Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

See a sneak peek of Tessian in action featuring admin and end user experiences. Watch the Product Tour →

Integrated Cloud Email Security

Integrated Cloud Email Security solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.  Learn more about what they are, the benefits of using them, and how you can best evaluate those on offer.

Integrated Cloud Email Security
The Ultimate Guide to Human Layer Security
By Tim Sadler
08 July 2021
There’s a big problem in cybersecurity. Despite stricter data compliance standards, incredible technological innovation, and more investment from businesses, data breaches are at an all-time high. In fact, businesses are at risk of insider and outsider threats, with a reported 67% increase in the volume of security breaches over the past five years.   Why is this happening? Because, historically, security solutions have focused on securing the machine layer of an organization: networks, endpoints and devices. But the majority of these solutions provide blunt protection, rely on retroactive threat detection and remediation, and don’t protect a businesses’ most important asset: its employees.   So, when you can get a firewall to protect your network, and EDR to protect your devices, what do you get to protect your people? Human Layer Security.
What is Human Layer Security?
Tessian’s Human Layer Security technology understands human behavior and relationships, enabling it to detect and prevent dangerous activity. Importantly, Tessian’s technology learns and adapts to how people work without getting in the way or impeding productivity.   We created this category over four years ago, and its been the thesis for both our Series B fundraise and, most recently, our Series C fundraise. Today, Tessian solutions are deployed at enterprise companies across industries,  detecting and preventing millions of inbound and outbound threats on email, including malicious data exfiltration attempts, accidental data loss via misdirected emails and misattached files, and spear phishing attacks. 
Why do we need Human Layer Security? Your employees now control both your systems and your data. But people make mistakes, people break the rules, and people can be deceived. 88% of data breaches are caused by human error, with AIG reporting “human errors and behavior continue to be a significant driver of cyber claims.”   It makes sense. Employees can transfer millions of dollars to a bank account in a few clicks and can share thousands of patient records in an Excel file in a single email. You can read more about The Psychology of Human Error here.   So, instead of expecting people to do the right thing 100% of the time, we think it’s better to preempt these errors by detecting and preventing them from happening in the first place. Each of our solutions – Tessian Enforcer, Tessian Guardian, and Tessian Defender – is uniquely positioned to do just that. People break the rules Whether done maliciously or accidentally, people in every organization can (and do) break the rules. Those rules can be related to anything, from a password policy to how sensitive information is stored. But, what about rules related to data exfiltration?   Oftentimes, employees are blissfully unaware. They’re not familiar with the policies themselves or the consequences of poor data handling. So, they think nothing of emailing company information to their personal email account to print at home, for example.   But not all employees are well-intentioned. Case in point: In late-2019, an employee at a cybersecurity and defense company sold 68,000 customer records to scammers. This isn’t an isolated incident. According to one report, 45% of employees say they’ve taken work-related documents with them after leaving or being dismissed from a job and, according to another, more than half of UK employees admitted to stealing corporate data. A quarter of those would be willing to do so for less than £1,000.   Tessian Enforcer prevents data exfiltration attempts (both malicious and negligent. Looking for more real-world examples of malicious and negligent insiders? Read this article.
People make mistakes From a simple typo to a misconfigured firewall, mistakes are inevitable at work. To err is human! In fact, 43% of employees say they’ve made a mistake at work that compromised cybersecurity.  Unfortunately, though, the consequences of these mistakes can be severe.   Imagine an employee sends a misdirected email. Penalties and fines could be incurred, customer trust could plummet, and reputational damage could be long-lasting. And those are just the consequences to the larger organization. Individuals will likely suffer, too.   We all know the sinking feeling of making a mistake. But, misdirected emails cause employees more than red-faced embarrassment and anxiety. These accidents put people at risk of losing their jobs.   Tessian Guardian detects and prevents misdirected emails and misattached files so that the right email and the right files are always shared with the right person.
People can be deceived Businesses of all sizes and across industries work with a web of suppliers, contractors, and customers. And, most use email to communicate. That means it’s easy for hackers to impersonate internal and external contacts. Business Email Compromise (BEC) attacks increased by over 100% in the last two years.   Worse still, the odds are against businesses and their employees. While a hacker only has to get it right once, we are expected to get it right every time.   So, what happens if one employee is successfully tricked one time by a spear phishing email and wires money, shares credentials, or otherwise helps a hacker gain access to your network? The average breach costs organizations $3.92 million. But, these costs can be avoided with technology like Tessian Defender that detects and prevents advanced impersonation attacks.
Why focus on email? At Tessian, our mission is to secure the human layer. And we know that to be truly effective, Human Layer Security must protect people whenever and however they handle data. But, we’re starting with email. It’s the most popular (we spend 40% of our time on it) and riskiest (most breaches happen here) communication channel. It’s also the threat vector IT leaders are most worried about.
You’re probably wondering how Tessian compares to other solutions and how our technology would fit in your larger security framework. We’ll tell you. Tessian vs. Rule-Based Technology Traditional email security solutions are blunt instruments that tend to be disruptive for employees and admin-intensive for security teams who have to continuously create and maintain thousands of rules.   Don’t believe us? 85% of IT leaders say rule-based DLP is admin-intensive and over half of employees say they’ll find a workaround if security software or policies make it difficult or prevent them from doing their job.   The fact is, manually classifying emails, tagging emails sent to external contacts, encryption, and pesky pop-ups are roadblocks that slow the pace of business and create friction between security teams and other departments. Worse still, these older technologies just can’t be configured to adequately defend against all the ways people make mistakes or cut corners on email. Tessian is automated. No rule-writing, manual investigation, or configuration required.   Tessian vs. Training Training is a necessary part of every security strategy. But, the majority of employees aren’t trained frequently enough and lessons don’t always stick. Employees also tend to struggle applying what they’ve learned in training to real-world situations.   But we can’t blame employees. The average person isn’t a security expert and hackers are crafting more and more sophisticated attacks. It’s hard for even the most security-conscious among us to keep up. That’s why security leaders need to invest in technology that bolsters training and reinforces policies and procedures. That way, employees can improve their security reflexes over time.   That’s where Human Layer Security comes in. Tessian warnings act as in-the-moment training for employees. And, because Tessian only flags 1 in 1,000 emails on average, when a pop-up does appear, employees pay attention.
Tessian Human Layer Security technology Tessian deploys within minutes, learns within hours, and starts protecting in a day. Human Layer Security works by understanding and adapting to human behavior. Our machine learning algorithms analyze historical email data and build a unique security identity for every employee based on relationships and communication patterns.  The best part is: these ML models get smarter and better over time as more data is ingested.   This helps the technology establish what normal (and abnormal) looks like and allows Tessian to automatically predict and prevent security breaches on email across devices.   For every inbound and outbound email, our ML algorithms analyze millions of data points, including:   Relationship History: Analyzing past and real-time email data, Tessian has a historical view on all email communications and relationships. For example, we can determine in real-time if the wrong recipient has been included on an outbound email; if a sensitive attachment is being sent to a personal, non-business email account; if an inbound email with a legitimate-looking domain is a spoof Content & context: Using natural language processing to analyze historical email data, Tessian understands how people normally communicate on email and what topics they normally discuss. That way, our solutions can automatically detect anomalies in subject matter (i.e. project names) or sentiment (i.e. urgency), which might indicate a threat.   Best of all, all of this analysis happens silently in the background and employees won’t know it’s there until they need it. Tessian stops threats, not business. And not flow. And, with Human Layer Risk Hub, our customers can now deeply understand their organization’s security posture with granular visibility into employee risk and insights into individual user risk levels and drivers.   This is the only solution that offers protection, training, and risk analytics all in one platform, giving security and compliance leaders a clear picture of your organization’s risk and the tools needed to reduce that risk. First, you protected our networks. Then, you protected our devices. Now, you can protect your people with Tessian’s Human Layer Security.
Integrated Cloud Email Security
10 Cybersecurity Events & Webinars in July to Sign Up For
07 July 2021
With cybersecurity threats on the rise, it’s time to strengthen your organization’s defenses. In-person events and online webinars can help. They give security, compliance, and business professionals a chance to discuss what’s top of find, share advice, and network. To help you learn and level-up your cyber strategy, we’ve selected ten cybersecurity events to attend throughout July.  There’s something on our list for every niche—whether you’re a CISO, an infosec analyst, or just someone who wants to learn more about this crucially important discipline. With some pandemic restrictions still in place, many of our events are taking place online, but be sure to confirm this before you attend. Security Trainings and Conference: July 5-10, 2021 Register here: This six-day event features in-depth training sessions on all things hardware security, including assessing and exploiting PLCs, reverse engineering integrated circuits, and attacking Secure Boot. Who should attend? Hardware security is a pretty niche field, so you won’t want to miss this event if you’re involved in this sector—it’ll be a great opportunity to learn from your peers and get in a (virtual) room with like-minded professionals. Confirmed speakers Yongdae Kim, Professor in the Department of Electrical Engineering at KAIST Colin O’Flynn, CTO, NewAE Technology Inc. Mathieu Stephan, Electronics Engineer, ViaSat Inc. The Official Cyber Security Summit, St. Louis/Oklahoma City (Online): July 7, 2021 Register here: Having run for nearly 30 years, this conference has earned the right to call itself The Official Cyber Security Summit. With sessions on insider threats, the future of cloud security, and the rise of ransomware, this event is a great way to learn from and engage with infosec leaders. Who should attend? The Official Cyber Security Summit is a great place for CISOs and other security professionals looking for an eclectic program to help them develop their knowledge and careers—and earn eight CPE credits in the process. Confirmed speakers Deron McElroy, Chief of Cybersecurity Services, Cybersecurity and Infrastructure Security Agency, US DHS Quinn Carman, Director of Operations, The NSA, Red Team Richmond Cyber Security Forum: July 7, 2021 Register here: The Richmond Cyber Security Forum offers a mix of keynotes, workshops, and personal development sessions. You’ll get to meet and mingle with peers, and secure some face-to-face time with the U.K.’s cybersecurity industry leaders. Who should attend? There are two main reasons to attend this event: as a delegate—to exchange ideas with like-minded security professionals in an informal setting, or as a supplier—to gain access to 100 senior decision-makers in the cyber sector. Confirmed speakers The conference agenda is available on request. Previous speakers include: Sophie Hackford, Co-Founder, 1715 Labs Jamie Woodruff, Ethical Hacker David Rowan, former Editor, Wired UK. IAPP Asia Privacy Forum: July 12, 2021 Register here: The International Association of Privacy Professionals (IAPP) is the best-respected industry accreditation body for privacy—and they sure know how to put on a great conference. This IAPP event will consider how privacy regulation is developing in Asia in terms of consumer rights, privacy-enhancing tech, data management, and more. Who should attend? If your company operates in Asia, then your Data Protection Officers, privacy counsels, and any other privacy or security-focused professionals will benefit from attending this event—to keep abreast of the latest regulatory developments in the region. Confirmed speakers Tan Kiat How, Commissioner, Personal Data Protection Commission of Singapore Raymund Liboro, Chairman and Commissioner, Philippines National Privacy Commission Stephen Kai-yi Wong, Privacy Commissioner, Privacy Commissioner for Personal Data, Hong Kong, China ISMG Virtual Cybersecurity Summit: Government: July 13-14, 2021 Register here: Recent high-profile cyberattacks on public agencies and critical infrastructure have sharpened governments’ focus on cybersecurity. Information Security Media Group (ISMG)’s conference provides insights from the people responsible for driving public policy on decision-making. Who should attend? Most sessions at the ISMG Virtual Cybersecurity Summit: Government focus on the role of the CISO. This event is an opportunity for security leaders in your organization to gain insight into the upcoming changes and challenges that might arise from government intervention in cybersecurity. Confirmed speakers Brandon Wales, Acting Director, Cybersecurity and Infrastructure Security Agency (CISA) Jim Weaver, Secretary for Information Technology/State CIO, State of North Carolina Dave Lewis, Global Advisory CISO, Duo Security at Cisco Infosecurity Europe: July 13-15, 2021 Register here: Infosecurity Europe is the meeting place for infosec’s “finest minds”, with a great range of sessions from a truly impressive line-up. The conference will feature panels on building security-awareness culture, mitigating the risk of insider threats, developing a “human-centric” approach to cybersecurity, and more. Who should attend? Infosecurity Europe will cover everything from basic security principles to advanced practice, so CISOs and IT leaders should not miss this event—and should make sure anyone in their organization with a stake in cybersecurity attends with them. Confirmed speakers Mikko Hypponen, Researcher, F-Secure Dr. Kevin Jones, Global CISO, Airbus Dr. Victoria Baines, Visiting Research Fellow, University of Oxford p.s., we’ll be there! More information about our speaking slot and (virtual) booth coming soon.  Policing Cybercrime Digital Conference: July 16, 2021 Register here: Nearly half of all crime in England and Wales is committed online. The Policing Cybercrime conference brings together cybercrime experts to explore how law enforcement and other stakeholders can respond to online threats. Who should attend? Attend the Policing Cybercrime Digital Conference if you want to understand how society is responding to the cybercrime epidemic—whether you’re involved in law enforcement, government, the justice system, private industry, international organizations, or academia.  Confirmed speakers Stuart Hyde QPM, Vice President Development, Society for the Policing of Cyberspace Virginia Eyre, Deputy Director Cyber Policy, Home Office Nigel Leary, T/Deputy Director, National Cyber Crime Unit, National Crime Agency International Conference on Networks and Communications (NCO 2021): July 24-25, 2021 Register here: The seventh International Conference on Networks and Communications (NCO 2021) is a forum for experts to share their knowledge of computer networks and data communications, including network security, cloud computing, and machine learning. Who should attend? The conference is well-suited to CISOs looking to understand the latest technical developments in their field, together with engineers, computer scientists, and academics. Confirmed speakers Haluk Altay, Turkish Aerospace, Turkey Vikas Thammanna Gowda, Wichita State University, USA Hoda Nematy, Malek-Ashtar University of Technology, Tehran RANT Radio: Mutated Cyber: July 28, 2021 Register here: While many industries have suffered due to COVID-19, cybercrime has prospered. RANT Radio’s Mutated Cyber conference will explore “the ‘was’, ‘is’ and ‘will be’ of cybercrime in a post-pandemic age.” Who should attend? CISOs and CEOs with teams working from home should learn a lot from this conference, which will focus on how the pandemic has caused a rise in social engineering attacks. Confirmed speakers Donna Goddard, Director, Cyber Information Security, London Stock Exchange Group (LSEG) Kathryn Cardose, Senior Manager, Security Operations, Virgin Money Myla Pilao, Director Technical Marketing, Trend Micro Black Hat USA: July 31-August 3 2021 Register here: Black Hat USA is 24 years old, and there’s a good reason this event has stuck around for so long. Black Hat USA provides a package of advanced training courses, on infosec topics as diverse as vulnerability research, securing Windows infrastructure, using adversarial AI for hacking—plus briefings from infosec thought leaders. Who should attend? Black Hat USA is a must-attend for any infosec professional looking to level up their skills, learn from industry leaders, or understand the latest techniques in their adversaries’ toolkits. Confirmed speakers Craig Young, Principal Security Researcher, Tripwire Qian Wenxiang, Senior Security Researcher at Tencent Blade Team Paula Januszkiewicz, CEO and Founder, CQURE Inc. p.s., we’ll be there! More information about our speaking slot and booth location coming soon.
Data Exfiltration Email DLP Integrated Cloud Email Security
What is an Insider Threat? Insider Threat Definition, Examples, and Solutions
By Tessian
29 June 2021
Organizations often focus their security efforts on threats from outside. But increasingly, it’s people inside the organization who cause data breaches. There was a 47% increase in Insider Threat incidents between 2018 and 2020, including via malicious data exfiltration and accidental data loss. And the comprehensive Verizon 2021 Data Breach Investigations Report suggests that Insiders are directly responsible for around 22% of security incidents. So, what is an insider threat and how can organizations protect themselves from their own people?
Importantly, there are two distinct types of insider threats, and understanding different motives and methods of exfiltration is key for detection and prevention. Types of Insider Threats The Malicious Insider
Malicious Insiders knowingly and intentionally steal data, money, or other assets. For example, an employee or contractor exfiltrating intellectual property, personal information, or financial information for personal gain.  What’s in it for the insider? It depends. Financial Incentives Data is extremely valuable. Malicious insiders can sell customer’s information on the dark web. There’s a huge market for personal information—research suggests you can steal a person’s identity for around $1,010. Malicious Insiders can steal leads, intellectual property, or other confidential information for their own financial gain—causing serious damage to an organization in the process. Competitive Edge Malicious Insiders can steal company data to get a competitive edge in a new venture. This is more common than you might think.  For example, a General Electric employee was imprisoned in 2020 for stealing thousands of proprietary files for use in a rival business. Unsurprisingly, stealing data to gain a competitive edge is most common in competitive industries, like finance and entertainment. The Negligent (or Unaware) Insider 
Negligent Insiders are just “average” employees doing their jobs. Unfortunately, “to err is human”… which means people can—and do—make mistakes. Sending a misdirected email Sending an email to the wrong person is one of the most common ways a negligent insider can lose control of company data. Indeed, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches.  And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. We’ve put together 11 Examples of Data Breaches Caused By Misdirected Emails if you want to see how bad this type of Insider Threat can get. Phishing attacks Last year, 66% of organizations worldwide experienced spear phishing attacks. Like all social engineering attacks, phishing involves tricking a person into clicking a link, downloading malware, or taking some other action to compromise a company’s security. A successful phishing attack requires an employee to fall for it. And practically any of your employees could fall for a sophisticated spear phishing attack. Want to know more about this type of Negligent Insider threat? Read Who Are the Most Likely Targets of Spear Phishing Attacks? Physical data loss   Whether it’s a phone, laptop, or a paper file, losing devices or hard-copy data can constitute a data breach. Indeed, in June 2021, a member of the public top-secret British military documents in a “soggy heap” behind a bus stop. Looking for more examples of Insider Threats (both malicious and negligent?) Check out this article: 17 Real-World Examples of Insider Threats How can I protect against Insider Threats? As we’ve seen, common Insider Threats are common. So why is so hard to prevent them? Detecting and preventing Insider Threats is such a challenge because it requires full visibility over your data—including who has access to it. This means fully mapping your company’s data, finding all entry and exit points, and identifying all the employees, contractors, and third parties who have access to it. From there, it comes down to training, monitoring, and security. Training While security awareness training isn’t the only measure you need to take to improve security, it is important. Security awareness training can help you work towards legal compliance, build threat awareness, and foster a security culture among your employees. Looking for resources to help train your employees? Check out this blog with a shareable PDF. Monitoring Insider Threats can be difficult to detect because insiders normally leverage their legitimate access to data. That’s why it’s important to monitor data for signs of potentially suspicious activity. Telltale signs of an insider threat include: Large data or file transfers Multiple failed logins (or other unusual login activity) Incorrect software access requests Machine’s take over Abuse by Service Accounts Email Security The vast majority of data exfiltration attempts, accidental data loss incidents, and phishing attacks take place via email. Therefore, the best action you can take to prevent insider threats is to implement an email security solution. Tessian is a machine learning-powered email security solution that uses anomaly detection, behavioral analysis, and natural language processing to detect data loss. Tessian Enforcer detects data exfiltration attempts and non-compliant emails Tessian Guardian detects misdirected emails and misattached files Tessian Defender detects and prevents spear phishing attacks How does Tessian detect and prevent Insider Threats? Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects the content and metadata of inbound emails for any signals suggestive of phishing—like suspicious payloads, geophysical locations, IP addresses, email clients—or data exfiltration—like anomalous attachments, content, or sending patterns. Once it detects a threat, Tessian alerts employees and administrators with clear, concise, contextual warnings that reinforce security awareness training
Threat Intel
US Legal Education Provider Spam Campaign Detected
By Charles Brook
11 June 2021
Overview Time period: March 2020 – May 28, 2021 Number of emails sent: >405,000 Subject lines used: 5,881 Mailboxes targeted: 2,099 Sender domains used: 821 Tessian’s Research & Intelligence team have identified a pattern of suspicious email activity across the Tessian platform, originating from a US-based online “leader in legal education”. The first email campaigns were detected in early 2020. In every campaign, the organization appears to be promoting discounts on educational courses or new curriculum. New domains – our team has observed 2-3 new domains appearing per week – were used to evade spam filters and SEGs. Who was targeted? Over 10% of our customer base received one of the campaigns from this legal education firm. 65% of the targeted customers are in the Legal sector; 25% are in Financial Services. Almost all targeted customers are US-based. Nearly every customer has a legacy Secure Email Gateway (SEG) and Tessian Defender as part of their inbound email tech stack. These emails bypassed the SEGs, but were flagged as potentially malicious by Tessian Defender.
One single law firm received an astounding 280,000 emails from this organization in a little over a year. Other Tessian customers received several hundred to thousands in the same time frame. Normally high-volume campaigns like this are not very targeted or customized to the recipient. In this case, the sender has taken a scatter-shot approach with the hope that a fraction of the recipients engage. Even if these emails are not malicious, they are certainly a nuisance – especially for busy attorneys.   What was the angle? Nearly 6,000 subject lines were used in these email campaigns. Notable themes and keywords include: Coronavirus / COVID-19 Cryptocurrency, Blockchain, Bitcoin and Smart Contracts AirBnB & Short-Term Rental Law Marijuana, Hemp and Cannabis Law  Judgments & Asset Protection Uber, Lyft & Ridesharing law Discounts Last/final day to register It appears that they are attempting to capitalize on new or trending legal topics, which could be particularly relevant to law firms and financial services institutions.
Suspicious, not necessarily malicious  While this legal education provider may be a legitimate organization, their website is insecure (no SSL certification, no padlock icon), and more importantly, the way they are building and distributing these email campaigns is suspicious; their tactics mimic those deployed by cybercriminals to evade defenses. For example, the emails are often sent from a recently registered domain by a sender the recipient will probably not have seen before. These are two key indicators that trigger Tessian Defender. In a little over a year, the legal education provider registered over 800 domains; sent emails from over 825 email addresses; and used about 20 different display names. This sort of behavior indicates that they were deliberately crafting emails to bypass rule-based filtering. [Read more about display name and domain manipulation.] Why? Once a domain has developed a reputation for spam, then it can be added to a spamming blacklist, which will be a significant factor considered by spam filters.  Registering a new domain with a fresh or unknown reputation is the easiest way to get around this. This is not dissimilar to how hackers create phishing attacks.  The emails often also contained a sense of urgency to bait the recipient into buying or signing up to something while a certain discount is still available. Urgency (i.e. “Last day to register”) is another technique regularly employed in phishing emails. Most of the URLs in the emails pointed to a legitimate website called Constant Contact (an email marketing tool). What can you do about it? General guidance  Limit how far you share your email address across the internet. Keep it private unless it is essential to share it. Do not click on any links in spam emails as they could be malicious. Mark it as spam or move it to your spam/junk email folder to help train the spam recognition algorithm. After marking it as spam, delete the email from your spam/junk folder. If you’re a Tessian customer Review attacks in the Tessian portal and add senders to a denylist to be blocked before reaching inboxes in the future.  Review attacks in the Tessian portal and remove emails from employee inboxes.  Use the Human Layer Risk Hub to understand which employees are most at risk of phishing; then notify them individually or create customized warnings to educate them about the risk. The primary way for avoiding spam is to limit how much you share your email address across the internet. Be cautious of who and what services you sign up to with your email address – whether it’s your personal or business email address. Some services may willingly sell your information to spammers or marketers. The key difference between marketing emails and spam is that marketing emails should only be sent to emails that have consented to receive them. To comply with regulations like GDPR and CCPA, marketing emails must also provide an easy way to opt out of future emails, for example, by including an unsubscribe link or button in the email. Last but not least, if you’re a lawyer, always make sure the provider and courses of legal training are accredited. 
Customer Stories
Advanced Inbound and Outbound Threat Protection for an International Law Firm
11 June 2021
Company: Penningtons Manches Cooper Industry: Legal Company Size: 1,000 employees Solutions: Enforcer, Guardian, Defender Environment: Hybrid Platform: Outlook Customer since: 2016 About Penningtons Manches Cooper Penningtons Manches Cooper is a leading UK and international law firm which provides high quality legal advice to both businesses and individuals. The firm has UK offices in the City of London, Basingstoke, Birmingham, Cambridge, Guildford, Oxford and Reading with an overseas network stretching from Asia to South America through their presence in Singapore, Piraeus, Paris, Madrid and São Paulo. With 130 partners and over 880 people in total, Penningtons Manches Cooper is acknowledged as a dynamic and forward-thinking practice which combines legal services with a responsive and flexible approach.  They have established a strong reputation in a variety of sectors, particularly private wealth, shipping, technology and property.  Penningtons Manches Cooper lawyers are also recognised for their expertise in life sciences, education, retail, sports and entertainment and international trade. Before Tessian…. Before deploying Tessian in 2016, Marcus Shepherd, Best Practice Operations, and Richard Mullins, IT Security Engineer, both suspected Penningtons Manches Cooper had a more significant problem with email data breaches than was being reported. Marcus explained, saying “It was pretty clear that, together with the rest of the industry back then, we had a problem with email data breaches but had no visibility as to the extent of it. We had reporting processes in place, but had a hunch that the actual number of incidents was higher than those being reported by employees. Part of the problem was education. Complete understanding of what constituted a data breach and the possible consequences of data breaches – even with very basic personal details – was not fully understood then.  A lot of employees were not clear that if something had taken place, it needed to be reported.” While they were leveraging some standard rules in Outlook for inbound threats, they were relying on employee training, rule-based systems, and self-reporting to prevent outbound threats like misdirected emails and data exfiltration (both accidental and malicious).
According to Marcus and Richard, they lacked visibility and control over threats, employees were struggling with alert fatigue, and their security team was inundated with more false positives than they could investigate.  Must-have features…. In evaluating solutions, the firm was originally looking for three key features. Effectiveness: Because data loss incidents were a concern, their top priority was to find a solution that would accurately predict data loss incidents on email. But unsurprisingly, they were wary of any solution that might trigger false positives. This would distract partners and cause alert fatigue. Ease-of-use: They wanted a tool that would be easy to deploy and not require a large security team to manage it day-to-day.   Education: It can be difficult to encourage fee-earners to prioritize security considerations when dealing with busy and demanding clients. The pop-ups triggered by rule-based tools weren’t offering employees the information they needed to understand how to handle data safely or why it was so important to do so. Marcus and Richard wanted a tool that offered context and complemented training and awareness programs.
With Tessian…. As an innovative firm with a proactive security team, Penningtons Manches Cooper was an early adopter of Tessian and deployed Tessian Guardian and Tessian Enforcer in 2016 to prevent misdirected emails and data exfiltration on email. In 2019 – as soon as it was released to market – they deployed Tessian Defender. Tessian offers advanced threat protection  Since deploying Tessian, Richard and Marcus have seen Tessian Enforcer reduce loss of IP from people leaving the firm, have seen over 3,000 interventions where Tessian Guardian has prevented a potential data breach by flagging a misdirected email, and have seen Tessian Defender prevent advanced impersonation attacks including CEO Fraud and Business Email Compromise.  “Tessian is a vital part of our security stack when it comes to cyber awareness, risk and compliance, and information protection. It’s an essential perimeter defense – and sometimes the last line of defense,” Richard said.  Tessian surfaces rich insights about employee behavior on email With Human Layer Risk Hub, Penningtons Manches Coopers’ security team has clear visibility of threats.  “Tessian is doing the heavy lifting for us now. We’re no longer looking through spreadsheets with hundreds or thousands of events. With Human Layer Risk Hub, we get incredible visibility within the portal into high-risk users and high-risk events. We can now identify users whose behavior could put us at risk, whether it’s via misdirected emails, unauthorized emails, or spear phishing attacks. This all helps massively with incident response since our security and compliance teams do not have limitless resources,” Richard said.  In-the-moment warnings reinforce security awareness training and reduce risk over time Tessian’s in-the-moment warnings offer context about why an email is being flagged as malicious or suspicious. They’re written in clear, easy-to-understand language and help coach employees towards safer behavior over time.
The platform is easy to deploy and manage day-to-day  Tessian deploys within minutes, learns within hours, and starts protecting in a day. Richard and Marcus experienced this during their initial deployment and again during their merger with Thomas Coopers LLP in 2019.  Marcus explained, saying that “Deploying Tessian across new users after the merger was seamless. We got everyone connected immediately which helped us extend our security culture right away”.  Low flag rates and false positives mean Tessian doesn’t get in the way  It was important for Marcus and Richard to find a tool that worked, without distracting, frustrating, or confusing especially busy lawyers.  With Tessian, they no longer struggle with high rates of false positives.
Tessian sets the benchmark for technology partners From the outset, Richard and Marcus have been proactive in helping shape Tessian’s product roadmap to serve them, other law firms, and customers across industries.   “In terms of a relationship with a supplier, Tessian is the benchmark for continuous improvement and adapting to the threat landscape. We have a huge amount of engagement and feedback with Tessian which has helped to improve our email security posture. They actively want to go on our journey with us and are always willing to listen to our concerns or requirements,” Richard said.
Integrated Cloud Email Security
6 Insights From Tessian Human Layer Security Summit
By Maddie Rosenthal
03 June 2021
That’s a wrap! A big “thank you” to our incredible line-up of speakers, panelists, sponsors, and – of course – attendees of Tessian’s fifth Human Layer Security Summit.  Security leaders shared advice on scaling enterprise security programs, explained how they’ve successfully re-framed cybersecurity as a business enabler, and offered tips on how to prevent breaches.  If you’re looking for a recap, we’ve identified one key takeaway from each session. You can also watch the Summit (and previous Summits…) on-demand for free here. Want to be involved next time? Email us: 1. The average person makes 35,000 decisions a day – one mistake could have big consequences While most decisions you make won’t impact your company’s cybersecurity, some can. For example, sending an email to the wrong person, misconfiguring a firewall, or clicking on a malicious link. And these mistakes happen more often than you might think… 95% of breaches are caused by human error. That’s why security leaders implement policies, offer training, and deploy technology. But did you know there’s one solution that prevents human error by offering automatic threat prevention, training, and risk analytics all in one platform?   Watch the full session below to hear more about Tessian Human Layer Risk Hub, or download the datasheet for a more detailed look at the product.  Further reading: Research: Why Do People Make Mistakes? What is Human Layer Security? Product Datasheet: Tessian Platform Overview 2. The best cybersecurity strategies combine experience, threat intelligence, and business intelligence If you’re looking for practical advice, check out this session. Bobby Ford, Senior Vice President and CSO at Hewlett-Packard, and James McQuiggan, Security Awareness Advocate at KnowBe4, discuss cybersecurity strategies they recommend for the enterprise.  You might be surprised to find out that technology wasn’t the focus of the conversation. Relationships were. By listening to and understanding your people, you can build better relationships, ensure alignment with the company’s mission, vision, and values, and influence real change.  “You have to assess the overall culture and then develop a strategy that’s commensurate with that culture,” Bobby explained. For more insights – including a personal anecdote about how implementing a security strategy is like teaching your children to walk – watch the full session.  Further reading: 7 Fundamental Problems With Security Awareness Training Hey CISOs! This Framework Will Help You Build Better Relationships  3. Some of the year’s biggest hacks have one thing in common: human error Who better to discuss this year’s biggest hacks than a hacker?  Samy Kamkar, Renowned Ethical Hacker, joined us to break down the SolarWinds and Twitter breaches and offer advice on how to prevent similar incidents.  To start, he explained that in both hacks, social engineering played a role. That’s why people are the key to a strong and effective cybersecurity strategy.  Sure, automated detection and prevention systems can help. So can password managers. But, at the end of the day, employees are the last line of defense and hackers don’t attack machines. They attack people.  According to Samy, “We don’t have time to implement every possible safeguard. That’s why we have to lean on training.” Watch the full session for more insights, including Samy’s book recommendation and why he doesn’t trust MFA.  Further reading: Tessian Threat Intelligence and Research Real World Examples of Social Engineering Research: How to Hack a Human 4. DLP is boring, daunting, and complex….but it doesn’t have to be Punit Rajpara, Global Head of IT and Business Systems at GoCardless, has a strong track record of leading IT and security teams at start-ups, with a resume that includes both Uber and WeWork.  For him, empowerment, enablement, and trust are key and should be reflected in an organization’s security strategy. That means rule-based DLP solutions – which he deemed “boring, daunting – and complex” just don’t cut it. Tessian does, though.  “Security is often looked at as a big brother, we’re-watching-everything-you-do sort of thing. At GoCardless, Tessian has changed that perception and is instead putting the power in the hands of the users,” Punit explained. To learn more about why Punit chose Tessian and how he uses the platform today, watch the full session below.  Further reading: Customer Story: How Tessian Gave GoCardless Better Control and Visibility of Their Email Threats Research: Data Loss Prevention in Financial Services Product Datasheet: Tessian Platform Overview 5. Learning is only effective when it’s an ongoing activity  When asked what was top of mind for her when it comes to cybersecurity, Katerina Sibinovska, CISO at Intertrust Group simply said “data loss”. I think most would agree. But, as we all know, data loss can be the result of just about anything. Lack of awareness, negligence, malicious intent… So, how does she prevent data loss? By balancing technical and non-technical controls and building a strong security culture.  And, as she pointed out, annual (and even quarterly!) training isn’t enough to build that strong security culture. “It can’t just be a tickbox exercise,” she said. Instead, meet employees where they are. Add context. Engage and reward them. Support them rather than blame them.  To learn more about how she’s reduced data loss – and what role Tessian plays – watch the full session. Further reading: Why Do the World’s Top Financial Institutions Trust Tessian? Pros and Cons of Phishing Awareness Training Product Data Sheet: Tessian Human Layer Risk Hub 6. People don’t just want to know WHAT to do, but they want to know WHY. You don’t want to miss this Q&A. Jerry Perullo, CISO at ICE | New York Stock Exchange has over 25 years of experience in cybersecurity and shares his thoughts on the role of the CISO, how to get buy-in, and why training is (generally) a “time-suck” for employees.  His advice? Don’t just tell people what they need to do in order to handle data safely, tell them why they need to do it. What are the legal obligations? What would the consequences be? This will help you re-frame cybersecurity as an enabler instead of an obstacle.  Watch the full session for more tips from this cybersecurity trailblazer.  Further reading: 1.CEO’s Guide to Data Protection and Compliance  2. 7 Fundamental Problems With Security Awareness Training You’re invited to the next Summit! Subscribe to our weekly newsletter to be the first to hear about events, product updates, and new research. 
ATO/BEC Integrated Cloud Email Security
Is Your Office 365 Email Secure?
By Maddie Rosenthal
02 June 2021
In July last year, Microsoft took down a massive fraud campaign that used knock-off domains and malicious applications to scam its customers in 62 countries around the world.   But this wasn’t the first time a successful phishing attack was carried out against Office 365 (O365) customers. In December 2019, the same hackers gained unauthorized access to hundreds of Microsoft customers’ business email accounts.   According to Microsoft, this scheme “enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website…as they would in a more traditional phishing campaign.”   Why are O365 accounts so vulnerable to attacks?   Exchange Online/Outlook – the cloud email application for O365 users – has always been a breeding ground for phishing, malware, and very targeted data breaches.   Though Microsoft has been ramping up its O365 email security features with Advanced Threat Protection (ATP) as an additional layer to Exchange Online Protection (EOP), both tools have failed to meet expectations because of their inability to stop newer and more innovative social engineering attacks, business email compromise (BEC), and impersonations.   One of the biggest challenges with ATP in particular is its time-of-click approach, which requires the user to click on URLs within emails to activate analysis and remediation.   Is O365 ATP enough to protect my email?   We believe that O365’s native security controls do protect users against bulk phishing scams, spam, malware, and domain spoofing. And these tools are great when it comes to stopping broad-based, high-volume, low-effort attacks – they offer a baseline protection.   For example, you don’t need to add signature-based malware protection if you have EOP/ATP for your email, as these are proven to be quite efficient against such attacks. These tools employ the same approach used by network firewalls and email gateways – they rely on a repository of millions of signatures to identify ‘known’ malware.   But, this is a big problem because the threat landscape has changed in the last several years.   Email attacks have mutated to become more sophisticated and targeted and  hackers exploit user behavior to launch surgical and highly damaging campaigns on people and organizations. Attackers use automation to make small, random modifications to existing malware signatures and use transformation techniques to bypass these native O365 security tools. Unsuspecting – and often untrained – users fall prey to socially engineered attacks that mimic O365 protocols, domains, notifications, and more.  See below for a convincing example.
It is because such loopholes exist in O365 email security that Microsoft continues to be one of the most breached brands in the world.   What are the consequences of a compromised account?   There is a lot at stake if an account is compromised. With ~180 million O365 active email accounts, organizations could find themselves at risk of data loss or a breach, which means revenue loss, damaged reputation, customer churn, disrupted productivity, regulatory fines, and penalties for non-compliance. This means they need to quickly move beyond relying on largely rule- and reputation-based O365 email filters to more dynamic ways of detecting and mitigating email-originated risks.   Enter machine learning and behavioral analysis.   There has been a surge in the availability of platforms that use machine learning algorithms. Why? Because these platforms detect and mitigate threats in ways other solutions can’t and help enterprises improve their overall security posture.   Instead of relying on static rules to predict human behavior, solutions powered by machine learning actually adapt and evolve in tandem with relationships and circumstances.Machine learning algorithms “study” the email behavior of users, learn from it, and – finally – draw conclusions from it.   But, not all of ML platforms are created equal. There are varying levels of complexity (going beyond IP addresses and metadata to natural language processing); algorithms learn to detect behavior anomalies at different speeds (static vs. in real-time); and they can achieve different scales (the number of data points they can simultaneously study and analyze).   How does Tessian prevent threats that O365 security controls miss?   Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises. It is designed to offset the rule-based and sandbox approaches of O365 ATP to detect and stop newer and previously unknown attacks from external sources, domain / brand / service impersonations, and data exfiltration by internal actors.   By dynamically analyzing current and historical data, communication styles, language patterns, and employee project relationships both within and outside the organization, Tessian generates contextual employee relationship graphs to establish a baseline normal behavior. By doing this, Tessian turns both your employees and the email data into an organization’s biggest defenses against inbound and outbound email threats.   Conventional tools focus on just securing the machine layer – the network, applications, and devices. Tessian can make clear distinctions between legitimate and malicious email interactions and warn users in real-time to reinforce training and policies to promote safer behavior.   How can O365 ATP and Tessian work together? Often, customers ask us which approach is better: the conventional, rule-based approach of the O365 native tools, or Tessian’s powered by machine learning?   The answer is, each has their unique place in building a comprehensive email security strategy for O365. But, no organization that deals with sensitive, critical, and personal data can afford to overlook the benefits of an approach based on machine learning and behavioral analysis.   A layered approach that leverages the tools offered by O365 for high-volume attacks, reinforced with next-gen tools for detecting the unknown and evasive ones, would be your best bet.   A very short implementation time coupled with the algorithm’s ability to ‘learn’ from historical email data over the last year – all within 24 hours of deployment – means Tessian could give O365 users just the edge they need to combat modern day email threats.
Email DLP Integrated Cloud Email Security Compliance
At a Glance: Data Loss Prevention in Healthcare
By Maddie Rosenthal
30 May 2021
Data Loss Prevention (DLP) is a priority for organizations across all sectors, but especially for those in Healthcare. Why? To start, they process and hold incredible amounts of personal and medical data and they must comply with strict data privacy laws like HIPAA and HITECH.  Healthcare also has the highest costs associated with data breaches – 65% higher than the average across all industries – and has for nine years running.  But, in order to remain compliant and, more importantly, to prevent data loss incidents and breaches, security leaders must have visibility over data movement. The question is: Do they? According to our latest research report, Data Loss Prevention in Healthcare, not yet. How frequently are data loss incidents happening in Healthcare? Data loss incidents are happening up to 38x more frequently than IT leaders currently estimate.  Tessian platform data shows that in organizations with 1,000 employees, 800 emails are sent to the wrong person every year. Likewise, in organizations of the same size, 27,500 emails containing company data are sent to personal accounts. These numbers are significantly higher than IT leaders expected.
But, what about in Healthcare specifically? We found that: Over half (51%) of employees working in Healthcare admit to sending company data to personal email accounts 46% of employees working in Healthcare say they’ve sent an email to the wrong person 35% employees working in Healthcare have downloaded, saved, or sent work-related documents to personal accounts before leaving or after being dismissed from a job This only covers outbound email security. Hospitals are also frequently targeted by ransomware and phishing attacks and Healthcare is the industry most likely to experience an incident involving employee misuse of access privileges.  Worse still, new remote-working structures are only making DLP more challenging.
Healthcare professionals feel less secure outside of the office  While over the last several months workforces around the world have suddenly transitioned from office-to-home, this isn’t a fleeting change. In fact, bolstered by digital solutions and streamlined virtual services, we can expect to see the global healthcare market grow exponentially over the next several years.  While this is great news in terms of general welfare, we can’t ignore the impact this might have on information security.   Half of employees working in Healthcare feel less secure outside of their normal office environment and 42% say they’re less likely to follow safe data practices when working remotely.   Why? Most employees surveyed said it was because IT isn’t watching, they’re distracted, and they’re not working on their normal devices. But, we can’t blame employees. After all, they’re just trying to do their jobs and cybersecurity isn’t top-of-mind, especially during a global pandemic. Perhaps that’s why over half (57%) say they’ll find a workaround if security software or policies make it difficult or prevent them from doing their job.  That’s why it’s so important that security leaders make the most secure path the path of least resistance. How can security leaders in Healthcare help protect employees and data? There are thousands of products on the market designed to detect and prevent data incidents and breaches and organizations are spending more than ever (up from $1.4 million to $13 million) to protect their systems and data.  But something’s wrong.  We’ve seen a 67% increase in the volume of breaches over the last five years and, as we’ve explored already, security leaders still don’t have visibility over risky and at-risk employees. So, what solutions are security, IT, and compliance leaders relying on? According to our research, most are relying on security training. And, it makes sense. Security awareness training confronts the crux of data loss by educating employees on best practice, company policies, and industry regulation. But, how effective is training, and can it influence and actually change human behavior for the long-term? Not on its own. Despite having training more frequently than most industries, Healthcare remains among the most likely to suffer a breach. The fact is, people break the rules and make mistakes. To err is human! That’s why security leaders have to bolster training and reinforce policies with tech that understands human behavior. How does Tessian prevent data loss on email? Tessian uses machine learning to address the problem of accidental or deliberate data loss. How? By analyzing email data to understand how people work and communicate.  This enables Tessian Guardian to look at email communications and determine in real-time if a particular email looks like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network. Finally, Tessian Defender detects and prevents inbound attacks like spear phishing, account takeover (ATO), and CEO Fraud.
Integrated Cloud Email Security Life at Tessian
Announcing our $65M Series C led by March Capital
By Tim Sadler
25 May 2021
Today, I’m thrilled to share the news that Tessian has raised a $65m Series C led by March Capital with participation from existing investors Sequoia Capital, Accel, Balderton Capital and Latitude and new investor Schroder Adveq!   Tessian has achieved a huge amount since our Series B funding in early 2019.   We’ve helped created a new category of security software, addressing the 90% of data breaches caused by human error in the enterprise: Integrated Cloud Email Security (ICES) We’ve added a slew of product enhancements to our platform including the Human Layer Risk Hub, machine based detection for incorrectly attached files on emails and email security against phishing emails from externally compromised vendors. We’ve expanded globally hiring an incredible team in the US, grown our company from 77 to over 150 and hired security experts to lead us in this next chapter. (Welcome again Ramin Sayar, Aaron Cote and Matt Smith 👋) But the work I’m most proud of is how we’ve served our customers. We tripled our Fortune 500 customer base in 2020, and to date have prevented an incredible 300k+ data breaches and security threats for our customers, as well as prevented over half a million phishing attacks that would otherwise have bypassed other security controls like Secure Email Gateways.   From the first meeting we had with March Capital, it was clear that we shared the same vision. March Capital’s experience with Crowdstrike and KnowBe4 not only showed them what it takes to build a category leader in security, but also, made it clear that so many challenges still remain to be solved.   As with our Seed, Series A and Series B, what’s always the most important thing, though, is the people who you’re going to be working with. I’m delighted to welcome Jamie Montgomery to Tessian’s Board of Directors and couldn’t be more excited to partner with him, Jed Leidheiser and the whole team at March Capital on our next chapter of growth.   I’m also excited to welcome Schroder Adveq to our investor base. Schroders and their security team have been invaluable supporters of Tessian right from the start when they became one of our first ever customers. It’s a great honor and a proud moment to have one of our first customers join our Series C and now support us as investors.   Tessian’s Series C marks an incredible new chapter for our company. The capital raised will be used to investing heavily in R&D to expand Tessian to secure other interfaces and communication channels beyond email, as well as bringing Human Layer Risk Scores to enterprises around the world, helping them quantify the security strengths and weaknesses of every single employee in their organization. We’ll also be expanding our go-to-market teams in the US, UK and beyond, as well as launching our first partnership programs led by our newly formed Business Development team.   But the most exciting thing about this Series C announcement is how it will help our customers. Every single minute Tessian’s behavioral intelligence models prevent 36 human layer security incidents. This new round of funding will see us continue to invest heavily in building world class Customer Success and Product teams to serve the security teams that rely on their human layer security. I’d like to take this opportunity to say a huge thank you to all of our customers. Without your support and trust none of this would be possible. Tessian would still be a concept in the sketchbook of Ed Bishop (my co-founder and Tessian’s Chief Technology Officer), not the company it is today.   And last but by no means least, the biggest thank you of all goes to our employees and the tireless, mission-driven work you put in every day to build our incredible company. Tessian shines so brightly because of your brilliance.   But as with every fundraise, this is just the beginning. It takes a village and we’re only just getting started. If you know anyone looking to take the next step in their career and to join a company solving the biggest problem in enterprise security today, please get in touch, we are hiring! 🚀
Threat Intel
Analysis of Executive Impersonation Burst Attack
By Charles Brook
24 May 2021
Overview Industry: Legal Size: 5,000 employees Platform: O365 In May 2021 Tessian Defender flagged a series of emails sent to a global law firm. The emails were attempting to impersonate a senior partner at the firm and targeted a list of other partners. Reconnaissance  The firm being targeted by the attacker operates globally, but the senior partner they were impersonating was based in Australia. All employees targeted in the attack – including their contact details – are featured on the firm’s website. Eleven partners were targeted by the attacker. All of them were also based in Australia, indicating the attacker spent time considering who to target based on what they were able to learn from reconnaissance activities against the individual they wanted to impersonate. It is likely they chose targets they assumed would be in regular contact with the senior partner at the firm. The attacker had registered an email address with Gmail containing the word “partner” at the beginning followed by a series of numbers. They also changed the display name associated with the address to match the name of a senior partner at the firm they were targeting. Attack Deployed In the email sent, the attacker asked questions about the targeted recipient’s availability, implying that part of the intention was to establish a dialog for social engineering. From the email headers, it also appears that the email was sent from a mobile device.  There were no links or attachments included in any of the emails. It is likely the attacker was hoping to receive a response from any of the 11 targeted partners, with the intention of building a rapport and then socially engineering them into carrying out actions on the attacker’s behalf; for example, giving up sensitive information or unwittingly compromising the firm’s network infrastructure by further directing them to a malicious link or attachment.  Threat Detected and Prevented At the time the emails were sent, Tessian Defender was being trialed at the firm across a subset of users. Two of the users who received the email had Defender installed. For both users, Defender flagged the email as a possible impersonation of someone else at the firm based on the display name, and warned them there was something suspicious about it.
Both users who received the notification from Defender marked the email as malicious, which subsequently alerted the security team.
This attack was not particularly sophisticated but could have easily gone unnoticed by busy employees – especially if viewed on a mobile phone, where sender addresses are often not visible. More importantly, this rudimentary attack was not detected by the firm’s Secure Email Gateway.  Tessian Threat Intelligence in the portal drew the security team’s attention to the suspicious indicators: “first time sender” – the recipients had never been emailed by this sender before Keywords like “are you available” were highlighted; which coming from a first time sender signals risk After the security team investigated the threat, they notified the other targeted users in the firm and the incident was resolved without any damage being done. 
Integrated Cloud Email Security
June Human Layer Security Summit: Meet the Speakers
By Maddie Rosenthal
17 May 2021
Calling all cybersecurity trailblazers! Tessian’s quarterly flagship is back on June 3 with our best agenda yet.  Hundreds of security, compliance, and business leaders have already saved their spot to  learn more about human-centric security strategies, get first-hand insights from industry heavy-weights, and engage with peers through Q&As and a live chat function. What’s on the agenda? With over a dozen speakers across six sessions, we’ll be exploring: How to scale your enterprise security programs What CISOs can do to prevent the next SolarWinds attack How to prove the ROI of security and effectively communicate value to different stakeholders And much more… Keep reading to learn more about our speakers and partners. 
Meet the speakers While we don’t want to give all the surprises away just yet, we can share a sneak peek of 7 speakers joining us on June 3.  Make sure to follow us on LinkedIn and Twitter and subscribe to our weekly newsletter for the latest updates, including detailed information about each of the nine sessions. Bobby Ford, Senior Vice President and CSO at HP: Bobby – who has joined us as a speaker once before – has an incredible wealth of experience. He’s held senior security leadership titles at organizations across industries, including government, consumer goods, healthcare, and now technology. And, having secured organizations with hundreds of thousands of employees, he truly knows how to implement successful security strategies at the enterprise level. Punit Rajpara, Global Head of IT and Business Systems at GoCardless: Having led IT and security teams at Uber, WeWork, and now GoCardless, Punit has a proven track record of scaling security at hyper-growth companies. His goal? To ensure security is a business enabler, not a blocker and to change security’s reputation amongst the C-suite and employees. He’ll be sharing insights into how he delivers IT as a partnership, and a service to the business. Ian Bishop-Laggett, CISO at Schroders Personal Wealth: Now leading InfoSec at Schroders Personal Wealth, Ian has been working in financial services in security roles for over 10 years. That means he’s in the perfect position to talk about risks unique to the industry and the specific challenges human layer risks pose.  Jerry Perullo, CISO at ICE | New York Stock Exchange: With over 25 years of experience in cybersecurity, Jerry has an impressive resume. He’s served as the CISO of NYSE: ICE for 20 years, currently sits on the Board of Directors for FS-ISAC, the Analysis and Resilience Center (ARC) for Systemic Risk, and is the Founding Vice-Chair of the Global Exchange Cybersecurity Working Group under the World Federation of Exchanges.  Katerina Sibinovska, CISO at Intertrust Group: Katerina has a background in law, a passion for tech, and holds a number of IT and compliance certifications, including the CRISC and the GDPR F. Before graduating to CISO at Intertrust Group, she was the Head of IT Change & Compliance, and has a proven track record of balancing security with business operations and strategy. James McQuiggan, Security Awareness Advocate at KnowBe4: In addition to being a Security Awareness Advocate at KnowBe4, where he trains and engages with employees and security leaders about the importance of security awareness training, James also teaches Identify Security at a collegiate level and is the Education Director for the Florida Cyber Alliance. On June 3, he’ll be identifying key strategies to help you improve your training programs. Samy Kamkar, Renowned Ethical Hacker: As a teenager, Samy released one of the fastest-spreading computer viruses of all-time. Now, he’s a compassionate advocate for young hackers, whistleblower, and privacy and security researcher.  To learn more about our speakers and their approaches to cybersecurity, save your spot now and join a community of thousands on June 3.  If you can’t make it on the day – don’t worry. You’ll be able to access all the sessions on-demand if you sign-up.  Want to get a sneak peek of what you can expect on June 3? You can watch sessions from previous Human Layer Security Summits on-demand here. 
Customer Stories ATO/BEC Integrated Cloud Email Security
How Tessian Reduced Click-Through Rates on Phishing Emails From 20% to Less Than 5%
13 May 2021
Company: Sanne Group Industry: Financial Services Seats: 1,850 Solutions: Guardian, Enforcer, Defender  About Sanne Group Sanne is an award-winning, leading global provider of alternative asset and corporate services with 22 offices across the globe that serve nearly 2,000 clients, including leading fund managers, financial institutions, and global corporates. Today, the firm manages more than £250 billion in assets.   Sanne deployed Tessian as their complete outbound email security solution in May 2019 and, 18 months later, added Tessian Defender to prevent spear phishing attacks and other impersonation attacks. 
Problem: Despite having deployed other email solutions and training staff, phishing emails were still getting through…and staff were still clicking on them. Marie Measures, Sanne’s Chief Technology Officer, and her team take cybersecurity seriously. That means the firm was protected by other inbound security solutions – including native controls, Secure Email Gateways (SEGs), and antivirus software – before deploying Tessian Defender.  The problem was, those tools just weren’t stopping all inbound attacks and phishing and spear phishing emails were still landing in employees’ mailboxes. According to Marie, on average, 150 were being reported a month to the security team. “Even with all of these controls, emails were still getting through and we were still relying on end-users to make good decisions. We even had one solution in place that triggered a pop-up if a suspicious email was detected, simply asking employees if they wanted to continue. They’d often click “yes”. So when we were evaluating new solutions, it was important to us that users would actually interact with the warnings, ” Marie explained.  After allowing Defender to flag potentially malicious emails during a phishing simulation, Marie saw how Tessian warnings did prompt employees to engage with the warnings. “In these tests, employees typically click on links in phishing emails about 15%-20% of the time. During a trial with Defender enabled, this simulation number dropped to less than 5%,” she said. The difference between Tessian’s warnings and the other solution? Context. 
“Tessian explains the “why” which is very important for awareness. It also appears within the email itself versus employees having to click through a pop-up or link to view the warning. It’s impossible to ignore and easy to understand,” Marie said.  Employees began interacting with the warnings immediately.  Marie continued, “We did not have to send out any communications to staff explaining how to interact with the tool, which is a testament to how intuitive it is. No staff training, no staff comms, nothing. We just turned it on and employees started engaging with the warnings.” Tessian’s in-the-moment warnings explain exactly why emails are flagged in plain English. This way, training is reinforced and employee’s security reflexes improve over time.
How does Tessian Defender detect and prevent impersonation attacks?  Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships to automatically prevents both known and unknown email attacks that bypass Secure Email Gateways (SEGs), while also providing in-the-moment training to educate employees and drive them towards more secure email behavior. Here’s how: Tessian’s machine learning algorithms analyze your company’s email data, learn every employee’s normal communication patterns. and map their trusted email relationships — both inside and outside your organization. Tessian inspects inbound emails for any suspicious or unusual content both in the body of the email and the metadata. For example, payloads or anomalous domains, geophysical locations, IP addresses, email clients, or sending patterns.  Tessian alerts employees when an email might be unsafe with easy-to-understand, contextual warnings. Sanne Group’s Case Study hbspt.cta.load(1670277, '2538c5e1-0639-4378-a3c5-a384204a578e', {"region":"na1"});