Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Live Webinar | Ready to Supercharge Your Microsoft Environment? Yes, sign me up!

Human Layer Security

90% of data breaches are caused by human error. Stay up to date on the latest tips, guides, and industry news on Human Layer Security.

ATO/BEC Email DLP Human Layer Security Customer Stories
13 Things We Learned at Tessian Virtual Human Layer Security Summit
18 June 2020
Tessian’s Virtual Human Layer Security Summit was an incredible success thanks to our partners, speakers, and – of course – all of those who attended. Over 1,000 security, IT, compliance, business, and HR professionals watched as we explored how business models have changed, what these changes mean for all of us, and what to expect over the next several months. If you weren’t able to tune into the Summit yesterday, don’t worry! You can watch the full video below or access it on-demand. We’ve summarized some of the key points into relevant and actionable advice. Share these with your co-workers, share them on social media, or bookmark this blog for yourself. Here’s what we learned at Tessian Virtual Human Layer Security Summit.
1. We must treat our employees with empathy and compassion.  While the event was focused on cybersecurity and tech, one of the most important takeaways from the day is about being human. The Summit kicked off with an important reminder from Bobby Ford, Vice President and Global CISO at Unilever: “We’re not just working from home, we’re working from home during a crisis.” While – yes – we’re all trying to conduct “business as usual”, all of us are dealing with unique challenges. Many parents have suddenly taken on the roles of teachers, and living rooms have been transformed into makeshift co-working spaces for partners and roommates. And this doesn’t even account for the emotional stress of a global pandemic and current social and political unrest.  There’s a lot to navigate, process, and overcome, and many of us are distracted, stressed, and anxious. And that’s okay. As leaders and as humans, we have to be empathetic and compassionate. We have to take the mental wellbeing of our employees seriously and give them the tools, resources, and support they need to thrive, wherever they’re working.
2. The secure thing to do should be the easiest thing to do.  Let’s face it. Security isn’t the average employee’s top priority. They just want to do their job. Over half (54%) of employees say they’ll find a workaround if security software or policies make it difficult or prevent them from doing their job.  That’s why it’s so important that we implement policies, procedures, and tech that’s frictionless.  Bobby put this into perspective with an example from his own life.  When you’re a parent helping your son or daughter learn how to walk, what do you do? Child-proof the house and get outta the way! That’s what we need to be doing as security leaders. Make sure the most secure path is the path of least resistance, whether that’s ensuring your employees have a secure way to print and dispose of documents or implementing flexible BYOD policies.  3. Detection and prevention alone aren’t enough.  We all work hard to detect and prevent both inbound and outbound threats. And, while even that isn’t always easy, that’s not our only job. We also have to have to maintain visibility of risks, manage teams that are often thinly stretched, move quickly from investigation to remediation, and communicate threats to executive teams.  Almost impossible, right? Not anymore.  Tessian’s Group Product Manager, Harry Wetherald and Product Marketing Manager, Shanthi Shambathkumar, announced some very exciting news during the Summit: the launch of Human Layer Security Intelligence. With HLS Intelligence, security leaders can now predict, prevent, and protect against threats with zero manual investigation. That means you can continuously and proactively downtrend risks in your organization. Want to learn more? We outline all the benefits of Human Layer Security Intelligence and explore use cases on our blog: Introducing Tessian Human Layer Security Intelligence. 4. Executive teams must invest in security now.  While cybersecurity has historically been a siloed department, it’s becoming more and more integrated with overall business functions. In fact, it can actually be a business enabler and a unique selling point for customers and prospects.  But, only if your organization is secure. And, as Clive Novis, Chief IT Risk Officer at Investec pointed out, it takes a village to ensure data is protected which means cybersecurity initiatives must get support from senior executives first. During the customer panel discussion, he said “The tone is set from the top in terms of the security culture. They help ensure not only that controls are effective, but that those controls are consistent across the globe.” Needless to say, this is more important now than ever. As we continue to adapt to new remote and hybrid working structures, many of us are introducing new policies and solutions and we need buy-in across departments for these policies and solutions to work. 5. Email is the #1 threat vector.  Over the last few months, we’ve heard a lot about the dangers of Zoombombing. But, we’ve heard even more about COVID-19 themed phishing attacks, Tax Day scams, and 2020 Census scams. (Jump to #7 for more information.) With that said, email is the threat vector most security and IT leaders are concerned about.
It makes sense. Over 124 billion business emails are sent and received every day and employees spend 40% of their time on email sharing memos, spreadsheets, invoices, and other sensitive information and unstructured data. It’s a gold mine. The bottom line: We need to be leveling up our DLP efforts on email. 6. Security incidents are happening up to 38x more than IT leaders currently estimate.  During the Summit, Tessian Co-founder and CEO Tim Sadler presented some of the key findings from our most recent report The State of Data Loss Prevention 2020. Our research reveals that data loss on email is a bigger problem than most realize, that remote-working brings new challenges around DLP, and that the solutions currently deemed most effective may actually be the least. While we addressed the frequency of misdirected emails and malicious data exfiltration, one of the most startling facts involves employees sending company data to personal email accounts.  At Tessian, we call these unauthorized emails, and according to our platform data, they’re being sent 27,500 times a year in organizations with 1,000 employees. Meanwhile, IT leaders estimate just 720 are sent. That’s a big difference and highlights the need for effective data loss prevention solutions.  Follow the links to learn more about how Tessian detects and prevents accidental data loss and data exfiltration attempts.  7. Phishing is still a big problem.  While phishing has always been a problem for organizations, we’ve seen a marked spike in incidents over the last few months. And it’s not just Tessian who has taken note. Elvis Chan, Supervisory Special Agent, National Security at the FBI has, too.  For him, phishing is the biggest risk.
What does this mean for you? Continue educating your employees about the risks associated with phishing and how to spot these attacks and ensure they’re protected with tech.  8. Security policies don’t stick unless they’re continuously reinforced.  We’ve said it before, but we’ll say it again: The average employee doesn’t care about security as much as you do. They just want to do their job. That means we have to continuously reinforce security policies, especially now that workforces are distributed.  But, repetition isn’t enough.  We have to communicate in terms our employees understand. Angela Henry, Business Information Security Officer at Rand Merchant Bank, recommends educating employees on business data privacy best practice alongside consumer data privacy best practice. Share tips that are relevant to their personal lives. Offer advice on how to keep their children secure online. Prepare resources around how to stay safe on e-commerce sites. Not only does this help foster a positive security culture in the office, but it also helps employees stay safe and secure at home.  9. …And policies aren’t effective unless they’re bolstered by technology.  While educating employees about policies is a vital part of any security strategy, it isn’t enough to prevent inbound and outbound threats and subsequent data breaches.  After all, we’re only human. We break the rules, make mistakes, and can be easily tricked. In fact, 44% of breaches are caused by human error. Elvis summed it up nicely when he said, “Even if we’re at technology 5.0, we’re still at human being 1.0.”  So, what do we do? Garrett recommends bolstering training with technology to ensure that people aren’t the last line of defense, saying “My ultimate view is that user awareness training is fine but – in mathematical terms – it’s necessary but not sufficient. I think it needs to be used in conjunction with other tools.” 10. Security needs diversity to thrive.  Throughout the Human Layer Security Summit, we talked a lot about security pre- and post-pandemic. But, Merrit Baer, Principal Security Architect at Amazon Web Services pointed out something else we shouldn’t forget.
She’s right. Cybersecurity needs diversity to thrive.  This diversity isn’t limited to gender or ethnic diversity. The field is wide open for a range of educational and professional backgrounds, from psychology majors to business analysts and just about everything in between.  You can read more about the opportunities available in cybersecurity in our report Opportunity in Cybersecurity 2020. 11. Remote working isn’t temporary. According to a recent poll by 451 Research, 38% of businesses expect work-from-home strategies will continue post-pandemic. And, when you consider companies like Facebook have already announced they’re permanently embracing remote-work, we should expect more to follow. The point? We should equip our workforces to thrive at home and ensure that we’re maintaining a strong security culture company-wide while also supporting our employees mentally and emotionally. (See #1.)  12. …And that doesn’t have to be a bad thing.  There are new and perennial challenges we must overcome in order to support a full-time remote workforce, but there are a number of benefits, too. Don’t take our word for it. Stephane Kasriel, Former CEO of Upwork – a company that has maintained a hybrid remote-working structure across 500 cities for nearly a decade – offered attendees of the Summit several reasons why this is something to look forward to, not dread.  To start, remote-working enables companies to find and work with the best talent, not just local talent. Beyond that, employees have more freedom to design their lives. They can more easily balance work and life, relocate as and when they need or want to, and create environments in which they can really thrive.  13. The Secret? Adapt, adopt, evolve. Repeat.  If there’s one thing that was made clear throughout every panel discussion, fireside chat, and interview, it’s that things have changed and will continue to change. The only way to succeed is to adapt and evolve. Adopt new technologies. Embrace new ways of working. Lean on peers and professional networks for advice.  In the spirit of change, we’ve put together a list of resources that will help you navigate security and business challenges of the present and future.  Security During Uncertainty: 6 Steps Security Leaders Can Take to Reduce Risk Cyber Culture in the Time of COVID COVID-19 and the Digital Pandemic Upwork Remote Work Resources COVID-19: Real-Life Examples of Phishing Emails 13 Cybersecurity Sins When Working Remotely Advice From Security Leaders for Security Leaders: How to Navigate New Remote-Working Challenges Remote-Worker’s Guide To: Preventing Data Loss 11 Tools to Help You Stay Secure and Productive While Working Remotely Did we miss anything? Feel free to email madeline.rosenthal@tessian.com with your key learnings.
ATO/BEC Email DLP Human Layer Security Data Exfiltration
Insider Threat Indicators: 11 Ways to Recognize an Insider Threat
By Maddie Rosenthal
12 June 2020
Detecting and preventing Insider Threats isn’t easy. Why? Because unlike external bad actors, Insiders – whether a disgruntled employee, a distracted freelancer, or a rogue business partner – have legitimate access to systems and data. That means they’re in an ideal position to exfiltrate data. So, how do you spot one? To start, you have to know what an Insider threat is and understand the different methods and motives behind these data exfiltration attempts. What is an Insider Threat? We’ve covered this in detail in this article: What is an Insider Threat? Insider Threat Definition, Examples, and Solutions. But, to summarize:
Insider Threats can be malicious or the result of negligence.  Malicious Insiders knowingly and intentionally steal data and generally do so for one of three reasons: financial incentives, a competitive edge, or because they’re dissatisfied at work. Negligent Insiders are just your average employees who have made a mistake. For example, they could send an email to the wrong person, misconfigure a system, fall for a phishing email, or lose their work device.   How often do incidents involving Insider Threats happen? More often than you might think. In fact, there’s been a 47% increase in incidents over the last two years. We discuss seven recent examples in this blog: Insider Threats: Types and Real-World Examples.   While every incident is different, there are some tell-tale signs of an Insider Threat.  Insider Threat indicators: Malicious Insiders Malicious Insiders may act suspiciously well before they actually exfiltrate any data. For example: 1. Declining performance or other signs of dissatisfaction As we’ve said, one reason why Insiders exfiltrate data is that they’re dissatisfied at work. It could be because of a poor performance appraisal, because they were denied a promotion or raise, or because of a disagreement with a co-worker or manager.  Whatever the reason, 1 in 10 Insider Threats is motivated by a grudge. Look out for a consistent or sudden decline in performance or attitude and for employees who become angry or combative. Employees who are actively looking for other jobs should also be on your radar. While they could simply be moving on to a new opportunity, they may be inclined to steal data in order to impress or bribe a new or potential employer.  Don’t believe us? 45% of employees download, save, send, or otherwise exfiltrate work-related documents before leaving a job or after being dismissed. This number nearly doubles in highly competitive industries like Financial Services and Business, Consulting, & Management.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); 2. Unusual working hours While passion and enthusiasm are generally considered positive attributes when talking about an employee, these can occasionally be early signs of bad intent. For example, if an employee consistently volunteers for extra work, regularly works in the office late, comes in early, or attempts to perform work that’s outside of the scope of their normal duties, they could be trying to gain access to sensitive systems or data.  Then, of course, there are signs of the data exfiltration attempt itself. For example: 3. Large data transfers or downloads There are a number of ways to exfiltrate data, including email, Cloud Storage, USB sticks. In fact, 23% of insiders exfiltrate data via USBs and 24% exfiltrate data via laptops/tablets. Nevertheless email is the threat vector most IT leaders are concerned about. After all, it only takes one click to transfer dozens of files.  But, monitoring data movement is a challenge. How can you realistically monitor every email sent and received within your organization? With Tessian Human Layer Security Intelligence, it’s easy.  Security, IT, and compliance leaders can get detailed insights around employee behavior in a single click. No manual investigation required. 
4. Multiple failed logins (or other abnormal login activity) Whether it’s an employee trying to access networks or systems they don’t have access to or an employee with legitimate access logging in more frequently than usual, login activity can offer security teams clues about Malicious Insiders. Certainly the employee could simply be curious and may even be going above and beyond to get their job done, but these behaviors could also be indicative of nefarious intent and should be investigated.  5. Upgraded privileges or sharing access When someone is promoted or there’s some other shift in the structure of an organization, it makes sense that access to systems and data might change. But, what about when someone’s privileges or access are escalated without a clear reason why? It could be an administrator granting him or herself more privileged access or it could be a team effort. For example, an administrator could be bribed to upgrade another employee’s access. Both are signs of a Malicious Insider. Finally, there are signs that the Insider has successfully exfiltrated data or is still successfully exfiltrating data. For example: 6. Unexpected changes in financial circumstances 86% of breaches are financially motivated.  Whether it’s a list of customer email addresses being sold on the Dark Web or trade secrets being sold to a competitor, data is valuable currency. So, if you hear of or notice an employee suddenly and unexpectedly paying off debt or making expensive purchases, you may need to investigate the source of the additional income. It could be a sign that they’re profiting from company or customer data. 7. Consistent (and unusual) overseas travel Like many of the other indicators on this list, there could be a perfectly good reason why an employee travels overseas. He or she could be going on vacation, visiting friends or family, or may be traveling for work. But, as we’ve seen, it could also be a sign of corporate or foreign espionage. Case in point: A former engineer at a massive aerospace company frequently traveled to China, claiming he was lecturing. In reality, he was acting as an agent of the People’s Republic of China and was selling trade secrets. This went on for nearly 30 years before he was caught and later convicted.  Insider Threat indicators: Negligent Insiders While certain behaviors exhibited by Malicious Insiders may set off alarm bells for security teams before exfiltration attempts occur, Negligent Insiders can be harder to preempt.  Nonetheless, there are four key things to look out for. 8. Failure to comply with basic security policies Whether it’s consistently using weak passwords, refusing to enable 2FA, or frequently downloading tools or software that haven’t been approved by security teams, an employee who disregards security policies could be more likely to accidentally exfiltrate data than one who consistently plays by the book.  That’s why reminding employees of existing policies and procedures is so important. 9. Low engagement in security awareness training Most employees (and even some security leaders!) would agree that security awareness training is “boring”. And, while that may be the case, training is absolutely essential. It could be training around how to spot a phish (see below) or training around new and existing compliance standards or data privacy laws. Employees who either don’t attend training at all or who perform poorly on assessments related to that training should be closely monitored and be re-targeted with tailored programs. You can read more about how to up-level your training and create a positive security culture here. 10. History of falling for phishing attacks Phishing and other social engineering attacks are designed for one of three reasons: to extract sensitive information or credentials, to install malware onto a network, or to initiate a wire transfer. If the attack is successful – meaning the target (an employee) falls for the scam – there could be serious consequences.  That means any employee who falls for a scam should be reminded of phishing tools and techniques and may need to be more closely monitored. 11. General carelessness or haste Accidents happen. Whether it’s firing off an email to the wrong person or accidentally leaving a computer unblocked, we all make mistakes. Nonetheless, they aren’t trivial and any employee who consistently makes mistakes will need to be reminded of security best practices and may, in some cases, need to be monitored with more stringent policies.  How can you detect and prevent Insider Threats?  When it comes to detecting and preventing Insider Threats, there are a number of solutions, including: Training Physical and Digital Monitoring  DLP tools and software  Importantly, all of these have a place in security strategies. Training should be used to reinforce existing policies, especially for those employees who consistently break the rules or make mistakes.  Security teams should be diligent in their physical and digital data monitoring and should always look out for the above warning signs. And DLP tools like rule-based solutions, endpoint scanning, firewalls, and anti-phishing software do, in some instances, help curb the problem of data loss. But, as we’ve said, incidents involving Insider Threats are on the rise which means security stacks are missing something. What they’re missing is protection for their people and at Tessian, we call it Human Layer Security. How does Tessian prevent Insider Threats? Tessian turns an organization’s email data into its best defense against inbound and outbound email security threats. Powered by machine learning, our Human Layer Security technology understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity. Tessian Enforcer detects and prevents data exfiltration attempts Tessian Guardian detects and prevents misdirected emails Tessian Defender detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network. Oh, and it works silently in the background, meaning employees can do their jobs without security getting in the way.  Interested in learning more about how Tessian can help prevent Insider Threats in your organization? You can read some of our customer stories here or book a demo. 
ATO/BEC Email DLP Human Layer Security Data Exfiltration
Introducing Tessian Human Layer Security Intelligence
By Ed Bishop
11 June 2020
Attention Security, Compliance. and IT leaders: You can now continuously and proactively downtrend Human Layer risks in your organization with zero manual investigation. How? With Tessian Human Layer Security Intelligence.
Why did Tessian create Human Layer Security Intelligence? 88% of data breaches are caused by human error.  To combat that, Tessian built, created, and developed Defender to prevent spear phishing, Business Email Compromise, and other targeted impersonation attacks; Guardian to prevent accidental data loss; and Enforcer to prevent data exfiltration. But, detection and prevention are only one part of the solution. To be truly effective, solutions have to proactively and consistently improve an organization’s broader security posture.  Security leaders should be able to: Comprehensively understand the risks within their organization Benchmark those risks against peers Reduce the burden of manual investigation, especially for thinly-stretched teams  Move swiftly from investigation to remediation Easily view the outcome of remediation efforts to understand the ROI on security products   Tessian Human Layer Security Intelligence does all of the above.  We provide our customers with real-time insights into risks on email and give security teams the tools they need to downtrend those risks. 
What are the key benefits of Human Layer Security Intelligence? We’ve already mentioned some of the key challenges that security, compliance, and IT leaders are up against. So, how does Human Layer Security Intelligence make your jobs easier? Predict. Track and compare trends, preempt incidents, and influence employee behavior to improve overall security posture.
Improving security visibility is key.  With HLS Intelligence, Tessian customers can easily and automatically get detailed insights into inbound and outbound security threats and employee actions.  Why does this matter? It allows security leaders to know precisely where to focus their efforts and which corrective actions to take in order to best allocate their resources.  For example, with clear visibility of employee behavior, it will be easy to spot those employees who frequently attempt to send company data to their personal email accounts to work from home. That way, security teams can then offer additional, targeted training and issue helpful reminders of existing security policies. Beyond that, customers will also be able to benchmark their risk levels against industry peers. This will help organizations identify strengths and successes and help highlight how and where they can improve their security posture.  Prevent. Investigate and communicate risks quickly and easily with detailed event threat breakdowns.
Most solutions are a blackbox when it comes to understanding the threats detected. And, without knowing the “who, what, when, and why” behind security events, mitigation can be difficult.  In an effort to pin down the “who, what, when, and why”, security and IT teams spend countless hours aggregating data, analyzing data, and investigating incidents. But, this is a slow, manual process which means remedial response times are often longer than they should be. Not with Tessian’s HLS Intelligence.  HLS Intelligence offers a curated list of high priority events so security leaders can immediately zero in on those that are most critical. No manual investigation required.  It’s simple: View detailed breakdowns and automated analysis of security events Take immediate action Generate reports with a single click to communicate detected and prevented risks to stakeholders.  Protect. Take the burden out of remediation with robust mitigation tools. 
While the goal is to prevent incidents from happening in the first place, robust mitigation tools are an essential part of any security solution.  With email quarantine and post-delivery protection like bulk email removal and single-click clawback, it’s easier than ever for security teams to take action.  And, with shared threat intelligence across the entire Tessian ecosystem, machine learning models automatically update and protect all Tessian Defender customers from all blocked domains. That means Tessian customers automatically benefit from Tessian’s network effect and new threats can be prevented before they’re even seen in your environment. How Can I Use Human Layer Security Intelligence? The benefits of Tessian Human Layer Security Intelligence are best understood in the context of real situations. So, let’s look at three example use cases. Use Case #1: Thwart burst attack campaigns and block COVID-19-related impersonation domains.  Several employees receive an email that appears to be from a health organization with advice around COVID-19. The email automatically triggers a warning advising employees that the email is suspicious based off of the content and sender information.  Simultaneously, you’re alerted of the burst attack and are able to first delete the email from user inboxes and then block the domain. Each of these two actions requires a single click. But, it’s not just your organization that’s protected from the threat. All Tessian customers will benefit as the domain is automatically blocked across the Tessian ecosystem. Use Case #2: Reduce data loss and increase secure behavior. In reviewing outbound events, you notice two employees are frequently sending emails with attachments to their personal accounts. When presented with a warning that explains why the action is being flagged as suspicious, they opt to send the email anyway. Why? Because these exfiltration attempts aren’t intentionally malicious, they’re simply trying to ensure they have access to the documents they need to work, wherever they are.  Instead of implementing a blanket rule that blocks all emails to freemail accounts across the company, you can take a more targeted approach. You can use this as an opportunity to reinforce security awareness training and in-house policies and explain why the email is considered unauthorized despite the employees’ good intentions.  You can also offer alternatives that would enable the employees to access relevant documents without having to email attachments to themselves. Use Case #3: Predict employee exits and prevent data exfiltration. In reviewing outbound events, you notice a spike in data exfiltration attempts by an employee. In the last week, he’s sent upwards of 20 attachments to a recipient he has no previous email history with. With this information in mind, you approach his line manager and find out that two weeks ago, the employee was denied a promotion and subsequent raise. You now have oversight of the “who, what, why, and when”.  This employee is planning on resigning and is taking company data with him. To prevent any further data exfiltration attempts, you can create custom filters specifically for that user, including customized warning messages or you could create a filter that would automatically block any future exfiltration attempts. For example, you could block email communications containing attachments to specific a domain or block emails containing attachments altogether, depending on the severity of the previous incidents.  Learn more Interested in learning more about Tessian Human Layer Security Intelligence and how it can help you strengthen your defense against human error on email? Get in touch with your Customer Success contact. Not yet a Tessian customer? Book a demo! 
Email DLP Human Layer Security
Tessian Recognized by 451 Research as a “451 Firestarter”
01 June 2020
We are proud to say that Tessian has received a 451 Firestarter award from leading technology research and advisory firm 451 Research.   The 451 Research Firestarter program recognizes exceptional innovation within the information technology industry. Introduced in 2018 and awarded quarterly, the program is exclusively analyst-led, allowing its team of technology and market experts to highlight organizations they believe are significantly contributing to the overall pace and extent of innovation in the technology market.  In its recent spotlight report, 451 Research said: “Most existing data discovery and data loss prevention (DLP) tools try to discover ‘personally identifiable information’ (PII) like credit card, driver’s license and social security numbers using RegEx searches, fingerprinting or optical character recognition (OCR). In contrast, Tessian’s focus is on finding bad behavior rather than finding sensitive data or PII, by applying machine learning techniques to historical email messages (headers, body and attachments) in order to distinguish between ‘safe’ and ‘unsafe’ emails.”
Earlier this year, 451 Research wrote a report stating that the “the DLP market is ripe for change” and that modern enterprises are looking for next-generation solutions that can detect and prevent both inbound email attacks and outbound email threats. Being recognized as a 451 Firestarter is a recognition of Tessian’s innovative approach to data loss protection. You can learn more about how Tessian is addressing DLP shortcomings here: 451 Research: Market Insight Report. Book a Demo To learn more about how we prevent inbound and outbound email threats and why world-leading businesses like Arm, Man Group, Evercore, and Schroders trust Tessian to protect their people on email, book a demo.
Email DLP Human Layer Security
Guide: How to Stop Data Loss Across 1 Million New Offices
By Maddie Rosenthal
28 May 2020
Now more than ever, security, IT, and compliance leaders are leaning on each other for support in navigating new challenges around remote-working. And, why wouldn’t they? While some organizations have operated virtually for months and even years before the outbreak of COVID-19, others had never operated a remote workforce. That means they’ve had to – very quickly – equip their teams with new devices and tools, implement new policies and procedures, and update security stacks. Of course, they’re doing all of this while trying to maintain “business as usual” which means trying to monitor and prevent data loss company-wide. That’s exactly why we’ve been hosting virtual events: to pool the wisdom of experienced security and IT leaders and share back with the broader community While you can access our library of webinars here (and register for our next virtual event here), we’ve compiled key takeaways below from our most recent webinar: How to Stop Data Loss Across 1 Million New Offices.  Here’s the actionable advice from Mark Settle, the former CIO of Okta and Karl Knowles, the Global Head of Cyber at HFW.
1. Prioritize email Even with collaboration tools like Slack, email is still King. Or, as Mark put it “email is the central nervous system of almost every company. You really can’t escape it”. Over 124 billion emails are sent and received everyday and employees spend 40% of their time on email. And, when you consider what’s being sent back and forth in emails (spreadsheets, invoices, client information, and other structured and unstructured data) it’s no wonder IT and security leaders consider it the number one threat vector for data loss. Whether it’s a disgruntled employee purposely exfiltrating data or a negligent employee who accidentally sends sensitive information to the wrong person, email is a leaky pipe.  Interested in learning more about how data is lost on email? Read this blog: A Complete Overview of DLP on Email. 2. Clearly communicate what constitutes “data loss” It’s employees who have to take on the role of protecting a company’s most important asset: data. But, unfortunately, many are blissfully unaware of what’s actually considered a data loss incident. It’s not their fault. It’s up to IT leaders – especially now as employees are adjusting to their new work environments – to really communicate what data is sensitive and how that data must be handled.  While those working in Healthcare or Financial Services may be well-versed in what data can and can’t be stored and shared, because of industry-specific compliance standards, the “average” professional may not be. For example: if you don’t tell employees that sending company data to their personal email accounts is considered unauthorized and could lead to a data breach, they’ll never know that they shouldn’t do it. Likewise, many employees don’t realize that sending an email to the wrong person could be classified as a data loss incident.  3. Don’t blame employees, empower them As we’ve said, employees are the gatekeepers of a company’s most sensitive systems and data. But, many aren’t familiar with security best practices or the implications of a breach. And, beyond that, many simply don’t have the necessary tools to work securely. It’s up to IT and security leaders to empower them to do so. How? According to Karl, it comes down to training and technology.
4. Re-think security awareness training Earlier this year at the world’s first Human Layer Security Summit, Mark Logsdon, Head of Cyber Assurance & Oversight at Prudential, explained there are three fundamental problems with training: It’s boring It’s often irrelevant It’s expensive Karl Knowles and Mark Settle shared many of these sentiments. The bottom line is: In order for training to be effective, it has to really resonate. And, for it to really resonate, employees have to understand the who, what, and why behind security policies and procedures. They recommend using different methods and mediums to communicate risks and preventative strategies and – perhaps most importantly – ensure you aren’t overloading them. That means breaking complex subjects down into more manageable pieces and translating technical jargon and concepts into language that’s easier to understand. Top Tip from Karl: Nominate Cyber Champions as a way to gamify training and encourage a positive security culture.  5. Know the limitations of rule-based DLP solutions and invest in technology that proactively adapts DLP isn’t just a challenge now that workforces are remote. It’s been a consistent pain point for IT and security teams for a long time and for several reasons. One of the biggest problems around DLP is that rule-based solutions aren’t adaptive. Not only are they admin-intensive to set-up, but they’re virtually impossible to maintain. You can read more about The Drawbacks of Traditional DLP on Email on our blog.  Learn more about Why DLP is Failing in Tessian’s latest report: The State of Data Loss Prevention 2020. That’s why Karl and Mark recommend investing in technology that’s fast and evolving. The technology is machine learning. Tessian’s DLP solutions (Tessian Enforcer and Tessian Guardian) are powered by machine learning which is why Karl – a customer – considered Tessian an extension of his cyber team.
Interested in learning more about how Tessian can help you detect and prevent data loss wherever your employees are working? Book a demo. And, for more advice, keep up with our blog, LinkedIn, and Twitter for guides, industry news, and events. 
Email DLP Human Layer Security
The State of Data Loss Prevention 2020: What You Need to Know
28 May 2020
Today, Tessian released The State of Data Loss Prevention 2020, a comprehensive report that explores new and perennial challenges around data loss prevention.
Our findings reveal that data loss on email is a bigger problem than most realize, that remote-working brings new challenges around DLP, and that the solutions currently deemed most effective may actually be the least. Why does this report matter? IT, security, and compliance readers have a lot to gain by reading this report. To really understand why, we have to look at the current landscape. Insider threats are a growing problem While email threats from external bad actors (like spear phishing and business email compromise) dominate headlines, email threats from insiders are steadily rising. In fact, there’s been a 47% increase in incidents over the last two years. This includes accidental data loss and deliberate data exfiltration. According to Verizon’s 2020 Data Breach Investigations Report “It is a bit disturbing when you realize that your employees’ mistakes account for roughly the same number of breaches as external parties who are actively attacking you.” The DLP market is booming and is on track for significant growth. Why? Because it’s one of the top spending priorities for IT leaders with 21% planning to acquire DLP tools within the next year.  Remote-working makes DLP even more challenging Over the last eight weeks, workforces around the world have transitioned from office-to-home. That means the perimeter has disappeared and past strategies have become obsolete. COVID-19 has been deemed a “field day for Insider Threats”. There are more opportunities than ever for employees to exploit privileged access to data, working from home can reduce the vigilance of employees handling confidential data, and there’s been a marked increase in COVID-19 phishing attacks. While some organizations will encourage their employees to migrate back to offices, many (including Facebook) have already opted to maintain remote-working set-ups.  Interested in learning more about the methods and motives of Insider Threats? Read our blog: What is an Insider Threat? Insider Threat Definitions, Examples, and Solutions. The implications of a data breach are far-reaching  The consequences of a data breach aren’t limited to lost data and revenue loss. Organizations also experience a 2-7% churn rate after a breach. Data privacy regulations add insult to injury. In the first quarter of 2020 alone, GDPR fines totaled nearly €50 million. But, we had to look beyond third-party research and conduct our own.  What will I learn? We analyzed Tessian platform data and commissioned OnePoll to survey 2,000 professionals (1,000 in the US and 1,000 in the UK) and 250 Information Technology (IT) leaders. We also interviewed IT, security, and compliance leaders about their own experiences with DLP. Here’s what we found out: !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
Data loss incidents are happening as much as 38x more often than IT leaders currently estimate. 800 misdirected emails are sent every year in organizations with 1,000 employees. 27,500 emails containing company data are sent to personal accounts every year in organizations with 1,000 employees. 84% of IT leaders say DLP is more challenging when their workforce is working remotely. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
While 91% of IT leaders say they trust their employees to follow security policies while working from home, almost half (48%) of employees say they’re less likely to follow safe data practices when working from home. Email is the threat vector IT leaders are most concerned about. 54% of employees say they’ll find a workaround if security software or policies prevent them from doing their job and 51% say security tools and software impede their productivity.  While IT leaders believe security awareness training is the most effective way to prevent data loss, machine learning is the better option.  Dozens more insights in the full report, including segmented data around industry, company size, age, and region.  How can I access The State of Data Loss Prevention 2020? IT leaders must have visibility over how their employees are handing and mishandling data on email in order to implement effective DLP strategies.  Our report shines a light on the problems and best solutions.  You can access the full report via our microsite. And, if you’re interested in learning more, save your spot at Tessian Human Layer Security Summit on June 18.
Human Layer Security
7 Reasons to Attend Tessian Virtual Human Layer Security Summit
26 May 2020
On June 18, we’re hosting Tessian Human Layer Security Summit and you’re invited.  The theme? The new world of work. While businesses have flexed fast to adapt to remote-working, there are still plenty of challenges security, compliance, and IT leaders have to overcome.  That’s why we’re bringing thousands of people together from around the world – including over a dozen speakers and partners – to discuss what’s happened and (more importantly) what’s next. We know what you’re thinking: How is this virtual event different from others you’ve been invited to or attended? We’ll tell you.
1. You’ll hear from thought leaders from world-renowned institutions We believe that diverse perspectives lead to better solutions, which is why we’ve brought together such a wide range of voices from the world’s top businesses and institutions.  We’ll be welcoming security and business leaders from Amazon Web Services, The FBI, Unilever, Investec, and more and each speaker will cover a topic that demonstrates their expertise and unique point of view. So, what will they be covering? The evolving risk landscape, how new compliance standards affect business and cybersecurity strategies, challenges in preventing data loss, and how to build and maintain a happy and productive remote workforce.  2. You’ll have a chance to ask your most pressing questions around cybersecurity, remote-working, and business continuity While the agenda is jam-packed with fireside chats, presentations, and panel discussions, we’ve left plenty of time for you to voice your thoughts, too. After all, the name of the game is diverse perspectives. We’ll be opening the floor to all attendees to ask their most pressing questions and our speakers will answer them live. You can even submit your questions ahead of time by emailing monica.nio@tessian.com. This way, you can leave the event with actionable advice related specifically to you and your organization. 
3. You’ll learn more about human-centric security strategies  The Human Element has been a buzzword throughout 2020. But, do you know how to create and implement security strategies that are human-centric? You will after this event. You’ll hear why solving the problem of human error on email is more important now than ever, how security and privacy risks have evolved as the perimeter has disappeared, and how Tessian’s Human Layer Security platform has helped Tessian customers prevent data loss incidents on email.  Want a sneak peek at what you might learn? Check out these insights from the world’s first Human Layer Security Summit.  4. You’ll be the first to know about exciting company and industry news  While we don’t want to spoil all the surprises, you should know that we’ll be announcing some very exciting news that will bring greater visibility into threats specific to your organization.  Not only will we be unveiling new technology that gives security, IT, and compliance leaders a birds’ eye view into data loss trends, but we’ll be sharing key findings from our groundbreaking research into the State of Data Loss Prevention 2020. 
5. You’ll be in good company  We hosted our first-ever Human Layer Security Summit in March where hundreds of attendees (both in-person and online) joined the conversation. This event will be even bigger. Thousands of leading C-suite executives, business leaders, and security professionals from across continents will be under the same (virtual) roof which means this event is the perfect opportunity to network and connect with the larger cybersecurity community.  Whether you’re looking for advice, allies, or future opportunities, this is your chance, especially considering all of our incredible partners for the event: HackerOne, Noord, The SASIG, Women in Security and Privacy, and Security Current. 6. You don’t have to change out of your pajamas While most of us are all too familiar with challenges around remote-working, we can’t ignore that there are some benefits, too. For example: Being able to ask the former CEO of Upwork a question while sitting in your pajamas.  This is especially relevant for those tuning in from California, as the event kicks off at 7:00 AM PST. Of course, feel free to join in whatever you’re comfortable in.  7. …It’s free! Attendees have a lot to gain by joining us on June 18 and nothing to lose; the event is 100% free.  All you have to do is register now to save your spot and tune in on the day.  Can’t make it on June 18? Don’t worry! By registering, you’ll have on-demand access to watch the full series of keynotes, panel discussions, and more after the live session.
Compliance Human Layer Security
Two Years Later: 3 Ways GDPR Has Affected Cybersecurity
By Maddie Rosenthal
14 May 2020
This month we celebrate the two year anniversary of the General Data Protection Regulation (GDPR). While the road to compliance hasn’t been easy for organizations in Europe and beyond, it’s clear this benchmark legislation has been a step in the right direction for data rights, privacy, and protection.  It’s also had a big impact on cybersecurity. Not only is cybersecurity now considered business-critical – which is big news for an industry that has historically struggled to communicate its value and ROI – but we’ve seen incredible innovation in security solutions, too. Read on to learn more about how GDPR has affected cybersecurity or, for more context around GDPR and its implications, read GDPR: 13 Most Asked Questions + Answers.  1. Cybersecurity is now a business enabler  While cybersecurity has historically been a siloed department, data privacy regulations and compliance standards like GDPR have helped prove the business value of a strong cybersecurity strategy.  To start, cybersecurity solutions help organizations stay compliant by preventing data breaches. This isn’t trivial. While the fines under these new compliance standards are hefty (GDPR fines totaled nearly €50 million in the first quarter of 2020 alone), the implications of a breach extend far beyond regulatory penalties to include: Lost data Lost intellectual property Revenue loss Losing customers and/or their trust Regulatory fines Damaged reputation It’s no surprise, then, that the UK’s cybersecurity sector has grown by 44% since GDPR was rolled out. But, cybersecurity solutions don’t have to be limited to prevention or remediation. In fact, cybersecurity can actually enable businesses and become a unique selling point in and of itself. Now that data protection is top of mind, those organizations that are transparent about their policies and procedures will have a competitive advantage over those that aren’t and will gain credibility and trust from prospects and existing customers or clients. 
2. IT leaders are engaging with (and depending on) employees more often While cybersecurity teams are responsible for creating and implementing effective policies, procedures, and tech solutions, data protection is the responsibility of the entire organization. Why? Because data loss is a human problem with 88% of breaches being caused by human error, not cyberattacks. The fact is, employees control business’ most sensitive systems and data, and one mistake – whether it’s a misdirected email or a misconfigured firewall – could have tremendous consequences. That means accountability is required company-wide in order to truly keep data secure and stay compliant.  But, education is the first step in prevention which is why there’s express advice contained within the GDPR to train employees. Importantly, though, training has to actually cut through and stick, which means IT leaders are working hard to effectively communicate risks and responsibilities. Of course, anyone in a cybersecurity leadership position knows this is no easy task.  The key is to ensure training is aligned to the individual business, starting with the people in it and their attitudes towards security. Not sure where to start? Watch Mark Lodgson, Head of Cyber Assurance and Oversight at Prudential, talk about how he measures cyber culture within his organization. 3. The DLP market is booming  Post-GDPR, organizations are spending more than ever to protect their systems and data, and, unsurprisingly, one of the top spending priorities for IT leaders is data loss prevention (DLP). While the DLP market is keeping up with demand (DLP market revenues are projected to double from $1.24 billion in 2019 to $2.28 by the end of 2023), data loss prevention remains a pain point for most senior executives because, well, most DLP solutions don’t work. According to a new report from 451 Research “DLP technology has developed a reputation as much for inaccuracy, false positives, and poor performance as it has for protecting data.” The shortcomings of DLP solutions are reflected in the number of incidents of data loss and data exfiltration being reported, too, up 47% over the last two years. The problem is that most DLP solutions rely on rules to detect and prevent incidents and most rules cannot effectively be managed by people. It’s too time consuming and complex to update them in tandem with evolving human relationships and compliance standards. But, there’s a better way: machine learning. In fact, Tessian was recently recognized as a Cool Vendor in Gartner’s Cool Vendors in Cloud Office Security report. Why? Because, through a combination of machine intelligence, deep content inspection of email, and stateful mapping of human relationships, Tessian’s Human Layer Security Platform turns your email data into your biggest defense against email security threats.  To learn more about how Tessian uses machine learning to prevent data loss on email, click here.  What’s next? GDPR is just the beginning and the CCPA enforcement date is looming. Are you prepared? Find out on our blog: 5 Things Every CISO Should Know About CCPA’s Impact on Their InfoSec Programs.
Human Layer Security
Tessian Named a Gartner Cool Vendor
12 May 2020
We are thrilled to be recognized as a Cool Vendor in the recently published Gartner Cool Vendors in Cloud Office Security report. To us, being named a Gartner Cool Vendor is an honor. Vendors recognized in the report are interesting, new, and innovative. In the report Gartner explains, “as cloud office suite adoption becomes nearly universal, security and risk management leaders must explore ways to protect sensitive information from risks and threats.” Gartner adds that “security and risk management leaders should recognize that cloud office security technology is evolving and converging in sometimes unpredictable ways” and that “the gaps in cloud office technology convergence often result in incomplete data protection and multiple perspectives to data visibility.” The report further states, “the vendors included in this Cool Vendors report focus specifically upon securing applications, communication and data that occur within cloud office environments.”
Tessian recognized as a Cool Vendor in May 2020 Cool Vendors in Cloud Office Security report Tessian is the world’s first Human Layer Security platform that protects organizations from human layer security threats on email.  By turning your email data into your biggest defense, Tessian prevents inbound and outbound email threats caused by human error. Tessian defends against accidental data loss, data exfiltration and insider threats, in addition to defending against advanced inbound threats like business email compromise, spear phishing and other targeted impersonation attacks. Tessian’s machine learning technology turns your email data into intelligence, transforming your most vulnerable endpoint – your employees – into a trusted security asset by taking human error out of the equation.  Tessian Human Layer Security Prevents Human Error on Email Employees control business’ most sensitive systems and data. Whether it is someone in your finance department who oversees billing and banking platforms, or someone in your HR department who controls employee social security numbers and compensation plans — they are the first and last line of defense; the gatekeepers of digital systems and data. This is what we call the Human Layer. And people’s propensity to make mistakes, break the rules, or be hacked are Human Layer Vulnerabilities. These vulnerabilities can cause big problems. In fact, they’re the number one cause of data breaches: 88% of data breaches reported to the UK’s Information Commissioner’s Office (ICO) are due to human error. To prevent today’s Human Layer Security threats on email, your security controls must understand human behavior. Through a combination of machine intelligence, deep content inspection of email and stateful mapping of email relationships, Tessian turns your email data into your biggest defense against email security threats.  We call it Human Layer Security. What does this mean for security leaders? Our stateful machine learning allows Tessian to understand changing human behavior over time with high accuracy. This means employees experience fewer notification rates and false negatives. Tessian can be deployed in minutes, integrates with O365, Exchange and G-Suite environments and it automatically starts preventing threats within 24 hours of deployment.  Tessian is trusted by world-leading businesses like Arm, Man Group, Evercore and Schroders to protect their people on email. Gartner subscribers can view the Cool Vendors in Cloud Office Security Link.
Email DLP Human Layer Security
451 Research: Tessian Uses Machine Learning for Better DLP
11 May 2020
According to a new report from 451 Research, “the DLP market is ripe for change” and Tessian could be the next-generation solution organizations need to detect and prevent both inbound email attacks and outbound email threats.  Key findings from the report include: DLP is ranked at the top of a list of over 20 security categories that are expected to see a “significant” increase in spending in the next 12 months Tessian uses stateful machine learning across four different products to prevent human error on email with use cases for both inbound and outbound email threats including anti-phishing and advanced impersonation attacks, accidental data loss, and malicious data exfiltration Tessian is both complementary and competitive to traditional DLP offerings 
DLP: An Unsolvable Problem While the DLP market is saturated with products – from traditional DLP vendors like Broadcom, McAfee, Forcepoint, and Digital Guardian to newer entrants like ArmorBlox, Altitude Networks, and Code42, the consensus is that DLP is, in many ways, failing. According to the report, “DLP technology has developed a reputation as much for inaccuracy, false positives, and poor performance as it has for protecting data.” That may be why DLP remains one of the top spending priorities for IT leaders, with 13% of those surveyed by 451 Research saying they expect to see a “significant increase” in spending over the next 12 months and a further 11% saying they expect to see a “slight increase.” It’s clear organizations need a better way to prevent data loss.  Tessian believes it’s because DLP efforts aren’t addressing the real problem, which is that 88% of data breaches are caused by human error.   Tessian’s Approach to Data Loss Prevention Instead of focusing on the machine layer, Tessian focuses on the human layer and, in doing so, has developed the world’s first Human Layer Security platform.
Our Human Layer Security platform consists of four main products: Tessian Defender, which prevents advanced inbound attacks like spear phishing, Tessian Guardian, which prevents accidental data loss caused by misdirected emails, Tessian Enforcer, which prevents data exfiltration attempts on email. Organizations that implement any of these solutions also get Tessian Constructor, which allows admins to create blacklists, whitelists, and custom filters to ensure email usage remains compliant.  Each of these products applies stateful machine learning techniques to historical email messages (headers, body, and attachments) to understand relationships and establish normal behavior profiles that can be used to distinguish between safe and unsafe emails.  No rules required. According to 451 Research, Tessian succeeds in preventing data loss where others fall short.  “While [most existing DLP tools] are good at finding personally identifiable information (PII), finding and blocking actions such as employees sending files to a personal email account are surprisingly challenging and are quickly out-of-date, so predefined rules are not that effective.” You can read the full report here. Book a Demo By leveraging new capabilities in AI and machine learning, Tessian, according to 451 Research,“delivers more effective DLP” by preventing human error on email.  To learn more about how we prevent inbound and outbound email threats and why world-leading businesses like Arm, Man Group, Evercore, and Schroders trust Tessian to protect their people on email, book a demo.
Human Layer Security
Ed Bishop Joins SecureWorld “Emerging Threats” Panel
27 April 2020
The number of cybersecurity threats is growing every day, increasing the need for comprehensive security monitoring, analysis, and communication. With the sudden explosion of remote workers, we are encountering even more challenges and reasons for concern. The attackers are taking full advantage in these trying times, and it is critical for the security community to pool our collective intel on the shifting threat landscape. On April 16 2020, Ed Bishop, co-founder and Chief Technology Officer of Tessian, joined a SecureWorld panel of industry leaders — Erich Kron, Security Awareness Advocate for KnowBe4, Elvis Chan, Supervisory Special Agent from the FBI, and Mark Lance, Senior Director of Cyber Defense for GuidePoint Security — to discuss emerging threats being experienced in the wild, and strategies for staying ahead of cybercriminals. The panel was hosted by Bruce Sussman, Director of Content and host of weekly podcast, The SecureWorld Sessions. Listen to the full session below:
Below is a truncated transcript of Ed’s responses to Bruce’s questions. Bruce Sussman:  What do you see as new or growing security vulnerabilities in the rush to work remotely? Ed Bishop:  Yeah, I was just going to chip in and just say with the work from home I think it’s really important to highlight how much of a change this is for the individuals as well. It’s not just about the technology. People’s lives have been turned upside down and everything is super uncertain. And what we’re seeing is people are just trying to take advantage of that with COVID-19-related attacks. They’re specifically targeting that uncertainty and the fact that people’s technology stacks are changing and that they’re expecting to get emails about new video conferencing or VPN software, and I just think it’s important to bring it back to thinking about the people or the end users and not just focusing on the technology and really this is where we’re going to stop getting security vulnerabilities. People just attacking that uncertainty and taking advantage of it. Bruce Sussman:  What do you see as current or emerging human-caused security risks on email? Ed Bishop:  We’re seeing a lot of emerging threats. I actually think it’s interesting because I think maybe a lot of these threats have existed for a long time, and it’s just been considered the cost of doing email. If you want to send email, you need to open yourself up to phishing attacks and you need to open yourself up to data exfiltration etcetera. And it’s only recently in the last five years that we’ve been thinking about this as the real threat and then we’re seeing these threats get more and more advanced. And that’s why I think we’re seeing the emergence of the term emerging. So yeah I think you break it down into how to think about a new threat… it’s about the Human Layer. People make mistakes on email so that means you can basically just accidentally send an email to absolutely anyone with very sensitive information. That’s one of the number one reported data incidents to Information Commissioner’s office in the UK. People break the rules and this is around all kinds of data exfiltration. It’s about doing things on email that they’re not supposed to do. And then finally what we’ve just been discussing is people can get tricked into this and we’re seeing this a lot with COVID-19 attacks. But specifically this is all about Human Layer problems. It’s about understanding how people work, it’s about understanding their behaviors, it’s understanding their historical email data sets. Really it’s the only way that you can actually go about starting to tackle these emerging trends. We believe that kind of rule-based technologies play a good job at tackling standard threats, but for the emerging threats, the advanced threats, that we’re seeing today. You really need to take a different approach and that’s about understanding people, understanding their data points and really using and leveraging technologies like machine learning to be able to tackle these advanced threats. Bruce Sussman:  What role will Artificial Intelligence play in cybersecurity and any ideas on how criminals also use AI? Ed Bishop:  Tessian obviously is a machine learning company on the defense side so we think there’s a huge role to play for AI in detecting some of these emerging threats if we just bring it back to one of the core topics of this panel: email. I would say that there’s just so much work still to be done on the defense side that attackers don’t even need to be thinking about AI on the offense side. It is quite frankly far, far too easy to send very convincing impersonation emails taking advantage of COVID-19 and just bypass existing technologies and get straight to the end user to take advantage of those human vulnerabilities and social engineering. Although we’re seeing very interesting things, I think DeepFake is a great example of where it’s truly being used on the offensive side. If we take it back to email where 91 percent of all cyberattacks originate, I think we’re going to see a lot of work on the defense side where attackers can just be using really simple phishing kits to bypass existing solutions. Bruce Sussman:  Interesting and so that’s why we have to have to the machine learning in an AI on defense. Is that what you’re saying? Ed Bishop: Exactly. I think the legacy approach to tackling things like phishing and business email compromise is really predominately like Blacklist Space, where you have to assume the attack in a number of accounts or using basic respects or rules and quite frankly it seems if you introduce rules people are going to break those rules. Rules are made to be broken and attackers are constantly playing this game of cat and mouse. So yeah it’s all about defense, it’s understanding people, it’s understanding how they operate, what normal looks like for those end users and training machine learning models then that can detect people sending advanced impersonation emails. Bruce Sussman:  Are insider threats becoming more of a danger with the pandemic? Ed Bishop:  Yeah, I think that’s a great point that’s been mentioned. Obviously data exfiltration has been painted with quite a negative kind of brush and rightly so. But data exfiltration also covers people who aren’t necessarily being malicious, but they’re just trying to do that job and accidentally essentially breaking that IT policy.  So to give you an example you’re working from home, how you’re going to print something? Are you going to go through the headache of trying to set up your home printer with your work computer even though USB is disabled, Bluetooth disabled? You know what you’re probably going to do is you’re just going to forward that email to your freemail account, go onto your personal device and print it. You just exfiltrated data. Your data maybe travel to another jurisdiction just due to that event. We are seeing a trend of not necessarily malicious data exfiltration but definitely an increase in data exfiltration because people are trying to do their job effectively. And their workforce hasn’t provided them with the technology to do that so they’re always going to just go to the path of least resistance, which is often exfiltrate data to their personal email accounts. Bruce Sussman:  There are plenty of examples where the traditional cybersecurity methods prove ineffective. Why is this and will attackers always be a step ahead? Ed Bishop:  I think it’s a great point like why does it always feel like that they’re a step ahead. Remember that I think we always try and think of it at Tessian as a numbers game for the attacker: they can send 1000 emails and they only need one email for you to click that link, or for you to wire that money. Don’t forget that they probably sent 9999 other emails that were unsuccessful. But the point is all they need is one email to be successful and that’s why you will always hear about data breaches in the news and in the press. I think bringing it back to why traditional data security methods are ineffective, it really just comes down to this the game of cat and mouse. Putting myself in the shoes of the attacker, if I can go onto a security vendor’s website and go on to that WIKI and see how to set up policies that are rule-based, what are the attackers going to do going to? They’re going to send an attack that just flies past those rules because they just got an expose what that technology is looking for and how they can prevent it. I just also highlighted another kind of, I guess, traditional cybersecurity method, which is effective to some degree: Training and Awareness. But I think far too many companies rely on that as a silver bullet and again attackers know this. They know what people are trained against, they know the types of threats that people are trained against but there are just such sophisticated attacks out there that we cannot rely on people to detect. We need technology to do a better job and really understand kind of what normal looks like and be able to spot those anomalies.
Customer Stories
Keeping Sensitive Client Data Safe
20 April 2020
With a strong focus on protecting client data, leading international legal business, DAC Beachcroft LLP has adopted Tessian’s machine intelligent email security platform to support the firm’s new cyber security strategy. Being deployed across its offices in Europe, Asia Pacific and Latin America, the platform will help prevent the firm’s 2,500 employees from sending misdirected emails that could potentially lead to loss of confidential client data. DAC Beachcroft LLP is leading the move towards legal firms becoming more digitally focused with security being at the forefront of that movement. It looked to Tessian to offer a platform that would not only give employees peace of mind when handling sensitive client data but allowed staff to be more flexible when using email on the move across any device or operating system (OS). The platform also delivered a solution that was quick to install with minimal disruption and was easy to use for busy lawyers and support teams alike. “Our staff deal with highly sensitive client data on a daily basis and we wanted to be able to support the teams to work with that personal information confidently without the fear of a data breach,” comments, Andrew Keith, COO, DAC Beachcroft LLP. “Just by having the Tessian platform in place has significantly reduced risks at DAC Beachcroft LLP within just four weeks. It captures what could potentially be a massive data breach, and the benefits have been almost immediately recognized by all at the firm.” David Aird, IT Director DAC Beachcroft LLP, continues; “Our lawyers are busy with client work, and the simplicity of the platform has meant they and their support staff don’t have to worry about simple human errors such as entering the wrong email address.  The Tessian platform stood out from other solutions on the market because its machine learning approach meant we could automatically protect the firm from misdirected emails, unauthorized emails and non-compliance on the network.” Tessian uses machine intelligence to understand normal email communication patterns in order to automatically identify email security threats, without the need for end user behavior change or pre-defined rules and policies. “DAC Beachcroft LLP is one of the leading legal firms to create a digital environment for its network. The firm has invested time and money in the best security solutions to protect client data and its staff from potential serious email breaches. We’re delighted to be part of that move to become a secure digital business and see a long partnership ahead,” comments Tim Sadler, CEO of Tessian. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Page