So, you’ve accidentally sent an email to the wrong person. Don’t worry, you’re not alone. According to Tessian research, over half (58%) of employees say they’ve sent an email to the wrong person.   We call this a misdirected email and it’s really, really easy to do. It could be a simple spelling mistake, it could be the fault of Autocomplete, or it could be an accidental “Reply All”. But, what are the consequences of firing off an email to the wrong person and what can you do to prevent it from happening?   We’ll get to that shortly. But first, let’s answer one of the internet’s most popular (and pressing) questions: Can I stop or “un-send” an email?

Can I un-send an email?   The short (and probably disappointing) answer is no. Once an email has been sent, it can’t be “un-sent”. But, with some email clients, you can recall unread messages that are sent to people within your organization.    Below, we’ll cover Outlook/Office 365 and Gmail. Recalling messages in Outlook & Office 365   Before reading any further, please note: these instructions will only work on the desktop client, not the web-based version. They also only apply if both you (the sender) and the recipient use a Microsoft Exchange account in the same organization or if you both use Microsoft 365.    In simple terms: You’ll only be able to recall unread emails to people you work with, not customers or clients. But, here’s how to do it.   Step 1: Open your “Sent Items” folder Step 2: Double-click on the email you want to recall Step 3: Click the “Message” tab in the upper left-hand corner of the navigation bar (next to “File”) → click “Move” → click “More Move Actions” → Click “Recall This Message” in the dropdown menu Step 4: A pop-up will appear, asking if you’d like to “Delete unread copies of the message” or “Delete unread copies and replace with a new message” Step 5: If you opt to draft a new message, a second window will open and you’ll be able to edit your original message   While this is easy enough to do, it’s not foolproof. The recipient may still receive the message. They may also receive a notification that a message has been deleted from their inbox. That means that, even if they aren’t able to view the botched message, they’ll still know it was sent. There’s more information about recalling emails in Outlook here.  

Recalling messages in Gmail   Again, we have to caveat our step-by-step instructions with an important disclaimer: this option to recall messages in Gmail only works if you’ve enabled the “Delay” function prior to fat fingering an email. The “Delay” function gives you a maximum of 30 seconds to “change your mind” and claw back the email.    Here’s how to enable the “Delay” function.   Step 1: Navigate to the “Settings” icon → click “See All Settings” Step 2: In the “General” tab, find “Undo Send” and choose between 5, 10, 20, and 30 seconds.  Step 3: Now, whenever you send a message, you’ll see “Undo” or “View Message” in the bottom left corner of your screen. You’ll have 5, 10, 20, or 30 seconds to click “Undo” to prevent it from being sent.    Note: If you haven’t set-up the “Delay” function, you will not be able to “Undo” or “Recall” the message. There’s more information about delaying and recalling emails in Gmail here.   So, what happens if you can’t recall the email? We’ve outlined the top six consequences of sending an email to the wrong person below. 

What are the consequences of sending a misdirected email?   According to Verizon’s 2021 DBIR, misdelivery is the most common type of error to cause a breach. But is a breach the biggest consequence?   We asked employees in the US and UK what they considered the biggest consequences of sending a misdirected email. Here’s what they had to say. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   Importantly, though, the consequences of sending a misdirected email depend on who the email was sent to and what information was contained within the email.   For example, if you accidentally sent a snarky email about your boss to your boss, you’ll have to suffer red-faced embarrassment (which 36% of employees were worried about).   If, on the other hand, the email contained sensitive customer, client, or company information and was sent to someone outside of the relevant team or outside of the organization entirely, the incident would be considered a data loss incident or data breach.   That means your organization could be in violation of data privacy and compliance standards and may be fined. But, incidents or breaches don’t just impact an organization’s bottom line. It could result in lost customer trust, a damaged reputation, and more.

Let’s take a closer look at each of these consequences.   Fines under compliance standards Both regional and industry-specific data protection laws outline fines and penalties for the failure to implement effective security controls that prevent data loss incidents. Yep, that includes sending misdirected emails.   Under GDPR, for example, organizations could face fines of up to 4% of annual global turnover, or €20 million, whichever is greater.    And these incidents are happening more often than you might think. Misdirected emails are the number one security incident reported to the Information Commissioner’s Office (ICO). They’re reported 20% more often than phishing attacks.  Lost customer trust and increased churn Today, data privacy is taken seriously, and not just by regulatory bodies.    Research shows that organizations see a 2-7% customer churn after a data breach and 20% of employees say that their company lost a customer after they sent a misdirected email.   A data breach can (and does) undermine the confidence that clients, shareholders, and partners have in an organization. Whether it’s via a formal report, word-of-mouth, negative press coverage, or social media, news of lost – or even misplaced – data can drive customers to jump ship. Revenue loss Naturally, customer churn + hefty fines = revenue loss. But, organizations will also have to pay out for investigation and remediation and for future security costs.   How much? According to IBM’s latest Cost of a Data Breach report, the average cost of a data breach today is $3.86 million. Reputation damage As an offshoot of lost customer trust and increased customer churn, organizations will – in the long-term – also suffer from a damaged reputation. Like we’ve said: people take data privacy seriously.   That’s why, today, strong cybersecurity actually enables businesses and has become a unique selling point in and of itself. It’s a competitive differentiator. Of course, that means that a cybersecurity strategy that’s proven ineffective will detract from your business.   But, individuals may also suffer from a damaged reputation or, at the very least, will be embarrassed. For example, the person who sent the misdirected email may be labeled careless and security leaders might be criticized for their lack of controls. This could lead to…. Job loss Unfortunately, data breaches – even those caused by a simple mistake – often lead to job losses. It could be the Chief Information Security Officer, a line manager, or even the person who sent the misdirected email. Our Psychology of Human report found 1 in 4 people who made email mistakes at work subsequently lost their jobs.   It goes to show that security really is about people. That’s why, at Tessian, we take a human-centric approach and, across three solutions, we prevent human error on email, including accidental data loss via misdirected emails.

How does Tessian prevent misdirected emails?   Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises. It turns an organization’s email data into its best defense against human error on email.   Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network.    That means that if, for example, you frequently worked with “Jim Morris” on one project but then stopped interacting with him over email, Tessian would understand that he probably isn’t the person you meant to send your most recent (highly confidential) project proposal to. Crisis averted.    Interested in learning more about how Tessian can help prevent accidental data loss and data exfiltration in your organization? You can read some of our customer stories here or book a demo.

Email is the threat vector security leaders are most worried about protecting.  It’s the most common channel for data exfiltration, fraud, and targeted attacks such as impersonation and phishing, and it’s the major point of egress for sensitive data. And, in most cases, the root cause of these incidents is human error.  Employees break the rules, make mistakes, and can easily be tricked or hacked. This begs the question: what’s the best solution? This blog evaluates legacy data loss prevention (DLP) solutions and is based on an extensive whitepaper available for download. The whitepaper provides greater depth and compares human layer security (HLS) with the legacy security solutions discussed here.   Why Aren’t Legacy Data Loss Prevention (DLP) Solutions Effective? While DLP provides value in certain cases, it does not solve the fundamental problem facing organizations – how to keep data secure in the real world where the information and attachments in emails move and are always accessible to anyone.  Once data leaves the point of control, whether at the endpoint or the network, DLP no longer has control over that content.  If your emails contain information and files that are forwarded and accidentally exposed to the wrong people, there is very little that DLP can do. In this blog, we’ll focus on the five biggest problems with legacy DLP solutions. Remember: you can download the whitepaper for a more detailed analysis. Does Not Protect Against Accidental Data Loss Rules-based approaches simply cannot detect accidental data loss – for example, when emails are sent to the wrong people or the wrong file is attached – because there are no regex or pattern matches that can be applied. This level of protection requires context that DLP just doesn’t have. But, it’s important, especially when research shows at least 800 emails are sent to the wrong person every year in organizations with 1,000+ employees. The HLS Difference: Tessian Guardian automatically detects and prevents misdirected emails and misattached files.  DLP Focuses on a Negative Control Model Legacy DLP is very strict with a binary approach to protecting data. It either allows it or blocks it. In a post-perimeter architecture, this is highly disruptive to business and unsustainable. The HLS Difference: Tessian is frictionless; it’s invisible until you need it, which has helped enterprise customers across industries prevent data loss, without impeding productivity. Read our customer stories to learn more.   Slow, Cumbersome and Non-adaptive 85% of security leaders say DLP is admin-intensive.  Legacy DLP must analyze all content and try to match it to block lists. This requires extensive analysis and the matching can be wrong as enterprise email content is constantly changing.  As content and locations get more complex, legacy DLP can develop problems very quickly.  The HLS Difference: Tessian uses contextual machine learning, and our ML models have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. Importantly, they continue to automatically adapt and learn as human relationships evolve over time. Learn more about our technology.  Difficult and Expensive to Implement While DLP may be regarded as a check-the-box solution for compliance, it is incredibly cumbersome, complex, and expensive to deploy, often requiring huge spend in professional services to implement and maintain.  Typical deployments are at least 12 months which makes it hard to justify the return on investment vs. the security it provides. The HLS Difference: With Tessian, there is no pre-configuration required, and the platform starts preventing threats within 24 hours of deployment.

Limited Threat Visibility Legacy DLP, including Email DLP, Endpoint DLP, and Network DLP offer little to no visibility into employee risk is one of the biggest challenges security and risk management leaders face.  Worse still, when insights around risk are available, it’s siloed and hard to interpret.  Insights around security awareness training exist in separate systems from insights related to threats that have been detected and prevented. There’s no integration which means security leaders can’t get a full view of their risk profile. Without integration and visibility, it’s impossible to take a tailored, proactive approach to preventing threats.  The HLS Difference: With Tessian Human Layer Risk Hub, our customers can now deeply understand their organization’s security posture with granular visibility into employee risk and insights into individual user risk levels and drivers. Learn more about Human Layer Security Tessian uses contextual machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior. Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required. Enforcer: Automatically prevents data exfiltration and other non-compliant activities on email  Human Layer Security Intelligence: Comprehensive visibility into employee risks, threat insights, and tools that enable rapid threat investigation and proactive risk mitigation Human Layer Risk Hub: Enables security and risk management teams to deeply understand their organization’s email security posture, including individual user risk levels and drivers

Phishing – in its many varieties – is the threat most security leaders are concerned about protecting their organizations against. Why? Because attacks are frequent, hard-to-spot, time-consuming to investigate, and expensive to recover from.  And legacy solutions like Secure Email Gateways (SEGs), sandboxes, DMARC, and security awareness training out there just aren’t enough. With these methods, users aren’t engaged in a meaningful way and unknown anomalies aren’t accounted for. But there’s a better way.  This blog evaluates the shortcomings of legacy phishing prevention solutions, and proposes a different approach: Human Layer Security. Note: This article is based on an extensive whitepaper available for download. The whitepaper provides greater depth as it compares Human Layer Security with the legacy security solutions discussed here. The problem with SEGs & native tools SEGs lack the intelligence to learn user behavior or rapidly adapt.  The backbone of a SEG is traditional email security approaches – static rules, signature based detection, library of known threats, etc. Meanwhile, attackers consistently evolve their techniques, email networks are dynamic in nature, and human behavior is inconsistent and unpredictable. That means rules are out of date as soon as they are created and signature-based approaches are ineffective. They can’t detect advanced impersonation, account takeover (ATO), third-party supply chain risk, or wire fraud. Worse still, SEGs don’t address other entry points like Microsoft SharePoint, OneDrive, and ShareFile, which are some of the most hacked cloud tools.  What about native controls like Microsoft ATP? O365’s native security controls do protect users against bulk phishing scams, spam, malware, and domain spoofing. And these tools are great when it comes to stopping broad-based, high-volume, low-effort attacks – they offer a baseline protection.  But, today’s email attacks have mutated to become more sophisticated and targeted.  Attackers use automation to make small, random modifications to existing malware signatures and use transformation techniques to bypass these native O365 security tools. Unsuspecting – and often untrained – users fall prey to socially engineered attacks that would be hard for even a security expert to spot.  To learn more about why Office 365 accounts are vulnerable to attack, click here. Why sandboxes fail to detect phishing attacks One of the primary ways sandboxes can fail is in phishing attempts.  Any detection made by the sandbox is dependent on a file exhibiting malicious behavior. This is easy to work around. Hackers will often send a PDF that contains a link to a malicious form to avoid detection.  Likewise, documents with a URI (Uniform Resource Identifier) have an extremely low footprint for sandboxes to detect. And the short TTL domain doesn’t leave much evidence for event analysis or threat intelligence. There are issues with latency, too. Emails, communications, downloads, and important files can take several minutes to reach their destination because of the bottleneck sandboxes can create. This is not an option in today’s modern enterprises where real-time communication and collaboration is paramount. Why DMARC isn’t enough Domain-Based Message Authentication Reporting and Conformance (DMARC), is an added authentication method that uses both SPF and DKIM to verify whether or not an email was actually sent by the owner of the domain that the user sees.  In order for DMARC to pass, both SPF and DKIM must pass, and at least one of them must be aligned. While impersonating a given domain is a common method used for phishing and other malicious activities, there are other attack vectors that DMARC does not address. For example, DMARC does not address domain impersonation attacks (i.e. sending from a domain that looks like the target being abused – e.g. exampl3.com vs. example.com), or display name impersonation (i.e. modifying the “From” field to look as if it comes from the target being abused). The other misunderstood aspect of DMARC is that enabling DMARC on your domain protects your domain from being used in a phishing attack. But to protect your organization against phishing and spear phishing attacks, all domains used in communication with your employees should have DMARC enabled on them.  But still, only one-third of businesses employ DMARC.  This makes the security of your organization dependent on other companies communicating with your organization and vulnerable to supply chain risk, especially since DMARC records are publicly available, meaning attackers can easily identify and target domains that are not registered, and thus are vulnerable to impersonation. Finally, in addition to their own internal domains, organizations are likely to use some combination of Office 365, Gmail, MailChimp, Salesforce.com and other third-party email services. But it’s a challenge to then retrofit them all with DMARC. Want to learn more? We explore the limitations of DMARC in more detail here. The limitations of security awareness training Security Awareness Training (SAT) is seen as a “quick win” when it comes to security – a box-ticking exercise that companies can do in order to tell their shareholders, regulators and customers that they’re taking security seriously.  Sadly, the evidence of these initiatives being conducted is much more important than the effectiveness of them.  And engagement is a big problem. Too many SAT programs are delivered once or twice a year in lengthy sessions. This makes it really hard for employees to remember the training they were given, and the sessions themselves have to cram in too much content to be memorable.  It’s also difficult for security leaders to trains their employees to spot today’s sophisticated attacks. That’s because SAT platforms rely on simulating phishing threats by using pre-defined templates of common threats. This is a fair approach for generic phishing awareness (e.g. beware the fake O365 password login page), but it’s ineffective at driving awareness and preparing employees for the highly targeted and continuously evolving phishing threats they’re increasingly likely to see today (e.g. an email impersonating their CFO with a spoofed domain). We explore the pros and cons of phishing awareness training here. What is Human Layer Security?  The only question left to answer is: When legacy solutions and training programs aren’t enough, how can we prevent employees from interacting with the malicious emails that land in their inbox? The answer is Human Layer Security (HLS). SEGS and native tools like O365 provide basic phishing protection, but organizations need an intelligent solution like Tessian to detect and prevent advanced inbound attacks like BEC, ATO, and CEO Fraud that make it through inbuilt bulk phishing and spam filters. Tessian Defender uses machine learning (ML) to protect your people from even the most advanced inbound threats.  Here’s how: Tessian’s machine learning algorithms analyze your company’s email data, learn employees’ normal communication patterns, and map their trusted email relationships — both inside and outside your organization. Tessian inspects both the content and metadata of inbound emails for any suspicious or unusual signals pointing to a potential impersonation, ATO, or BEC threat. For example, payloads, anomalous geophysical locations, IP addresses, email clients, and sending patterns.  Once it detects a threat, Tessian alerts employees that an email might be unsafe, explaining the threat in easy-to-understand language via an interactive notification.

Today, we announce the news that Tessian is moving to a 100% channel model, partnering with leading cybersecurity partners like Optiv Security to help enterprises secure the human layer and protect against threats caused by human error. There’s currently a gap in enterprise email security. Nearly 50% of advanced phishing emails bypass secure email gateways while legacy email solutions and data loss prevention (DLP) controls aren’t stopping employees from leaking data, accidentally or otherwise. Using machine learning, Tessian is solving these problems in a way that current technology providers can’t – opening up a huge opportunity for security-focused partners. 

Led by the company’s Chief Strategy Officer, Matt Smith, and the team who successfully built and scaled the Duo Security channel program, Tessian’s channel team has launched a best of breed, invite-only partner program and has also signed partnerships with the likes of Altinet and CTS in the UK, Asystec and Kontex in Ireland, and Nclose in South Africa. It is now looking to bring more security-centric and strategic go-to-market partners onboard to help holistically solve one of the biggest problems in enterprise security today.

“A 100% channel model means the Tessian team is ‘all-in’ on partners,” says Smith. “We’re committed to helping our partners differentiate their offerings, design new service packages and increase their profitability. Channel partners play a critical role in advising and helping CISOs and CIOs solve major security challenges – which today includes data loss and breaches caused by people. With trusted partners like Optiv, we can truly accelerate our mission of securing the human layer in the enterprise.”  “A solid cybersecurity infrastructure is a core asset to every organization. As companies become increasingly vulnerable to security threats, both intentional and unintentional, it’s vital that tested and trusted security solutions are in place,” says Ahmed Shah, senior vice president of alliances and strategic partnerships at Optiv. “We welcome the opportunity to partner with companies like Tessian that provide these types of services to enterprise clients.” To find out more about Tessian’s channel program, click here. 

Data loss prevention (DLP) and insider threat management are both top priorities for security leaders to protect data and meet compliance requirements.   And, while there are literally thousands of threat vectors – from devices to file sharing applications to physical security – email is the threat vector security leaders are most concerned about protecting.   It makes sense, especially with remote or hybrid working environments. According to Tessian platform data, employees send nearly 400 emails a month. When you think about the total for an organization with 1,000+ employees, that’s 400,000 emails, many of which contain sensitive data. That’s 400,000 opportunities for a data breach. The solution? Email data loss prevention.

This article will explain how email DLP works, consider the different types of email DLP, and help you decide whether you need to consider it as a part of your overall data protection strategy. 

What is email data loss prevention?   Essentially, email DLP tools monitor a company’s email communications to determine whether data is at risk of loss or theft. There are several methods of email DLP, which we’ll look at below. But they all attempt to: Monitor data sent and received via email Detect suspicious email activity Flag or block email activity that leads to data loss Do I need email data loss prevention?   Unless you’re working with a limitless security budget (lucky you!), it’s important to prioritize your company’s resources and target areas that represent key security vulnerabilities.   Implementing security controls is mandatory under data protection laws and cybersecurity frameworks, like the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA).   And there’s a good reason to prioritize preventing data loss on email. As we’ve said, email is the threat vector security leaders are most concerned about. We’ll explain why.    Inbound email security threats   How can malicious external actors use email to steal data? There are many methods.   Phishing—social engineering attacks designed to trick your employees into handing over sensitive data. According to the FBI, phishing is the leading cause of internet crime, and the number of phishing incidents doubled in 2020. Spear phishing—like phishing, but targeted at a specific individual. Spear phishing attacks are more sophisticated than the “bulk” phishing attacks many employees are used to. Malware—phishing emails can contain a “malicious payload”, such as a trojan, that installs itself on a user’s device and exfiltrates or corrupts data.   Email DLP can help prevent criminals from exfiltrating your company’s data. Internal email security threats While it’s crucial to guard against external security threats, security teams are increasingly concerned with protecting company data from internal actors. There are two types of internal security threats: accidental and malicious.  Accidental data loss Accidents happen. Don’t believe us?  Human error is the leading cause of data breaches. Tessian platform data shows that in organizations with 1,000 or more employees, people send an average of 800 misdirected emails (emails sent to the wrong recipient) every year. That’s two every day.    How can a misdirected email cause data loss? Misspelling the recipient’s address, attaching the wrong file, accidental “reply-all”—any of these common issues can lead to sensitive company data being emailed to the wrong person.   And remember—if the email contains information about an individual (personal data), this might be a data breach. Misdirected emails are the top cause of information security incidents according to the UK’s data regulator.   We can’t forget that misattached files are also a big problem. In fact, nearly half (48%) of employees say they’ve attached the wrong file to an email. Worse will, according to survey data:   42% of documents sent in error contained company research and data 39% contained security information like passwords and passcodes 38% contained financial information and client information 36% contained employee data   But, not all data loss incidents are an accident.   Insider threats   Employees or contractors can steal company data from the inside. While less common than accidental data loss, employees that steal data—or simply overstep the mark—are more common than you might think.   Some employees steal company data to gain a competitive advantage in a new venture—or for the benefit of a third party. We covered some of these incidents in our article, 11 Real Insider Threats.   But more commonly, employees are breaking the rules for less nefarious reasons. For example, employees send company data to a personal email address for convenience. For example, to work on a project at home or on another device.   Sending unauthorized emails is a security risk, though. Tessian platform data shows that it occurs over 27,500 times per year in companies with 1,000 employees or more. And, while – yes – it’s often not done maliciously, the consequences are no less dire, especially in highly regulated industries. So, how do you prevent these things from happening?   Email DLP solutions to consider   Research shows that the majority of security leaders say that security awareness training and the implementation of policies and procedures are the best ways to prevent data loss. And both are very important.   !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   But – as well-intentioned as most employees are – mistakes still happen despite frequent training and despite stringent policies. That means a more holistic approach to email DLP – including technology – is your best bet. Broadly, there are two “types” of DLP technology: ruled-based DLP and machine learning DLP.   Rule-based email DLP   Using rule-based DLP, IT administrators can tag sensitive domains, activities, or types of data. When the DLP software detects blacklisted data or behavior, it can flag it or block it.   Like training and policies, rule-based DLP certainly has its place in security strategies. But there are limitations of ruled-based DLP. This “data-centric” model does not fully account for the range of behavior that is appropriate in different situations.   For example, say an IT administrator asks email DLP software to block all correspondence arriving from “freemail” domains (such as gmail.com), which are often used to launch cyberattacks. What happens when you need to communicate with a contractor or customer using a freemail address?   What’s more, rule-based DLP is very admin-intensive. Creating and managing rules and analyzing events takes a lot of time, which isn’t ideal for thinly-stretched security teams.   🤖 Machine learning email DLP   Machine learning email DLP is a “human-centric” approach. By learning how every member of your company communicates, machine learning DLP understands the context behind every human interaction with data.   How does machine learning email DLP work? This DLP model processes large amounts of data and learns your employees’ communications patterns.   The software understands when a communication is anomalous or suspicious by constantly reclassifying data according to the relationship between a business and customers, suppliers, and other third parties. No rules required.   This type of DLP solution enables employees to work unimpeded until something goes wrong, and makes preventing data loss effortless for security teams.

Learn more about how Tessian’s email DLP solutions   Tessian uses contextual machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.   Our contextual machine learning models have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. And they continue to adapt and learn as human relationships evolve over time.   This enables Tessian Guardian to look at email communications and determine in real-time if particular emails look like they’re about to be sent to the wrong person or if an employee has attached the wrong file. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network. And, finally, Tessiden Defender prevents inbound threats, like spear phishing, business email compromise, and CEO fraud.    To learn more about data exfiltration and how Tessian uses machine learning to keep data safe, check out our customer stories or talk to one of our experts today. You can also subscribe to our monthly newsletter below to get more updates about DLP, compliance, spear phishing, industry trends, and more. 

We’ve said it before and we’ll say it again: cybersecurity is a team sport. That means that (like it or not) the responsibility and burden sits with everyone, including the Chief Finance Officer (CFO).  That’s right: quantifying cyber risk, navigating cyber insurance policies, and negotiating ransom with hacking groups can all be part of the job spec.  If you’re a CFO who’s struggling to understand their role in cybersecurity, keep reading. We share 7 opportunities to get involved and protect your company’s assets.  Note: Every company is different. Size, revenue, industry, and reporting structures all play a role. This is general advice meant to provide a bird’s eye view of a CFO’s potential involvement in cybersecurity. 1. Quantify risk It can be hard for the C-suite to see the value of a solution when they haven’t yet experienced any consequences without it. As the saying goes, “If it ain’t broke, don’t fix it”.  That’s why it’s so important CFOs step in to quantify risk using specific “what-if” scenarios. The most basic formula is: probability x expected cost. Let’s use the example of an email being sent to the wrong person. We know at least 800 misdirected emails are sent every year in organizations with 1,000 employees. The expected cost, of course, depends on the email content and recipient, but let’s look at the worst-case scenario. What would the cost be if your press release for an upcoming, highly confidential merger and acquisition landed in a disgruntled former employee’s inbox? How would this impact the M&A itself? The company’s reputation? Revenue? Not a risk worth taking. Learn more about the key security challenges organizations face during M&A events. 2. Benchmark spending against other organizations Just like a marketing team should use a benchmark to determine whether or not their email list is engaged, CFOs should use a benchmark to determine how much they should be spending on cybersecurity. Think of it as your North Star. Fortunately, it’s relatively easy to determine how much your competitors or industry mavericks are shelling out. At least if they’re publicly traded.  A good place to start is their S-1. Here, you’ll be able to see what percentage of the company’s revenue goes towards Sales and Marketing, Research and Development, and General and Administrative.  This should give you a good idea of how to allocate your revenue.  You can also look at more general benchmark reports. For example, according to a Deloitte study, cybersecurity spending has increased YoY, from .34% of a company’s overall revenue in 2019 to .48% in 2020.  In 2020, that equated to $2,691 per full-time employee.   Bonus: Did you know you can also benchmark your security posture against your industry peers with Tessian Human Layer Security Intelligence? Learn more.  3. Vet cyber insurance policies Today, virtually every business needs cyber liability insurance. If you run a business that stores client, customer, or partner data…you need it. But it’s money wasted if you aren’t fully familiar with the policy terms. Check to make sure your first-party cyber insurance includes: Breach response recovery (including technical and legal advice) Forensic analysis for identifying the attack source Event management (including data recovery, PR services, and notification of clients) Cyber extortion Network/business interruption (including those that are the result of an attack on a third party) Dependent business interruption Credit monitoring services Consequential reputational loss or loss of income It’s also worth exploring third-party cyber insurance to protect your company’s assets from subsequent compliance penalties and settlement costs.  For example, Facebook settled a class-action lawsuit over its use of facial recognition technology. Illinois. The case reportedly settled for $550 million for a violation of the Biometric Information Privacy Act.  Third-party cyber insurance should include: Network security failures and privacy events Regulatory defense and penalties (including coverage for GDPR liabilities) PCI-DSS liabilities and costs Media content liability  4. Communicate with the board In a sentence, the CFO is responsible for the financial security of an organization. And, in the event of a breach, financial security simply isn’t guaranteed. Don’t believe us? Check out the consequences of a breach, according to IT leaders: !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); All of these will impact a company’s bottom line, including share value and rate of growth… two things the board doesn’t want to hear and news a CFO would hate to deliver.   But this isn’t a case of shooting the messenger. The responsibility and burden of cybersecurity sits with everyone, remember?  Post-breach, the board, auditors, and other third parties will be examining how effectively budgets were allocated to prevent the worst. That’s why it’s essential the CFO is actively involved in creating and implementing cybersecurity strategies; they have skin in the game.  5. Create secure processes for the finance team While – yes – the CFO holds the power of the purse and therefore influences the overall cybersecurity strategy, they also have a massive responsibility to secure their own team’s processes. After all, the finance department is one of the most targeted, specifically by invoice fraud, wire transfer fraud, and business email compromise.  Between June 2016 and July 2019, FBI statistics show that wire transfer fraud via BEC occurred 166,349 times, and cost businesses over $26 billion. In 2019, the number of bank transfer phishing scams occurring in the UK increased by 40%. In 2017, the FBI received 15,690 complaints about BEC (primarily involving wire transfer), resulting in over $675 million in losses. In 2019, this increased to 23,775 complaints and over $1.7 billion in losses. To protect against these incidents, CFOs should work with security teams to help train employees to spot scams, implement email security software to spot suspicious domains, and create fool-proof payment validation processes. For more tips, check out this article: Everything You Need to Know About Wire Transfer Phishing. 6. Negotiate ransom in the event of a ransomware attack  This is a position no CFO wants to be in. But, more and more, we’re seeing organizations being forced to comply with cyber criminals’ extortion demands. (7 Examples of Ransomware Attacks here.) While this may seem far beyond the scope of a finance director’s role, they’re heavily involved in the process. Of course, the first question to answer is: To pay? Or not to pay? This depends on an infinite number of factors, including the data being held, the hacking group who infiltrated the network, your cyber insurance policy, the company’s liquid assets….  The list goes on.  To avoid being put between a rock and a hard place, CFOs (along with the rest of the C-Suite and security team) should take prevention seriously, including anti-malware software, patching processes, and security for email, web, and other services. Tessian can help with email by preventing ransomware attacks at the source. 7. Know how to spot a phish CFO’s are generally among the most frequently targeted by phishing attacks. They’re also frequently impersonated. It makes sense. They have access to and control over the company’s money. It’s essential, then, that CFOs are especially vigilant, know how to spot a spear phishing attack, and know what to do if they suspect an email, text, or call is malicious.  Training, technology, and processes can help. If you want to learn more about how Nudge theory plays a role, check out this article about in-the-moment warnings. Looking for more resources? Check out the following: ⚡ Relationship 15: A Framework to Help Security Leaders Influence Change ⚡ CEO’s Guide to Data Protection and Compliance ⚡ Who Are the Most Likely Targets of Spear Phishing Attacks? ⚡ Why Information Security Must Be a Priority for GCs in 2021

When our three  founders, Tim, Ed, and Tom conceived of a company initially called “CheckRecipient” in their London apartment, the path to working with the largest and most prestigious companies on the planet would have felt a long way away.  Yet here we are, 9.5 years later, already growing our base of Fortune 500 customers while plotting our journey to 50k+ employee companies and beyond.

Of course, regardless of the size of our customers, our mission is the same. We continue to empower people to do their best work, without security getting in the way. But working relationships between customers and vendors change when you go upmarket. Based on my experience of working with our largest customers, here are five challenges enterprise customers face with security vendors, and tips to help CISOs and Heads of Infosec carefully navigate the often rewarding (and always noisy) world of vendor partnerships. Vendors, vendors everywhere… So you’re a CISO at a prestigious bank, law firm, or healthcare company.  Every security vendor under the sun wants a piece of your time. This is exhausting. And frequently counterproductive. Don’t they know you also have a job to do? So, what do you do about it? Go to every meeting your vendors book in and try to work around it? Go completely quiet on all your vendors and hope that you’re getting value from the partnerships anyhow? We’ve learned with our customers that it’s worth taking control of this situation early on. 1. Categorize your vendors into a quadrant based on the current value you’re seeing and their potential value. Work with your team to sketch out a framework for current value, and then challenge your vendors to supply you with the telemetry to feed that framework. Potential value is more of a judgement call, but here are a list of questions you may want to consider.  How fast is the vendor growing?  How innovative is their roadmap?  How many of their products/services are we currently not using that we could be?  By the way, this quadrant will also be really useful when it comes to budgeting season and renewal conversations with your vendors…  Think very critically about whether you should be continuing to partner with your “Low Performers”.

2. Based on the quadrant, communicate with your vendors how often you need to connect with them. (If you want to go a step further, you can even take the lead on scheduling so meetings go in at convenient times for you.). For example, you may want to meet with your magic quadrant and high potential vendors quarterly, but the “Steady Eddies” may only require your attention once a year. Longer time to value They say that time heals all. But in SaaS, time is the biggest killer for momentum, engagement, and ultimately ROI.  That’s why the onboarding process is critical to the long-term success of a partnership.  There’s two determining steps for onboarding:  Internal Processes: For the enterprise, there is plenty of red tape and change management when it comes to deploying new tech. The most successful deployments I’ve seen involved a proactive CISO or Head of Infosec pulling as much process management forward as possible. Technical Deployment Considerations. Rome wasn’t built in a day. Likewise, enterprise tech teams will often adopt a 1-9-90 approach to deployment (e.g. a pilot 1% group of friendly users getting the tech initially, then 9%, then the rest). Those security leaders who agree on and stick to a deployment plan, encourage deployment project leads to connect regularly with the vendor, and ensure roadblocks are identified and escalated early are the most successful.  Support tickets and feature request prioritization I’ve seen support processes and feature requests work really well and in all such cases, the key is communication. Encourage your technical leads to agree up front with your vendors how best to flag high priority tickets. It’s worth keeping oversight on this to ensure it aligns with what’s strategically important to you. This is the hymn sheet that both parties can sing from when it comes to escalation and helps everyone involved avoid the old fashioned (and slightly anarchical) “who shouts the loudest” method of prioritization. The same goes for feature requests. Agree a process for tracking these and allocating a scale all the way from “deal breaker” to “nice to have” (and what’s needed now vs in the future). Strength in numbers As 1997 UK trip-hop band Olive (niche reference?) once sang: “You’re not alone”. No enterprise CISO Head of Infosec is an island. There’s often a temptation to hoard ownership of the partnership with a vendor to prevent those pesky folks running wild throughout your business. In practice, this probably achieves the opposite effect. Our most successful Tessian customers involve a broad set of stakeholders in the ownership of the vendor partnership and outsource some of the heavy lifting of demonstrating the product ROI to the vendor’s CSM. For example, at Tessian, stakeholders from the security function, IT, HR, compliance, and legal will all have a say in the successful implementation of the product. The exact same process is going on internally at Tessian, with exec sponsors, product managers, CSMs, and account executives all aligned to each enterprise account.  Integration is king (and consolidation is… prince?) Finally, the enterprise space is becoming increasingly cluttered with more and more vendors seemingly popping up every day.  You may find yourself looking at the 10s or even 100s of vendors they partner with and asking, “Do I actually feel more secure?”. It’s a fine balancing act between the skyscraper of layered defenses and the modest bungalow of a lean stack.  And the wire that connects these two buildings is – you guessed it – integration. Now, I dislike the cliche of “Make 1+1=3” (it doesn’t). But pushing your key vendors to integrate will not only improve the value you get out of them individually, it will also bring clarity to any overlap or redundancies in functionality between them. Any opportunity to trim down bulky incumbent contracts where another vendor can pick up the slack has to be considered a win. I’d emphasize that this refers to integration not just in terms of functionality, but also reporting. Over half of our enterprise clients have already enabled the SIEM API to create a “single pane of glass” view of insights that becomes tool agnostic.  For example, Investec joined us for a webinar to explain how they’re using Splunk to centralize and correlate their Tessian reporting with other tools. You can check out a summary of their tips here]. Conclusion   If you’ve made it this far I commend your ability to put up with my penchant for a metaphor… Increasingly, we’re moving away from the classic, client-vendor relationships and towards a more symbiotic model of shared goals. This is vastly more conducive to getting holistic value for what you pay for.  The bottom line: the foundation for any halfway decent partnership is good communication. That’s not “communication” in the sense of spending hours on calls with a vendor every day. What it does mean is early alignment with them on what it is you hope to achieve through working together – that way we all really are singing from the same hymn sheet 🎼

Training is an essential part of every organization’s security strategy.  Monthly phishing simulations can help employees spot inbound attacks. Quarterly training sessions can help reinforce existing policies and procedures around data handling and password hygiene. And introducing new joiners to the cybersecurity team during onboarding is a great way to build a positive security culture. But sadly, even with all of this, employees still get phished, still ignore or workaround cybersecurity policies, and still mishandle data.  43% of employees say they’ve made a mistake at work that compromised cybersecurity 77% of employees reuse passwords  45% of employees say they’ve exfiltrated data before leaving or after being dismissed from a job Why? Because security just isn’t top of mind for the average person. That’s why security leaders have to find ways to consistently educate their people and reinforce policies. In-the-moment warnings can help.  What are in-the-moment warnings? When Tessian detects a threat (for example, a spear phishing email or an attempt at data exfiltration) employees see a warning message. It’s written in plain English, and offers context around why the email was flagged. A picture’s worth a thousand words, right? Here are a few examples.

Think of these as a sort of “yield” sign. They introduce a pause and give employees the information they need to make the right decision. If they realize “Oops! I certainly was about to send that email to the wrong person” or “Yes! This email does seem a little fishy”, they can easily change the recipient’s email address or mark the email as malicious. All it takes is a single click. Crisis (and breach) averted.  Importantly though, these in-the-moment warnings do more than just prevent threats in real-time. They help change employees’ security behavior long-term, and nudge them towards safer online behavior. Nudge theory 101 Without diving too deeply into behavioral economics, let’s look at Nudge theory.  There are 5 stages of behavior change: Precontemplation: The person is unaware of the problem. That means it’s your job to create awareness. Contemplation: The person is aware of the problem and the desired behavior change. The key here is to persuade and motivate them to act. Preparation: The person intends to take action. You just need to help them understand what to do and how. Action: If you facilitate it, the person can practice the desired behavior. Maintenance: Finally, by reinforcing the behavior regularly, the person can work to sustaining the behavior change In a sentence, Nudge theory uses indirect suggestions and positive reinforcement to influence behavior. 

So, what does this look like in the context of cybersecurity? And where do in-the-moment warnings come in? Let’s go back to the tried and tested example of phishing.  While Joe, your Accounts Payable Manager, is familiar with the term “phishing” and understands that bad actors do target people via email, he thinks the average attack is easy to spot. Poor formatting. Unpersonalized. Grammatical errors. A “too-good-to-be-true” offer.  Step 1 is to create awareness. This is generally done through “standard” training programs. (If you’re looking for a bank of spear phishing examples, check out our Threat Catalogue.) Now that Joe has a better idea of how sophisticated phishing attacks are, he’ll do his best to spot them and knows that – if he is targeted – he should report the email to the cybersecurity team.  ✅ Precontemplation ✅ Contemplation ✅ Preparation Next, you have to let Joe “practice”. A lot of security leaders rely on phishing simulations for this. The problem is, oftentimes, employees can feel like they’re being tricked instead of educated.  Take this for example. Or this. The bottom line: well-intentioned phishing simulations can have a negative impact on security culture.  It’s also worth pointing out that while phishing simulations can introduce employees to many different types of phishing attacks, they can’t possibly prepare them for every type of incident. Even the most cyber-savvy people can fall for advanced spear phishing attacks.  That’s where Tessian in-the-moment warnings come in. Tessian would enable Joe to “practice” every time he sends or receives an email – without feeling like he’s being tricked – by offering context and reinforcing phishing awareness. If Joe receives a potentially malicious email, he’s given the information he needs to determine whether to delete it, or open it. And this isn’t just once a month. Tessian is always working silently in the background to detect threats and help employees like Joe make the right decisions. Every warning is a learning opportunity. ✅ Action ✅ Maintenance How can in-the-moment warnings bolster your training program and improve your security posture? We’ll start by saying that in-the-moment warnings aren’t a silver bullet. (Silver bullets don’t exist in cybersecurity!) But, in concert with technology, policies, and processes, they’ll help you consistently improve your organization’s security posture

Tessian customers have seen click-through-rate on phishing simulations drop below 1% after deploying Tessian. And, on average, customers see an 84% reduction in data exfiltration. (For reference, according to KnowBe4’a 2021 Phishing By Industry Benchmarking Report, 31.4% of untrained employees fail phishing simulations…) But it’s not just about the numbers. It’s also about how employees interact with the tool. According to Else Ferreira, CISO at Evercore, “They say security is a thankless job. But Tessian was the first security platform that we deployed across the organization where I personally received “thank you’s” from employees who would have made a mistake with potentially dire consequences, but didn’t because of Tessian”. Looking for more customer stories? Click here.

Gartner has released their Market Guide for Data Loss Prevention, and we are honored to be included as a Representative Vendor. According to the latest Market Guide for Data Loss Prevention “The enterprise DLP market is mature, but integrated DLP and cloud-provider-native DLP solutions offer emerging capabilities that are much needed by security and risk management leaders starting DLP programs.” “This research offers guidance on market trends and their impact on data security strategies.”.  You can get the entire report here. Key takeaways from the Gartner Market Guide for Data Loss Prevention According to Gartner, “The market for DLP technology includes offerings that provide visibility into data usage and movement across an organization, as well as dynamic enforcement of security policies based on content and context at the time of actions on data. DLP technology seeks to address data-related threats, including the risks of inadvertent or accidental data loss and the exposure of sensitive data, using monitoring, alerting, warning, blocking and other remediation features.” Accidental data loss is a problem that was often simply considered the cost of doing business and impossible to solve — until now. With Gartner’s acknowledgment of accidental data loss, we believe that the industry is seeing a fundamental shift in this thinking, and clearly shows that more enterprises understand that it represents a massive DLP risk. In addition to this broad overview of DLP technology capabilities, Gartner recommends security and risk management leaders with a responsibility for data security and compliance should: “Define a DLP strategy, select DLP products and execute proofs of concept with the objective of supporting a process, rather than finding solutions to address narrow needs.” “Identify pre-existing DLP capabilities in the security products that their organization already owns, and use these to fulfill DLP requirements. How has the DLP vendor landscape changed over the last year?  As Gartner states, since the previous 2020 edition of the Market Guide for Data Loss Prevention, there have been several notable changes in the vendor landscape. In fact, Gartner fielded “32% more client inquiries on the topic of DLP than in 2019”. Here at Tessian, we believe that this is due to more enterprises beginning to reevaluate their DLP programs with the move to Microsoft 365 and more cloud-based applications. They also found “many DLP vendors providing managed DLP services, which remain appealing to many organizations, specifically small and midsize enterprises and those with limited resources to allocate to the implementation of a DLP program.”  Likewise, “Many DLP vendors also provide data classification services, which are essential for successful DLP implementation. The labeling and tagging of data simplifies the DLP process, as organizations can easily distinguish sensitive data from nonsensitive data”.

This fits well with our observations of the industry and aligns with what our customers express as well.  Tessian’s approach for the new era of data loss prevention Forward-thinking enterprises increasingly view legacy DLP tools as a strategic risk and are looking for alternatives. In fact, 85% of security leaders say DLP is admin-intensive.  Recent M&A activity has led to uncertainty in the market (Symantec acquired by Broadcom, Forcepoint acquired by PE firm) and enterprise DLP has seen little innovation in the last few years. For example, we see Microsoft’s strategy as providing “baseline” DLP across all interfaces in their ecosystem (Email, Chat, File-sharing, Web, Endpoint) and this is commoditizing the rule-based approach offered by legacy tools.  As a result, enterprises are phasing out irrelevant legacy DLP tools and are considering what to replicate, remove, or re-think. This includes Microsoft 365, as many organizations are now assessing Microsoft DLP overlap with their existing legacy DLP stack. Many enterprises will use some vendors’ built-in DLP to address basic use cases but look to Tessian to solve critical and advanced human-centric risks to solve the bulk of their DLP challenges, including data loss caused by human error which Legacy DLP is unable to prevent. Over time, enterprises will adopt a hybrid approach and leverage integrations to get the most out of their investments in each product. Tessian’s Data Loss Prevention in our Human Layer Security Platform offers outbound protection on email (the threat vector most security leaders are concerned about protecting) and satisfies criteria outlined in the report — anomaly detection, data protection, post delivery protection, and offers these protection for both web and mobile devices. Here’s how. Powered by machine learning, our Human Layer Security platform understands normal email behavior by analyzing content, context, and communication patterns from historical email data to establish trusted relationship graphs. Tessian can then detect anomalies in real-time using those employee relationship graphs alongside deep content analysis, natural language processing, and behavioral analysis.  Tessian Guardian automatically detects and prevents accidental data loss from misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts and ensures compliant email activity

Importantly, in addition to threat prevention, Tessian offers several features that help ease the burden on SOC and compliance teams, and give key stakeholders peace of mind.  Automated protection: Tessian automatically detects and prevents data loss. No rules, re-configuration, maintenance of allow/denylists, or manual investigation required.   Data-rich dashboards: With Tessian, security teams have clear visibility of data loss incidents, who triggered them, and what data was involved. This demonstrates clear ROI and makes auditing and reporting easy.  In-the-moment training: When a potential data loss incident is detected, real-time warnings are triggered that explain exactly why the email was flagged. These warnings are written in plain, easy-to-understand language which reinforce training and policies and help employees improve their security reflexes over time

Gartner, Market Guide for Data Loss Prevention, June 2021 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

There’s a big problem in cybersecurity. Despite stricter data compliance standards, incredible technological innovation, and more investment from businesses, data breaches are at an all-time high. In fact, businesses are at risk of insider and outsider threats, with a reported 67% increase in the volume of security breaches over the past five years.   Why is this happening? Because, historically, security solutions have focused on securing the machine layer of an organization: networks, endpoints and devices. But the majority of these solutions provide blunt protection, rely on retroactive threat detection and remediation, and don’t protect a businesses’ most important asset: its employees.   So, when you can get a firewall to protect your network, and EDR to protect your devices, what do you get to protect your people? Human Layer Security.

What is Human Layer Security?

Tessian’s Human Layer Security technology understands human behavior and relationships, enabling it to detect and prevent dangerous activity. Importantly, Tessian’s technology learns and adapts to how people work without getting in the way or impeding productivity.   We created this category over four years ago, and its been the thesis for both our Series B fundraise and, most recently, our Series C fundraise. Today, Tessian solutions are deployed at enterprise companies across industries,  detecting and preventing millions of inbound and outbound threats on email, including malicious data exfiltration attempts, accidental data loss via misdirected emails and misattached files, and spear phishing attacks. 

Why do we need Human Layer Security? Your employees now control both your systems and your data. But people make mistakes, people break the rules, and people can be deceived. 88% of data breaches are caused by human error, with AIG reporting “human errors and behavior continue to be a significant driver of cyber claims.”   It makes sense. Employees can transfer millions of dollars to a bank account in a few clicks and can share thousands of patient records in an Excel file in a single email. You can read more about The Psychology of Human Error here.   So, instead of expecting people to do the right thing 100% of the time, we think it’s better to preempt these errors by detecting and preventing them from happening in the first place. Each of our solutions – Tessian Enforcer, Tessian Guardian, and Tessian Defender – is uniquely positioned to do just that. People break the rules Whether done maliciously or accidentally, people in every organization can (and do) break the rules. Those rules can be related to anything, from a password policy to how sensitive information is stored. But, what about rules related to data exfiltration?   Oftentimes, employees are blissfully unaware. They’re not familiar with the policies themselves or the consequences of poor data handling. So, they think nothing of emailing company information to their personal email account to print at home, for example.   But not all employees are well-intentioned. Case in point: In late-2019, an employee at a cybersecurity and defense company sold 68,000 customer records to scammers. This isn’t an isolated incident. According to one report, 45% of employees say they’ve taken work-related documents with them after leaving or being dismissed from a job and, according to another, more than half of UK employees admitted to stealing corporate data. A quarter of those would be willing to do so for less than £1,000.   Tessian Enforcer prevents data exfiltration attempts (both malicious and negligent. Looking for more real-world examples of malicious and negligent insiders? Read this article.

People make mistakes From a simple typo to a misconfigured firewall, mistakes are inevitable at work. To err is human! In fact, 43% of employees say they’ve made a mistake at work that compromised cybersecurity.  Unfortunately, though, the consequences of these mistakes can be severe.   Imagine an employee sends a misdirected email. Penalties and fines could be incurred, customer trust could plummet, and reputational damage could be long-lasting. And those are just the consequences to the larger organization. Individuals will likely suffer, too.   We all know the sinking feeling of making a mistake. But, misdirected emails cause employees more than red-faced embarrassment and anxiety. These accidents put people at risk of losing their jobs.   Tessian Guardian detects and prevents misdirected emails and misattached files so that the right email and the right files are always shared with the right person.

People can be deceived Businesses of all sizes and across industries work with a web of suppliers, contractors, and customers. And, most use email to communicate. That means it’s easy for hackers to impersonate internal and external contacts. Business Email Compromise (BEC) attacks increased by over 100% in the last two years.   Worse still, the odds are against businesses and their employees. While a hacker only has to get it right once, we are expected to get it right every time.   So, what happens if one employee is successfully tricked one time by a spear phishing email and wires money, shares credentials, or otherwise helps a hacker gain access to your network? The average breach costs organizations $3.92 million. But, these costs can be avoided with technology like Tessian Defender that detects and prevents advanced impersonation attacks.

Why focus on email? At Tessian, our mission is to secure the human layer. And we know that to be truly effective, Human Layer Security must protect people whenever and however they handle data. But, we’re starting with email. It’s the most popular (we spend 40% of our time on it) and riskiest (most breaches happen here) communication channel. It’s also the threat vector IT leaders are most worried about.

You’re probably wondering how Tessian compares to other solutions and how our technology would fit in your larger security framework. We’ll tell you. Tessian vs. Rule-Based Technology Traditional email security solutions are blunt instruments that tend to be disruptive for employees and admin-intensive for security teams who have to continuously create and maintain thousands of rules.   Don’t believe us? 85% of IT leaders say rule-based DLP is admin-intensive and over half of employees say they’ll find a workaround if security software or policies make it difficult or prevent them from doing their job.   The fact is, manually classifying emails, tagging emails sent to external contacts, encryption, and pesky pop-ups are roadblocks that slow the pace of business and create friction between security teams and other departments. Worse still, these older technologies just can’t be configured to adequately defend against all the ways people make mistakes or cut corners on email. Tessian is automated. No rule-writing, manual investigation, or configuration required.   Tessian vs. Training Training is a necessary part of every security strategy. But, the majority of employees aren’t trained frequently enough and lessons don’t always stick. Employees also tend to struggle applying what they’ve learned in training to real-world situations.   But we can’t blame employees. The average person isn’t a security expert and hackers are crafting more and more sophisticated attacks. It’s hard for even the most security-conscious among us to keep up. That’s why security leaders need to invest in technology that bolsters training and reinforces policies and procedures. That way, employees can improve their security reflexes over time.   That’s where Human Layer Security comes in. Tessian warnings act as in-the-moment training for employees. And, because Tessian only flags 1 in 1,000 emails on average, when a pop-up does appear, employees pay attention.

Tessian Human Layer Security technology Tessian deploys within minutes, learns within hours, and starts protecting in a day. Human Layer Security works by understanding and adapting to human behavior. Our machine learning algorithms analyze historical email data and build a unique security identity for every employee based on relationships and communication patterns.  The best part is: these ML models get smarter and better over time as more data is ingested.   This helps the technology establish what normal (and abnormal) looks like and allows Tessian to automatically predict and prevent security breaches on email across devices.   For every inbound and outbound email, our ML algorithms analyze millions of data points, including:   Relationship History: Analyzing past and real-time email data, Tessian has a historical view on all email communications and relationships. For example, we can determine in real-time if the wrong recipient has been included on an outbound email; if a sensitive attachment is being sent to a personal, non-business email account; if an inbound email with a legitimate-looking domain is a spoof Content & context: Using natural language processing to analyze historical email data, Tessian understands how people normally communicate on email and what topics they normally discuss. That way, our solutions can automatically detect anomalies in subject matter (i.e. project names) or sentiment (i.e. urgency), which might indicate a threat.   Best of all, all of this analysis happens silently in the background and employees won’t know it’s there until they need it. Tessian stops threats, not business. And not flow. And, with Human Layer Risk Hub, our customers can now deeply understand their organization’s security posture with granular visibility into employee risk and insights into individual user risk levels and drivers.   This is the only solution that offers protection, training, and risk analytics all in one platform, giving security and compliance leaders a clear picture of your organization’s risk and the tools needed to reduce that risk. First, you protected our networks. Then, you protected our devices. Now, you can protect your people with Tessian’s Human Layer Security.

With cybersecurity threats on the rise, it’s time to strengthen your organization’s defenses. In-person events and online webinars can help. They give security, compliance, and business professionals a chance to discuss what’s top of find, share advice, and network. To help you learn and level-up your cyber strategy, we’ve selected ten cybersecurity events to attend throughout July.  There’s something on our list for every niche—whether you’re a CISO, an infosec analyst, or just someone who wants to learn more about this crucially important discipline. With some pandemic restrictions still in place, many of our events are taking place online, but be sure to confirm this before you attend. Hardwear.io Security Trainings and Conference: July 5-10, 2021 Register here: https://hardwear.io/usa-2021/register.php This six-day event features in-depth training sessions on all things hardware security, including assessing and exploiting PLCs, reverse engineering integrated circuits, and attacking Secure Boot. Who should attend? Hardware security is a pretty niche field, so you won’t want to miss this event if you’re involved in this sector—it’ll be a great opportunity to learn from your peers and get in a (virtual) room with like-minded professionals. Confirmed speakers Yongdae Kim, Professor in the Department of Electrical Engineering at KAIST Colin O’Flynn, CTO, NewAE Technology Inc. Mathieu Stephan, Electronics Engineer, ViaSat Inc. The Official Cyber Security Summit, St. Louis/Oklahoma City (Online): July 7, 2021 Register here: https://cybersecuritysummit.com/summits/ Having run for nearly 30 years, this conference has earned the right to call itself The Official Cyber Security Summit. With sessions on insider threats, the future of cloud security, and the rise of ransomware, this event is a great way to learn from and engage with infosec leaders. Who should attend? The Official Cyber Security Summit is a great place for CISOs and other security professionals looking for an eclectic program to help them develop their knowledge and careers—and earn eight CPE credits in the process. Confirmed speakers Deron McElroy, Chief of Cybersecurity Services, Cybersecurity and Infrastructure Security Agency, US DHS Quinn Carman, Director of Operations, The NSA, Red Team Richmond Cyber Security Forum: July 7, 2021 Register here: https://www.richmondevents.com/ The Richmond Cyber Security Forum offers a mix of keynotes, workshops, and personal development sessions. You’ll get to meet and mingle with peers, and secure some face-to-face time with the U.K.’s cybersecurity industry leaders. Who should attend? There are two main reasons to attend this event: as a delegate—to exchange ideas with like-minded security professionals in an informal setting, or as a supplier—to gain access to 100 senior decision-makers in the cyber sector. Confirmed speakers The conference agenda is available on request. Previous speakers include: Sophie Hackford, Co-Founder, 1715 Labs Jamie Woodruff, Ethical Hacker David Rowan, former Editor, Wired UK. IAPP Asia Privacy Forum: July 12, 2021 Register here: https://iapp.org/conference/iapp-asia-privacy-forum/ The International Association of Privacy Professionals (IAPP) is the best-respected industry accreditation body for privacy—and they sure know how to put on a great conference. This IAPP event will consider how privacy regulation is developing in Asia in terms of consumer rights, privacy-enhancing tech, data management, and more. Who should attend? If your company operates in Asia, then your Data Protection Officers, privacy counsels, and any other privacy or security-focused professionals will benefit from attending this event—to keep abreast of the latest regulatory developments in the region. Confirmed speakers Tan Kiat How, Commissioner, Personal Data Protection Commission of Singapore Raymund Liboro, Chairman and Commissioner, Philippines National Privacy Commission Stephen Kai-yi Wong, Privacy Commissioner, Privacy Commissioner for Personal Data, Hong Kong, China ISMG Virtual Cybersecurity Summit: Government: July 13-14, 2021 Register here: https://www.ismgcorp.com/ismg-summit/registration Recent high-profile cyberattacks on public agencies and critical infrastructure have sharpened governments’ focus on cybersecurity. Information Security Media Group (ISMG)’s conference provides insights from the people responsible for driving public policy on decision-making. Who should attend? Most sessions at the ISMG Virtual Cybersecurity Summit: Government focus on the role of the CISO. This event is an opportunity for security leaders in your organization to gain insight into the upcoming changes and challenges that might arise from government intervention in cybersecurity. Confirmed speakers Brandon Wales, Acting Director, Cybersecurity and Infrastructure Security Agency (CISA) Jim Weaver, Secretary for Information Technology/State CIO, State of North Carolina Dave Lewis, Global Advisory CISO, Duo Security at Cisco Infosecurity Europe: July 13-15, 2021 Register here: https://rfg.circdata.com/publish/InfoSec2021/simplereg.aspx Infosecurity Europe is the meeting place for infosec’s “finest minds”, with a great range of sessions from a truly impressive line-up. The conference will feature panels on building security-awareness culture, mitigating the risk of insider threats, developing a “human-centric” approach to cybersecurity, and more. Who should attend? Infosecurity Europe will cover everything from basic security principles to advanced practice, so CISOs and IT leaders should not miss this event—and should make sure anyone in their organization with a stake in cybersecurity attends with them. Confirmed speakers Mikko Hypponen, Researcher, F-Secure Dr. Kevin Jones, Global CISO, Airbus Dr. Victoria Baines, Visiting Research Fellow, University of Oxford p.s., we’ll be there! More information about our speaking slot and (virtual) booth coming soon.  Policing Cybercrime Digital Conference: July 16, 2021 Register here: https://westminsterinsight.com/booking/3632 Nearly half of all crime in England and Wales is committed online. The Policing Cybercrime conference brings together cybercrime experts to explore how law enforcement and other stakeholders can respond to online threats. Who should attend? Attend the Policing Cybercrime Digital Conference if you want to understand how society is responding to the cybercrime epidemic—whether you’re involved in law enforcement, government, the justice system, private industry, international organizations, or academia.  Confirmed speakers Stuart Hyde QPM, Vice President Development, Society for the Policing of Cyberspace Virginia Eyre, Deputy Director Cyber Policy, Home Office Nigel Leary, T/Deputy Director, National Cyber Crime Unit, National Crime Agency International Conference on Networks and Communications (NCO 2021): July 24-25, 2021 Register here: https://icaita2021.org/nco/ The seventh International Conference on Networks and Communications (NCO 2021) is a forum for experts to share their knowledge of computer networks and data communications, including network security, cloud computing, and machine learning. Who should attend? The conference is well-suited to CISOs looking to understand the latest technical developments in their field, together with engineers, computer scientists, and academics. Confirmed speakers Haluk Altay, Turkish Aerospace, Turkey Vikas Thammanna Gowda, Wichita State University, USA Hoda Nematy, Malek-Ashtar University of Technology, Tehran RANT Radio: Mutated Cyber: July 28, 2021 Register here: https://events.rantcommunity.com/RANTRadiowithTrendMicro While many industries have suffered due to COVID-19, cybercrime has prospered. RANT Radio’s Mutated Cyber conference will explore “the ‘was’, ‘is’ and ‘will be’ of cybercrime in a post-pandemic age.” Who should attend? CISOs and CEOs with teams working from home should learn a lot from this conference, which will focus on how the pandemic has caused a rise in social engineering attacks. Confirmed speakers Donna Goddard, Director, Cyber Information Security, London Stock Exchange Group (LSEG) Kathryn Cardose, Senior Manager, Security Operations, Virgin Money Myla Pilao, Director Technical Marketing, Trend Micro Black Hat USA: July 31-August 3 2021 Register here: https://blackhat.informatech.com/2021/ Black Hat USA is 24 years old, and there’s a good reason this event has stuck around for so long. Black Hat USA provides a package of advanced training courses, on infosec topics as diverse as vulnerability research, securing Windows infrastructure, using adversarial AI for hacking—plus briefings from infosec thought leaders. Who should attend? Black Hat USA is a must-attend for any infosec professional looking to level up their skills, learn from industry leaders, or understand the latest techniques in their adversaries’ toolkits. Confirmed speakers Craig Young, Principal Security Researcher, Tripwire Qian Wenxiang, Senior Security Researcher at Tencent Blade Team Paula Januszkiewicz, CEO and Founder, CQURE Inc. p.s., we’ll be there! More information about our speaking slot and booth location coming soon.

Organizations often focus their security efforts on threats from outside. But increasingly, it’s people inside the organization who cause data breaches. There was a 47% increase in Insider Threat incidents between 2018 and 2020, including via malicious data exfiltration and accidental data loss. And the comprehensive Verizon 2021 Data Breach Investigations Report suggests that Insiders are directly responsible for around 22% of security incidents. So, what is an insider threat and how can organizations protect themselves from their own people?

Importantly, there are two distinct types of insider threats, and understanding different motives and methods of exfiltration is key for detection and prevention. Types of Insider Threats The Malicious Insider

Malicious Insiders knowingly and intentionally steal data, money, or other assets. For example, an employee or contractor exfiltrating intellectual property, personal information, or financial information for personal gain.  What’s in it for the insider? It depends. Financial Incentives Data is extremely valuable. Malicious insiders can sell customer’s information on the dark web. There’s a huge market for personal information—research suggests you can steal a person’s identity for around $1,010. Malicious Insiders can steal leads, intellectual property, or other confidential information for their own financial gain—causing serious damage to an organization in the process. Competitive Edge Malicious Insiders can steal company data to get a competitive edge in a new venture. This is more common than you might think.  For example, a General Electric employee was imprisoned in 2020 for stealing thousands of proprietary files for use in a rival business. Unsurprisingly, stealing data to gain a competitive edge is most common in competitive industries, like finance and entertainment. The Negligent (or Unaware) Insider 

Negligent Insiders are just “average” employees doing their jobs. Unfortunately, “to err is human”… which means people can—and do—make mistakes. Sending a misdirected email Sending an email to the wrong person is one of the most common ways a negligent insider can lose control of company data. Indeed, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches.  And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. We’ve put together 11 Examples of Data Breaches Caused By Misdirected Emails if you want to see how bad this type of Insider Threat can get. Phishing attacks Last year, 66% of organizations worldwide experienced spear phishing attacks. Like all social engineering attacks, phishing involves tricking a person into clicking a link, downloading malware, or taking some other action to compromise a company’s security. A successful phishing attack requires an employee to fall for it. And practically any of your employees could fall for a sophisticated spear phishing attack. Want to know more about this type of Negligent Insider threat? Read Who Are the Most Likely Targets of Spear Phishing Attacks? Physical data loss   Whether it’s a phone, laptop, or a paper file, losing devices or hard-copy data can constitute a data breach. Indeed, in June 2021, a member of the public top-secret British military documents in a “soggy heap” behind a bus stop. Looking for more examples of Insider Threats (both malicious and negligent?) Check out this article: 17 Real-World Examples of Insider Threats How can I protect against Insider Threats? As we’ve seen, common Insider Threats are common. So why is so hard to prevent them? Detecting and preventing Insider Threats is such a challenge because it requires full visibility over your data—including who has access to it. This means fully mapping your company’s data, finding all entry and exit points, and identifying all the employees, contractors, and third parties who have access to it. From there, it comes down to training, monitoring, and security. Training While security awareness training isn’t the only measure you need to take to improve security, it is important. Security awareness training can help you work towards legal compliance, build threat awareness, and foster a security culture among your employees. Looking for resources to help train your employees? Check out this blog with a shareable PDF. Monitoring Insider Threats can be difficult to detect because insiders normally leverage their legitimate access to data. That’s why it’s important to monitor data for signs of potentially suspicious activity. Telltale signs of an insider threat include: Large data or file transfers Multiple failed logins (or other unusual login activity) Incorrect software access requests Machine’s take over Abuse by Service Accounts Email Security The vast majority of data exfiltration attempts, accidental data loss incidents, and phishing attacks take place via email. Therefore, the best action you can take to prevent insider threats is to implement an email security solution. Tessian is a machine learning-powered email security solution that uses anomaly detection, behavioral analysis, and natural language processing to detect data loss. Tessian Enforcer detects data exfiltration attempts and non-compliant emails Tessian Guardian detects misdirected emails and misattached files Tessian Defender detects and prevents spear phishing attacks How does Tessian detect and prevent Insider Threats? Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects the content and metadata of inbound emails for any signals suggestive of phishing—like suspicious payloads, geophysical locations, IP addresses, email clients—or data exfiltration—like anomalous attachments, content, or sending patterns. Once it detects a threat, Tessian alerts employees and administrators with clear, concise, contextual warnings that reinforce security awareness training