking to level up their skills, learn from industry leaders, or understand the latest techniques in their adversaries’ toolkits. Confirmed speakers Craig Young, Principal Security Researcher, Tripwire Qian Wenxiang, Senior Security Researcher at Tencent Blade Team Paula Januszkiewicz, CEO and Founder, CQURE Inc. p.s., we’ll be there! More information about our speaking slot and booth location coming soon.
Human Layer Security DLP Data Exfiltration
What is an Insider Threat? Insider Threat Definition, Examples, and Solutions
By Tessian
29 June 2021
Organizations often focus their security efforts on threats from outside. But increasingly, it’s people inside the organization who cause data breaches. There was a 47% increase in Insider Threat incidents between 2018 and 2020, including via malicious data exfiltration and accidental data loss. And the comprehensive Verizon 2021 Data Breach Investigations Report suggests that Insiders are directly responsible for around 22% of security incidents. So, what is an insider threat and how can organizations protect themselves from their own people?
Importantly, there are two distinct types of insider threats, and understanding different motives and methods of exfiltration is key for detection and prevention. Types of Insider Threats The Malicious Insider
Malicious Insiders knowingly and intentionally steal data, money, or other assets. For example, an employee or contractor exfiltrating intellectual property, personal information, or financial information for personal gain.  What’s in it for the insider? It depends. Financial Incentives Data is extremely valuable. Malicious insiders can sell customer’s information on the dark web. There’s a huge market for personal information—research suggests you can steal a person’s identity for around $1,010. Malicious Insiders can steal leads, intellectual property, or other confidential information for their own financial gain—causing serious damage to an organization in the process. Competitive Edge Malicious Insiders can steal company data to get a competitive edge in a new venture. This is more common than you might think.  For example, a General Electric employee was imprisoned in 2020 for stealing thousands of proprietary files for use in a rival business. Unsurprisingly, stealing data to gain a competitive edge is most common in competitive industries, like finance and entertainment. The Negligent (or Unaware) Insider 
Negligent Insiders are just “average” employees doing their jobs. Unfortunately, “to err is human”… which means people can—and do—make mistakes. Sending a misdirected email Sending an email to the wrong person is one of the most common ways a negligent insider can lose control of company data. Indeed, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches.  And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. We’ve put together 11 Examples of Data Breaches Caused By Misdirected Emails if you want to see how bad this type of Insider Threat can get. Phishing attacks Last year, 66% of organizations worldwide experienced spear phishing attacks. Like all social engineering attacks, phishing involves tricking a person into clicking a link, downloading malware, or taking some other action to compromise a company’s security. A successful phishing attack requires an employee to fall for it. And practically any of your employees could fall for a sophisticated spear phishing attack. Want to know more about this type of Negligent Insider threat? Read Who Are the Most Likely Targets of Spear Phishing Attacks? Physical data loss   Whether it’s a phone, laptop, or a paper file, losing devices or hard-copy data can constitute a data breach. Indeed, in June 2021, a member of the public top-secret British military documents in a “soggy heap” behind a bus stop. Looking for more examples of Insider Threats (both malicious and negligent?) Check out this article: 17 Real-World Examples of Insider Threats How can I protect against Insider Threats? As we’ve seen, common Insider Threats are common. So why is so hard to prevent them? Detecting and preventing Insider Threats is such a challenge because it requires full visibility over your data—including who has access to it. This means fully mapping your company’s data, finding all entry and exit points, and identifying all the employees, contractors, and third parties who have access to it. From there, it comes down to training, monitoring, and security. Training While security awareness training isn’t the only measure you need to take to improve security, it is important. Security awareness training can help you work towards legal compliance, build threat awareness, and foster a security culture among your employees. Looking for resources to help train your employees? Check out this blog with a shareable PDF. Monitoring Insider Threats can be difficult to detect because insiders normally leverage their legitimate access to data. That’s why it’s important to monitor data for signs of potentially suspicious activity. Telltale signs of an insider threat include: Large data or file transfers Multiple failed logins (or other unusual login activity) Incorrect software access requests Machine’s take over Abuse by Service Accounts Email Security The vast majority of data exfiltration attempts, accidental data loss incidents, and phishing attacks take place via email. Therefore, the best action you can take to prevent insider threats is to implement an email security solution. Tessian is a machine learning-powered email security solution that uses anomaly detection, behavioral analysis, and natural language processing to detect data loss. Tessian Enforcer detects data exfiltration attempts and non-compliant emails Tessian Guardian detects misdirected emails and misattached files Tessian Defender detects and prevents spear phishing attacks How does Tessian detect and prevent Insider Threats? Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects the content and metadata of inbound emails for any signals suggestive of phishing—like suspicious payloads, geophysical locations, IP addresses, email clients—or data exfiltration—like anomalous attachments, content, or sending patterns. Once it detects a threat, Tessian alerts employees and administrators with clear, concise, contextual warnings that reinforce security awareness training
Human Layer Security
6 Insights From Tessian Human Layer Security Summit
By Maddie Rosenthal
03 June 2021
That’s a wrap! A big “thank you” to our incredible line-up of speakers, panelists, sponsors, and – of course – attendees of Tessian’s fifth Human Layer Security Summit.  Security leaders shared advice on scaling enterprise security programs, explained how they’ve successfully re-framed cybersecurity as a business enabler, and offered tips on how to prevent breaches.  If you’re looking for a recap, we’ve identified one key takeaway from each session. You can also watch the Summit (and previous Summits…) on-demand for free here. Want to be involved next time? Email us: marketing@tessian.com 1. The average person makes 35,000 decisions a day – one mistake could have big consequences While most decisions you make won’t impact your company’s cybersecurity, some can. For example, sending an email to the wrong person, misconfiguring a firewall, or clicking on a malicious link. And these mistakes happen more often than you might think… 95% of breaches are caused by human error. That’s why security leaders implement policies, offer training, and deploy technology. But did you know there’s one solution that prevents human error by offering automatic threat prevention, training, and risk analytics all in one platform?   Watch the full session below to hear more about Tessian Human Layer Risk Hub, or download the datasheet for a more detailed look at the product.  Further reading: Research: Why Do People Make Mistakes? What is Human Layer Security? Product Datasheet: Tessian Platform Overview 2. The best cybersecurity strategies combine experience, threat intelligence, and business intelligence If you’re looking for practical advice, check out this session. Bobby Ford, Senior Vice President and CSO at Hewlett-Packard, and James McQuiggan, Security Awareness Advocate at KnowBe4, discuss cybersecurity strategies they recommend for the enterprise.  You might be surprised to find out that technology wasn’t the focus of the conversation. Relationships were. By listening to and understanding your people, you can build better relationships, ensure alignment with the company’s mission, vision, and values, and influence real change.  “You have to assess the overall culture and then develop a strategy that’s commensurate with that culture,” Bobby explained. For more insights – including a personal anecdote about how implementing a security strategy is like teaching your children to walk – watch the full session.  Further reading: 7 Fundamental Problems With Security Awareness Training Hey CISOs! This Framework Will Help You Build Better Relationships  3. Some of the year’s biggest hacks have one thing in common: human error Who better to discuss this year’s biggest hacks than a hacker?  Samy Kamkar, Renowned Ethical Hacker, joined us to break down the SolarWinds and Twitter breaches and offer advice on how to prevent similar incidents.  To start, he explained that in both hacks, social engineering played a role. That’s why people are the key to a strong and effective cybersecurity strategy.  Sure, automated detection and prevention systems can help. So can password managers. But, at the end of the day, employees are the last line of defense and hackers don’t attack machines. They attack people.  According to Samy, “We don’t have time to implement every possible safeguard. That’s why we have to lean on training.” Watch the full session for more insights, including Samy’s book recommendation and why he doesn’t trust MFA.  Further reading: Tessian Threat Intelligence and Research Real World Examples of Social Engineering Research: How to Hack a Human 4. DLP is boring, daunting, and complex….but it doesn’t have to be Punit Rajpara, Global Head of IT and Business Systems at GoCardless, has a strong track record of leading IT and security teams at start-ups, with a resume that includes both Uber and WeWork.  For him, empowerment, enablement, and trust are key and should be reflected in an organization’s security strategy. That means rule-based DLP solutions – which he deemed “boring, daunting – and complex” just don’t cut it. Tessian does, though.  “Security is often looked at as a big brother, we’re-watching-everything-you-do sort of thing. At GoCardless, Tessian has changed that perception and is instead putting the power in the hands of the users,” Punit explained. To learn more about why Punit chose Tessian and how he uses the platform today, watch the full session below.  Further reading: Customer Story: How Tessian Gave GoCardless Better Control and Visibility of Their Email Threats Research: Data Loss Prevention in Financial Services Product Datasheet: Tessian Platform Overview 5. Learning is only effective when it’s an ongoing activity  When asked what was top of mind for her when it comes to cybersecurity, Katerina Sibinovska, CISO at Intertrust Group simply said “data loss”. I think most would agree. But, as we all know, data loss can be the result of just about anything. Lack of awareness, negligence, malicious intent… So, how does she prevent data loss? By balancing technical and non-technical controls and building a strong security culture.  And, as she pointed out, annual (and even quarterly!) training isn’t enough to build that strong security culture. “It can’t just be a tickbox exercise,” she said. Instead, meet employees where they are. Add context. Engage and reward them. Support them rather than blame them.  To learn more about how she’s reduced data loss – and what role Tessian plays – watch the full session. Further reading: Why Do the World’s Top Financial Institutions Trust Tessian? Pros and Cons of Phishing Awareness Training Product Data Sheet: Tessian Human Layer Risk Hub 6. People don’t just want to know WHAT to do, but they want to know WHY. You don’t want to miss this Q&A. Jerry Perullo, CISO at ICE | New York Stock Exchange has over 25 years of experience in cybersecurity and shares his thoughts on the role of the CISO, how to get buy-in, and why training is (generally) a “time-suck” for employees.  His advice? Don’t just tell people what they need to do in order to handle data safely, tell them why they need to do it. What are the legal obligations? What would the consequences be? This will help you re-frame cybersecurity as an enabler instead of an obstacle.  Watch the full session for more tips from this cybersecurity trailblazer.  Further reading: 1.CEO’s Guide to Data Protection and Compliance  2. 7 Fundamental Problems With Security Awareness Training You’re invited to the next Summit! Subscribe to our weekly newsletter to be the first to hear about events, product updates, and new research. 
Human Layer Security Spear Phishing
Is Your Office 365 Email Secure?
By Maddie Rosenthal
02 June 2021
In July last year, Microsoft took down a massive fraud campaign that used knock-off domains and malicious applications to scam its customers in 62 countries around the world.  But this wasn’t the first time a successful phishing attack was carried out against Office 365 (O365) customers. In December 2019, the same hackers gained unauthorized access to hundreds of Microsoft customers’ business email accounts.  According to Microsoft, this scheme “enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website…as they would in a more traditional phishing campaign.” Why are O365 accounts so vulnerable to attacks? Exchange Online/Outlook – the cloud email application for O365 users – has always been a breeding ground for phishing, malware, and very targeted data breaches.  Though Microsoft has been ramping up its O365 email security features with Advanced Threat Protection (ATP) as an additional layer to Exchange Online Protection (EOP), both tools have failed to meet expectations because of their inability to stop newer and more innovative social engineering attacks, business email compromise (BEC), and impersonations.  One of the biggest challenges with ATP in particular is its time-of-click approach, which requires the user to click on URLs within emails to activate analysis and remediation.   Is O365 ATP enough to protect my email? We believe that O365’s native security controls do protect users against bulk phishing scams, spam, malware, and domain spoofing. And these tools are great when it comes to stopping broad-based, high-volume, low-effort attacks – they offer a baseline protection.  For example, you don’t need to add signature-based malware protection if you have EOP/ATP for your email, as these are proven to be quite efficient against such attacks. These tools employ the same approach used by network firewalls and email gateways – they rely on a repository of millions of signatures to identify ‘known’ malware.  But, this is a big problem because the threat landscape has changed in the last several years.  Email attacks have mutated to become more sophisticated and targeted and  hackers exploit user behavior to launch surgical and highly damaging campaigns on people and organizations. Attackers use automation to make small, random modifications to existing malware signatures and use transformation techniques to bypass these native O365 security tools. Unsuspecting – and often untrained – users fall prey to socially engineered attacks that mimic O365 protocols, domains, notifications, and more.  See below for a convincing example.
It is because such loopholes exist in O365 email security that Microsoft continues to be one of the most breached brands in the world.  What are the consequences of a compromised account? There is a lot at stake if an account is compromised.  With ~180 million O365 active email accounts, organizations could find themselves at risk of data loss or a breach, which means revenue loss, damaged reputation, customer churn, disrupted productivity, regulatory fines, and penalties for non-compliance. This means they need to quickly move beyond relying on largely rule- and reputation-based O365 email filters to more dynamic ways of detecting and mitigating email-originated risks. Enter machine learning and behavioral analysis. There has been a surge in the availability of platforms that use machine learning algorithms. Why? Because these platforms detect and mitigate threats in ways other solutions can’t and help enterprises improve their overall security posture. Instead of relying on static rules to predict human behavior, solutions powered by machine learning actually adapt and evolve in tandem with relationships and circumstances. Machine learning algorithms “study” the email behavior of users, learn from it, and – finally – draw conclusions from it.  But, not all of ML platforms are created equal. There are varying levels of complexity (going beyond IP addresses and metadata to natural language processing); algorithms learn to detect behavior anomalies at different speeds (static vs. in real-time); and they can achieve different scales (the number of data points they can simultaneously study and analyze). How does Tessian prevent threats that O365 security controls miss? Tessian’s Human Layer Security platform is designed to offset the rule-based and sandbox approaches of O365 ATP to detect and stop newer and previously unknown attacks from external sources, domain / brand / service impersonations, and data exfiltration by internal actors.  Learn more about why rule-based approaches to spear phishing attacks fail. By dynamically analyzing current and historical data, communication styles, language patterns, and employee project relationships both within and outside the organization, Tessian generates contextual employee relationship graphs to establish a baseline normal behavior. By doing this, Tessian turns both your employees and the email data into an organization’s biggest defenses against inbound and outbound email threats.  Conventional tools focus on just securing the machine layer – the network, applications, and devices. By uniquely focusing on the human layer, Tessian can make clear distinctions between legitimate and malicious email interactions and warn users in real-time to reinforce training and policies to promote safer behavior.  How can O365 ATP and Tessian work together?  Often, customers ask us which approach is better: the conventional, rule-based approach of the O365 native tools, or Tessian’s powered by machine learning? The answer is, each has their unique place in building a comprehensive email security strategy for O365. But, no organization that deals with sensitive, critical, and personal data can afford to overlook the benefits of an approach based on machine learning and behavioral analysis.  A layered approach that leverages the tools offered by O365 for high-volume attacks, reinforced with next-gen tools for detecting the unknown and evasive ones, would be your best bet.  A very short implementation time coupled with the algorithm’s ability to ‘learn’ from historical email data over the last year – all within 24 hours of deployment – means Tessian could give O365 users just the edge they need to combat modern day email threats. 
Human Layer Security DLP Data Exfiltration
Insider Threat Statistics You Should Know: Updated 2021
By Maddie Rosenthal
01 June 2021
Between 2018 and 2020, there was a 47% increase in the frequency of incidents involving Insider Threats. This includes malicious data exfiltration and accidental data loss. The latest research, from the Verizon 2021 Data Breach Investigations Report, suggests that Insiders are responsible for around 22% of security incidents. Why does this matter? Because these incidents cost organizations millions, are leading to breaches that expose sensitive customer, client, and company data, and are notoriously hard to prevent. In this article, we’ll explore: How often these incident are happening What motivates Insider Threats to act The financial  impact Insider Threats have on larger organizations The effectiveness of different preventive measures You can also download this infographic with the key statistics from this article. If you know what an Insider Threat is, click here to jump down the page. If not, you can check out some of these articles for a bit more background. What is an Insider Threat? Insider Threat Definition, Examples, and Solutions Insider Threat Indicators: 11 Ways to Recognize an Insider Threat Insider Threats: Types and Real-World Examples
How frequently are Insider Threat incidents happening? As we’ve said, incidents involving Insider Threats have increased by 47% between 2018 and 2020. A 2021 report from Cybersecurity Insiders also suggests that 57% of organizations feel insider incidents have become more frequent over the past 12 months. But the frequency of incidents varies industry by industry. The Verizon 2021 Breach Investigations Report offers a comprehensive overview of different incidents in different industries, with a focus on patterns, actions, and assets. Verizon found that: The Healthcare and Finance industries experience the most incidents involving employees misusing their access privileges The Healthcare and Finance industries also suffer the most from lost or stolen assets The Finance and Public Administration sectors experience the most “miscellaneous errors” (including misdirected emails)—with Healthcare in a close third place !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
There are also several different types of Insider Threats and the “who and why” behind these incidents can vary. According to one study: Negligent Insiders are the most common and account for 62% of all incidents.  Negligent Insiders who have their credentials stolen account for 25% of all incidents Malicious Insiders are responsible for 14% of all incidents.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Looking at Tessian’s own platform data, Negligent Insiders may be responsible for even more incidents than most expected. On average, 800 emails are sent to the wrong person every year in companies with 1,000 employees. This is 1.6x more than IT leaders estimate.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Malicious Insiders are likely responsible for more incidents than expected, too. Between March and July 2020, 43% of security incidents reported were caused by malicious insiders. We should expect this number to increase. Around 98% of organizations say they feel some degree of vulnerability to Insider Threats. Over three-quarters of IT leaders (78%) think their organization is at greater risk of Insider Threats if their company adopts a permanent hybrid working structure. Which, by the way, the majority of employees would prefer. What motivates Insider Threats to act? When it comes to the “why”, Insiders – specifically Malicious Insiders – are often motivated by money, a competitive edge, or revenge. But, according to one report, there is a range of reasons malicious Insiders act. Some just do it for fun.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); But, we don’t always know exactly “why”. For example, Tessian’s own survey data shows that 45% of employees download, save, send, or otherwise exfiltrate work-related documents before leaving a job or after being dismissed.  While we may be able to infer that they’re taking spreadsheets, contracts, or other documents to impress a future or potential employer, we can’t know for certain.  Note: Incidents like this happen the most frequently in competitive industries like Financial Services and Business, Consulting, & Management. This supports our theory.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); How much do incidents involving Insider Threats cost? The cost of Insider Threat incidents varies based on the type of incident, with incidents involving stolen credentials causing the most financial damage. But, across the board, the cost has been steadily rising. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Likewise, there are regional differences in the cost of Insider Threats, with incidents in North America costing the most and almost twice as much as those in Asia-Pacific. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); But, overall, the average global cost has increased 31% over the last 2 years, from $8.76 million in 2018 to $11.45 in 2020 and the largest chunk goes towards containment, remediation, incident response, and investigation. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); But, what about prevention? How effective are preventative measures? As the frequency of Insider Threat incidents continues to increase, so does investment in cybersecurity. But, what solutions are available and which solutions do security, IT, and compliance leaders trust to detect and prevent data loss within their organizations? A 2021 report from Cybersecurity Insiders suggests that a shortfall in security monitoring might be contributing to the prevalence of Insider Threat incidents. Asked whether they monitor user behavior to detect anomalous activity: Just 28% of firms responded that they used automation to monitor user behavior 14% of firms don’t monitor user behavior at all 28% of firms said they only monitor access logs 17% of firms only monitor specific user activity under specific circumstances 10% of firms only monitor user behavior after an incident has occurred And, according to Tessian’s research report, The State of Data Loss Prevention, most rely on security awareness training, followed by following company policies/procedures, and machine learning/intelligent automation. But, incidents actually happen more frequently in organizations that offer training the most often and, while the majority of employees say they understand company policies and procedures, comprehension doesn’t help prevent malicious behavior. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); That’s why many organizations rely on rule-based solutions. But, those often fall short.  Not only are they admin-intensive for security teams, but they’re blunt instruments and often prevent employees from doing their jobs while also failing to prevent data loss from Insiders.  So, how can you detect incidents involving Insiders in order to prevent data loss and eliminate the cost of remediation? Machine learning. How does Tessian detect and prevent Insider Threats? Tessian turns an organization’s email data into its best defense against inbound and outbound email security threats. Powered by machine learning, our Human Layer Security technology understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity. Tessian Enforcer detects and prevents data exfiltration attempts Tessian Guardian detects and prevents misdirected emails Tessian Defender detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network. Oh, and it works silently in the background, meaning employees can do their jobs without security getting in the way.  Interested in learning more about how Tessian can help prevent Insider Threats in your organization? You can read some of our customer stories here or book a demo.
Human Layer Security DLP Compliance
At a Glance: Data Loss Prevention in Healthcare
By Maddie Rosenthal
30 May 2021
Data Loss Prevention (DLP) is a priority for organizations across all sectors, but especially for those in Healthcare. Why? To start, they process and hold incredible amounts of personal and medical data and they must comply with strict data privacy laws like HIPAA and HITECH.  Healthcare also has the highest costs associated with data breaches – 65% higher than the average across all industries – and has for nine years running.  But, in order to remain compliant and, more importantly, to prevent data loss incidents and breaches, security leaders must have visibility over data movement. The question is: Do they? According to our latest research report, Data Loss Prevention in Healthcare, not yet. How frequently are data loss incidents happening in Healthcare? Data loss incidents are happening up to 38x more frequently than IT leaders currently estimate.  Tessian platform data shows that in organizations with 1,000 employees, 800 emails are sent to the wrong person every year. Likewise, in organizations of the same size, 27,500 emails containing company data are sent to personal accounts. These numbers are significantly higher than IT leaders expected.
But, what about in Healthcare specifically? We found that: Over half (51%) of employees working in Healthcare admit to sending company data to personal email accounts 46% of employees working in Healthcare say they’ve sent an email to the wrong person 35% employees working in Healthcare have downloaded, saved, or sent work-related documents to personal accounts before leaving or after being dismissed from a job This only covers outbound email security. Hospitals are also frequently targeted by ransomware and phishing attacks and Healthcare is the industry most likely to experience an incident involving employee misuse of access privileges.  Worse still, new remote-working structures are only making DLP more challenging.
Healthcare professionals feel less secure outside of the office  While over the last several months workforces around the world have suddenly transitioned from office-to-home, this isn’t a fleeting change. In fact, bolstered by digital solutions and streamlined virtual services, we can expect to see the global healthcare market grow exponentially over the next several years.  While this is great news in terms of general welfare, we can’t ignore the impact this might have on information security.   Half of employees working in Healthcare feel less secure outside of their normal office environment and 42% say they’re less likely to follow safe data practices when working remotely.   Why? Most employees surveyed said it was because IT isn’t watching, they’re distracted, and they’re not working on their normal devices. But, we can’t blame employees. After all, they’re just trying to do their jobs and cybersecurity isn’t top-of-mind, especially during a global pandemic. Perhaps that’s why over half (57%) say they’ll find a workaround if security software or policies make it difficult or prevent them from doing their job.  That’s why it’s so important that security leaders make the most secure path the path of least resistance. How can security leaders in Healthcare help protect employees and data? There are thousands of products on the market designed to detect and prevent data incidents and breaches and organizations are spending more than ever (up from $1.4 million to $13 million) to protect their systems and data.  But something’s wrong.  We’ve seen a 67% increase in the volume of breaches over the last five years and, as we’ve explored already, security leaders still don’t have visibility over risky and at-risk employees. So, what solutions are security, IT, and compliance leaders relying on? According to our research, most are relying on security training. And, it makes sense. Security awareness training confronts the crux of data loss by educating employees on best practice, company policies, and industry regulation. But, how effective is training, and can it influence and actually change human behavior for the long-term? Not on its own. Despite having training more frequently than most industries, Healthcare remains among the most likely to suffer a breach. The fact is, people break the rules and make mistakes. To err is human! That’s why security leaders have to bolster training and reinforce policies with tech that understands human behavior. How does Tessian prevent data loss on email? Tessian uses machine learning to address the problem of accidental or deliberate data loss. How? By analyzing email data to understand how people work and communicate.  This enables Tessian Guardian to look at email communications and determine in real-time if a particular email looks like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network. Finally, Tessian Defender detects and prevents inbound attacks like spear phishing, account takeover (ATO), and CEO Fraud.
Human Layer Security Tessian Culture
Announcing our $65M Series C led by March Capital
By Tim Sadler
25 May 2021
Today, I’m thrilled to share the news that Tessian has raised a $65m Series C led by March Capital with participation from existing investors Sequoia Capital, Accel, Balderton Capital and Latitude and new investor Schroder Adveq! Tessian has achieved a huge amount since our Series B funding in early 2019.  We’ve created a new category of security software, addressing the 90% of data breaches caused by human error in the enterprise — we call it Human Layer Security.  We’ve added a slew of product enhancements to our platform including the Human Layer Risk Hub, machine based detection for incorrectly attached files on emails and email security against phishing emails from externally compromised vendors.  We’ve expanded globally hiring an incredible team in the US, grown our company from 77 to over 150 and hired security experts to lead us in this next chapter. (Welcome again Ramin Sayar, Aaron Cote and Matt Smith 👋) But the work I’m most proud of is how we’ve served our customers. We tripled our Fortune 500 customer base in 2020, and to date have prevented an incredible 300k+ data breaches and security threats for our customers, as well as prevented over half a million phishing attacks that would otherwise have bypassed other security controls like Secure Email Gateways. From the first meeting we had with March Capital, it was clear that we shared the same vision. March Capital’s experience with Crowdstrike and KnowBe4 not only showed them what it takes to build a category leader in security, but also, made it clear that so many challenges still remain to be solved.  As with our Seed, Series A and Series B, what’s always the most important thing, though, is the people who you’re going to be working with. I’m delighted to welcome Jamie Montgomery to Tessian’s Board of Directors and couldn’t be more excited to partner with him, Jed Leidheiser and the whole team at March Capital on our next chapter of growth. I’m also excited to welcome Schroder Adveq to our investor base. Schroders and their security team have been invaluable supporters of Tessian right from the start when they became one of our first ever customers. It’s a great honor and a proud moment to have one of our first customers join our Series C and now support us as investors. Tessian’s Series C marks an incredible new chapter for our company. The capital raised will be used to investing heavily in R&D to expand Tessian to secure other interfaces and communication channels beyond email, as well as bringing Human Layer Risk Scores to enterprises around the world, helping them quantify the security strengths and weaknesses of every single employee in their organization. We’ll also be expanding our go-to-market teams in the US, UK and beyond, as well as launching our first partnership programs led by our newly formed Business Development team.  But the most exciting thing about this Series C announcement is how it will help our customers. Every single minute Tessian’s behavioral intelligence models prevent 36 human layer security incidents. This new round of funding will see us continue to invest heavily in building world class Customer Success and Product teams to serve the security teams that rely on their human layer security. I’d like to take this opportunity to say a huge thank you to all of our customers. Without your support and trust none of this would be possible. Tessian would still be a concept in the sketchbook of Ed Bishop (my co-founder and Tessian’s Chief Technology Officer), not the company it is today.  And last but by no means least, the biggest thank you of all goes to our employees and the tireless, mission-driven work you put in every day to build our incredible company. Tessian shines so brightly because of your brilliance.  But as with every fundraise, this is just the beginning. It takes a village and we’re only just getting started. If you know anyone looking to take the next step in their career and to join a company solving the biggest problem in enterprise security today, please get in touch, we are hiring! 🚀
Human Layer Security
June Human Layer Security Summit: Meet the Speakers
By Maddie Rosenthal
17 May 2021
Calling all cybersecurity trailblazers! Tessian’s quarterly flagship is back on June 3 with our best agenda yet.  Hundreds of security, compliance, and business leaders have already saved their spot to  learn more about human-centric security strategies, get first-hand insights from industry heavy-weights, and engage with peers through Q&As and a live chat function. What’s on the agenda? With over a dozen speakers across six sessions, we’ll be exploring: How to scale your enterprise security programs What CISOs can do to prevent the next SolarWinds attack How to prove the ROI of security and effectively communicate value to different stakeholders And much more… Keep reading to learn more about our speakers and partners. 
Meet the speakers While we don’t want to give all the surprises away just yet, we can share a sneak peek of 7 speakers joining us on June 3.  Make sure to follow us on LinkedIn and Twitter and subscribe to our weekly newsletter for the latest updates, including detailed information about each of the nine sessions. Bobby Ford, Senior Vice President and CSO at HP: Bobby – who has joined us as a speaker once before – has an incredible wealth of experience. He’s held senior security leadership titles at organizations across industries, including government, consumer goods, healthcare, and now technology. And, having secured organizations with hundreds of thousands of employees, he truly knows how to implement successful security strategies at the enterprise level. Punit Rajpara, Global Head of IT and Business Systems at GoCardless: Having led IT and security teams at Uber, WeWork, and now GoCardless, Punit has a proven track record of scaling security at hyper-growth companies. His goal? To ensure security is a business enabler, not a blocker and to change security’s reputation amongst the C-suite and employees. He’ll be sharing insights into how he delivers IT as a partnership, and a service to the business. Ian Bishop-Laggett, CISO at Schroders Personal Wealth: Now leading InfoSec at Schroders Personal Wealth, Ian has been working in financial services in security roles for over 10 years. That means he’s in the perfect position to talk about risks unique to the industry and the specific challenges human layer risks pose.  Jerry Perullo, CISO at ICE | New York Stock Exchange: With over 25 years of experience in cybersecurity, Jerry has an impressive resume. He’s served as the CISO of NYSE: ICE for 20 years, currently sits on the Board of Directors for FS-ISAC, the Analysis and Resilience Center (ARC) for Systemic Risk, and is the Founding Vice-Chair of the Global Exchange Cybersecurity Working Group under the World Federation of Exchanges.  Katerina Sibinovska, CISO at Intertrust Group: Katerina has a background in law, a passion for tech, and holds a number of IT and compliance certifications, including the CRISC and the GDPR F. Before graduating to CISO at Intertrust Group, she was the Head of IT Change & Compliance, and has a proven track record of balancing security with business operations and strategy. James McQuiggan, Security Awareness Advocate at KnowBe4: In addition to being a Security Awareness Advocate at KnowBe4, where he trains and engages with employees and security leaders about the importance of security awareness training, James also teaches Identify Security at a collegiate level and is the Education Director for the Florida Cyber Alliance. On June 3, he’ll be identifying key strategies to help you improve your training programs. Samy Kamkar, Renowned Ethical Hacker: As a teenager, Samy released one of the fastest-spreading computer viruses of all-time. Now, he’s a compassionate advocate for young hackers, whistleblower, and privacy and security researcher.  To learn more about our speakers and their approaches to cybersecurity, save your spot now and join a community of thousands on June 3.  If you can’t make it on the day – don’t worry. You’ll be able to access all the sessions on-demand if you sign-up.  Want to get a sneak peek of what you can expect on June 3? You can watch sessions from previous Human Layer Security Summits on-demand here. 
Human Layer Security DLP Compliance Data Exfiltration
The State of Data Loss Prevention in the Financial Services Sector
By Maddie Rosenthal
10 May 2021
In our latest research report, we took a deep dive into Data Loss Prevention in Financial Services and revealed that data loss incidents are happening up to 38x more frequently than IT leaders currently estimate.  And, while data loss is a big problem across all industries, it’s especially problematic in those that handle highly sensitive data. One of those industries is Financial Services. Before we dive into how frequently data loss incidents are happening and why, let’s define what exactly a data loss incident is in the context of this report. We focused on outbound data loss on email. This could be either intentional data exfiltration by a disgruntled or financially motivated employee or it could be accidental data loss.  Here’s what we found out. The majority of employees have accidentally or intentionally exfiltrated data  Tessian platform data shows that in organizations with 1,000 employees, 800 emails are sent to the wrong person every year. This is 1.6x more than IT leaders estimated. Likewise, in organizations of the same size, 27,500 emails containing company data are sent to personal accounts. We call these unauthorized emails, and IT leaders estimated just 720 are sent annually. That’s a big difference.
But, what about in this particular sector? Over half (57%) of Financial Services professionals across the US and the UK admit to sending at least one misdirected email and 67% say they’ve sent unauthorized emails. But, when you isolate the US employees, the percentage almost doubles. 91% of Financial Services professionals in the US say they’ve sent company data to their personal accounts.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); And, because Financial Services is highly competitive, professionals working in this industry are among the most likely to download, save, or send company data to personal accounts before leaving or after being dismissed from a job, with 47% of employees saying they’ve done it. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); To really understand the consequences of incidents like this, you have to consider the type of data this industry handles and the compliance standards and data privacy regulations they’re obligated to satisfy. Every day, professionals working in Financial Services send and receive: Bank Account Numbers Loan Account Numbers Credit/Debit Card Numbers Social Security Numbers M&A Data In order to protect that data, they must comply with regional and industry-specific laws, including: GLBA COPPA FACTA FDIC 370 HIPAA CCPA GDPR So, what happens if there’s a breach? The implications are far-reaching, ranging from lost customer trust and a damaged reputation to revenue loss and regulatory fines.  For more information on these and other compliance standards, visit our Compliance Hub. Remote-working is making Data Loss Prevention (DLP) more challenging  The sudden transition from office to home has presented a number of challenges to both employees and security, IT, and compliance leaders.  To start, 65% of professionals working in Financial Services say they feel less secure working from home than they do in the office. It makes sense. People aren’t working from their normal work stations and likely don’t have the same equipment. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); A further 56% say they’re less likely to follow safe data practices when working remotely. Why? The most common reason was that IT isn’t watching, followed by being distracted.  Most of us can relate. When working remotely – especially from home – people have other responsibilities and distractions like childcare and roommates and, the truth is, the average employee is just trying to do their job, not be a champion of cybersecurity.  That’s why it’s so important that security and IT teams equip employees with the solutions they need to work securely, wherever they are. Current solutions aren’t empowering employees to work securely  Training, policies, and rule-based technology all have a place in security strategies. But, based on our research, these solutions alone aren’t working. In fact, 64% of professionals working in Financial Services say they’ll find a workaround to security software or policies if they impede productivity. This is 10% higher than the average across all industries. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
How does Tessian prevent data loss on email? Tessian uses machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior. Our machine learning models analyze email data to understand how people work and communicate. They have been trained on more than two billion emails and they continue to adapt and learn from your own data as human relationships evolve over time. This enables Tessian Guardian to look at email communications and determine in real time if particular emails look like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network. Finally, Tessian Defender detects and prevents inbound attacks like spear phishing, account takeover (ATO), and CEO Fraud. Enforcer and Guardian do all of this silently in the background. That means workflows aren’t disrupted and there’s no impact on productivity. Employees can do what they were hired to do without security getting in the way. Tessian bolsters training, complements rule-based solutions, and helps reinforce the policies security teams have worked so hard to create and embed in their organizations. That’s why so many Financial Services firms have adopted Tessian’s technology, including: Man Group Evercore BDO Affirm Armstrong Watson JTC DC Advisory Many More
Human Layer Security Spear Phishing
Phishing Awareness Training: How Effective is Security Training?
By Maddie Rosenthal
30 April 2021
Phishing awareness training is an essential part of any cybersecurity strategy. But is it enough on its own? This article will look at the pros and cons of phishing awareness training—and consider how you can make your security program more effective. Still wondering how big of a problem phishing really is? Check out this collection of 50+ phishing statistics. Don’t feel like scrolling? For more information about each point, you can click the text below to jump down on the page. 
✅ Pros of phishing awareness training Employees learn how to spot phishing attacks While people working in security, IT, or compliance are all too familiar with phishing, spear phishing, and social engineering, the average employee isn’t. The reality is, they might not have even heard of these terms, let alone know how to identify them. But, by showing employees examples of attacks – including the subject lines to watch out for, a high-level overview of domain impersonation, and the types of requests hackers will generally make – they’ll immediately be better placed to identify what is and isn’t a phishing attack.   Looking for resources to help train your employees? Check out this blog with a shareable PDF. It includes examples of phishing attacks and reasons why the email is suspicious.  It’s a good chance to remind employees of existing policies and procedures Enabling employees to identify phishing attacks is important. But you have to make sure they know what to do if and when they receive one, too. Training is the perfect opportunity to remind employees of existing policies and procedures. For example, who to report attacks to within the security or IT team. Training should also reinforce the importance of other policies, specifically around creating strong passwords, storing them safely, and updating them frequently. After all, credentials are the number one “type” of data hackers harvest in phishing attacks.  Security leaders can identify particularly risky and at-risk employees By getting teams across departments together for training sessions and phishing simulations, security leaders will get a birds’ eye view of employee behavior. Are certain departments or individuals more likely to click a malicious link than others? Are senior executives skipping training sessions? Are new-starters struggling to pass post-training assessments?  These observations will help security leaders stay ahead of security incidents, can inform subsequent training sessions, and can help pinpoint gaps in the overall security strategy.
Training satisfies compliance standards While you can read more about various compliance standards – including GDPR, CCPA, HIPAA, and GLBA – on our compliance hub, they all include a clause that outlines the importance of implementing proper data security practices. What are “proper data security practices?” This criterion has – for the most part – not been formally defined. But, phishing awareness training is certainly a step in the right direction and demonstrates a concerted effort to secure data company-wide.   It helps organizations foster a strong security culture In the last several years (due in part to increased regulation) cybersecurity has become business-critical. But, it takes a village to keep systems and data safe, which means accountability is required from everyone to make policies, procedures, and tech solutions truly effective.  That’s why creating and maintaining a strong security culture is so important. While this is easier said than done, training sessions can help encourage employees – whether in finance or sales – to become less passive in their roles as they relate to cybersecurity, especially when gamification is used to drive engagement. You can read more about creating a positive security culture on our blog.
❌ Cons of phishing awareness training Training alone can’t prevent human error People make mistakes. Even if you hold a three-hour-long cybersecurity training session every day of the week, you’ll never be able to eliminate the possibility of human error. Don’t believe us? Take it from the U.K.’s National Cyber Security Centre (NCSC): “Spotting phishing emails is hard, and spear phishing is even harder to detect. Even experts from the NCSC struggle.  The advice given in many training packages, based on standard warnings and signs, will help your users spot some phishing emails, but they cannot teach everyone to spot all phishing emails.” That’s right, even the U.K.’s top cybersecurity experts can’t always spot a phishing scam. Social engineering incidents—attacks that play on people’s emotions and undermine their trust—are becoming increasingly sophisticated.  For example, using Account Takeover techniques, cybercriminals can hack your vendors’ email accounts and intercept email conversations with your employees. The signs of an account take-over attack, such as minor changes in the sender’s writing style, are imperceptible to humans. Phishing awareness training is always one step behind Hackers think and move quickly and are constantly crafting more sophisticated attacks to evade detection. That means that training that was relevant three months may not be today. In the last year, we’ve seen bad actors leverage COVID-19, Tax Day, furlough schemes, unemployment checks, and the vaccine roll-out to trick unsuspecting targets.  What could be next?  Training is expensive According to Mark Logsdon, Head of Cyber Assurance and Oversight at Prudential, there are three fundamental flaws in training: it’s boring, often irrelevant, and expensive. We’ll cover the first two below but, for now, let’s focus on the cost. Needless to say, the cost of training and simulation software varies vendor-by-vendor. But, the solution itself is far from the only cost to consider. What about lost productivity? Imagine you have a 1,000-person organization and, as a part of an aggressive inbound strategy, you’ve opted to hold training every quarter. Training lasts, on average, three hours. That’s 12,000 lost hours a year.  While – yes – a successful attack would cost more, we can’t forget that training alone doesn’t work. (See point 1: Phishing awareness training can’t prevent human error.)
Phishing awareness training isn’t targeted (or engaging) enough Going back to what Mark Logsdon said: Training is boring and often irrelevant. It’s easy to see why. You can’t apply one lesson to an entire organization – whether it’s 20 people or 20,0000 – and expect it to stick. It has to be targeted based on age, department, and tech-literacy. Age is especially important.  According to Tessian’s latest research, nearly three-quarters of respondents who admitted to clicking a phishing email were aged between 18-40 years old. In comparison, just 8% of people over 51 said they had done the same. However, the older generation was also the least likely to know what a phishing email was. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Jeff Hancock, the Harry and Norman Chandler Professor of Communication at Stanford University and expert in trust and deception, explained how tailored training programs could help.
Should I create a phishing awareness training program? The short answer: “Yes”. These programs can help teach employees what phishing is, how to spot phishing emails, what to do if they’re targeted, and the implications of falling for an attack. But, as we’ve said, training isn’t a silver bullet. It will curb the problem, but it won’t prevent mistakes from happening. That’s why security leaders need to bolster training with technology that detects and prevents inbound threats. That way, employees aren’t the last line of defense. But, given the frequency of attacks year-on-year, it’s clear that spam filters, antivirus software, and other legacy security solutions aren’t enough. That’s where Tessian comes in. How does Tessian detect and prevent targeted phishing attacks? Tessian fills a critical gap in security strategies that SEGs, spam filters, and training alone can’t.  By learning from historical email data, Tessian’s machine learning algorithms can understand specific user relationships and the context behind each email. This allows Tessian Defender to detect a wide range of impersonations, spanning more obvious, payload-based attacks to difficult-to-spot social-engineered ones like CEO Fraud and Business Email Compromise. Once detected, real-time warnings are triggered and explain exactly why the email was flagged, including specific information from the email. Best of all? These warnings are written in plain, easy-to-understand language. 
These in-the-moment warnings reinforce training and policies and help employees improve their security reflexes over time.  To learn more about how tools like Tessian Defender can prevent spear phishing attacks, speak to one of our experts and request a demo today. Not ready for a demo? Sign-up for our weekly blog digest to get more cybersecurity content, straight to your inbox.  Just fill out the form below.
Page