Customer Stories
Securing the Email Environment from Human Error
Tuesday, March 12th, 2019
Travers Smith is a leading corporate law firm headquartered in London. It advises national and multinational companies across the full range of corporate and commercial matters. Travers Smith is protecting employees with Tessian Guardian and Tessian Constructor.
Given the highly sensitive nature of the work performed and the client confidentiality requirements outlined by the Solicitors Regulation Authority, securing their email environment from human error was a key priority for the firm. Risk and IT teams were acutely aware of the potential risks from misdirected emails and chose Tessian Guardian because of the admin – free nature of the product and minimal disruption and effort that it requires from end users at the organization. Travers Smith successfully deployed Tessian firm wide with minimal effort from the firm’s IT team. After a set period of time using the software, Travers Smith was presented with a comprehensive report containing details of Tessian’s performance and examples of misdirected emails that had been prevented. Thanks to Tessian, Travers Smith is now better equipped to protect clients’ sensitive information and avoid the scenario of confidential information accidentally being sent to the wrong people. Moreover, Tessian allows the firm to demonstrate diligence to clients and regulators by showing that the risk is being measured and managed appropriately. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Customer Stories
Seamlessly Implementing Email Security
Tuesday, March 12th, 2019
Grosvenor Law is a specialist personal and business dispute resolution firm based in Mayfair, London. They work on significant and complex disputes worldwide across a range of business sectors, on behalf of corporate clients and high net worth individuals. Grosvenor Law is protecting employees with Tessian Guardian and Tessian Constructor.
Given the highly sensitive nature of the work performed and the client confidentiality requirements outlined by the Solicitors Regulation Authority, securing their email environment from human error is a key priority for the firm. There has been an increasing number of high profile losses of confidential data in the legal sector in recent years and months. The Chief Executive of Grosvenor Law had already taken a number of measures to reduce the risk of inadvertent data loss over email, but chose to add to their existing risk management measures by working with Tessian given the unique machine learning intelligence of the system. The firm opted to use Guardian to prevent and detect misdirected emails, as well as Constructor to implement some of their own custom communication policies. After some time, Tessian issued the Chief Executive with a report detailing the findings of how the software had successfully prevented misaddressed emails for Grosvenor Law. It also showed how Tessian’s machine learning algorithms had developed an understanding of the organization’s regular email patterns and behavior in order to accurately detect anomalies. By having outgoing email content from their organization automatically checked by Tessian software, Grosvenor Law is able to protect their client data from one of the most common causes of data loss. They are also able to demonstrate diligence to clients and regulators that this risk is being measured and controlled. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Spotlight Series
Tessian Spotlight: Johan Kestens, former Chief Information Officer at ING Belgium and Luxembourg
Tuesday, March 12th, 2019
As the former Chief Information Officer for ING Belgium and Luxembourg, Johan was, until September 2018, responsible for the complete IT stack and was part of the Executive Committee. An engineer by training, Johan has worked with a number of organizations before joining ING, including McKinsey, SWIFT, SAP and A.T. Kearney. What are the greatest challenges you overcame while you were CIO at ING? There were several challenges. Firstly, we increased collaboration between the Belgian and Dutch IT operations to create a single IT organization and adopted the same agile way of working. We also brought IT professionals much closer to other teams in the business and removed as many coordination barriers as possible, which made the IT team more efficient and cost-effective. Another challenge was gaining more control of the IT change portfolio. There is always more demand than there is capacity so we changed it from a demand-driven organization to a capacity-driven one. This helped get many more things done and we had some very positive results in areas such as big data. The final challenge was creating better risk awareness and control in the business and enhancing the level of discipline in the organization. What needs to change about how most organizations are handling their IT strategy? I noticed that in many companies there is sometimes a distance between the business and IT people. This might be because of the different business jargon, personalities and delivery goals but this divide needs to disappear. Many parts of the economy are being disrupted through digital businesses and IT is increasingly becoming the main driver of business. The IT strategy for many is starting to become the strategy. For this to work effectively, you need to bring non-technical teams and IT teams closer. Improving communication and understanding between teams will help them work together most effectively. How should CIOs ideally work with the rest of the board? If you look at most company boards, I would say a lot of them are likely struggling to understand what is going on in IT. Many of them know that their digital business is becoming more important but it is like watching a soccer game; it is different when you are sitting in the stadium than when you are playing in the field. I have also sensed a mixture of fear and distrust regarding IT because some people feel that they do not have the expertise to really assess it. Most boards are made up of professionals with a commercial or finance background. An area where this is especially clear is cybersecurity, it is very frightening for board members to ultimately carry responsibility but not understand all techniques used to attack their business. Constantly reading about the newest data breaches in the news will likely do little to assure them. CIOs should do their best to address all of these concerns. What are the greatest information security issues to the banking industry and how would you address these? The biggest security incidents often happen from within, so integrity of staff must be a prerequisite. At the larger organizations, security becomes much more of a numbers game. Even with very good employee screening procedures, data breaches will likely happen either by accident or through malicious employee intent. Another important issue is adopting the right mindset when dealing with information security. I think about it in a similar way to healthcare, a new variant of flu comes out every winter and the medical industry is quite fast to respond to this but it never goes away completely. You have to adopt a framework where you understand you are never going to be completely immune as cyberattacks are always evolving. Even if you have never had a data breach before, you can never be completely sure that an employee will never fall prey to a spear phishing email. The best you can do is remain vigilant and constantly stay abreast with the newest developments. This is why I am a big fan of collaboration between industry participants or even governments. Cybercrime is like a virus, it tends to go from country to country, so by working together, you can be aware of it ahead of its arrival. All parties benefit when they collaborate together against a problem like cybercrime. What do you read/listen to stay on top of advancements in IT? Gartner reports are a very good source of information as they cover different trends well. I also follow a few networks such as CIONET to understand what is going on in the industry right now. Finally, small CIO events like dinners or breakfasts with only 10-12 participants is amazing for knowledge sharing. The size of the audience allows everyone to participate and every once in a while you get a nugget of gold. Keeping in mind that what might be very esoteric today could become very important tomorrow is key.  
Human Layer Security
Human Error is Incredibly Difficult to Understand, Let Alone Predict
Monday, March 4th, 2019
Email still remains the main communication channel for enterprises. Despite its incredible efficiencies and economies of scale, email as a communication tool is reliant on human interaction and judgement. This makes human error particularly prevalent on email. One example of a mistake that can occur over email due to human error is an email being directed to the wrong person. A misdirected email might happen for any number of reasons, just a few of which include stress, alertness, being in a hurry or simply bad luck. For example, staff members at a major Australian bank mistakenly sent emails that contained data from over 10,000 customers to the wrong recipient due to an error that changed the email’s domain name. Over the past few years the workforce has become more mobile, meaning that more data now exits organizations’ premises and networks. Many employees manage their inbox on the move, replying to an urgent email after work while commuting or messaging international clients in the early hours of the morning. While this flexibility is advantageous for employees and businesses, different diligence levels outside working hours and on mobile devices raise the chance of a misdirected email being sent. Let’s take a small-scale example. Even for a small organization where each employee sends a moderate number of emails per day, Tessian data shows that the likelihood of a misdirected email leaving the organization in a given month is high. That risk increases dramatically with the size of an organization. No matter how many Secure Email Gateways and firewalls you employ, failing to address this risk could mean your organization’s data being compromised. Mistakes due to human error are not limited only to outbound email. Over the past few years, inbound attacks such as spear phishing have become more frequent and more sophisticated. For example, someone may receive an email from an attacker impersonating a supplier requesting a transfer for an outstanding payment. The degree of urgency included in the email and the fact that the attacker utilizes a legitimate relationship makes the likelihood of the recipient falling for the attack more likely. In order to stay vigilant in this changing environment, security officers and business leaders should focus on two simple questions: 1. What’s the most likely cause of data loss for our organization? 2. What’s the maximum damage that a human error could cause? This awareness can help security leaders gain a better understanding of the risks they need to manage on an ongoing basis. Ultimately, this awareness could help mitigate the likelihood of data loss, and associated consequences like financial penalties or reputational damage. Mistakes due to human error are inevitable, but the negative consequences are not. Tessian’s machine-intelligent email filters use machine learning to understand relationships and behaviors on email, identifying in real time when people are about to make a mistake – whether it’s entering the wrong reply-to address or potentially falling for a spear phishing attack. Thoughtful, intelligent notifications located within the email client stop the threat before it can cause damage to your organization. Take action against misdirected emails and spear phishing today.  
Spotlight Series
Tessian Spotlight: Michael Mrak, Head of Department Compliance & Information Security at Casinos Austria
Monday, March 4th, 2019
Michael has been with Casinos Austria for 26 years. He started in the IT department and eventually took over the role of Data Privacy Officer in 2001. Responsible for overall information security strategy and, working closely with the CEO, Michael establishes policies relating to compliance and anti-money laundering. As well as overseeing all the activities related to the development, implementation, maintenance and adherence to the organization’s privacy policies, he is also the link between his organization and the Austrian Ministry of Finance. What are the greatest challenges you have overcome at Casinos Austria as Head of Department Compliance and Information Security? Dealing with the number of regulations is definitely number one. It is a developing field for lawmakers and this makes the laws less stringent than they should be. Additionally, this means that we sometimes have to deal with laws that are in conflict with each other such as money-laundering and data privacy. Another issue that I face, which is probably the case for many compliance officers, is keeping the awareness of compliant behavior high. It is a constantly ongoing process that requires continuous education about the rules that must be followed and we deal with this by running educational campaigns. While there are many ways to approach user education, I find running in-person educational sessions to be much more effective than the rest (e.g. e-learning). What are the greatest information security issues in the gaming industry and how should these be addressed? Different gaming markets tend to have different issues but one overall issue I found is, surprisingly, not technical but social, namely dealing with social engineering tactics. This is actually quite a problem because advanced spear phishing attacks that use social engineering methods are very difficult to recognize and therefore challenging to prevent. This is usually dealt with by keeping awareness high but, as mentioned before, that requires constant communication. Because it is such an issue, this will be my main focus for 2019. How should compliance and information security executives ideally work with the board to address information security issues? In an ideal situation, the most important aspect is to get support from the top as I cannot execute my plan if I do not have the support of the board. Additionally, constant communication within the organization is key so having weekly meetings with the board and other departments to discuss strategic issues is ideal. How are most organizations in the gaming industry handling information security and what do you think should change? Surprisingly, a lot of our competitors in the gaming industry do not have a high level of information security. This seems to be especially common with some of the younger organizations that might be prioritizing high growth over security practices. Casinos Austria has been operating since the 60s so we have very well established compliance procedures. It is not the case that these younger organizations do not care about information security but rather that they usually address this in an unstructured way without many processes. It is extremely important to have a clearly defined information security strategy and that usually means having processes in place.
Human Layer Security
Announcing our Partnership with Sequoia and a New Era of Cybersecurity
By Tim Sadler
Wednesday, February 27th, 2019
I’m delighted to officially share with the world today that Tessian’s raised $42m in Series B funding led by Sequoia and partner Matt Miller is joining the board. I got to properly know Sequoia and Matt last year after a destiny-crafting introduction from the legendary CyLon. We’ve been fortunate to have a lot of interest from investors, but I try not to take meetings unless we’re actually fundraising. Sequoia was different. Instead of spending time talking about ARR and our metrics, Matt was interested in our vision, founding story, team and challenges. Sequoia call themselves company-builders, and that’s exactly how it felt from day one. We couldn’t be more excited to welcome Matt to the Tessian board and to work with him to create a new category of enterprise cybersecurity. When Tom, Ed and I started Tessian in our apartment in 2013, we started with a grand vision but laser focus on trying to execute one thing extremely well—preventing sensitive data loss caused by human error. Over the past three years, we’ve been quietly expanding the capabilities of our machine learning engine to address other gaping holes in enterprise security. Today, we’re also delighted to share our vision with the world for the very first Human Layer Security platform for the enterprise. Enterprises have spent the past two decades protecting their networks with firewalls, their devices with endpoint security but have completely neglected the most important data processors of all—their people. The new capital raised in our Series B will allow us to leverage the technology we’ve applied to email security and expand this to provide automatic protection for the myriad platforms and applications in use everyday by people in global organizations. Of course, none of this would have been possible without our most important allies. First, I’d like to thank all of our customers for their incredible support and belief in us over the years. Cybersecurity, by definition, is a risk-averse industry. It’s been inspiring to see how many enterprises are willing to adopt new technology to solve their greatest problems. Second, and to whom we owe the greatest thanks—the employees of Tessian. It’s because of your brilliance, creativity and relentless grit that we’ve achieved what we have today. As I’m sure any founder will attest, fundraising is a necessary part of company building but not the ultimate goal. We now have a huge amount of work ahead as we execute against our plans for 2019—a year that’s shaping up to be our biggest yet.
Data Loss Prevention
Risks of Email Communication
Tuesday, February 26th, 2019
A consumer survey conducted by Adobe in 2018 found that on a typical weekday, their consumers are checking their work email an average 3.1 hours; their personal email, 2.5 hours. This makes email one of the most habitual platforms employees use, which makes changing this user behavior that much more challenging. Email’s speed and ubiquity also make it one of the single biggest threats to a company, its employees, and its data. Employees of all levels, in all industries, depend on the ability to communicate quickly and easily in order to get their jobs done. Investment bankers share market sensitive information to buy and sell companies. Lawyers share evidence on litigation matters. Hedge fund managers share data on positions or trading strategies. Over the past 20 years, email has grown to become the main artery of communication for the enterprise. According to research conducted by McKinsey in 2012, reading and answering email accounts for 28% of the average employee workday this makes email one of the most habitual tasks employees conduct.
Human error is incredibly difficult to understand, let alone predict. Changes in people’s stress levels, morale, engagement and attention can lead to misdirected emails. While a growing number of enterprise processes are now being automated, email communication is currently still reliant on human interaction and judgement – all of which makes it particularly vulnerable to human error. No matter how structured or ingrained a process or behavior is, mistakes are inescapable, and inevitable. The risk of data leakage is heightened by many of the factors that make email so useful. The same email address will send personal and professional messages, often in succession. It is platform agnostic – you can send an email to any other email address regardless of its platform making it very difficult to develop a complete security solution for a channel with so many front-end standards and configurations. As email becomes easier to use the associated risks also increase. Paul Regan, Head of Cybersecurity at Winterflood Securities noted that misdirected emails are where his firm has seen the biggest risk in the last couple of years.
Email used to be much more manual, but functions such as those Regan refers to have upped the risk, and even with an emphasis on data privacy training, the risks have grown. Hyde pointed to another worrying trend: “The way email used to be used was very manual. As time has gone on, it’s become much easier to use. It’s available on more devices, better at predicting what you’re going to do – but with that ease of use comes risk. “We trust the technology hugely, so that when something goes wrong it happens so quickly that it’s impossible to do anything about it – that’s the reality of email.” A misdirected email, such a seemingly small mistake, could heavily damage your relationships with clients and your level of public trust.
“Imagine, your most important client receives an email with financial or sensitive information going to somebody else. You have a good chance of losing that client and certainly your standing will be hit.” “It’s too late to go back now”, noted Regan. “I feel that email is an inherently weak medium, and it’s not going to change. “Deploying Tessian for us is recognition that our employees are trying to do the right thing. “This is not about having some central security department, overseeing everybody and trying to catch someone doing bad things. It’s a safety net that catches things that otherwise would be a problem,” said Hyde.
Risk of Spear Phishing to Enterprises
Tuesday, February 26th, 2019
Spear Phishing attacks are on the rise, and they’re more sophisticated than ever. Why? Because they’re extremely profitable for perpetrators. The FBI estimates that Business Email Compromise due to spear phishing has cost businesses more than $12 billion between December 2016 and May 2018. Spear phishing harms your enterprise by exploiting employees’ trust in their colleagues, partners, and customers.  Spear phishing attacks are costly with serious business impacts. What are the risks of Spear Phishing to a business? • Significant loss of funds due to wire-transfer fraud (BEC) • Malicious intrusion by hackers into business-critical systems • Significant damage to IT infrastructure due to malware or stolen credentials • Widespread loss of sensitive customer data • Widespread loss of company intellectual property • Reputation damage and regulatory penalties The Evolution of Spear Phishing 281 billion emails are sent every single day, as reported by Radicati. Since its introduction in the 1970s, email has become the main artery of communication for the enterprise. Enterprise email networks have significant cybersecurity vulnerabilities: • Email networks are open gateways • Email networks have human nodes • Email networks are dynamic in nature This exploitation began with spam in 1978. Spam is an inbound email threat that is bulk in nature i.e. emails are sent to large numbers, sometimes millions, of recipients with minimal personalisation. These properties make it relatively easy to defend against, and almost every email provider or legacy Secure Email Gateway now includes spam filtering as a standard part of their feature set. As enterprises got better at defending against spam, so too did perpetrators at trying to dupe targets. A new era of inbound email threats was born: phishing. Phishing emails are often pharming for credentials by mimicking the identity of a trusted website or service (e.g. Facebook or Gmail). As with spam, phishing is relatively easy to filter and most email platforms and legacy Secure Email Gateways include anti-phishing filters. To outmaneuver these filters, perpetrators have developed more sophisticated tactics to reach their targets. As a result, there has been a dramatic increase in a new type of inbound email threat: Spear Phishing. Unlike spam and phishing, spear phishing is highly targeted toward a specific individual within an enterprise and will often impersonate the identity of a trusted third party in order to trick the target into taking some form of action e.g. paying an invoice, sending data or downloading malware. These characteristics make spear phishing much more difficult to prevent from a technological perspective and thus mean that attackers have a higher success rate. Why are Spear Phishing attacks getting worse? 95% of all attacks on enterprise networks are the result of successful spear phishing. —  According to Allen Paller, director of research at the SANS Institute Human error and existing rule-based systems are your primary risk factor. Employees are often victims of spoofing and impersonation as malicious emails continue to bypass most email platforms and legacy Secure Email Gateways. Malicious emails continue to easily circumvent legacy spam filters, firewalls and gateways through increasingly sophisticated CEO fraud and brand spoofing campaigns. Due to human nature, unaware or preoccupied users (even those actively engaged in an awareness training program) are easily lured into downloading an attachment or clicking on a malicious email link to inadvertently provide attackers with access to sensitive corporate networks and data. 93% of respondents agree that humans and technology need to work side-by-side —  According to Allen Paller, director of research at the SANS Institute Because of the rise in spear phishing, email providers and legacy Secure Email Gateway platforms have attempted to build in some rule-based controls to prevent these kinds of attacks by detecting basic patterns which highlight an impersonation attempt. However, there’s a wide spectrum of spear phishing impersonation techniques, and rule-based controls are inadequate at preventing more sophisticated tactics. About Tessian Tessian is building the world’s first Human Layer Security platform to fulfil our mission to keep the world’s most sensitive data and systems private and secure. Using stateful machine learning to analyze historical email data, Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat?
Spear Phishing
Attackers are Using Microsoft Forms to Exfiltrate Data
Friday, February 22nd, 2019
Attackers are using Microsoft Forms links to get past email URL protection and steal sensitive information. We were alerted to this new tactic by one of our clients in the financial services sector. They recently received a spear phishing email containing a Forms link. In an attempt to protect firms from credential pharming and malware, several email security providers including Proofpoint, Mimecast and O365 Advanced Threat Protection re-write and scan URLs within emails to verify that the URL is safe to visit. The effectiveness of this approach has been questioned before, and now a new vulnerability involving the use of Microsoft Forms is being exploited by attackers. How are they exploiting Microsoft Forms? Microsoft Forms is an online tool for creating quizzes and surveys and automatically collecting the results. Forms were fully released to enterprise users of Office 365 in 2018. Here’s how they work You create a survey or quiz via Microsoft Forms and distribute it to your audience by embedding a link in an email. To fill out the form, a recipient will click the link within the email and be directed to a Microsoft Form containing fields that capture whatever data the form is designed to collect. Crucially, because the links direct users to a genuine Microsoft site, Forms links are trusted by the URL protection from Secure Email Gateways and ATP. Attackers have become aware of this and are now using authentic Microsoft Forms to collect sensitive information from unwitting targets. Any data input into the form is automatically sent to attackers, bypassing security defenses.
Many enterprises have become overly reliant on URL protection to prevent spear phishing attacks. To make things worse, with URL protection in place, employees begin to trust the links they receive in their inbox and become less vigilant to attacks. As attackers become more sophisticated they are finding simple ways to get past URL protection. Instead of focusing on the URL or on other payloads that can be sent in a spear phishing email, enterprises should aim to identify the actual impersonation behind the attack. This will not only reduce their vulnerability to attacks like this one, but also protect them from zero-payload attacks such as Business Email Compromise. We have reported this attack to Microsoft and have recommended that unique client IDs are used in the Forms URLs to allow enterprises to build custom policies to warn users when the client IDs do not match. We will update you when we hear from Microsoft.
Building a Bold and Beloved Brand
By Kelli Hogan
Wednesday, December 12th, 2018
Cybersecurity has an image problem. To many, it simultaneously conjures up feelings of stale corporate software and cliched messaging rife with anonymous hacker and military-grade defense references. It’s also an incredibly crowded space with over 2,500 brands and platforms competing for every business’s budget. Most of these solutions are invisible to end users and have zero margin for error. Let that sink in for a minute. With that said, cybersecurity, specifically information security, is now seen as essential to an enterprise’s overall operations and bottom line; today CISOs report into Boards of Directors. The increasing responsibility (due in part to stringent data protection policies like GDPR), heightened risks of processing and storing sensitive data and the fact that no organization appears to be safe from a data breach has given information security a new purpose and place within the structure of a business. So is cybersecurity the place to begin or evolve your career in marketing or design? Compared to consumer tech, it doesn’t ostensibly offer the same opportunities to flex creative muscles or deviate from rigid B2B tactics. But because of the inherent challenges and the growing need for every business to adopt a comprehensive cybersecurity strategy, this is the space for creative disruption and fresh perspectives. At Tessian, we’re building a world-class Marcomms team with the ambition of bucking convention and reimagining B2B, SaaS and cybersecurity marketing. We’re proving it can be creative and calculated, inspiring and effective. Tessian’s mission is to keep the world’s most sensitive data and technology systems secure. Our job is to build a brand that embodies this mission, and more importantly, that captures the market’s attention and turns users into satisfied customers. Marcomms at Tessian is a multidisciplinary function comprised of wildly talented communications generalists, specialists and designers. Nearly everything we do is cross-functional, which means we collaborate with every internal team—with Engineering and Data Science to ensure we authentically communicate our technology and product offering; with Client Development to capture customer success stories; with Business Development to create compelling content and execute exclusive events that help nurture leads and gain new customers. Our core objective is filling the top of the funnel and delivering pipeline to the sales team. Our targets are big. We deliver them through a variety of strategic channel activities including events, digital marketing, content creation and PR. We have the freedom and drive to constantly experiment, measure and refine our efforts in order to optimize performance. We move fast, and our work satisfies the analytical and big picture thinker in each of us. I left Google a year ago to take some time off and carefully consider my next career move. I had a decade of experience in consumer brand and product marketing, working with incredible creative talent on exciting technology. I loved it and learned a lot. But over time I was missing a few things—real autonomy and accountability. I wanted to help build something from the ground up and to be responsible for delivering exceptional and sustainable results. I got my chance by joining Tessian. In just three months, I have learned so much, acquired more responsibility than I could imagine and, most importantly, I’ve started to assemble an extraordinary team of brilliant people from different disciplines, each of whom challenges me and makes me better at my job. Our goals for 2019 are bold and courageous. To achieve them, we are looking for key talent to round out our capabilities. Check out the open roles at tessian.com/careers. In the meantime, meet our Marcomms team and hear what they think of Tessian— “As a creative graduate having worked for independent studios and within in-house teams, building a design career at Tessian has been decidedly different. Cybersecurity companies face an uphill struggle when constructing the visual narratives that power their brands—the sector is filled with overly complex explanations of technology and iconographic cliché; the shield, the padlock, the lightning strike. Design at Tessian is instead always evolving and growing, and allows you to work in all areas of the company, integrating with sales to produce pitch decks, or with client development to produce workflow diagrams, or with operations and recruitment for branded collateral and event organization.” – Leon Brown, Designer “I joined Tessian in September 2017 as the first marketer, and it’s been astonishing to see how the team has grown. When I joined it was crucial to quickly kick-start new marketing channels, and show in a very quick way the positive impact marketing has on the company and how it aligns to business goals. Then it was about building a marketing function and processes which could scale. We now focus on hiring specialists and ensuring everyone in the team is aware of the direction they are moving in and how they can get to their desired destination. I truly believe you need to hire people smarter than you and get out of the way – it’s important to allow people to be effective and perform to achieve the best results. I thoroughly enjoy working at Tessian. Marketing has always been a passion of mine, but marketing for- and at- Tessian is a whole other feeling. It’s a joy to work with such clever and driven individuals to really understand how, as a team, we can optimise our key marketing activities to the point where we can make accurate predictions on how many leads, MQLs or even revenue each channel can generate. There are some unique challenges working in a startup, but they’re also some of the biggest selling points; there may not always be a set process or structure for things, but for the right hire it can be invigorating to set up the infrastructure for the marketing team. It’s something you will keep optimising; nothing is ever stagnant. Everything is possible, which can sound terrifying, but it’s one of the most exciting things about working at Tessian. We never say something can’t be done, but rather always work together to figure it out. We learn from every failure as much as we do success.” – Chandni Trehan, Marketing Manager “Joining Tessian has made moving from Los Angeles to London more than worth it. (Even in winter.) During the universally stressful college senior job search, my motto was high growth and high impact. After graduating from UCLA, I joined Tessian as the second full-time hire on the marketing team. In under six months, I’ve been given the chance to forge my own path: come up with an idea, organize the plan of action and execute. I own the space in which I operate, while working closely and cross-functionally with every team in the office, which offers both breadth and depth, as I continue to learn and grow alongside some of the sharpest, savviest people I’ve ever known. What’s it like being at Tessian, in one word? Meaningful. Every day, we walk into work with the knowledge that what we do matters. And that’s as hard to find as it is fulfilling. While rapid growth can sometimes translate to high pressure, I’m constantly grateful to be here alongside the inspirational people that I look up to in every way on our journey to make a difference.” – Bianca Butler, Marketing Associate “With nearly 4 years in brand strategy, I’ve been fortunate enough to work on brand building challenges in luxury retail, FMCG and, more recently, consumer technology. Working across categories has given me a varied and colourful marketing perspective, but I was looking for a role that would take me to the front line of marketing, a position where I could have a daily impact and to be in a team where we feel ownership over the brand we build. Tessian has been exactly that. The work is dynamic, immediate and tangible and gives instant results. Tessian manages to gather incredible minds from an endless range of interesting backgrounds. It’s a pleasure to work in such an energetic environment, and the excitement and dedication is infectious.” – Karina Ferdi, Marketing Executive “Before joining Tessian I helped run CyLon, a cybersecurity startup accelerator in which Tessian participated. I worked with the then-5-person team for a year and a half. After I saw the team leave the office one day to play rounders after work, I knew I wanted to join the team. As reductive as that may seem, it represented a culture where everyone was not just part of a company, but also a friendship group. I finally joined in December 2017, as the company’s first designer. What I instantly saw was where there could have been an informal division between the commercial and technology, there was respect. Everyone buys into the same vision and believes we are building something game-changing. Over the last year, my design journey has been incredibly diverse. I’ve been part of the company rebranding, have created exhibition stands and even outfitting our 11,000 sq ft office.” – Shane Wickramasuriya, Design and Brand Lead  
Data Loss Prevention
Bupa Fined £175,000: The Risks and Costs of Unauthorized Emails
Thursday, October 18th, 2018
As the recent Bupa data breach highlighted, the sending of unauthorized emails – an email that is intentionally sent to an unauthorized recipient, such as an employee’s personal email account – can have a detrimental financial and reputational impact upon an organization. The global insurance and healthcare group’s failure to prevent the exfiltration and attempted sale of over half a million international health insurance customers’ personal information led to a £175,000 fine and a damning evaluation of its negligent security practices.
The loss of consumer data can also result in: • Breaching contracts or non-disclosure agreements • The loss of IP and proprietary research • Breaching data protection regulations • Heavy fines imposed by regulators and clients (GDPR, in particular, will greatly increase fines for all manner of data breaches) Despite such demonstrably damaging ramifications, many organizations do not have sufficiently secure networks and, as a result, lack the necessary visibility over how sensitive data is processed and stored. Before they know it, sensitive data is shared, stolen and sold; the damage is done. For large organizations like Bupa, monitoring thousands of employees and hundreds of thousands of email communications containing millions of pieces of data can seem an insurmountable and relentless task. In 2018, it is estimated that 124.5 billion business emails were sent every day with each employee sending an average of 31 each. These figures are only expected to increase (by at a rate of 3% per annum over the next few years) as corporate email networks grow in size and importance. Organizations that possess large amounts of highly sensitive patient or consumer data like Bupa have a duty to prevent this kind of data breach from happening. If they cannot monitor or control employee behaviour, they must take the necessary steps to find and invest in an approach and solution that can prevent unauthorized emails from being sent. It’s crucial to be proactive – rather than reactive – to address this kind of threat As such, we recommend enterprises employ an email security platform that offers comprehensive protection against the sending of unauthorized emails. Tessian Enforcer, for example, uses machine learning to understand human conversation patterns in order to detect, flag and prevent anomalous emails, which may contain sensitive data, from being sent to unauthorized or personal email accounts.
Why Rule-Based Approaches to Spear Phishing is Failing
Wednesday, September 19th, 2018
  Introducing Defender Business Email Compromise scams were responsible for over $5.3 billion in global losses from 2013 to 2017. According to the FBI, these types of attacks are also becoming more prolific, jumping 2,370% from 2015 to 2016 alone. Most enterprises have anti-spam and anti-phishing filters in place to protect their emails. Unfortunately, bad actors are outpacing these safeguards and are finding more intelligent ways to break through to their targets. This is where Tessian comes in. Since 2013, we have been developing machine intelligent technology to prevent threats that rule-based legacy gateways and platforms cannot. Tessian Defender is our latest advancement. Defender protects from threats executed by humans rather than just code, using the Tessian’s Parallax Engine and natural language processing technology to keep the most sensitive data and systems private and secure. The Problem Spear phishing is effective because of its highly targeted approach. When it successfully dupes individuals into sending money, sharing data, or downloading malware, it brings significant reputational and monetary risk. Defender protects against these threats through comprehensive safeguards against weak and strong-form impersonation alike. Weak-form impersonation can generally be detected and prevented through the rule-based controls that many enterprises already use. Often this is done by authenticating SPF, DKIM, and DMARC records to estimate the legitimacy of the sender. This entails cross-referencing IP addresses, scouring for invisible signatures, and linking senders to their domain names and broader email protocols. Rule-based defences also perform checks to find matches with known display names, modifications to “reply-to” addresses, and newly registered domains. Unfortunately, this is not enough. These systems are limited in scope and not always implemented. DMARC authentication, for example, only protects a domain against direct impersonation, where a bad actor is trying to spoof someone’s actual email address. It fails to address domain or display name lookalike impersonation. Furthermore, global DMARC adoption rates are low. Legacy technology stacks find it difficult to query large datasets in real-time, which means it is often a challenge for systems to quickly recognise and filter phishing emails. Even where these systems are sufficient, weak-form spear phishing is now evolving into a more advanced threat: strong-form spear phishing. This type of spear phishing subverts legacy email security systems by turning to tactics that are difficult for humans and rule-based email security processes to detect. Traditional, pre-defined rule sets cannot fend off strong-form spear phishing because of the almost infinite number of domain and sub-domain, display name and address, and freemail permutations impersonation allows for. Even where they do detect certain impersonations, legacy systems cannot capture the evolving dynamics of email networks, with enterprises developing new relationships every day over email. A rule set would need to constantly be updated in order to remain effective. This is time consuming and resource intensive and inefficient. The Solution Tessian Defender is specifically designed to tackle strong-form impersonation spear phishing. Due to the complexity of strong-form impersonation techniques, having an understanding of email relationships based on historical data and user behavior is critical. Using stateful machine intelligence, Tessian has developed a new approach to thwart spear phishing. Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat? Tessian Defender also uses natural language processing (NLP) to understand content within an email and will automatically classify its intent, so it can provide more context to the end user within a warning message, and also highlight the specific risk to security teams.  
Page