Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
Human Layer Security Compliance
10 Reasons Why CEOs Should Care About Cybersecurity
By Tim Sadler
25 November 2020
Cybersecurity is a team sport. And for strategies to be truly effective, security leaders and business leaders have to work together.  In fewer words: Cybersecurity should be on the CEO’s agenda. So, to help bridge the gap and to really highlight why privacy and data protection matter now, I put together this list of reasons why CEOs should care about cybersecurity. Here are 10 reasons why CEOs should care about cybersecurity.
1. Cybersecurity is a competitive differentiator Today, customers and clients don’t just care about privacy, they expect it. That means that a strong cybersecurity culture can actually enable businesses. At our first Human Layer Security Summit of 2020, Mark Parr, Global Director at HFW, summed it up nicely, saying “You’re only going to win more work if you’re reputable. And you’re only going to be reputable if you demonstrate you have a strong information security framework.” He’s not alone in thinking this. According to Cisco’s global survey of security professionals and business leaders, 41% of survey respondents said “competitive advantage” was a benefit of their privacy investment.  2. The biggest consequence of a data breach is lost customer trust Earlier this year, we asked security leaders what the biggest consequence of a data breach would be. The #1 answer? Not lost data. Not regulatory fines or revenue loss. Lost customer trust. Breaches damage your brand and it can be very hard to win back customers’, clients’, and even the public’s trust. That’s why organizations see (on average) 3.9% customer churn after a data breach.  3. You will inevitably empower your people to do their best work Prioritizing cybersecurity isn’t just good for the business. It’s great for your people.  Here’s why: 90% of breaches are caused by human error. But people aren’t intentionally making these errors, they’re moving fast to get their job done. Security just isn’t top of mind for them.  So, it’s our job to set them up for success and empower them to do their best work securely. How do you do that? By removing the sharp objects.  At Tessian’s second Human Layer Security Summit, Bobby Ford, Vice President and Global CISO at Unilever put this into perspective with an example from his own life.   When you’re a parent helping your son or daughter learn how to walk, what do you do? Child-proof the house and get outta the way! 4. Privacy investment can help reduce delays in sales processes and improve operational efficiency Remember that Cisco global survey I mentioned earlier? “Competitive advantage” wasn’t the only benefit security professionals and business leaders experienced as a result of their investment in privacy and cybersecurity. 41% achieved operational efficiency from having data organized and cataloged and 37% saw a reduction in sales delays due to privacy concerns from customers and prospects. It makes sense. Data protection, privacy, and cybersecurity force businesses to be more transparent. That transparency fosters customer loyalty and increases organizational alignment.  
5. The average data breach costs $3.86 million While most security leaders agree that the biggest consequence of a breach is lost customer trust and damaged reputation, we can’t ignore the financial implications. In IBM’s latest Cost of a Data Breach report, they found the average data breach costs $3.86 million. This figure includes costs associated with: Detection and Escalation Notification  Lost Business Ex-post response. And this doesn’t even account for the potential fines from regulators.  Why does this matter? If we’re talking about the ROI of cybersecurity, the cost of non-compliance is actually 2.71 times higher than the cost of compliance. Translation: Prevention is better than cure.  6. The investigation and remediation of breaches disrupts productivity On average, it takes companies 197 days to identify and 69 days to contain a breach. And this process of investigating and remediating requires time and resources from plenty of departments, teams, and people outside of IT. Legal, compliance, executive, marketing, HR, and people teams will get pulled in. Spokespeople will be appointed. External security/IT support will have to be hired and onboarded. The bottom line: you hired great people to do great things. Post-breach activities pull them away from their day-to-work, disrupt their flow and productivity, and distract them from the business’ larger mission. 7. Data protection laws are only going to get more strict  On the topic of compliance, it’s important to point out that data protection laws are only going to get more strict and enforcement agencies are only going to be given more resources to enforce data requirements. That means organizations around the world and across industries won’t just benefit from strong cybersecurity programs, but they’ll be obligated to have one.  Top tip: Industries like financial services tend to be 5+ years ahead in cybersecurity maturity. If you don’t operate in these industries, it’s worth taking note of what’s top-of-mind for the business and security leaders that do.  8. Security culture is built from the top down Just like company culture, the C-suite sets the tone for security culture and therefore must lead by example.  It’s especially important that the CEO plays an active role in not just creating the overall security strategy, but actually rolling it out. Why? The CEO can connect cybersecurity to business objectives and help employees understand what it’s such a critical component in enabling the company to achieve its mission.
But business leaders will soon have no choice but to actively contribute to their organization’s security culture…. 9. By 2024, CEOs could be held personally liable for data breaches As I’ve said, cybersecurity is mission critical. But, for now, it’s security and IT teams who shoulder the responsibility. In a few years, this could change.  According to Gartner, CEO’s will be held personally liable for data breaches by 2024. 10. You owe it to your customers We mentioned earlier that strong cybersecurity can help businesses win new customers. But it’s not just about winning new customers. It’s also about supporting the ones you have.  This is one of Tessian’s core values: Customer-Centricity. Your customers entrust you with their data, their intellectual property, their secrets. You have to keep it safe. That’s why we believe that – as a cybersecurity vendor – it’s our mission to protect every other business’ mission. If you’re looking for more insights into how security and business leaders can work together, check out our latest eBook: CEO’s Guide to Data Protection and Compliance. 
Human Layer Security
What Does 2021 Hold for Cybersecurity? Here Are Tessian’s Predictions
By Ed Bishop
25 November 2020
This time last year, no one predicted the events that have unfolded in 2020. We didn’t anticipate the world plunging into lockdown, economies collapsing, businesses closing their offices, and employees working from home.  It’s been a year of huge change and – I’ll say it – uncertainty.  It might, then, seem odd that we’re thinking about predictions once again.  But predictions are important. They help us focus on the areas that will bring the biggest opportunities and challenges for our businesses and, from that, build strategies. Of course, there’s also the fact that the events of 2020 have undeniably impacted the ways we work and how organizations are run – particularly from a security perspective.  So, what do we think will be top-of-mind for IT and security teams as we approach the new year? Here are Tessian’s top four predictions. 
1. The corporate network (as you probably guessed) will disappear Remote work – or hybrid work – will stay. Businesses simply can’t go back to the “old” ways of working. Why? Because employees expect to work both from home and in the office. In fact, 89% of employees said they no longer want to work exclusively from the office every day of the week. This shift will completely transform the concept of a network, at least as we’ve come to know it in the traditional workplace. Today, company security is very much in the hands of the employees.  That’s why CISOs need to consider how their 2021 security strategies will protect and secure their people – not just endpoints and networks. This is especially important because people make mistakes, break the rules, and can be tricked or deceived by cybercriminals.  To put it simply: Not protecting people means that company data and systems are at risk. But it’s important that security doesn’t impede employee productivity or interrupt their daily workflow.  According to Tessian research, 54% of employees say they’ll find a workaround if security software or policies prevent them from doing their job and 51% say security tools and software impede their productivity.  So, what can you do to protect your people, without getting in their way? Remove the sharp objects, protect them wherever (and however) they work, and make sure your security solutions stop threats and not business.  This is what we call Human Layer Security.  2. Account takeover attacks will spike Account takeover (ATO) – a type of attack where a hacker gains access to the email account of a trusted person or organization and impersonates them to conduct fraudulent activities – will surge in 2021 as cybercriminals look for more ways to bypass secure email gateways (SEGs) and deceive people with phishing and spear phishing attacks.  Not sure what the difference between phishing and spear phishing is? Read this article: Phishing vs. Spear Phishing: Differences and Defense Strategies.  The problem is, despite training employees on how to spot phishing attacks, targets of ATO attacks will have no idea that the person in their trusted network has been compromised. Why? Because the emails appear genuine; the domain name and display name appear as usual. There are no “red flags” which means even the most tech-savvy employee wouldn’t question its legitimacy.  ATO attacks will erode people’s trust in email in 2021, rendering IT teams powerless in stopping people from falling for the scams. This is why we predict that more businesses will adopt a zero-trust model of email security and look for solutions that address threats from their extended network.  IT teams should be looking for advanced inbound email security solutions that use behavioral analysis, natural language processing, and machine learning to: Understand communication patterns  Spot anomalous email sending patterns  Accurately detect incidents of account takeover, before they turn into breaches.  3. The supply chain will become an even weaker link in security No company has control over the security behaviors of its vendors, partners, or suppliers, nor do they have visibility into breaches that happened outside of their organization and across their network.  Cybercriminals use this to their advantage.  By infiltrating smaller companies connected to a company network — either with malware, phishing attacks, or account takeover — they can impersonate the third-party, target a larger company’s employees, and access valuable systems and data. And, the aftermath of the COVID-19 pandemic will only heighten the risks associated with third-parties.  First, people will continue to work remotely which, according to various reports this year which not only makes them more vulnerable to phishing attacks, but also makes it more difficult for them to verify requests. For example, a wire transfer.  Second, financial uncertainty in 2021 may mean IT budgets are cut. CISOs have no way of knowing whether this is the case with their company’s own suppliers or partners and whether or not they are prioritizing security.  Once again, addressing the threats from your company’s extended network will need to be a priority in 2021, as will securing the entire email ecosystem.  4. We’ll get real when it comes to AI The AI hype cycle has left some companies burned by the false promise of AI and ML.  In 2021, however, we predict that the hype will die down. We’ll see less marketing claims and industry conversations around the technology. This is great news for true AI and ML innovators. It will allow the real AI and ML use cases to shine through and companies will start to see how the technology can benefit their business.  But, we should also consider how AI will be used for malicious purposes. We think that we’ll continue to see cybercriminals leveraging AI to make their deceptions and impersonations – either on email or in the form of deepfakes – more convincing and believable.  Likewise, advancements in NLP will lead to more sophisticated attacks that closely mirror the language and tone of the person being impersonated. This will make it more difficult for people to determine what’s real and what’s fake.  This is where automated security solutions will prove invaluable to security teams. Elvis M Chan, Supervisory Special Agent at the FBI and Nina Schick, Author of “Deep Fakes and the Infocalypse: What You Urgently Need to Know”,  took a deep dive into deepfakes at Tessian Human Layer Security Summit in September. And, according to Nina, “This is not an emerging threat. This threat is here. Now.”   Learn more about this type of threat and how AI is being used both in the creation of and defense against deepfakes by watching the full session on-demand.
Looking ahead to 2021 The uncertainty from 2020 won’t disappear come January. There’s still a lot for businesses to figure out, and IT leaders will be under pressure to deliver a seamless and secure working environment for employees, despite budget cuts and under-resourced teams.  But it’s worth noting that at the heart of the challenges businesses and security teams have faced over the past year – and will continue to face as we head into 2021 – is people.  Businesses must prioritize people’s wellbeing and their security to succeed.  Greater visibility into the human layer of an organization gives IT teams insight into their riskiest and most at-risk employees, allowing them to focus and address the areas in which their company is most vulnerable.  Automated security alerts ensure that every employee is made aware of threats in their inbox – no matter where they choose to work – and real-time alerts can help people make smarter security decisions. That’s why we predict that 2021 will be the year that businesses realize the power of Human Layer Security.
Human Layer Security
Tessian Webinar Recap: Cybersecurity Insights to Influence Your 2021 Strategy
By Monica Nio
20 November 2020
As the year comes to a close (and, for many of us, 2020 is a year we want to close the book on…fast) it’s a good time to reflect back on the lessons learned and set a plan to improve in the future. Let’s look at cybersecurity specifically. What should we look out for in 2021 after all that has happened?  We answered the following two questions in our latest webinar, which you can view on-demand here. What do industry experts think the biggest learning of the year has been?  What do they think should be top-of-mind for security leaders next year?  Tessian’s VP of Information Security, Trevor Luker, led a fireside chat with two industry experts, Jesse Starks, CTO at Breckinridge Capital Advisors, and Lena Smart, CISO at MongoDB, to capture their thoughts on the matter. Curious on what insights they shared? Read our notes below for key takeaways and quotes from the panelists.  Or, if you want to learn more about our guest speakers and their companies, skip down to the bottom of the page. And, if you want to be the first to know about future virtual events, subscribe to your newsletter.  3 takeaways from 2020 1. Hackers take advantage of key calendar moments and times of general uncertainty. We saw this happen throughout 2020, with phishing scams around COVID-19, the 2020 census, stimulus checks, and even the US presidential election.  Next up: retail scams in time for the holidays.  2. Hope for the best, prepare for the worst. Both panelists pivoted quickly and easily during the transition from office to home because they already had well-thought-out contingency plans in place. When was the last time you updated your emergency action plan? To learn  more about Jesse and Lena’s contingency plans and what you should consider when making one, watch the full webinar. 
3. Hackers have power in numbers. Today, organizations are being hit by increasingly advanced threats. That’s because an entire industry has been created out of phishing and social engineering, and adversaries operate in groups. They’re experts at their craft. That means security leaders have to level-up their inbound protection.  3 insights for 2021 1. Every employee should be a security champion. Why? Because your cybersecurity is only as strong as your most vulnerable or at-risk employee. After all, it’s people who control your most sensitive systems and data. But, employees can actually be your biggest defense against threats. That’s why education, policies, and security tools are all important. 
2. Expect more data protection regulations in the future. The cost of a breach (including fines for non-compliance) is definitely a concern for security and business leaders. But it’s actually the lost customer trust and damaged reputation that’s top-of-mind. Our panelists tips? Put security controls in place to ensure compliance and make sure you have a process in place for reporting incidents if they do happen.  If you want to learn more about compliance standards like GDPR, CCPA, and HIPPA why good cybersecurity is good for business, download our CEO’s Guide to Data Protection and Compliance. 3. Email security is a long-game strategy. Email is open by default, which means it’s the attack vector of choice for hackers. Looking forward to 2021, security leaders have to have a plan for inbound, advanced impersonation attacks.  
Bonus Insight from Jesse: “You can use technology to close all your gaps, but once you have that, then how can people outside manipulate your organization? Your people – the highest success rate for an attacker. People are always joining organizations, changing teams, changing roles, and learning. The technology changes, but it’s often fixed. The Human Layer is always moving so it makes it very challenging to secure and that’s why it’s so important.” For more tips and personal anecdotes, watch the full video now.  About Jesse Jesse Starks, CISSP, is the Chief Technology Officer at Breckinridge Capital Advisors. Jesse is Breckinridge’s Chief Technology Officer, and is also a member of the firm’s Risk Committee, Information Security Committee, and Business Continuity Committee. In his role, Jesse directs the strategic integration of technology across the firm.  He has over 17 years of experience designing and managing large-scale distributed systems. About Lena Lena Smart is the Chief Information Security Officer at MongoDB. Lena joined MongoDB with more than 20 years of cybersecurity experience. Before joining, she led cybersecurity at large organizations like Tradeweb, New York Power Authority, and InfraGard. She is also a  founding partner of Cybersecurity at MIT Sloan – formerly the Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity – which helps security leaders in academia and the private sector collaborate and tackle the most challenging security issues. About Breckinridge Capital Advisors Breckinridge Capital Advisors is a Boston-based, independently owned investment advisor specializing in investment grade fixed income portfolio management. Working through a network of investment consultants and advisors, they serve a wide variety of clients ranging from high net worth individuals to large institutions. Breckinridge’s assets under management totaled more than #42 billion as of September 30, 2020 Reflecting their commitment to ESG and sustainability, Breckinridge is a Massachusetts Benefit Corporation and a certified B Corp. They believe these designations help them in their goals to create positive, long-term impact for their clients, employees and the communities in which they live, work and invest. About MongoDB MongoDB is the leading modern, general purpose database platform, designed to unleash the power of software and data for developers and the applications they build.  Headquartered in New York, MongoDB has more than 20,200 customers in over 100 countries. The MongoDB database platform has been downloaded over 125 million times and there have been more than one million MongoDB University registrations.
Human Layer Security Customer Stories
Recap: Tessian Webinar, How to Build a Security Culture in Today’s Working World
By Monica Nio
04 November 2020
In our most recent research report, Securing the Future of Hybrid Working, we revealed that 75% of IT decisions makers believe the future of work will be “remote” or hybrid” – where employees could work wherever and however they’d like. So, we wanted to find out: How that might affect an organization’s security culture Why a positive security culture is even more important when employees are remote  How automation can help ease the burden on thinly-stretched IT teams while empowering employees to make smarter security decisions We explored these topics with Rachel Beard, Principal Security Technical Architect at Salesforce, and Ray Chery, SVP and Co-Head of Security Softwares at Jefferies. The discussion was led by Trevor Luker, Tessian’s VP of Information Technology.  Want to watch the full video? You can view it on-demand here. Otherwise, read our notes below for key takeaways and quotes from the panelists.  Want to learn more about our guest speakers and their companies? Skip down to the bottom of the page. And, if you want to be the first to know about future virtual events, subscribe to our newsletter.  5 key takeaways from the Tessian webinar We have to re-learn how to communicate in a hybrid work structure. Gone are the days of just walking up to our colleagues and asking if they sent that suspicious email or tapping someone in IT on the shoulder to clarify a new security policy.  That means security and business leaders need to arm their teams with tools to collaborate and frequently check-in to make sure each and every employee feels comfortable with their new remote set-up. The key to a positive security culture is making employees feel like they play an active role in protecting the organization’s systems and data. But how? Instill the value of privacy and security from the outset with training and other programs and initiatives. Watch the full webinar for more insights into exactly what Rachel and Ray do at Salesforce and Jefferies.   There are benefits and drawbacks to hybrid work. According to Rachel and Ray, productivity is on the rise, which is great news. Teams are aligning on shared goals and initiatives, despite being physically distant. But people are missing the “human” interaction and camaraderie of an in-person office and many are finding it difficult to separate their personal and professional lives. It’s essential you tackle this problem head on and prioritize employee wellbeing.  Automated tools can make security accessible for everyone. This also contributes to a positive security culture by reducing IT teams’ workload. More on this in the summarized Q&A below. Jefferies uses Tessian to prevent misdirected emails. Ray’s team loves Tessian for its “noise-to-value ratio”. So, what makes Tessian so easy to use? Our technology is powered by machine learning, which means our solutions automatically detect and prevent threats like data exfiltration, misdirected emails, and spear phishing with accuracy and ease.  To find out more about how Rachel and Ray think about security culture, Trevor asked them both several questions about their perspective on automation and how to make employees a part of the solution.  We summarized their answers below. Remember, you can watch the full interview here. Q. Prior to COVID, Jefferies went from 5% to 99% of their employees working remote. Will this change be permanent? Ray: “We’re all more comfortable with getting things done from home; we’ve had to grow accustomed to it over the course of the last couple months. [However], our IT team is planning on going back to being in the office 2 or 3 of the 5 days every week. And part of that is driven by the fact that the interaction with the team is different virtually. Teams that really do interact more collaboratively feel the need to still be in the office. I definitely think hybrid work is here to stay.”  Q. Would you say that increased employee workload makes your organization more vulnerable? Ray: “We’re all doing a million things at once. When you’re stretched that thin all the time, folks tend to make mistakes, are more likely to click on an email that they’re not supposed to, or may not be reading things as thoroughly as they need to. The risks are definitely enhanced given that everyone is working from home now.”  Looking for more insights into why people make mistakes and how businesses can prevent errors before they turn into breaches? Check out our research, The Psychology of Human Error. Q. How can automation save your IT team’s time? Rachel: “At Salesforce, we’ve always had a lot of self-service mechanisms. We have Concierge as our service where you can go searching for the information that you need and open a ticket only if you need advanced help. But now, we’re looking at other ways that our customers can do the same. That way, IT can be more available for the highly specialized activities, and some of the more routine ones can be addressed by the employees themselves.”  Ray: “Ultimately, there’s no patch for human error. Humans are going to make mistakes. I think as much automation as we can incorporate into our security stack is really for the better. It removes repetitive errors, streamlines incident management, and reduces the boring stuff that our security analysts need to do. Instead of formally writing tickets and reaching out to me as an employee every time I violate an email rule, we can set it up as such so there’s a pop-up instead.” 
Q. Can tools add to an organization’s security culture in a positive way? Rachel: “Yes, when you have the guidelines and boundaries in a really transparent way. It makes everything more safe for everybody. You just have to think about how to implement that so that you allow your users to be able to do their work effectively and not get in their way too much or become an obstacle while protecting your sensitive data.”  Q. How has Tessian’s Guardian helped with Jefferies’ security culture in today’s working world? Ray: “We’re doing so many things now at home. And at home, we’re more exposed and more likely to make mistakes. We love Tessian because it’s very low-impact [on obstructing employees’ work]. It is a product that delivers with accuracy. Our IT team likes the noise-to-value ratio. When I think about the misaddressed email capabilities alone – we’re all sending a million emails a day – it’s very easy for us to send an email to the wrong person. The way that Tessian handles it in a seamless way is really great.”  Learn how Guardian can help your organization prevent accidental data loss. View Guardian’s page now. For more insights and personal anecdotes, watch the full video now.  About Rachel Rachel Beard is the Principal Security Technical Architect at Salesforce. Rachel joined Salesforce in 2014 and is a Principal Security Technical Architect.  Rachel’s areas of expertise are Salesforce security, data privacy, and compliance. She has over 14 years experience at Salesforce, spanning everything from System Administrator to Developer and even Product Marketing. Rachel is also the volunteer coordinator for Wet Nose Rescue, a leader of a Pride ERG at Salesforce, and a chair on the Diversity & Inclusion Committee at her local public school.  About Ray Ray Chery is the SVP and Co-Head of Security Software at Jefferies. Ray Chery is Senior Vice President and Co-Head of Security Software in Jefferies’ Technology Investment Banking Division. Based in San Francisco, Ray focuses primarily on enterprise security software. He has advised on more than $50B in transaction value over his 14-year career as a technology banker and has worked with and advised companies such as Bomgar, Carbonite, CrowdStrike, DigiCert, Forcepoint, Gigamon, Imperva, Plexxi, Sailpoint and Tufin.  He has also served on the Young Professional Advisory Council (YPAC) and continues to volunteer with Make-A-Wish Greater Bay Area. About Jefferies Jefferies, the global investment banking firm, has served companies and investors for over 55 years. Headquartered in New York, with offices in over 30 cities around the world, the firm provides clients with capital markets and financial advisory services, institutional brokerage and securities research, as well as asset and wealth management. About Salesforce Salesforce is a customer relationship management solution that brings companies and customers together. It’s one integrated CRM platform that gives all your departments — including marketing, sales, commerce, and service — a single, shared view of every customer.
Human Layer Security Customer Stories
Recap: Q&A With Chris Kovel, CTO, PJT Partners
By Maddie Rosenthal
02 November 2020
In case you missed it, Chris Kovel, Chief Technology Officer at PJT Partners, recently joined Robyn Savage, Customer Success Manager at Tessian, for a Q&A about what threats are top of mind and how Tessian helps PJT Partners keep data secure. While you can watch the full video on-demand, we’ve compiled our notes for a high-level overview of their 30-minute discussion. Want to learn more about Chris or PJT Partners? Skip down to the bottom of the page. And, if you want to be the first to know about future virtual events, subscribe to our newsletter.  4 things we learned from Chris  There are three “types” of threat actors. The outsider with intent, the insider with intent, and the well-intentioned employee. In terms of what keeps Chris up at night, it’s often the well-intentioned employee who sends misdirected emails.  While most of us have fired off an email to the wrong person, that doesn’t mean there aren’t serious consequences. There are. If data is leaked (especially in highly regulated industries like Financial Services, Healthcare, and Legal) organizations could face hefty fines for non-compliance, lose customer trust, and suffer a damaged reputation. But… 90% of emails don’t contain sensitive information. That’s why it’s so important that security and compliance leaders develop a process for classifying data as a part of their larger data loss prevention strategy.  PJT Partners uses Tessian for both inbound and outbound email security to detect and prevent misdirected emails, insider threats, and advanced impersonation attacks.  To find out a bit more about what’s top of mind for Chris and how Tessian fits into his overall security strategy, Robyn asked Chris several questions. We’ve summarized them below. Don’t forget, you can watch the full interview here. Q. Are there certain employees who you view as particularly risky or at-risk? “There are absolutely higher value targets that we have to pay more close attention to… But the controls we put in place are for the firm, right? They’re put in place to help everybody.  The leak can happen at any level. It could be a low-level junior banker, it can be someone in the technology department, it can be a partner of the firm.” Q. How has COVID affected your organization and your approach to cybersecurity? “Bankers and everyone else are using technology more than they’ve ever used it before. That means devices are a key for doing business now, whether it’s pulling up a quick video or sending documents. But email still actually accounts for the lion’s share of their communication. Fortunately, Tessian has some really great tools in place to protect users on devices in the same way they’re protected on desktop.” Want to learn more about how to keep your devices secure? Check out our Remote Worker’s Guide to BYOD Policies. Q. Shifting to inbound, what features make Tessian an especially appealing and effective solution at PJT? “Frankly, Tessian is extraordinarily clever in how it detects advanced impersonation. The amount of suspicious emails that Defender flags for us is quite staggering.” “You can spoof an email address in any way, shape, or form so having a product that basically says, “this one email doesn’t look like the others” or “this email likely isn’t actually coming from this person” is really helpful to the larger firm and individual users. In-the-moment warnings are helping our employees get better at actually recognizing which emails are legit and which aren’t and our administrators can help them work through it.”
For more insights and personal anecdotes, watch the full video now.  About Chris Chris Kovel is the Chief Technology officer at  PJT Partners. Prior to joining PJT Partners, Chris spent the previous 25 years at Morgan Stanley in the technology department. In Chris’ last role at Morgan Stanley, he was primarily focused on Artificial Intelligence, Analytics and Data for the Wealth Management division.  Over the course of the 25 years at Morgan Stanley, Chris developed significant technologies for Investment Banking, Capital Markets, Wealth Management, Research & Sales Distribution. Chris holds two patents for banking and trading technologies. Chris led the project and team that won the 2018 Banking Technology Award for Artificial Intelligence for the Next Best Action implementation. Prior to joining Morgan Stanley, Chris worked for Lotus Development Corporation. Chris received his BA from Skidmore College About PJT Partners PJT Partners is a premier global advisory-focused investment bank headquartered in New York City. Their team of senior professionals deliver a range of services to corporations, financial sponsors, institutional investors, alternative investment managers, and governments around the world. 
Human Layer Security Spear Phishing DLP Data Exfiltration
October Cybersecurity News Roundup
30 October 2020
October 2020 has been another remarkable month in cybersecurity. And, since COVID-19 sent the world indoors and made us ever-more reliant on the internet, the importance of information security and data protection has never been more apparent. October saw numerous high-profile data breaches, cyberattacks, and online scams — but also brought us one of the biggest GDPR fines yet, an innovative solution to deepfake technology, and even more jostling between the US government and Chinese big tech. Let’s take a look at the biggest cybersecurity headlines of October 2020. Paying Cyberattack Ransoms Could Breach International Sanctions Rules New guidance from the US Treasury has big implications for companies hit by ransomware attacks from certain countries. (Companies affected by ransomware find their files encrypted — replaced by useless strings of seemingly random characters — with cybercriminals promising to return the data if the company pays a ransom.) Paying up might be the least-worst option where a company’s critical data is at stake…ut according to an October 1 US Treasury advisory note, paying cyberattack ransoms could violate legal rules on international sanctions. Businesses suffering a ransomware attack by hackers from a sanctioned country — like Iran, China, or Russia (where many such attacks do originate) — now face the threat of huge fines and legal action if they choose to buy back their files.  The Treasury’s advice reiterates what cybersecurity leaders have been saying for many years: in cybersecurity, prevention is far better than cure. Amazon Prime Day Sees Huge Spike in Phishing Scams With millions of consumers confined to their homes, this year’s Amazon Prime Day was a chance for millions of shoppers to grab a bargain — and an unmissable opportunity for cybercriminals to steal their personal information. October 8 research from Bolster detected over 800 “spoof” Amazon webpages in September (up from 50 in January), as fraudsters ramped up their phishing efforts in anticipation of the two-day Amazon Prime Day event, hosted October 13-14. Some sites looked near-identical to Amazon’s genuine web properties, with perfectly duplicated branding and convincing domain names. Unwary shoppers were asked for details such as their CVV2 code and social security number. See what advice Tessian co-founder and CEO, Tim Sadler, offered consumers in Tech Radar. FBI Warns of Ransomware Attacks Targeting Healthcare Providers On October 29, the FBI and other agencies issued a warning regarding an “increased and imminent cybercrime threat to US hospitals and healthcare providers.” The threats include a new tool named anchor_dns, a backdoor that can reportedly “evade typical network defense products,” and the Ryuk Ransomware. Among other measures, the FBI is advising healthcare providers to create business continuity plans, patch networked systems, and implement multi-factor authentication in preparation for an attack. According to Associated Press, 59 US healthcare systems have been attacked via ransomware so far this year. Looking for more information on why the healthcare industry is especially vulnerable? We talk more about The State of Data Loss Prevention in Healthcare in this article. UK Public Body Unable to Provide Services Follow “Serious Cyberattack” On October 14, Hackney London Borough Council, a UK local government body, announced that it had fallen victim to a “serious cyberattack.”  In an update two days later, the council revealed the extent of the damage. Among other things, the council was unable to accept rent payments, process planning applications, or pay some social security benefits. The council said it was “working hard to restore services, protect data, and investigate the attack,” but that services could remain unavailable for “some time.” UK Data Regulator Issues $26 Million Fine to Airline UK airline British Airways received a £20 million ($26 million) fine on October 17 for “failing to protect the personal and financial details of more than 400,000 of its customers.” The fine relates to a cyberattack suffered by the company in 2018. The Information Commissioner’s Office — the UK’s data protection authority — found that the airline had failed to limit access to data, had not undertaken sufficiently rigorous testing, and should have implemented multi-factor authentication on its employee and third-party accounts. The British Airways fine amounts to the fourth-largest GDPR fine of all time — but the airline actually got off relatively lightly, considering that the fine was initially touted as £183 million ($238 million).  To learn more about compliance standards like the GDPR (including the largest breaches and fines to-date) check out The CEO’s Guide to Data Protection and Compliance. Adobe Launches Content Authenticity Initiative Tool to Fight Deepfakes As video and audio manipulation techniques become more accessible, cybersecurity and intelligence experts have been warning about a potential onslaught of deepfakes that could have an unprecedented impact on security, politics, and society. Not sure what a deepfake is? Read this article. Cybercriminals can use deepfake technology to create video or audio clips of high-profile and trusted individuals. Deepfakes have already been used in phishing attacks and could also be used for blackmail and disinformation campaigns. On October 20, Adobe’s Content Authenticity Initiative announced a new tool that will add “a secure layer of tamper-evident attribution data to photos, including the author’s name, location, and edit history” to help creatives authenticate their content. Once deepfakes are sufficiently convincing, there might be no way to distinguish them from genuine material. Adobe’s project marks a promising first step in this emerging security front. Hackers Discover 55 Vulnerabilities Across Apple’s Systems A group of hackers earned $300,000 via Apple’s bug bounty scheme after identifying 55 vulnerabilities across Apple’s infrastructure. The security issues included vulnerabilities that would have allowed an attacker to “(take) over a victim’s iCloud account,” “fully compromise an industrial control warehouse software used by Apple,” and “access management tools and sensitive resources.” The group said Apple had fully addressed the majority of vulnerabilities reported. Around 3 Million Credit Cards Compromised After Breach at US Restaurant Franchise On Oct 12, details of around 3 million credit cards were posted on the dark web following a huge data breach at US restaurant franchise Dickey’s Barbeque Pit. According to an investigation by Gemini Advisory, 156 of 469 Dickey’s outlets were involved in the breach, with the highest levels of exposure present in California. The details appear to have been stolen between July 2018 and August 2020. Given California’s strict data breach rules, including a private right of action under the California Consumer Privacy Act, Dickey’s could be liable for some eye-watering sums if the breach is found to have resulted from lax cybersecurity practices. Questions about the CCPA? We answer 13 of them in this article: CCPA FAQs: Your Guide to California’s New Privacy Law. Russia Planned to Launch 2020 Olympics Cyberattack The GRU, Russia’s military intelligence agency, “conducted cyber reconnaissance against officials and organizations” involved in the Tokyo 2020 Olympic and Paralympic Games, according to a UK government announcement on October 19. Russian cybercrime groups are alleged to have targeted “organizers, logistics services, and sponsors.” The Games were originally due to tale place this summer but were postponed due to COVID-19.  The UK government also revealed the full extent of Russia’s hacking campaign against the 2018 Winter Games, during which Russian hackers are alleged to have disguised themselves as Chinese and North Korean attackers to target the opening ceremony in Seoul, South Korea. ENISA 2020 Threat Landscape Report Shows Increase in Cyberattacks  The European Union Agency for Cybersecurity (ENISA) released its 2020 Threat Landscape Report on October 20, and cybersecurity leaders (unfortunately) won’t be surprised at its conclusion: cybercrime is on the increase. The report cites “a new norm,” triggered by the COVID-19 pandemic, in which the world is even more dependent on “a secure and reliable cyberspace.” ENISA found that the number of phishing victims “continues to grow,” that Business Email Compromise (BEC) resulted in “the loss of millions of euros,” and that state-sponsored actors are propagating “finely targeted and persistent attacks on high-value data.” If you’re a security leader looking for solutions to these problems, click here to learn more about how Tessian Defender detects advanced impersonation attacks that slip past SEGs, native features, and legacy tools. Researcher Breaches US President’s Twitter Account By Guessing Password Dutch “ethical hacker” Victor Gevers found himself in control of Donald Trump’s Twitter account on October 16 after guessing the US president’s password. Trump’s Twitter account has over 87 million followers and is frequently used to deliver messages of international importance. Gevers said he correctly guessed the password, “maga2020!”, after seven attempts. The incident reveals that the president was using a simple, easy-to-guess password, and that he had multi-factor authentication disabled. Rectifying either of these two basic security errors would have prevented unauthorized access to the account. Overruling of WeChat Ban Denied by California Judge Another month, another development in the long-running battle between the US government and Chinese tech firms. On October 23, California struck a blow to the Trump administration’s efforts to restrict WeChat — a Chinese app used for currency transfers, social networking, and instant messaging. In September, the US Department of Commerce ordered Apple and Google to stop distributing WeChat via their app stores, citing security issues. The order was blocked in California following a legal challenge by WeChat. The US Justice Department brought further evidence and asked the court to reverse its WeChat ruling. The court declined to change its decision, meaning that the Commerce Department’s banning order will remain unenforced in California — despite the federal government’s allegations regarding WeChat’s security issues.  Finnish Therapy Center Hacked, Exposing Patient Data One of the most shocking data breaches of 2020 was brought to light on October 24, when Finnish psychotherapy center Vastaamo revealed a hack that compromised hundreds of patient records. The highly sensitive nature of the breach means that it is being taken extremely seriously. Finland’s interior minister summoned a cabinet meeting to determine how best to respond to the breach, promising “speedy crisis help” to the affected individuals. The hackers are demanding a ransom in exchange for the return of the files, which were reportedly accessed between November 2018 and March 2019. The ransomware attack further suggests that businesses worldwide lack proper cybersecurity infrastructure — even when handling highly sensitive and valuable data. That’s all for this month. If we missed anything, please email [email protected] and stay tuned for the next roundup. Don’t forget: You can easily share this on social media via the buttons at the top right of this post. 
Human Layer Security Spear Phishing Customer Stories DLP Data Exfiltration
How Tessian Is Preventing Breaches and Influencing Safer Behavior in Healthcare
By Maddie Rosenthal
28 October 2020
Company: Cordaan Industry: Healthcare Seats: 6,300 Solutions: Guardian, Enforcer, Defender  About Cordaan Cordaan – one of the largest healthcare providers in Amsterdam – provides care to over 20,000 people from 120 locations across Amsterdam. They do this with the help of 6,000 employees and more than 2,500 volunteers. Cordaan also works in association with research institutes and social organizations.  To help protect the organization’s people, sensitive data, and networks, Cordaan has deployed Tessian Guardian, Enforcer, and Defender to protect over 6,300 employees on email.  Tessian solves three key problems for Cordaan, which we explore in detail in the video below. Keep reading for a summary of the discussion. Problem: Healthcare employees are especially vulnerable to inbound attacks  When it comes to inbound attacks like spear phishing and business email compromise, the healthcare industry is among the most targeted. It also has the highest costs associated with data breaches. Why? According to Cas de Bie, the Dutch healthcare provider’s Chief Information Officer, it’s not just because organizations operating in this industry handle highly sensitive data. It also has a lot to do with the very nature of the work: helping people. 
Combine this empathetic approach with the stress of a global pandemic, and you’re left with an incredibly vulnerable workforce. With Tessian, Cas is now confident Tessian will identify spear phishing emails before his employees respond to them and that employees’ workflow won’t be disrupted in the process.  When talking about inbound attacks, Cas said “It’s all about awareness. While people probably do know what they’re supposed to do when it comes to email security, it’s different in real life. It’s hard to decide in the moment. Of course, they don’t do it on purpose. They want to make the right decision. Tessian helps them do that.” Problem: Reactive and rule-based solutions weren’t preventing human error on email in the short or long-term To ensure GDPR-compliance, Cordaan prioritized investment in privacy and security solutions. But, according to Cas, “standard” email security, spam filtering solutions, and encryption alone just weren’t enough. They weren’t keeping malicious emails out of inboxes, and they weren’t preventing data loss from insiders. They also weren’t doing anything to improve employee security reflexes in the long-term. 
So, to level-up Cordaan’s email security, Cas was looking for a solution that was: Technologically advanced User-friendly Proactive With Tessian, he found all three. Powered by contextual machine learning and artificial intelligence, our solutions can detect and prevent threats and risky behavior before they become incidents or breaches. How? With the in-the-moment warnings – triggered by anomalous email activity – that look something like this.
These warnings help nudge well-intentioned employees towards safer behavior and ensure data stays within Cordaan’s perimeter. And, because Tessian works silently in the background and analyzes inbound and outbound emails in milliseconds, it’s invisible to employees until they see a warning.   This was incredibly important to Cas, who said that “The added value of Tessian is that it influences behavior. That really resonated with the board and helped me make a strong business case. While I can’t show how cybersecurity creates revenue, I can show – via a risk management calculation – the potential fines we could avoid because of our investment in Tessian”.  Problem: Cordaan’s security team had limited visibility into – and control over – data loss incidents on email  While Cordaan had invested in other email security solutions, Cas and his team still lacked visibility into the frequency of data loss incidents on email. But, after deploying Tessian for a Proof of Value, the scope of the problem became crystal clear.
The reality is that employees do actually send unauthorized and misdirected emails more frequently than expected. (We explore this in detail in our report, The State of Data Loss Prevention 2020.) But, the good news is that this behavior can be influenced and corrected—all without access restrictions that make it harder (or impossible) for employees to do their jobs.  Cas explained it well, saying that “Of course there are things that we have to police and prohibit. But, most of the time, people aren’t doing things maliciously. So it’s nice that – with Tessian – we can take a more nuanced approach. We can influence behavior and help our employees do the right thing.” Learn more about how Tessian prevents human error on email Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships. Tessian Guardian automatically detects and prevents misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts Tessian Defender automatically detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of an organization’s email network. That means it gets smarter over time to keep you protected, wherever and however your work. Interested in learning more about how Tessian can help prevent email mistakes in your organization? You can read some of our customer stories here or book a demo.
Cordaan Case Study hbspt.cta.load(1670277, '61cef6a6-03b0-4491-a81d-6e751eb924e8', {"region":"na1"});
Human Layer Security Spear Phishing DLP Data Exfiltration
Tessian Included as a Cloud Email Security Supplement Solution in Gartner’s 2020 Market Guide for Email Security
By Maddie Rosenthal
27 October 2020
Gartner recently released its Market Guide for Email Security and Tessian is thrilled to have been included as a representative vendor for Cloud Email Security Supplement Solutions. So, what does that mean? According to the report, representative vendors offer “email security capabilities in ways that are unique, innovative, and/or demonstrate forward-looking product strategies.”  How has the threat landscape changed? According to Gartner’s guide, there are a number of factors related to the market’s direction that security leaders need to consider, including the ways in which hackers are targeting organizations and how (and where) we work. Keep reading to learn more. Email is the #1 threat vector
As noted in the report, “According to the 2020 Verizon Data Breach report, 22% of breaches involved social engineering, and 96% of those breaches came through email. In the same report, another 22% of breaches were a result of “human failure” errors, where sensitive data was accidentally sent to the wrong recipient.” “Business email compromise (BEC), the takeover or fraudulent use of a legitimate account to divert funds, continues to grow, and simple payroll diversion scams accounted for  $8 million in 2019.” The bottom line: Whether it’s protecting against inbound threats like ransomware attacks, business email compromise (BEC), or account takeover (ATO) or outbound threats like accidental and malicious data exfiltration, security leaders need to prioritize email security and reevaluate the effectiveness of current solutions. This is especially pertinent as many organizations have moved to the cloud.    Increased cloud office adoption According to Gartner, “Enterprise adoption of cloud office systems, for which cloud email is a key capability, is continuing to grow, with 71% of companies using cloud or hybrid cloud email.” We can expect these numbers to rise, especially given the sudden shift to remote working set-ups in response to COVID-19 and the steep and steady rise in the use of mobile devices for work. But, there’s a problem. Despite G Suite and O365’s basic security controls as well as anti-spam, anti-phishing, and anti-malware services; advanced attachment; and URL-based threat defenses, “email threats have become sophisticated to evade detection by common email security technologies, particularly those that rely only on standard antivirus and reputation.”
What capabilities set vendors apart?  So, what capabilities set vendors apart? In other words what capabilities should security leaders be looking for? Gartner recommends that security leaders “invest in anti-phishing technology that can accurately detect BEC and account takeover attacks. In particular, seek solutions that use AI to create a baseline for communication patterns and conversation style and detect anomalies in these patterns. For account take over attacks, seek solutions that use computer vision when reviewing suspect URLs. Adjacent technologies such as multifactor authentication are used to protect against account takeover attacks.”.   Gartner also says “the following capabilities can be used as primary differentiators and selection criteria for email”. These include the ability to: “Protect against attachment-based threats” “Protect against URL-based advanced threats”  “Protect Against Impersonation and Social Engineering Tactics Used in URL-Based, Attachment-Based and Payloadless Advanced Threats” And, to help security leaders narrow down their search, Gartner identified specific categories of vendors that provide some of the above email capabilities. Tessian is recognized as a representative vendor for CESSs.  Keep reading to learn more about our products and technology.  Why Tessian?  Tessian Human Layer Security offers both inbound and outbound protection on email and satisfies criteria outlined in the report, including display name spoof detection, lookalike domain detection, anomaly detection, data protection, post delivery protection, and offers these protection for both web and mobile devices. Here’s how. Powered by machine learning, our Human Layer Security platform understands normal email behavior by analyzing content, context, and communication patterns from historical email data to establish trusted relationship graphs. Tessian can then detect anomalies in real-time using those employee relationship graphs alongside deep content analysis, natural language processing, and behavioral analysis. Tessian Guardian automatically detects and prevents accidental data loss from misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts and ensures compliant email activity Tessian Defender automatically detects and prevents spear phishing, Business Email Compromise and other advanced targeted impersonation attacks. Tessian’s technology updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network without hands-on maintenance from security teams. That means it gets smarter over time to keep you protected, wherever and however you work, whether that’s a desktop computer in the office or a mobile device, tablet, or laptop at home. But Tessian doesn’t just detect and prevent threats.  When a security threat is triggered, contextual warnings provide employees with in-the-moment training on why an email was flagged unsafe (or an impersonation attempt)  or reinforce data security policies and procedures and improve their security reflexes. This nudges employees towards safer behavior in the long-term.  And, with Human Layer Security Intelligence, security and compliance leaders can get greater visibility into the threats prevented, track trends, and benchmark their organization’s security posture against others. This way, they can continuously reduce Human Layer risks over time. To learn more about how Tessian protects world-leading organizations across G Suite, O365, and Outlook, check out our customer stories or book a demo. 
Gartner, Market Guide for Email Security, September 2020 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Human Layer Security Spear Phishing Tessian Culture
8 Book Recommendations for Security Professionals
By Maddie Rosenthal
22 October 2020
Most security professionals rely on recommendations from their peers when it comes to vendors, solutions, and strategies. So, why not books? We asked our own cybersecurity experts what they were reading and rounded-up eight books to add to your reading list. The Cuckoo’s Egg In 1986, Clifford Stoll – a systems administrator at the Lawrence Berkeley National Laboratory – wrote this book. Based on his field notes, this is arguably one of the first documented cases of a computer hack and the subsequent investigation, which eventually led to the arrest of Markus Hess.  It’s now considered an essential read for anyone interested in cybersecurity. CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers  While this book covers all the fundamentals of IT security governance and risk management, it also digs deeper into people. After all, being a CISO isn’t just about technology. The insights in the book come directly from CISOs. In total, 75 security leaders contributed to the book, which means there’s plenty of actionable advice you can apply to your strategies.  Looking for more insights from security leaders? Check out Tessian’s CISO Spotlight series.  Art of Deception Written by someone pretty well-known in the security field – Kevin Mitnick – Art of Deception offers readers an insider’s view on what it takes to hack a system (and therefore what you can do to protect yourself).  Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers  Politics play a big role in cybercrime.  This book is focused on Sandworm, the group of Russian hackers who, over the last decade, has targeted American utility companies, NATO, and electric grids in Eastern Europe and paralyzed some of the world’s largest businesses with malware. But the author, Wired senior writer Andy Greenberg, also provides plenty of background on both the technology and the relationships between various countries. Social Engineering: The Art of Human Hacking If you want a breakdown of every aspect of social engineering – from elicitation, protecting, influence, and manipulation – this one’s for you. Written by Christopher Hadnagy – the lead developer of the world’s first social engineering framework – this book is a sort of intro to hacking humans that could help you level-up your phishing awareness program and defenses.   We take a deep dive into the psychology of human error in this report, with insights from Stanford Psychology and Communications professor Jeff Hancock.  The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats In the same vein as Sandworm, this book explores cyberwar, nation-state hackers, and the future. While it doesn’t offer highly technical insights, there is plenty of practical advice on how organizations and individual people can avoid being hacked.  Cult of the Dead Cow Cult of the Dead Cow explores some of the world’s most infamous hacking groups – particularly the cDc – and explains how technology, data, and – well – the world has changed because of them.  CISM Certified Information Security Manager All-in-One Exam Guide Yes, this is an exam guide…and yes you should add it to your reading list. If nothing else, to have on-hand as a reference. Why? It covers everything. Security governance, risk management, security program development, and security incident management. Curious as to whether or not other security professionals have their CISM certification? We interviewed 12 women about their journeys in cybersecurity. Read their profiles here and the full report, Opportunity in Cybersecurity Report 2020.
Human Layer Security Spear Phishing DLP Data Exfiltration
7 Concerns IT Leaders Have About Permanent Remote Working
By Laura Brooks
14 October 2020
According to Tessian research, 75% of IT leaders and 89% of employees believe the future of work will be “remote” or “hybrid” – a combination of working in the office and remotely.  This will have a significant impact on companies’ IT departments, who will be under pressure to deliver a seamless experience and create strategies that empower employees to work remotely and securely. In fact, 85% of IT leaders think they and their team will be under more pressure if their organization were to adopt a permanent remote working structure.  In this blog, we look at their top 7 concerns and explain how to overcome them.  1. Employee wellbeing Half of IT leaders’ are worried about staff’s wellbeing when they work remotely – making it the top concern among IT professionals.  Remote work can be incredibly stressful for employees. A survey by online employment platform Monster reported that over two-thirds of U.S. workers have experienced burnout symptoms while working from home. Why? Because people are more distracted, they’re taking less time off work, and they’re working longer hours. 61% of employees in another Tessian report said a culture of presenteeism in their organization makes them work longer hours than they need to.  The problem is that when people are stressed, tired and distracted, they make more mistakes that could compromise cybersecurity. In fact, 46% of employees say make more mistakes when they feel burned out.  IT professionals must recognize the correlation between employee wellbeing, their productivity, and security if they want to keep data and systems safe in a remote work world. Lead with empathy and find ways to prevent stressed and distracted employees from making costly cybersecurity mistakes.  2.Unsafe data practices 46% of IT leaders are also worried about employees practicing unsafe cybersecurity behaviors.  Their concerns are valid. A report published by Tessian in May 2020 revealed that 48% of employees feel they can get away with riskier cybersecurity behaviors when working from home, namely because they are working from unfamiliar devices and because they aren’t being watched by IT teams. A further 54% said they’ll find a workaround if security software or policies prevent them from doing their job. Educating employees on safe cybersecurity practices is a necessary first step. However, only 57% of companies implemented additional training at the start of the remote working period in March 2020. This isn’t trivial; businesses must continually educate staff on safe data practices because cybersecurity is rarely at the front of mind for every employee.  Businesses should also ensure that security solutions or policies do not stand in the way of people getting their jobs done. Workers will find the easiest or most convenient path, and this can often involve skirting around security rules. Security should, therefore, be as flexible as people’s working practices in order to mitigate unsafe behaviors online.
3. More data breaches Half of organizations we surveyed said they experienced a data breach or security incident between March and July 2020 – the period in which mandatory remote work arrangements were enforced. Consequently, 40% of IT leaders are worried their company will experience more data breaches if people continue to work remotely.  The causes of these data breaches included phishing attacks (49%), malware (45%) and malicious insider attacks (43%). In addition, 78% of IT leaders said they think their organization is at greater risk of insider threats when staff work from home.  To prevent data breaches caused by insider threats – and other threats caused by human error – IT teams need greater visibility into their riskiest and most at-risk employees. Only by understanding employees’ behaviors, can businesses tailor policies and training to prevent people’s actions from compromising company security and breaching sensitive data.  4. More phishing attacks Half of the security incidents reported between March-July 2020 were caused by successful phishing attacks – making phishing the top attack vector during this period of remote working.  Of the 78% of remote workers that received phishing emails while working on their personal devices, an overwhelming 68% clicked a link or downloaded an attachment from the malicious messages they received. It’s not surprising, then, that 82% of IT leaders think their organization is at greater risk of phishing attacks when people work remotely.  But why is phishing a greater risk for remote workers?  Because it is not uncommon for an employee to receive information about a new software update for a video conferencing app, or an email from a healthcare organization providing tips on how to stay safe, or a request from a supplier asking them to update payment details.  In fact, 43% of IT professionals said their staff had received phishing emails with hackers impersonating software brands, while 34% said they’d received emails from cybercriminals pretending to be an external supplier.  If the sender’s email domain looks legitimate and if hackers have used the correct logos in the body of the email, there’s very little reason why an employee would suspect they were the target of a scam. And, when working remotely, employees can’t easily verify the email with a colleague. They may, then, click the link to “join the meeting”, download the “new update” or share account credentials. To learn more about how to spot a spear phishing email, read our blog here.
5. The IT team’s bandwidth With organizations facing the threat of more data breaches and security incidents caused by unsafe cybersecurity behaviors, over a third (34%) of IT leaders worry that their teams will be stretched too far in terms of time and resource.  Security solutions powered by machine learning can help alleviate the strain. Solutions like Tessian use machine learning algorithms to understand human behaviors in order to automatically detect and prevent threats caused by human error – such as accidental data loss, data exfiltration or phishing attacks. When a potential threat is detected, the individual is alerted in real-time and a record of the incident is logged in a simple and accessible dashboard. IT professionals no longer have to spend hours manually looking back through logs to find incidents – the proverbial ‘needle in a haystack’.  When you consider that 55% of IT teams spend more time navigating manual processes than responding to vulnerabilities, finding ways to take away the manual, labor-intensive tasks will be critical in freeing up IT professionals’ time.  6. An increase to IT leaders’ workload In addition to concerns over their teams’ workloads increasing, IT leaders also fear they’ll face even longer to-do lists in a hybrid or remote working world. Why? To name a few: The majority of IT leaders will be implementing new BYOD policies, additional training programs, upgrades to endpoint protection as well as new VPNs in order to address employees’ expectations and safety.  They have to overcome challenges like data loss prevention (DLP), something 84% of IT leaders say is more difficult in distributed workforces.  They have to address and mitigate more security risks such as employees bringing infected devices or documents into the office, potentially compromising the company’s entire network.  According to Nominet’s 2020 report – The CISO Stress Report: Life Inside the Perimeter: One Year On – 88% of CISOs are moderately or tremendously stressed. What’s more, 95% work more than their contracted hours amounting to an extra 10 hours per week, on average.  As the pressure increases, businesses must find ways to alleviate stress and empower IT leaders to work effectively and efficiently in order to protect their company and employees.
7. Non-compliance with data protection regulations Nearly a third of IT leaders said that remote working could compromise compliance with data protection regulations.  In the last year, misdirected emails have been the number one cause of data breach incidents reported to the Information Commissioner’s Office. A previous Tessian report found that 58% of employees have sent an email to the wrong person during their career and, of these misdirected emails, nearly a fifth (17%) were sent to the wrong external party.  Their reasons? Nearly half said it was because they were tired and 41% said the error was made because they were distracted. Given that studies have shown people are feeling more fatigued and more distracted while working remotely, there is cause for concern that data breaches, caused by human error, will only increase.  Instead of expecting people to do the right thing 100% of the time while working away from the office, invest in security solutions that preempt these errors by detecting and preventing them from happening in the first place. That way, IT leaders can proactively stop sensitive information from leaving their environment, company IP stays secure, compliance standards are met, and customer trust is maintained. To find out more, read the full report – Securing the Future of Hybrid Work – here.
Human Layer Security DLP Data Exfiltration
Insider Threat Statistics You Should Know: Updated 2020
By Maddie Rosenthal
06 October 2020
Over the last two years, there’s been a 47% increase in the frequency of incidents involving Insider Threats. This includes malicious data exfiltration and accidental data loss. Why does this matter? Because these incidents cost organizations millions, are leading to breaches that expose sensitive customer, client, and company data, and are notoriously hard to prevent. In this article, we’ll explore: How often these incident are happening What motivates Insider Threats to act The financial  impact Insider Threats have on larger organizations The effectiveness of different preventive measures You can also download this infographic with the key statistics from this article. If you know what an Insider Threat is, click here to jump down the page. If not, you can check out some of these articles for a bit more background. What is an Insider Threat? Insider Threat Definition, Examples, and Solutions Insider Threat Indicators: 11 Ways to Recognize an Insider Threat Insider Threats: Types and Real-World Examples
How frequently are Insider Threat incidents happening? As we’ve said, incidents involving Insider Threats have increased by 47% since 2018. But the frequency of incidents varies industry-by-industry. Verizon’s 2020 Breach Investigations Report offers a comprehensive overview of different incidents in different industries, with a focus on patterns, actions, and assets.  They found that: The Healthcare and Manufacturing industries experience the most incidents involving  employees misusing their access privileges The Public Sector and Healthcare suffer the most from lost or stolen assets  Healthcare and Finance see the most “miscellaneous errors” (for example misdirected emails !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
There are also several different types of Insider Threats and the “who and why” behind these incidents can vary. According to one study: Negligent Insiders are the most common and account for 62% of all incidents.  Negligent Insiders who have their credentials stolen account for 25% of all incidents Malicious Insiders are responsible for 14% of all incidents.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Looking at Tessian’s own platform data, Negligent Insiders may be responsible for even more incidents than most expected. On average, 800 emails are sent to the wrong person every year in companies with 1,000 employees. This is 1.6x more than IT leaders estimate.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Malicious Insiders are likely responsible for more incidents than expected, too. Between March and July 2020, 43% of security incidents reported were caused by malicious insiders. We should expect this number to increase. Over three-quarters of IT leaders (78%) think their organization is at greater risk of Insider Threats if their company adopts a permanent hybrid working structure. Which, by the way, the majority of employees would prefer. What motivates Insider Threats to act? When it comes to the “why”, Insiders – specifically Malicious Insiders – are often motivated by money, a competitive edge, or revenge. But, according to one report, there is a range of reasons malicious Insiders act. Some just do it for fun.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); But, we don’t always know exactly “why”. For example, Tessian’s own survey data shows that 45% of employees download, save, send, or otherwise exfiltrate work-related documents before leaving a job or after being dismissed.  While we may be able to infer that they’re taking spreadsheets, contracts, or other documents to impress a future or potential employer, we can’t know for certain.  Note: Incidents like this happen the most frequently in competitive industries like Financial Services and Business, Consulting, & Management. This supports our theory.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); How much do incidents involving Insider Threats cost? The cost of Insider Threat incidents varies based on the type of incident, with incidents involving stolen credentials causing the most financial damage. But, across the board, the cost has been steadily rising. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Likewise, there are regional differences in the cost of Insider Threats, with incidents in North America costing the most and almost twice as much as those in Asia-Pacific. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); But, overall, the average global cost has increased 31% over the last 2 years, from $8.76 million in 2018 to $11.45 in 2020 and the largest chunk goes towards containment, remediation, incident response, and investigation. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); But, what about prevention? How effective are preventative measures? As the frequency of Insider Threat incidents continues to increase, so does investment in cybersecurity. But, what solutions are available and which solutions do security, IT, and compliance leaders trust to detect and prevent data loss within their organizations? According to Tessian’s latest report, The State of Data Loss Prevention 2020, most rely on security awareness training, followed by following company policies/procedures, and machine learning/intelligent automation. But, incidents actually happen more frequently in organizations that offer training the most often and, while the majority of employees say they understand company policies and procedures, comprehension doesn’t help prevent malicious behavior. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); That’s why many organizations rely on rule-based solutions. But, those often fall short.  Not only are they admin-intensive for security teams, but they’re blunt instruments and often prevent employees from doing their jobs while also failing to prevent data loss from Insiders.  So, how can you detect incidents involving Insiders in order to prevent data loss and eliminate the cost of remediation? Machine learning. How does Tessian detect and prevent Insider Threats? Tessian turns an organization’s email data into its best defense against inbound and outbound email security threats. Powered by machine learning, our Human Layer Security technology understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity. Tessian Enforcer detects and prevents data exfiltration attempts Tessian Guardian detects and prevents misdirected emails Tessian Defender detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network. Oh, and it works silently in the background, meaning employees can do their jobs without security getting in the way.  Interested in learning more about how Tessian can help prevent Insider Threats in your organization? You can read some of our customer stories here or book a demo.
Human Layer Security Spear Phishing Data Exfiltration
How Hybrid-Remote Working Will Affect Cybersecurity
By Laura Brooks
29 September 2020
When the world went into lockdown, ways of working changed forever.  Mandatory remote work arrangements meant people had to find ways to get their jobs done in their homes and most of us quickly settled into a new rhythm of work. Now, after months of being away from the office, the so-called “new normal” is starting to feel, well, just normal. Employees don’t want to give up the level of flexibility and autonomy they’ve come to experience.   In fact, according to our latest report, Securing the Future of Hybrid Working, just 11% of UK and US employees said they’d want to work exclusively in the office post-pandemic, with the average employee wanting to work from home at least two days a week. And, over a third of people said they wouldn’t even consider working for a company if it didn’t offer remote working in the future. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Keep reading to find out: How IT leaders think remote and hybrid working will affect cybersecurity What these new set-ups will do to IT teams’ workloads How business’ can balance flexibility and security Remote, office-based, or a bit of both?  Businesses have some big decisions to make. Do they encourage employees to come back to the office post-pandemic, or opt for a fully remote workforce?  For many, a hybrid model – where employees can split their time between working in the office and anywhere else they’d like – appears to be the best option for the long-term future of their company. Google, for example, has already announced that this is the approach it’ll take.  This way of working requires companies to completely transform the way their companies have previously run – and it may come at the IT department’s expense. The majority of IT leaders surveyed believe permanent remote work will put more pressure on their teams, while over a third (34%) are worried about their workers becoming stretched too far in terms of time and resource. This is because, while it is great for employees, a hybrid way of working actually offers the worst of both worlds for IT teams who have to simultaneously manage and mitigate security risks that occur in and out of the office, while providing a seamless experience that enables employees to work-from-anywhere. Why would permanent remote working arrangements increase IT teams’ workload?  One of IT teams’ biggest concerns is the risk of phishing attacks, with 82% of IT leaders believing employees are at greater risk of phishing attacks when working remotely. Their concerns are valid; over three-quarters of employees said they received a phishing email while working on their personal device between March and July 2020, and 68% admitted to clicking a link or downloading an attachment within that email. In fact, our report shows that nearly half of companies experienced a data breach or security incident between March and July 2020 – the remote working period enforced by the global pandemic – and half of these incidents (49%) were caused by phishing attacks.  This made phishing the leading cause of security incidents during this time.
Insider threats are another concern. Over three-quarters of IT leaders (78%) think their organization is at greater risk of insider threats if their company adopts a permanent hybrid working structure. Such risks include employees bringing infected devices or documents into the office after working remotely and sharing sensitive information with their personal accounts.  It’s also worrying that 43% of the security incidents reported between March – July 2020 were caused by malicious insiders. For more information about the different “types” of insiders and real-world examples of each, visit our blog. The problem is that insider threats are much more difficult to detect and mitigate when workforces are distributed. Why? A lack of visibility.  A previous Tessian report revealed that nearly half of employees feel like they can get away with unsafe cybersecurity practices when working away from the office because they aren’t being watched by their IT team.   Then, there are the security risks associated with Bring Your Own Device (BYOD) practices.  Half of employees we surveyed have been working on their personal devices since the world went into lockdown in March 2020. The top BYOD security risks cited by IT professionals included: The downloading of unsafe apps Malware infections Software updates.  It’s not surprising, then, that 1 in 3 IT leaders are worried about their teams being too stretched in terms of time and resource in a permanent remote working structure. 
How can businesses balance flexibility and security without draining IT teams’ resources?  Securing distributed workforces isn’t going to be easy. Why? Because businesses must transform and reinvent ways of working but IT teams are under-resourced and budgets are getting smaller and smaller. Failure to transform and deliver a seamless hybrid experience, though, could threaten companies’ security posture and see businesses losing out on talent.  Education on the threats people can be exposed to and the threats they pose to company security when working away from the office is, therefore, an important first step. So, it is encouraging to see that 58% of IT leaders are planning to introduce more security training should their company adopt a permanent remote working structure.  But approaches to training may need a rethink so that it resonates with employees and isn’t seen as “just another thing” on people’s to-do list. According to our report, despite 57% of IT departments implementing more education and security training for their employees during the pandemic, nearly 1 in 5 workers said they didn’t even take part. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); This brings us to our second recommendation – security solutions shouldn’t hinder people’s productivity.  It’s clear people want to be able to work flexibly, so tools need to be flexible, too. Solutions like Tessian are invisible to employees until threats are detected, which means we cause minimal disruption to people’s workflow. Our warnings are helpful and educational, not annoying. We give people the information they need to make safer cybersecurity decisions and improve their behaviors over time.  Lastly, IT teams need greater visibility into their riskiest and most at-risk employees – regardless of where they’re working – in order to tailor training and policies and improve cybersecurity behaviors over time. Getting this level of visibility shouldn’t be a burden to the IT team, though. IT teams have enough going on, so solutions that leverage machine learning can take away labor-intensive tasks and help free up IT professionals’ time.  The way people work is quickly changing. But one thing will stay the same; you need to protect your organization’s most important asset – your people.  Businesses that protect their people from security threats and empower them to do great work, without security getting in their way, will set themselves for long-term success.  Read the full report – Securing The Future of Hybrid Working – today.
Page
[if lte IE 8]
[if lte IE 8]