Tessian Recognized as a Representative Vendor in 2021 Gartner Market Guide for Data Loss Prevention — Read more.

Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
Tessian Culture, Cyber Skills Gap
Tessian Officially Named a 2021 UK’s Best Workplaces™ for Women
By Laura Brooks
Thursday, July 1st, 2021
We’re excited to announce that Tessian has been recognized as one of the top three medium-sized companies in the UK’s Best Workplaces™ for Women for 2021.  Our Human First value, its commitment to Diversity, Equity and Inclusion (DEI), and its Employee Resource Group (ERG) for women – Tes-She-An – are just some of the reasons why people love working at the company. This recognition confirms that:  Tessian is a great workplace for all employees, including women. Tessian recognizes that women represent a valuable talent pool in increasingly talent–constrained industries such as cybersecurity and technology.  Tessian lives up to its company values of ‘Human First’ and ‘We Do the Right Thing’, as its leaders make meaningful changes to improve their ability to recruit, retain and nurture top female employees.
Education and training have been foundational first steps in Tessian’s DEI strategy. We partnered with Jeff Turner, former International Learning and Development Director for Facebook, to deliver company-wide training around diversity, unconscious bias and inclusion. We’ve also taken the time to establish our long-term DEI roadmap – which includes a diversity recruitment strategy across all hiring levels, expanding the entry-level talent pool by creating junior jobs for people entering the tech industry, and prioritizing the development of future leaders through well-defined growth frameworks across the company. 
In addition, Tessian’s ERG group – Tes-She-An – provides a space to support all employees who identify as women, celebrate their achievements, and help each other “shine even brighter” by focusing on career progression. The group runs monthly workshops for women, and invites inspiring external guests who are leading the charge in creating equal opportunities in the tech industry, to speak to employees. Importantly, these events do not operate in a closed network. They’re open to the entire company – not just women.  As a result of these initiatives and programs, 99% of Tessian employees surveyed by Great Place to Work® agreed that people at the company are treated fairly regardless of their gender.  Paige Rinke, Head of People at Tessian, says: “We are so proud to be recognized as a Best Workplace for Women and hear first-hand from our employees that our initiatives to create an inclusive workplace are resonating. One of our core values is Human First, and we’re committed to ensuring every employee feels supported and valued, and to improving gender and ethnicity representation across all levels of seniority at Tessian through our DEI efforts. “Why? Because empowering our people to thrive in an inclusive environment and challenging the status quo to create more equal opportunities in the tech industry is, ultimately, the right thing to do.”  Benedict Gautrey, Managing Director of Great Place to Work® UK, explains: “We’re delighted to recognize so many great organizations in this fourth year of the UK’s Best Workplaces™ for Women list. The issues affecting women in the workplace, particularly what we’ve witnessed in the face of the pandemic including parity of pay and advancement opportunities, continue to be important topics. “What our 2021 UK’s Best Workplaces™ for Women clearly show is the positive impact their practices have on business. As a result, they are better able to attract and retain women of talent, encouraging them to develop professionally and personally, and in turn, contribute exponentially to the success of the organizations they work for.” Want to work at Tessian? See if we have a role that interests you today.
Read Blog Post
Engineering Team
Tessian’s CSI QA Journey: WinAppDriver, Office Apps, and Sessions
By Tessian
Wednesday, June 30th, 2021
Introduction In part one, we went over the decisions that led the CSI team to start automating its UI application with a focus on the process drivers and journey.  Today we’re going to start going over the technical challenges, solutions, and learnings along the way.  It would be good if you had a bit of understanding of how to use WinAppDriver for UI testing.  As there are a multitude of beginner tutorials, this post will be more in depth. All code samples are available as a complete solution here. How We Got Here As I’m sure many others have done before, we started by adapting winappdriver samples into our own code base.  After we had about 20 tests up and running, it became clear that taking some time to better architect common operations would help in fixing tests as we targeted more versions of Outlook, Windows, etc.  Simple things like how long to wait for a window to open, or how long to wait to receive an email can be impacted by the test environment, and it quickly becomes tedious to change these in 20 different places whenever we have a new understanding/solution on the best way to do these operations. Application Sessions A good place to start when writing UI tests is just getting the tests to open the application.  There are plenty of samples online that show you how to do this, but there are a few things that the samples leave each of us to solve on our own that I think would be helpful to share with the larger Internet community. All Application Sessions are Pretty Similar And when code keeps repeating itself, it’s time to abstract this code into interfaces and classes.  So, we have both: an interface and a base class:
Don’t worry, we’ll get into the bits.  The main point of this class is it pertains to starting/stopping, or attaching/detaching to applications and that we’re storing enough information about the application under test to do those operations.   In the constructor, the name of the process is used to determine if we can attach to an already running process, whereas the path to the executable is used if we don’t find a running process and need to start a fresh instance.  The process name can be found in the Task Manager’s Details tab. Your Tests Should Run WinAppDriver I can’t tell you how many times I’ve clicked run on my tests only to have them all fail because I forgot to start the WinAppDriver process beforehand.  WinAppDriver is the application that drives the mouse and keyboard clicks, along with getting element IDs, names, classes, etc of the application under test.  Using the same solution WinAppDriver’s examples show for starting any application, you can start the WinAppDriver process as well.   Using IManageSession and BaseSession<T> above, we get:
The default constructor just calls BaseSession<WinAppDriverProcess> with the name of the process and the path to the executable. So you can see that StartSession here is implemented to be thread safe.  This ensures that only one instance can be created in a test session, and that it’s created safely in an environment where you run your tests across multiple threads.  It then queries the base class about whether the application you’re starting is already running or not.  If it is running, we attach to it.  If it’s not, we start a new instance and attach to that.  Here are those methods:
These are both named Unsafe to show that they’re not thread safe, and it’s up to the calling method to ensure thread safety.  In this case, that’s StartSession(). And for completeness, StopSession does something very similar except it queries BaseSession<T> to see if we own the process (i.e. it was started as a fresh instance and not attached to), or not.  If we own it, then we’re responsible for shutting it down, but if we only attach to it, then leave it open.
You’ll Probably Want a DesktopSession Desktop sessions can be useful ways to test elements from the root of the Windows Desktop.  This would include things like the Start Menu, sys-tray, or file explorer windows.  We use it for our sys-tray icon functionality, but regardless of what you need it for, WinAppDriver’s FAQ provides the details, but I’ve made it work here using IManageSession and BaseSession<T>:
It’s a lot simpler since we’d never be required to start the root session.  It’s still helpful to have it inherit from BaseSession<T> as that will provide us some base functionality like storing the instance in a Singleton and knowing how long to wait for windows to appear when switching to/from them. Sessions for Applications with Splash Screens This includes all the Office applications.  WinAppDriver’s FAQ has some help on this, but I think I’ve improved it a bit with the do/while loop to wait for the main window to appear.  The other methods look similar to the above, so I’ve collapsed them for brevity.
Putting it All Together So how do we put all this together and make a test run?  Glad you asked! NUnit I make fairly heavy use of NUnit’s class and method level attributes to ensure things get set up correctly depending on the assembly, namespace, or class a test is run in.  Mainly, I have a OneTimeSetup for the whole assembly that starts WinAppDriver and attaches to the Desktop root session.  
Then I separate my tests into namespaces that correspond to the application under test – in this case, it’s Outlook.  
I then use a OneTimeSetup in that namespace that starts Outlook (or attaches to it). 
Finally, I use SetUp and TearDown attributes on the test classes to ensure I start and end each test from the main application window.
The Test All that allows you to write (the somewhat verbose) test:
Wrapping It All Up For this post we went into the details on how to organize and code your Sessions for UI testing.  We showed you how to design them so you can reuse code between different application sessions.  We also enabled them to either start the application or connect to an already running application instance (and how the Session object can determine which to do itself).  Finally, we put it all together and created a basic test that drives Outlook’s UI to compose a new Email message and send it. Stay tuned for the next post where we’ll delve into how to handle all the dialog windows your UI needs – to interact with and abstract that away – so you can write a full test with something that looks like this:
Read Blog Post
Tessian Culture
A Year on from Plus, the Tessian LGBTQ+ Network
By Leon Brown
Wednesday, June 30th, 2021
This Pride month, at workplaces around the world, you would be forgiven for thinking nothing has changed — working at home, we find ourselves at the same desks looking out of the same windows. Pride celebrations still look and feel different from the ‘before times’, as the physical manifestations of our LGBTQ+ community are slowly rebuilt in digital fabric. A year on from the creation of Plus, Tessian’s LGBTQ+ employee resource group, we look back to our original mission and founding principles, what we’ve learned in these strange times, and what we can look forward to in 2021. How Plus was formed  In all of 2020’s uncertainty, there was one certainty in the transition to remote-working — digital would have to replace physical… at least for the time being.  Zoom calls replaced meeting rooms, Slack replaced coffee chats, and Tessian began to use a tool called Peakon to measure employee engagement. It was only natural, then, that Plus was started by a single Peakon message, asking: “Is Tessian doing anything for LGBTQ Pride Month?”
The answer turned out to be No — but that the opportunity presented itself with the full support of the company and executive team. Without any existing plans, a few LGBTQ+ Tessians self-organized and promoted our newly-formed group — Plus. For us, Pride has always been about celebration and amplification of LGBTQ+ voices — both inside and outside of Tessian, and to create a “safe space” for all Tessian LGBTQ+ employees to network, socialize, and share experiences behind closed doors.  But our largest reservation when starting Plus was always about critical mass.  How Plus grew at Tessian Without any visibility on LGBTQ+ employees at Tessian, we didn’t know if the group would have enough members to be successful, or if by creating a community exclusive to LGBTQ+ voices alone, we would be excluding allies of the community in a way that restricted our ability to act on our mission. Forming a small committee, we promoted the arrival of Plus during company all-hands, new employee onboardings, and relied on existing and larger employee resource groups to gather members. We were quickly impressed at the uptake, with more than 10% of the company joining Plus within the first month of launch — a significant minority and higher than the expected average. Seniority and function were both well-represented at Plus, pulling from all parts of Tessian and for the first time, providing an organized and welcoming committee of LGBTQ+ voices. Plus was formed around a core mission to:  Ensure an inclusive and respectful environment for all employees Raise awareness of, and represent the views and issues of, LGBTQ+ employees Provide a support network for LGBTQ+ employees Create opportunities to socialize with other LGBTQ+ employees Offer confidential support when needed Provide guidance to Tessian as an employer on policy and how to enhance its diversity strategy In practice, the digital certainties of our last year in remote work has led Plus to resculpt any and all ideas around community-building. Online socials over Zoom, knowledge sharing via Slack — and more recently — socially distanced gatherings at local parks, have all worked well. As Tessian began it’s formal journey on Diversity & Inclusion with the development of an internal D&I Report — again developed remotely — Plus had a seat at the table to shape the discussion around LGBTQ+ representation at the company. And sharing our message outside of Tessian, Plus was even fortunate enough to be interviewed for Infosecurity Magazine’s cover pride story alongside ERGs from Zivver and Rapid7.
That is to say, that even during a year when LGBTQ+ communities around the world have struggled to run gatherings, fundraising, or support networks, — when the importance of Pride as an LGBTQ+ institution has been validated — our approach to working directly with LGBTQ+ Tessians on the community-building activities that matter most to us has proven successful. What’s next for Plus? One of Tessian’s company values continues to be Human First. And with Plus, we’re proud to have created a private, Human First initiative for Tessians to celebrate their sexual orientation and gender identity. Plus germinated alongside Tessian’s transition to choice-first remote working, but won’t stop growing as we move forward to a hybrid workplace. Continuing to grow with new members, we’re excited to meet up in-person, campaign for positive change outside of Tessian, and work with external speakers to open up LGBTQ+ stories to the whole company. Do you lead an LGBTQ+ Employee Resource Group at your company? Get in touch and we would love to hear from you on how you’ve elevated LGBTQ+ voices during the past year, and what successes you’ve seen building healthy LGBTQ+ communities.
Read Blog Post
Human Layer Security, DLP, Data Exfiltration
What is an Insider Threat? Insider Threat Definition, Examples, and Solutions
By Tessian
Tuesday, June 29th, 2021
Organizations often focus their security efforts on threats from outside. But increasingly, it’s people inside the organization who cause data breaches. There was a 47% increase in Insider Threat incidents between 2018 and 2020, including via malicious data exfiltration and accidental data loss. And the comprehensive Verizon 2021 Data Breach Investigations Report suggests that Insiders are directly responsible for around 22% of security incidents. So, what is an insider threat and how can organizations protect themselves from their own people?
Importantly, there are two distinct types of insider threats, and understanding different motives and methods of exfiltration is key for detection and prevention. Types of Insider Threats The Malicious Insider
Malicious Insiders knowingly and intentionally steal data, money, or other assets. For example, an employee or contractor exfiltrating intellectual property, personal information, or financial information for personal gain.  What’s in it for the insider? It depends. Financial Incentives Data is extremely valuable. Malicious insiders can sell customer’s information on the dark web. There’s a huge market for personal information—research suggests you can steal a person’s identity for around $1,010. Malicious Insiders can steal leads, intellectual property, or other confidential information for their own financial gain—causing serious damage to an organization in the process. Competitive Edge Malicious Insiders can steal company data to get a competitive edge in a new venture. This is more common than you might think.  For example, a General Electric employee was imprisoned in 2020 for stealing thousands of proprietary files for use in a rival business. Unsurprisingly, stealing data to gain a competitive edge is most common in competitive industries, like finance and entertainment. The Negligent (or Unaware) Insider 
Negligent Insiders are just “average” employees doing their jobs. Unfortunately, “to err is human”… which means people can—and do—make mistakes. Sending a misdirected email Sending an email to the wrong person is one of the most common ways a negligent insider can lose control of company data. Indeed, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches.  And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. We’ve put together 11 Examples of Data Breaches Caused By Misdirected Emails if you want to see how bad this type of Insider Threat can get. Phishing attacks Last year, 66% of organizations worldwide experienced spear phishing attacks. Like all social engineering attacks, phishing involves tricking a person into clicking a link, downloading malware, or taking some other action to compromise a company’s security. A successful phishing attack requires an employee to fall for it. And practically any of your employees could fall for a sophisticated spear phishing attack. Want to know more about this type of Negligent Insider threat? Read Who Are the Most Likely Targets of Spear Phishing Attacks? Physical data loss   Whether it’s a phone, laptop, or a paper file, losing devices or hard-copy data can constitute a data breach. Indeed, in June 2021, a member of the public top-secret British military documents in a “soggy heap” behind a bus stop. Looking for more examples of Insider Threats (both malicious and negligent?) Check out this article: 17 Real-World Examples of Insider Threats How can I protect against Insider Threats? As we’ve seen, common Insider Threats are common. So why is so hard to prevent them? Detecting and preventing Insider Threats is such a challenge because it requires full visibility over your data—including who has access to it. This means fully mapping your company’s data, finding all entry and exit points, and identifying all the employees, contractors, and third parties who have access to it. From there, it comes down to training, monitoring, and security. Training While security awareness training isn’t the only measure you need to take to improve security, it is important. Security awareness training can help you work towards legal compliance, build threat awareness, and foster a security culture among your employees. Looking for resources to help train your employees? Check out this blog with a shareable PDF. Monitoring Insider Threats can be difficult to detect because insiders normally leverage their legitimate access to data. That’s why it’s important to monitor data for signs of potentially suspicious activity. Telltale signs of an insider threat include: Large data or file transfers Multiple failed logins (or other unusual login activity) Incorrect software access requests Machine’s take over Abuse by Service Accounts Email Security The vast majority of data exfiltration attempts, accidental data loss incidents, and phishing attacks take place via email. Therefore, the best action you can take to prevent insider threats is to implement an email security solution. Tessian is a machine learning-powered email security solution that uses anomaly detection, behavioral analysis, and natural language processing to detect data loss. Tessian Enforcer detects data exfiltration attempts and non-compliant emails Tessian Guardian detects misdirected emails and misattached files Tessian Defender detects and prevents spear phishing attacks How does Tessian detect and prevent Insider Threats? Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects the content and metadata of inbound emails for any signals suggestive of phishing—like suspicious payloads, geophysical locations, IP addresses, email clients—or data exfiltration—like anomalous attachments, content, or sending patterns. Once it detects a threat, Tessian alerts employees and administrators with clear, concise, contextual warnings that reinforce security awareness training
Read Blog Post
Who Are the Most Likely Targets of Spear Phishing Attacks?
By Maddie Rosenthal
Friday, June 25th, 2021
Last year, 66% of organizations worldwide experienced spear phishing attacks. But some industries and departments are more likely to be targeted than others. In this article, we’ll identify examples of vulnerable employees, why they’re targeted, and what tactics hackers use to trick them into handing over sensitive information or initiating money transfers.
We’ll be focusing on the following spear phishing methods. CEO Fraud Business Email Compromise Whaling Email Spoofing For more information about these different types of attacks, click the links above. Unsure what exactly spear phishing is?  Read this article: Phishing vs. Spear Phishing: Differences and Defense Strategies. Let’s get started…
John: Executive Assistant (New-Starter), Tech Company
Our first spear phishing victim is John: An executive assistant working in tech. Why tech? Because it’s a highly targeted sector. Employees in tech firms are the most likely to fall for a social engineering scam, according to one study looking at companies with over 1,000 people. In fact, in medium-large tech companies, roughly half of employees will click on a malicious link or obey instructions in a phishing email. Those aren’t good odds. Within the tech industry, John is an executive assistant.  Why is John’s role relevant? Because spear phishing is a targeted attack—cybercriminals are looking for individuals with access to high-value data. And executive assistants have that in spades. Think about it. Executive assistants: Have extensive access to credit card data, employee data, and intellectual property Have access to executives’ email accounts, and know their itinerary and travel arrangements Work autonomously and have decision-making capabilities In other words, John is in a near-perfect position of access and influence. John’s also a new starter, which makes him particularly vulnerable. He isn’t familiar with company policies. He doesn’t know everyone. And, for what it’s worth, he hasn’t had security awareness training yet. And psychologically, John’s “the new guy”—he’s keen to show initiative, avoid annoying his colleagues, and might be less likely to report his own mistakes. So when John gets a CEO fraud email from someone claiming to be the boss, he’s less likely to question it. How would a hacker know if a certain employee has recently joined a company? Spear phishing attacks require meticulous research. But finding out about a company and its employees is easy. LinkedIn accounts, company websites, annual reports—everything a cybercriminal needs to know about an organization’s structure and employees is laid out in public view. Learn more about how bad actors leverage publicly available information in this research report: How to Hack a Human.
Lucy: Office Administrator, Healthcare Company
Our second spear phishing victim is Lucy: an office administrator working in healthcare. Why healthcare? Two reasons:  First, according to a sector-by-sector study, the healthcare industry is the most vulnerable to social engineering attacks overall (without taking company size into account).  Second, healthcare employees are most likely to be involved in privilege misuse incidents. And in healthcare, data breaches are particularly costly. In fact, for ten years running, healthcare has been the most expensive industry in which to experience a data breach, with the average single incident costing $7.13 million in 2020 (up 10% from 2019). Why is a healthcare breach so costly? It’s partly down to the value of patient data. Think about the types of data accessible to an office administrator working in healthcare: Health records Clinical trials Insurance information Credit card details Patient data Employee data Payroll information Lucy is vulnerable to email spoofing attacks, where a phishing email appears to come from a trusted domain. According to the FBI, spoofing attacks have risen by 81% since 2018 Healthcare firms are often poorly equipped to deal with cybersecurity incidents, as shown by the recent spate of ransomware attacks on hospitals. Therefore, they may lack software capable of identifying a spoofed email account. Adam: Accounts Payable Manager, Manufacturing Company
Our third spear phishing victim is Adam: an accounts payable manager working in manufacturing. Manufacturing is among the most targeted industries in social engineering incidents. And manufacturing firms a favorite for BEC attacks, because of the high volume of invoices being paid.  Manufacturing companies are often part of long supply chains, which can be targeted in account takeover attacks. Because his job involves processing payments, Adam is particularly vulnerable to BEC—which frequently involves persuading accounts managers to pay fake invoices. BEC remains a cybercrime “growth sector”. FBI data shows that in 2020, BEC scammers made over $1.8 billion—far more than via any other type of cybercrime. Magda: Senior Partner, Law Firm
Magda is our fourth spear phishing victim, and she’s a senior partner at a law firm. So far, we’ve looked at mid-level employees. But remember that when conducting spear phishing attacks, cybercriminals aim to get the most “bang for their buck.” That’s why they frequently target high-ranking employees through “whaling” attacks. Here’s why company executives can be the ultimate catch for a spear phishing attack: They control large budgets They have power over many employees They’re busy, often stressed, and can easily make mistakes About that last point: Tessian research suggests that more than half of employees felt they were more likely to make mistakes at work when they were stressed—and that high-ranking employees are among the most likely to fall for a phishing attack. Plus, Magda works in a law firm—and we know the legal sector is heavily targeted by spear phishing. As the U.K.’s National Cyber Security Centre reports:  “The cyber threat to the UK legal sector is significant and the number of reported incidents has grown substantially over the last few years.”  This increase in cybercrime is partly down to the rapid rate at which legal firms are adopting new technology. How can employees detect spear phishing attacks? Want to avoid ending up like our spear phishing victims? There are a few basics steps you can take: Learn to spot the signs of a spear phishing email Avoid email impersonation by checking for inconsistencies in senders’ email addresses. Hover over links to see where they lead before clicking on them. Verify non-routine payment instructions over the phone. But note that humans are often not capable of detecting the subtle differences between phishing emails and authentic emails. And spam filters, antivirus software, and other legacy security solutions just aren’t enough. How Tessian prevents spear phishing attacks Tessian Defender uses machine learning, anomaly detection, behavioral analysis, and natural language processing to detect even the most discrete phishing signals. Here’s how it works. Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects both the content and metadata of inbound emails for any signals suggestive of phishing, like suspicious payloads, geophysical locations, IP addresses, email clients, or sending patterns.  Once it detects a threat, Tessian alerts employees that an email might be unsafe, explaining the threat in easy-to-understand language.
Read Blog Post
Tessian Culture, Engineering Team
React Hooks at Tessian
By Luke Barnard
Wednesday, June 16th, 2021
I’d like to describe Tessian’s journey with React hooks so far, covering some technical aspects as we go. About two years ago, some of the Frontend guild at Tessian were getting very excited about a new React feature that was being made available in an upcoming version: React Hooks. React Hooks are a very powerful way to encapsulate state within a React app. In the words of the original blog post, they make it possible to share stateful logic between multiple components. Much like React components, they can be composed to create more powerful hooks that combine multiple different stateful aspects of an application together in one place. So why were we so excited about the possibilities that these hooks could bring? The answer could be found in the way we were writing features before hooks came along. Every time we wrote a feature, we would have to write extra “boilerplate” code using what was, at some point, considered by the React community to be the de facto method for managing state within a React app ─ Redux. As well as Redux, we depended on Redux Sagas, a popular library for implementing asynchronous functionality within the confines of Redux. Combined, these two(!) libraries gave us the foundation upon which to do…very simple things, mostly API requests, handling responses, tracking loading and error states for each API that our app interacted with. The overhead of working in this way showed each feature required a new set of sagas, reducers, actions and of course the UI itself, not to mention the tests for each of these. This would often come up as a talking point when deciding how long a certain task would take during a sprint planning session. Of course there were some benefits in being able to isolate each aspect of every feature. Redux and Redux Sagas are both well-known for being easy to test, making testing of state changes and asynchronous API interactions very straight-forward and very ─if not entirely─ predictable. But there are other ways to keep testing important parts of code, even when hooks get involved (more on that another time). Also, I think it’s important to note that there are ways of using Redux Sagas without maintaining a lot of boilerplate, e.g. by using a generic saga, reducer and actions to handle all API requests. This would still require certain components to be connected to the Redux store, which is not impossible but might encourage prop-drilling. In the end, everyone agreed that the pattern we were using didn’t suit our needs, so we decided to introduce hooks to the app, specifically for new feature development. We also agreed that changing everything all at once in a field where paradigms fall into and out of fashion rather quickly was a bad idea. So we settled on a compromise where we would gradually introduce small pieces of functionality to test the waters. I’d like to introduce some examples of hooks that we use at Tessian to illustrate our journey with them. Tessian’s first hook: usePortal Our first hook was usePortal. The idea behind the hook was to take any component and insert it into a React Portal. This is particularly useful where the UI is shown “above” everything else on the page, such as dialog boxes and modals. The documentation for React Portals recommends using a React Class Component, using the lifecycle methods to instantiate and tear-down the portal as the component mounts/unmounts. Knowing we could achieve the same thing with hooks, we wrote a hook that would handle this functionality and encapsulate it, ready to be reused by our myriad of modals, dialog boxes and popouts across the Tessian portal. The gist of the hook is something like this:
Note that the hook returns a function that can be treated as a React component. This pattern is reminiscent of React HOCs, which are typically used to share concerns across multiple components. Hooks enable something similar but instead of creating a new class of component, usePortal can be used by any (function) component. This added flexibility gives hooks an advantage over HOCs in these sorts of situations. Anyway, the hook itself is very simple in nature, but what it enables is awesome! Here’s an example of how usePortal can be used to give a modal component its own portal:
Just look at how clean that is! One line of code for an infinite amount of behind-the-scenes complexity including side-effects and asynchronous behaviors! It would be an understatement to say that at this point, the entire team was hooked on hooks!   Tessian’s hooks, two months later Two months later we wrote hooks for interacting with our APIs. We were already using Axios as our HTTP request library and we had a good idea of our requirements for pretty much any API interaction. We wanted: To be able to specify anything accepted by the Axios library To be able to access the latest data returned from the API To have an indication of whether an error had occurred and whether a request was ongoing Our real useFetch hook has since become a bit more complicated but to begin with, it looked something like this:
To compare this to the amount of code we would have to write for Redux sagas, reducers and actions, there’s no comparison. This hook clearly encapsulated a key functionality that we have since gone on to use dozens of times in dozens of new features. From here on out, hooks were here to stay in the Tessian portal, and we decided to phase out Redux for use in features. Today there are 72 places where we’ve used this hook or its derivatives ─ that’s 72 times we haven’t had to write any sagas, reducers or actions to manage API requests! Tessian’s hooks in 2021 I’d like to conclude with one of our more recent additions to our growing family of hooks. Created by our resident “hook hacker”, João, this hook encapsulates a very common UX paradigm seen in basically every app. It’s called useSave. The experience is as follows: The user is presented with a form or a set of controls that can be used to alter the state of some object or document in the system. When a change is made, the object is considered “edited” and must be “saved” by the user in order for the changes to persist and take effect. Changes can also be “discarded” such that the form returns to the initial state. The user should be prompted when navigating away from the page or closing the page to prevent them from losing any unsaved changes. When the changes are in the process of being saved, the controls should be disabled and there should be some indication to let the user know that: (a) the changes are being saved, (b) the changes have been saved successfully, or that (c) there was an error with their submission. Each of these aspects require the use of a few different native hooks: A hook to track the object data with the user’s changes (useState) A hook to save the object data on the server and expose the current object data (useFetch) A hook to update the tracked object data when a save is successful (useEffect) A hook to prevent the window from closing/navigating if changes haven’t been saved yet (useEffect) Here’s a simplified version:
As you can see, the code is fairly concise and more importantly it makes no mention of any UI component. This separation means we can use this hook in any part of our app using any of our existing UI components (whether old or new). An exercise for the reader: see if you can change the hook above so that it exposes a textual label to indicate the current state of the saved object. For example if isLoading is true, maybe the label could indicate “Saving changes…” or if hasChanges is true, the text could read “Click ‘Save’ to save changes”. Tessian is hiring! Thanks for following me on this wild hook-based journey, I hope you found it enlightening or inspiring in some way. If you’re interested in working with other engineers that are super motivated to write code that can empower others to implement awesome features, you’re in luck! Tessian is hiring for a range of different roles, so connect with me on LinkedIn, and I can refer you!
Read Blog Post
Tessian Culture
Lessons Learned From Raising Our Series C Via Zoom
By Tim Sadler
Wednesday, June 16th, 2021
In February this year, I set out to raise Tessian’s Series C. As many other great founders have written, timing is everything when it comes to fundraising, so we picked our moment carefully. We’d achieved significant growth since our Series B in 2019, we’d just run our first customer NPS (the scores were very good), and we were about to launch our most significant product release to date: Human Layer Risk Hub.  This isn’t our first rodeo. It’s actually my 7th fundraise for Tessian. But there was a key difference this time. The world is working remotely. This meant our entire fundraising process happened over Zoom. So while I was expecting to use a similar version of the process I’d used over the past 7 years, it instead turned out to be something completely different.  Here are four of my key lessons learned from raising our Series C over Zoom.  (1) Get ready to move fast The biggest change I experienced in raising a remote round is how much faster things move. The convenience of Zoom and the fact that nobody is traveling right now, means that it’s easier to schedule large groups of people to join a first meeting with a company. Almost all of the first meetings we had with funds involved multiple partners (some involved the majority of the fund), and this means you’ve already shortcutted what may have taken weeks in a normal process. We experienced things moving quickly from first meeting to data room (normally the same day), and then super fast again from data room to agreeing the next meetings and customer calls. Speed is a blessing for most processes (selling, hiring), but when it comes to fundraising it’s important that founders are ready to move at pace. This means having your data room prepped in advance, NDAs signed if you’re using them, and customers on standby to act as references. Because if you don’t, you risk being left behind and losing the attention span of the funds who are inundated with opportunities right now.  (2) Get your audience to lean in  You need to bring the energy on every pitch. People are back to back on Zoom all day. And to add to this, they’re sitting in front of a computer being constantly pinged with alerts and have full access to their inbox and messaging apps. The temptation to drift away from what you’re pitching and into the chaos of work has never been higher. You need to make people lean into your presentation. You need to inspire them over Zoom. It means that the standards for your deck, narrative, product demo and delivery all have to be a level up from pitching in person. This is a heavy lift without human connection involved. Be ready for it. (3) Showcase your company by bringing in your wider team In normal times, you’d more than likely have funds come and visit your offices. An office environment is such a great way to observe the people, culture, scale and mission of a company. Now that we’re all remote, you can’t showcase your company that way. But you need to. It’s still so important to show the bigger picture of what you’re creating. While remotely raising our Series C we tried hard to have as many people amplify our story as possible. We connected investors with customers, had our executives host sessions with investors and also invited funds we were speaking to join the virtual events and webinars we were running. All of this helps investors feel the scale and impact of your company and its mission in a remote world. (4) Build rapport into your process  Through our Seed, Series A and Series B fundraises, we got to build great relationships with the people that we ended up partnering with (and also those we didn’t get to partner with). By the time these rounds were closed, I’d shared multiple coffees, lunches and dinners with investors. I knew their hobbies, where they went to school, who their family were. What became immediately apparent when we started raising the remote Series C is that things are almost efficient to a fault. If you let it, the fundraising process can focus fully on the business and erase any chance to build rapport. To combat this, Ed Bishop (my co-founder and Tessian’s CTO) and I would do little things around our pitch and meeting with investors. In our core deck, we had pictures of our first “office” (i.e. the tiny kitchen table in our even tinier apartment where we started the company) and shared personal anecdotes about our journey to-date in building the company. This did two things. It showed investors who we were as founders but also as people, so they knew when they partnered with us what it would look like. It also gave us the opportunity to know them as people based on their reaction (i.e. did they laugh? Say nothing? Admire the hustle?)  So there you have it. While in a non-remote setting people used to advise budgeting 180 days for a fundraise, Tessian’s Series C took just 63 days from first pitch to cash in the bank. The difference was that the intensity was much more concentrated over a short period of time and you have to find new ways to build rapport and your relationship with your potential investors.  As the US is starting to reopen, people are naturally trying to predict whether this is the beginning of the end for remote work, and questioning if we’ll all be back to offices soon. Whatever happens, I think remote work has changed the way companies and founders will raise venture capital for good. Zoom means that the overall process moves so much faster and funds are no longer restricted by the geography of their portfolio companies.  With all of this change though, one thing remains. The human connection is still so important. We ran our entire process virtually and met funds located all throughout the world. However, it just so happens that the lead investor we chose to partner with was located 5 minutes down the road, and we had the opportunity to meet them and their network multiple times in person throughout the process. Even though remote raising may be here to stay, the people you raise the money from is still the most important thing. Make sure you take the time to get to know who they are and build the relationship ahead of time.  If you’re interested in reading more about our recent fundraise and what it means for Tessian, everything you need to know is here.  Have you raised a remote round recently? What’s your experience been? I’d love to hear from you. 
Read Blog Post
Remote Working
5 Reasons to Download Our Back to Work Security Behaviors Report
By Laura Brooks
Tuesday, June 15th, 2021
It’s been a whirlwind of a year and now – at last – employees around the world are heading back to the office. Well, at least some of them, some of the time. As we all well know, the future of work is hybrid.  In fact, employees demand it with 89% of employees wanting to work remotely part of the week. That means organizations have to adapt quickly and adopt new policies, collaboration tools, and ways of working.  They’ll also have to evolve their cybersecurity strategies. In our new research, Back to Work: Security Behaviors Report, we explore how employees’ security behaviors have changed and what security pitfalls IT teams need to address ASAP. You can access the report here or, if you need a bit of convincing to click, keep reading Here are 5 reasons to download the report. 1. You’ll get actionable advice and insights from other security leaders We surveyed 200 IT decision makers to understand what’s top of mind and how they’re tackling challenges related to remote and hybrid working. That means this report is packed with helpful insights that will help guide your cybersecurity strategy.  For example: 69% of IT leaders believe ransomware will be a greater concern in a hybrid workplace 54% of IT decision makers are worried remote workers will being infected devices and malware into the office 56% of IT leaders believe employees have picked up bad cybersecurity behaviors while working from home (more on that below…) 2. You’ll have access to tons of additional resources  Because this report was written to help security professionals, we’ve included four additional resources related to hybrid working, getting buy-in, phishing, and data loss prevention (DLP). Download the report for easy access! 3. We share threat intelligence related to phishing scams in the last 6 months Between January and June, we saw a huge uptick in suspicious and malicious emails containing one specific term….
Find out what it is on page 16. 4. You’ll gain a better understanding of employees’ security behavior To get the big picture, we surveyed 4,000 employees in addition to the IT decision makers we mentioned in point 1. We found out that: 1 in 3 employees think they can get away with riskier security behaviors when working remotely 27% of workers are afraid to tell IT they’ve made a security mistake Just 51% of employees say they always report when they receive a phishing email or click on a phishing link How will you incorporate these insights into your hybrid security strategy?  5. There’s plenty of good news While the report is focused on how the threat landscape will change in a hybrid working environment, we also wanted to understand how the role of the CISO has changed (and is changing!) as a result. We have good news! We found out that 59% of IT leaders think their roles and responsibilities have been recognized as more important over the last year and that 67% say they have a seat at the table when it comes to office reopening plans.  Download the report to see how these sentiments vary by industry.
Read Blog Post
Human Layer Security
21 Virtual Cybersecurity Events To Attend in 2021
Monday, June 14th, 2021
Our list of 21 cybersecurity events to attend in 2021 features premier cybersecurity summits, like the International Cybersecurity Forum in France and National Cyber Summit in the US, alongside intimate and industry-specific events (and webinars) you won’t want to miss. Many of these events are hosted online, but a lot of organizers are planning to host their conferences face-to-face. Watch out for last-minute changes as the COVID-19 situation continues to evolve. Last updated June 14, 2021 Cloud and Cyber Security Expo Date: June 16-17, 2021 Location: Online  The Cloud and Cyber Security Expo focuses on the “zero trust” model of security and how AI can help combat cyber threats. The conference features sessions on how to close the security gap in your third-party connections, implementing a zero-trust framework across your organization, and understanding zero-trust network architecture. Cost to attend: Free CISO Visions Virtual Cybersecurity Summit  Date: June 21-25, 2021 Location: Online CISO VISIONS is invitation-only for security executives.  Why is it exclusive? According to the event coordinators, it lets them cater to security leaders specific challenges and keep attendees in the company of the leaders driving progress in your field. At the event, you’ll be able to meet one-on-one with solution providers and learn from 30+ speakers driving innovation. Cost to Attend: Free (but you must apply!) PrivSec Global Date: June 22-24, 2021 Location: Online PrivSec Global returns on 22nd-24th June 2021 with over 200+ subject matter experts addressing prominent issues and challenges across 64 sessions, panel discussions, debates and fireside chats on data protection, privacy, security and beyond. Cost to Attend: Free Combatting Ransomware Attacks (Smart Grid Forums) Date: June 30, 2021 Location: Online The ransomware crisis continues to deepen, with several high-profile multi-million payments made to cybercrime gangs in recent months.  But the ransomware is solvable for most organizations—through a range of preventative security measures, response protocols, and data backups. Preventing ransomware attacks is top of mind for security leaders everywhere. Smart Grid’s webinar will consider the root causes of the ransomware explosion and offer practical tips to help you avoid falling victim to an attack. Cost to attend: Free Beyond the Application: A Cyber Security Conference by Turnkey Date: July 1, 2021 Location: Online Turnkey’s cybersecurity conference focuses on Systems, Applications, and Products Security (SAP security).  Panelists will provide a deep dive into topics such as privileged access management, the allocation of cybersecurity resources, and the importance of “human layer” security in the SAP context. Speakers include David Higgins, EMEA Technical Director at CyberArk; Punit Bafna, Information Security Engineering Principal at BP; and Paul Edney, Head of Information Security at Howdens. Cost to attend: Free British Legal Technology Forum 2021 Date: July 6, 2021 Location: Billinghurst, London The British Legal Technology Forum is Europe’s biggest legal technology conference and exhibition, featuring 2,500 square meters of exhibition space. BLTF 2021 is a crucial event for legal professionals, featuring talks from Prof. Richard Susskind, President of the Society for Computers & Law, and Bruna Pellicci, CTO at Linklaters.  Bonus: Tessian is the headline sponsor!  Want to learn more about how Tessian helps lock down email and prevent breaches for some of the world’s top law firms? Read our customer stories.  Cost to attend: Free The Richmond Cyber Security Forum 2021 Date: July 7, 2021 Location: Online The Richmond Cyber Security Forum is your opportunity to network with cybersecurity leaders. Over 100 “senior cybersecurity decision-makers” should be in attendance at the forum, and the conference’s appointment system is designed to ensure attendees get face-to-face with the delegates they want to meet. Request an invitation if you’re hoping to rub shoulders with influential personalities in the cybersecurity industry. Cost to attend: Free (invite only) Policing Cybercrime Digital Conference Date: July 16, 2021 Location: Online The Policing Cybercrime Digital Conference—organized by Westminster Insight—examines how law enforcement, cybercrime experts, and government agencies respond to the increasingly serious cybercrime threat. Attending the conference should help you better understand the evolving threat landscape—and the fascinating inter-agency efforts to tackle cybercrime. Cost to attend: Free International Conference on Cyber Security (ICCS) 2021 Date: July 19-22, 2021 Location: Fordham University, New York The International Conference of Cyber Security (ICCS), a collaboration between the FBI and Fordham University, is among the world’s premier cybersecurity events. Esteemed speakers from around the world will discuss how to address cyber threats in the private, government, academic, and law enforcement sectors. The 2021 agenda remains a work-in-progress, but previous ICCS events have featured presentations from the Director of National Intelligence (DNI), FBI, CIA, and NSA. Registration is limited to just 300 attendees. Cost to attend: $995. Cyber Security Tutorial (CST) and Law Enforcement Workshop (LEW): an extra $75 per session. WSTA: Smart, Fast, Effective: Cybersecurity in the Age of Analytics and Automation Date: July 21, 2021 Location: Online This seminar and panel session provides an overview of the threat universe facing financial cybersecurity firms.  You can expect to review operational security best practices, and dig deep into critical technology areas. Check out the agenda here. Cost to Attend: Members Only Black Hat USA 2021 Date: July 31-August 5, 2021 Location: Las Vegas and Online In its 24th year, this hybrid in-person and virtual event features virtual training sessions, briefings, and a Business Hall. More info coming soon! Cost to Attend: TBC Enterprise Security & Risk Management: Americas Date: September 2, 2021 Location: Online Whitehall Media’s Enterprise Security & Risk Management (ESRM) Americas conference examines how businesses can build sustainability into their operations—and how CISOs and other security professionals can manage risk in today’s threat landscape. The conference will feature sessions on digital transformation (with Sandy Silk of Harvard University) and disaster recovery (with Kirsten Davies, CISO at Estee Lauder), plus a panel on protecting AI-enabled digital business systems. Cost to attend: Free CIISec Live 2021  Date: September 15-16, 2021 Location: Online CIISec Live is an important annual conference for infosec professionals to learn and share their experiences with industry colleagues, organized by the Chartered Institute of Information Security. CIISec Live provides three speaker tracks: Masterclasses, Career Development, Accreditation & Academia, Market Disruption & Security Relevance, and Emerging Requirements to Future Solutions. Speakers include renowned computer scientist Bruce Schneier, Chris Kubecka, Distinguished Chair at Middle East Institute, and Phil Venables, Global CISCO of Google Cloud. Cost to attend: Free for CIISec members, or £80 GBP for non-members Gartner Security and Risk Management Summit Date: September 20-22, 2021 Location: Orlando, FL Over four days, security, identity and access management, and risk management executives will come together to share valuable insights on establishing an effective, risk-based cybersecurity program.  Attendees will learn how to prepare for the new normal, with the tools they need to create agile security and IT risk management plans. For more information about speakers, click here. For more information about the agenda, click here. Cost to Attend: $3, 825 Cyber Senate Control Systems Cybersecurity USA Conference Date: September 22-24, 2021 Location: Online With cybercriminals increasingly targeting critical infrastructure and industry, control systems cybersecurity has never been more important. The eighth annual Control Systems Cybersecurity USA Conference will feature sessions on operational technology, Internet of Things (IoT) risk, identity control, endpoint protection, and more. Speakers include representatives from the National Grid, Florida’s Municipal Power Agency, and Trend Micro. Cost to attend: Operators of Essential Services (Physical attendance): $0.00. Commercial Company (Physical attendance): $1,499.00 + VAT. Virtual Ticket: $499.00 + VAT. International Cyber Expo London — September 28-29, 2021 Date: September 28-29, 2021 Location: Online London’s International Cyber Expo showcases leading cyber and physical security vendors’ solutions. Meet top government officials, policy-makers, and industry leaders at this important trade fair and conference. The show will feature delegates from sectors such as network protection, industrial systems, and endpoint security. Conference sessions will delve into the increasingly important link between cyber and physical security. Cost to attend: Free European Legal Security Forum 2021 Date: September 29, 2021 Location: Online The European Legal Security Forum focuses on cybersecurity, critical response, and risk mitigation within the legal sector. This year’s speakers will include Twitter CISO Rinki Sethi and Karl Knowles, Global Head of Cyber at HFW LLP. Over 300 senior executives from the world of law and legal technology should be in attendance at the forum, so expect some helpful insider information on the latest development in legal security. Cost to attend: Various tickets are available ranging in price from £245 GBP – £749 GBP. Cybersecurity Digital Summit for EMEA 2021 Date: October 19-20, 2021 Location: Online  This Cybersecurity Digital Summit, hosted by Cyber Security Hub, is a two-day event focusing on the main threats affecting the Europe, Middle-East, and Africa (EMEA) region. The summit follows on from Cyber Security Hub’s events focusing on the Americas and Asia Pacific (APAC) regions. According to Cyber Security Hub’s publicity, the EMEA region “seems to set the course for the regulatory framework that APAC (Asia Pacific) and the Americas are adopting.” Whether you’re a cybersecurity professional working in the EMEA region — or you’re based elsewhere and hoping to understand the threats emerging from EMEA — this event is for you. Cost to attend: Free DevSecCon London  Date: October 20-21, 2021 Location: Online Integrating security into development is a critical front in the battle against cybercrime. DevSecCon showcases new ideas and approaches in DevSecOps—the collaboration of DevOps and security.  2021’s agenda is still in development—but expect some big industry names discussing issues from supply chain to customer experience. Cost to attend: TBA Black Hat Europe 2021 — November 8, 2021 Date: November 8, 2021 Location: Online Black Hat Europe is the European iteration of the Black Hat Briefings—a day filled with 30-40-minute cutting-edge presentations on security. The Black Hat Briefings have been running for over 24 years. These briefings are a chance for computer security leaders to share insights into the latest research, developments, and issues across industries. Cost to attend: TBA International Conference on Cyber Security and Privacy in Communication Networks (ICCS) 2021 — December 9-10, 2021 Date: December 9-10 2021 Location: Online The International Conference on Cyber Security and Privacy in Communication Networks (ICCS) presents the latest research on cyberthreat analysis, privacy, and security from thinkers across academia, government, and industry. In the conference’s seventh year, delegates can expect talks on cloud security, databases security, digital signature techniques, and much more. Cost to attend: Various prices, with discounts available for student and faculty staff, ranging from £35 GBP to £240 GBP.
Read Blog Post
Threat Intel
US Legal Education Provider Spam Campaign Detected
By Charles Brook
Friday, June 11th, 2021
Overview Time period: March 2020 – May 28, 2021 Number of emails sent: >405,000 Subject lines used: 5,881 Mailboxes targeted: 2,099 Sender domains used: 821 Tessian’s Research & Intelligence team have identified a pattern of suspicious email activity across the Tessian platform, originating from a US-based online “leader in legal education”. The first email campaigns were detected in early 2020. In every campaign, the organization appears to be promoting discounts on educational courses or new curriculum. New domains – our team has observed 2-3 new domains appearing per week – were used to evade spam filters and SEGs. Who was targeted? Over 10% of our customer base received one of the campaigns from this legal education firm. 65% of the targeted customers are in the Legal sector; 25% are in Financial Services. Almost all targeted customers are US-based. Nearly every customer has a legacy Secure Email Gateway (SEG) and Tessian Defender as part of their inbound email tech stack. These emails bypassed the SEGs, but were flagged as potentially malicious by Tessian Defender.
One single law firm received an astounding 280,000 emails from this organization in a little over a year. Other Tessian customers received several hundred to thousands in the same time frame. Normally high-volume campaigns like this are not very targeted or customized to the recipient. In this case, the sender has taken a scatter-shot approach with the hope that a fraction of the recipients engage. Even if these emails are not malicious, they are certainly a nuisance – especially for busy attorneys.   What was the angle? Nearly 6,000 subject lines were used in these email campaigns. Notable themes and keywords include: Coronavirus / COVID-19 Cryptocurrency, Blockchain, Bitcoin and Smart Contracts AirBnB & Short-Term Rental Law Marijuana, Hemp and Cannabis Law  Judgments & Asset Protection Uber, Lyft & Ridesharing law Discounts Last/final day to register It appears that they are attempting to capitalize on new or trending legal topics, which could be particularly relevant to law firms and financial services institutions.
Suspicious, not necessarily malicious  While this legal education provider may be a legitimate organization, their website is insecure (no SSL certification, no padlock icon), and more importantly, the way they are building and distributing these email campaigns is suspicious; their tactics mimic those deployed by cybercriminals to evade defenses. For example, the emails are often sent from a recently registered domain by a sender the recipient will probably not have seen before. These are two key indicators that trigger Tessian Defender. In a little over a year, the legal education provider registered over 800 domains; sent emails from over 825 email addresses; and used about 20 different display names. This sort of behavior indicates that they were deliberately crafting emails to bypass rule-based filtering. [Read more about display name and domain manipulation.] Why? Once a domain has developed a reputation for spam, then it can be added to a spamming blacklist, which will be a significant factor considered by spam filters.  Registering a new domain with a fresh or unknown reputation is the easiest way to get around this. This is not dissimilar to how hackers create phishing attacks.  The emails often also contained a sense of urgency to bait the recipient into buying or signing up to something while a certain discount is still available. Urgency (i.e. “Last day to register”) is another technique regularly employed in phishing emails. Most of the URLs in the emails pointed to a legitimate website called Constant Contact (an email marketing tool). What can you do about it? General guidance  Limit how far you share your email address across the internet. Keep it private unless it is essential to share it. Do not click on any links in spam emails as they could be malicious. Mark it as spam or move it to your spam/junk email folder to help train the spam recognition algorithm. After marking it as spam, delete the email from your spam/junk folder. If you’re a Tessian customer Review attacks in the Tessian portal and add senders to a denylist to be blocked before reaching inboxes in the future.  Review attacks in the Tessian portal and remove emails from employee inboxes.  Use the Human Layer Risk Hub to understand which employees are most at risk of phishing; then notify them individually or create customized warnings to educate them about the risk. The primary way for avoiding spam is to limit how much you share your email address across the internet. Be cautious of who and what services you sign up to with your email address – whether it’s your personal or business email address. Some services may willingly sell your information to spammers or marketers. The key difference between marketing emails and spam is that marketing emails should only be sent to emails that have consented to receive them. To comply with regulations like GDPR and CCPA, marketing emails must also provide an easy way to opt out of future emails, for example, by including an unsubscribe link or button in the email. Last but not least, if you’re a lawyer, always make sure the provider and courses of legal training are accredited. 
Read Blog Post
Customer Stories
Advanced Inbound and Outbound Threat Protection for an International Law Firm
Friday, June 11th, 2021
Company: Penningtons Manches Cooper Industry: Legal Company Size: 1,000 employees Solutions: Enforcer, Guardian, Defender Environment: Hybrid Platform: Outlook Customer since: 2016 About Penningtons Manches Cooper Penningtons Manches Cooper is a leading UK and international law firm which provides high quality legal advice to both businesses and individuals. The firm has UK offices in the City of London, Basingstoke, Birmingham, Cambridge, Guildford, Oxford and Reading with an overseas network stretching from Asia to South America through their presence in Singapore, Piraeus, Paris, Madrid and São Paulo. With 130 partners and over 880 people in total, Penningtons Manches Cooper is acknowledged as a dynamic and forward-thinking practice which combines legal services with a responsive and flexible approach.  They have established a strong reputation in a variety of sectors, particularly private wealth, shipping, technology and property.  Penningtons Manches Cooper lawyers are also recognised for their expertise in life sciences, education, retail, sports and entertainment and international trade. Before Tessian…. Before deploying Tessian in 2016, Marcus Shepherd, Best Practice Operations, and Richard Mullins, IT Security Engineer, both suspected Penningtons Manches Cooper had a more significant problem with email data breaches than was being reported. Marcus explained, saying “It was pretty clear that, together with the rest of the industry back then, we had a problem with email data breaches but had no visibility as to the extent of it. We had reporting processes in place, but had a hunch that the actual number of incidents was higher than those being reported by employees. Part of the problem was education. Complete understanding of what constituted a data breach and the possible consequences of data breaches – even with very basic personal details – was not fully understood then.  A lot of employees were not clear that if something had taken place, it needed to be reported.” While they were leveraging some standard rules in Outlook for inbound threats, they were relying on employee training, rule-based systems, and self-reporting to prevent outbound threats like misdirected emails and data exfiltration (both accidental and malicious).
According to Marcus and Richard, they lacked visibility and control over threats, employees were struggling with alert fatigue, and their security team was inundated with more false positives than they could investigate.  Must-have features…. In evaluating solutions, the firm was originally looking for three key features. Effectiveness: Because data loss incidents were a concern, their top priority was to find a solution that would accurately predict data loss incidents on email. But unsurprisingly, they were wary of any solution that might trigger false positives. This would distract partners and cause alert fatigue. Ease-of-use: They wanted a tool that would be easy to deploy and not require a large security team to manage it day-to-day.   Education: It can be difficult to encourage fee-earners to prioritize security considerations when dealing with busy and demanding clients. The pop-ups triggered by rule-based tools weren’t offering employees the information they needed to understand how to handle data safely or why it was so important to do so. Marcus and Richard wanted a tool that offered context and complemented training and awareness programs.
With Tessian…. As an innovative firm with a proactive security team, Penningtons Manches Cooper was an early adopter of Tessian and deployed Tessian Guardian and Tessian Enforcer in 2016 to prevent misdirected emails and data exfiltration on email. In 2019 – as soon as it was released to market – they deployed Tessian Defender. Tessian offers advanced threat protection  Since deploying Tessian, Richard and Marcus have seen Tessian Enforcer reduce loss of IP from people leaving the firm, have seen over 3,000 interventions where Tessian Guardian has prevented a potential data breach by flagging a misdirected email, and have seen Tessian Defender prevent advanced impersonation attacks including CEO Fraud and Business Email Compromise.  “Tessian is a vital part of our security stack when it comes to cyber awareness, risk and compliance, and information protection. It’s an essential perimeter defense – and sometimes the last line of defense,” Richard said.  Tessian surfaces rich insights about employee behavior on email With Human Layer Risk Hub, Penningtons Manches Coopers’ security team has clear visibility of threats.  “Tessian is doing the heavy lifting for us now. We’re no longer looking through spreadsheets with hundreds or thousands of events. With Human Layer Risk Hub, we get incredible visibility within the portal into high-risk users and high-risk events. We can now identify users whose behavior could put us at risk, whether it’s via misdirected emails, unauthorized emails, or spear phishing attacks. This all helps massively with incident response since our security and compliance teams do not have limitless resources,” Richard said.  In-the-moment warnings reinforce security awareness training and reduce risk over time Tessian’s in-the-moment warnings offer context about why an email is being flagged as malicious or suspicious. They’re written in clear, easy-to-understand language and help nudge employees towards safer behavior over time.
The platform is easy to deploy and manage day-to-day  Tessian deploys within minutes, learns within hours, and starts protecting in a day. Richard and Marcus experienced this during their initial deployment and again during their merger with Thomas Coopers LLP in 2019.  Marcus explained, saying that “Deploying Tessian across new users after the merger was seamless. We got everyone connected immediately which helped us extend our security culture right away”.  Low flag rates and false positives mean Tessian doesn’t get in the way  It was important for Marcus and Richard to find a tool that worked, without distracting, frustrating, or confusing especially busy lawyers.  With Tessian, they no longer struggle with high rates of false positives.
Tessian sets the benchmark for technology partners From the outset, Richard and Marcus have been proactive in helping shape Tessian’s product roadmap to serve them, other law firms, and customers across industries.   “In terms of a relationship with a supplier, Tessian is the benchmark for continuous improvement and adapting to the threat landscape. We have a huge amount of engagement and feedback with Tessian which has helped to improve our email security posture. They actively want to go on our journey with us and are always willing to listen to our concerns or requirements,” Richard said.
Read Blog Post
Spear Phishing
8 Real-World Examples of Business Email Compromise (Updated 2021)
Thursday, June 10th, 2021
Business Email Compromise (BEC) attacks use real or impersonated business email accounts to defraud employees. The FBI calls BEC a “$26 billion scam” that affects thousands of businesses every year. This article will look at some examples of BEC attacks that have cost organizations money, time, and reputation — to help you avoid making the same mistakes. Not sure what BEC is? We tell you everything you need to know about it – including how it works – in this article: What is Business Email Compromise and How Does it Work? You can also learn how Tessian prevents BEC for organizations across industires here.  1. $17.2m acquisition scam Our first example demonstrates how fraudsters can play on a target’s trust and exploit interpersonal relationships. In June 2014, Keith McMurtry, a Scoular employee, received an email supposedly from his boss, CEO Chuck Elsea. The email informed McMurty that Scoular was set to acquire a Chinese company. Elsea instructed McMurty to contact a lawyer at accounting firm KPMG. The lawyer would help facilitate a transfer of funds and close the deal.  McMurty obeyed, and he soon found himself transferring $17.2 million to a Shanghai bank account in the name of “Dadi Co.” The CEO’s email, as you might have guessed, was fraudulent. The scammers had used email impersonation to create accounts imitating both Elsea and the KPMG lawyer. Aside from the gargantuan $17.2m loss, what’s special about the Scoular scam? Take a look at this excerpt from the email, provided by FT.com, from “Elsea” to McMurty: “We need the company to be funded properly and to show sufficient strength toward the Chinese. Keith, I will not forget your professionalism in this deal, and I will show you my appreciation very shortly.” Given the emotive language, the praise, and the promise of future rewards — it’s easy to see why an employee would go along with a scam like this. 2. Law enforcement turns a blind eye to nonprofit’s $625,000 BEC loss BEC rates have been rising for several years, as demonstrated by 2021 data from the FBI’s Internet Crime Complaint Center (IC3).  The IC3 says that in 2020, losses from BEC exceeded $1.8 billion—that’s a fourfold increase since 2016. The number of BEC incidents also rose by 61% between 2016 and 2020. So perhaps it’s unsurprising—if somewhat disheartening—that law enforcement agencies are struggling to cope with all the BEC incidents that companies are reporting to them. In June 2021, we learned that San Fransisco-based homelessness charity Treasure Island fell victim to a devastating, month-long $625,000 BEC attack after hackers infiltrated the organization’s bookkeeper’s email system. The hackers found and manipulated a legitimate invoice used by one of Treasure Island’s partner organizations. Staff at Treasure Island transferred a loan intended for the partner organization straight into the cybercriminals’ bank account.  The nonprofit sadly lacked cybercrime insurance. But even worse—the U.S. Attorney’s Office in San Fransisco, which would have been responsible for leading an investigation into the BEC attack, reportedly declined to investigate the incident. This case serves as a reminder that, when it comes to cybercrime, prevention is always better than cure. Building security into your systems is the only viable way to avoid the losses associated with BEC attacks. 3. BEC scammers exploit COVID-19 fears 2020 was a turbulent year, and we saw cybercriminals exploiting people’s fear and uncertainty like never before. A particularly prevalent example was the trend of COVID-19-related BEC scams. As the pandemic spread, governments worldwide issued warnings about a surge in cyberattacks. In April 2020, for example, the FBI warned that scammers were “using the uncertainty surrounding the COVID-19 pandemic” to conduct BEC scams.  The FBI gave one example of an unnamed company, whose supposed supplier requested payments to a new account “due to the Coronavirus outbreak and quarantine processes and precautions.” Criminals will always seek to capitalize on chaos. In December 2020, Keeper reported that uncertainty caused by COVID-19, Brexit, and the move to remote-working led to 70% of U.K. finance companies experiences experiencing BEC attacks over the preceding year. Looking for more examples of scammers exploiting COVID-19 fears? We share four more and outline the red flags contained in each here. BONUS! There’s a downloadable guide at the bottom of the article.  4. Prison sentence for Atlantan BEC scammer In June 2021, an Atlanta court sentenced Anthony Dwayne King to two and a half years in prison for his role in a BEC scam—but only after he’d earned nearly $250,000 ripping off businesses and individuals across four U.S. states. Between October 2018 and February 2019, King and his accomplices conducted BEC and vishing (phone phishing) operations, setting up fake companies and opening fraudulent bank accounts to redirect wire transfers.  The cybercriminals targeted law firms and home movers but were thwarted by Georgia’s Cyber Fraud Task Force. As well as serving federal prison time, King will have to repay the money he stole from his victims. 5. Hacker group behind Solarwinds attack launches BEC campaign The cybersecurity world was rocked in 2020 by the Solarwinds attacks, in which Russian group Nobelium (also known as Cozy Bear and APT29, among other names) pushed its malware into thousands of organizations’ systems via a software update. In March 2021, we learned about Nobelium’s new campaign. Rather than hijacking software updates provided by a trusted software provider, Nobelium’s most recent cybercrime spree leverages a trusted mass email provider. Nobelium reportedly used email provider Constant Contact to send more than 3,000 emails to over 150 organizations, including government agencies.  The emails were disguised as information about electoral fraud and contained a malicious payload designed to create a backdoor into the recipient’s computer. As companies worldwide attempt to recover from the impact of the Solarwinds attack, Nobelium’s follow-on campaign reminds us about the variety of threat vectors available to cybercrime groups. If you want to learn more about the SolarWinds attack, check out our conversation with world-renowed hacker Samy 6. $46.7m vendor fraud In August 2015, IT company Ubiquiti filed a report to the U.S. Securities and Exchange Commission revealing it was the victim of a $46.7 million “business fraud.” This attack was an example of a type of BEC, sometimes called Vendor Email Compromise (VEC). The scammers impersonated employees at a third-party company and targeted Ubiquiti’s finance department. We still don’t know precisely how the cybercriminals pulled off this massive scam. VEC attacks previously relied on domain impersonation and email spoofing techniques, but these days, scammers are increasingly turning to the more sophisticated account takeover method. 7. Snapchat payroll information breach Many high-profile BEC attacks target a company’s finance department and request payment of an invoice to a new account. But not all BEC scams involve wire transfer fraud. Here’s an example of how BEC scams can target data, as well as money. In February 2016, cybercriminals launched a BEC attack against social media firm Snapchat. Impersonating Snapchat’s CEO, the attackers obtained “payroll information about some current and former employees.” The scam resulted in a breach of some highly sensitive data, including employees’ Social Security Numbers, tax information, salaries, and healthcare plans. Snapchat offered each affected employee two years of free credit monitoring and up to $1 million in reimbursement. 8. The big one: $121m BEC scam targeting Facebook and Google  Last — but by no means least — let’s look at the biggest known BEC scam of all time: a VEC attack against tech giants Facebook and Google that resulted in around $121 million in collective losses. The scam took place between 2013 and 2015 — and the man at the center of this BEC attack, Evaldas Rimasauskas, was sentenced to five years in prison in 2019. So how did some of the world’s most tech-savvy employees fall for this elaborate hoax?  Rimasauskas and associates set up a fake company named “Quanta Computer”  — the same name as a real hardware supplier. The group then presented Facebook and Google with convincing-looking invoices, which they duly paid to bank accounts controlled by Rimasauskas. As well as fake invoices, the scammers prepared counterfeit lawyers’ letters and contracts to ensure their banks accepted the transfers. The Rimasauskas scam stands as a lesson to all organizations. If two of the world’s biggest tech companies lost millions to BEC over a two-year period — it could happen to any business. Want to explore other examples of email attacks? Check out these articles: 6 Examples of Social Engineering Attacks COVID-19: Real-Life Examples of Opportunistic Phishing Emails  Phishing Statistics (Updated 2021)
Read Blog Post
Page
[if lte IE 8]
[if lte IE 8]