Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
Careers: Adding Rocket Fuel to our Rocket Ship
By Maddie Rosenthal
Tuesday, March 12th, 2019
Picture this: It’s 4pm on a Wednesday. While the rest of the working world is going through their midweek slump – clock watching and/or waiting for their boss to turn comments before burning the midnight oil – you are stepping in to the boardroom of a leading London law firm. In front of you, as you pour yourself a glass of sparkling water with a postcard panorama of the city skyline behind you, are the Managing Partner and Head of IT. They usher you into your seat. As you scramble to connect the various adapters into your MacBook, your mind is 100% focused on delivering a pitch on why their firm should today solve their biggest problem. You need to educate, persuade and ultimately introduce this organization to machine learning (sometimes, for the first time). As you load up your slides on Keynote, it’s show time. At Tessian, this is not a what-if scenario, this is just one of the daily occurrences as a Business Development Manager (BDM). I had the rare opportunity to be ‘patient zero’ for the Business Development function at Tessian. And it was – and continues to be – an unbelievably exhilarating experience. Every single exercise has value: multiple introductory emails to prospective customers, pitching and ultimately navigating organizations to implementation all help our company achieve our goals.
As a BDM, you are experiencing entrepreneurship in its most raw, gritty form. You are your own rapid-growth business within a rapid-growth business. You get to experience the glamorous highs – as detailed above – alongside the excruciating lows, all at breakneck pace. Industry-defining deals are the norm, and your targets have a direct impact on the products our team can ship, the services we can offer to our customers, and our ultimate mission to protect enterprises from threats executed by humans in order to keep the world’s most sensitive data and systems secure.
Given the nature of the role – a discipline in process, a fervent desire to do things faster and better, creative and strategic thinking, and collaboration through external stakeholder management – BD has become a natural breeding ground for commercial leadership at Tessian. It’s not just here, but across organizations: 20% of Fortune 500 CEOs have come from a selling/marketing background and there is a common adage in start-up world that an overwhelming amount of successful entrepreneurs have first built careers in sales. It’s true here as well – our CEO, founders, Head of US, Enterprise and Finance Directors, and myself (Chief Revenue Officer) have effectively all built our careers in some way as BDMs at Tessian.
Tessian is hoping to redefine sales and business development. We don’t believe in nor hire those who portray the negative stereotypes around sales. BDMs at Tessian are some of the brightest, hardest-working and most upstanding people I have interacted with in my career. It’s humbling to come in and work with these people on a daily basis and I am incredibly grateful that our team’s constant ambition is to outperform. I sometimes think of the famous Sheryl Sandberg quote to Harvard Business School grads: “If you’re offered a seat on a rocket ship, don’t ask what seat! Just get on.” As a member of the Business Development team at Tessian, we get to be right in the control room. And from our window, there’s an incredible view.
Read Blog Post
Autocomplete Mistake on Email
Tuesday, March 12th, 2019
  What is Autocomplete? How does Autocomplete work? Autocomplete / auto-fill is a feature which displays suggestions for names and email addresses as you start to type them. These suggestions are possible matches from a list of names and email addresses from the email messages that you have sent. As you start typing a name in the To box, based on the characters you enter, Outlook’s Autocomplete feature displays a list of possible choices. As you enter more characters, Outlook narrows the list. How common are Autocomplete Mistakes? Autocomplete updates its suggested list as quickly as you type each character so it’s very easy to select the wrong email address. Outlook / other mail providers maintain a history of all the email addresses you enter, not just the ones you store in the Address book. Due to this, these names make their way onto the Autocomplete list. Autocomplete mistakes can happen when you’re in a hurry or distracted. For example you may type a name into the ‘To’ box, choose the first option and send — without realizing that Outlook’s Autocomplete feature chose the wrong recipient. Autocomplete is a highly useful and productive feature in a workplace, helping to save time, however it is prone to making mistakes and can cause you to accidentally send emails to the wrong person. Should I switch Autocomplete off? As the risk of misdirected emails is becoming a key issue for leadership, informations security, risk and operating teams, organisations are often taking an impulsive approach to solving this problem. Upon identifying that one of the main culprits for this growing challenge is the auto-complete function over email, the knee-jerk solution by management is to switch the function off, which ends up causing far more problems than it solves. The truth is, Autocomplete is helpful and you shouldn’t disable it. “After identifying the risk of misdirected emails, we explored the option of disabling Autocomplete however it became incredibly clear that this was not the solution. Instead, we needed something that complemented rather than prohibiting work flows, hence we opted for Tessian’s Guardian product” —  David Smith, Partner and Head of Operations, Anthony Gold Solicitors What happens if I disable Autocomplete? There are a number of reasons that firms should strive to keep auto-complete on. It is imperative to take a holistic approach rather than act in what can be perceived in an impetuous manner when dealing with risks such as misdirected emails. Why you shouldn’t disable Autocomplete: 1. Misdelivery risk increases due to manual input 2. Tessian research found that productivity decreases by 30% 3. Increase in non-authorised, non-controlled communication channels to send messages 4. Misaddressed Emails do not decrease 6. Negative experience with technology Tessian’s low user disruption and intelligent predictions have proved to be a sophisticated and risk attractive improvement to disabling autocorrect in Outlook —  Duncan Eadie, IT and Business Services Director at Foot Anstey About Tessian Tessian is building the world’s first Human Layer Security platform to fulfil our mission to keep the world’s most sensitive data and systems private and secure. Using stateful machine learning to analyze historical email data, Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat?
Read Blog Post
Customer Stories
Safeguarding a Reputation with Intelligent Data Loss Prevention
Tuesday, March 12th, 2019
Boult Wade Tennant is a leading patent and trademark attorneys firm with offices in London, Madrid, Munich, Cambridge, Reading and Oxford, specializing in intellectual property law. Their patent, trademark, and design teams specialise in advising clients over the full life-cycle of brands, products or systems; from acquisition, exploitation and protection to commercial use, infringement or contentious issues. Boult Wade Tenannt is protecting employees with Tessian Guardian.
Working with their clients’ proprietary information and other confidential data as a matter of course, the firm wanted to augment the protection they provide their clients, and further safeguard any confidential information they may process on clients’ behalf. Boult Wade Tennant picked Tessian because it was easy to install, required minimal configuration, and is unobtrusive to employees. Tessian has allowed Boult Wade Tennant to mitigate the risk of misaddressed emails and inadvertent IP loss, safeguarding their reputation as one of the best in the business. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Read Blog Post
Customer Stories
Ensuring Data Loss Protection
Tuesday, March 12th, 2019
Com Laude, an ICANN accredited registrar, is a specialist domain name management company that helps businesses manage their domain name portfolios throughout the full life cycle. Com Laude is protecting employees with Tessian Guardian, Tessian Enforcer and Tessian Constructor.
The problem As a trusted strategic partner of leading global brands, Com Laude recognized that there was a direct correlation between the security of their clients’ information and the security of their business – something that they were keen not only to protect but enhance, so as to facilitate further growth. Having identified the significance of the threat at hand, they were keen to find a solution – and with misdirected emails being the most common type of data security incident, there was no time to waste. Attracted by the intelligence of our AI and machine learning based software, the Com Laude team actively sought out Tessian Guardian, combining this with the additional protection provided by Tessian Constructor to implement an effective regulatory framework for their internal communication policies. The solution Tessian was rolled out to 30 employees across a number of departments at Com Laude. After an initial period of time exploring Tessian’s functionality, Com Laude built a variety of rules specifically for their organisation using Constructor and had Guardian successfully running in the background. Soon after, Com Laude were presented with a detailed threat report from Tessian, including a high-level overview of their email statistics along with a deep-dive analysis of the specific threats identified via the Guardian – specifically, flagged misdirected emails. The results from this report provided Com Laude with “proof” not only of the value of their investment, but of the scale of the problem. Having indicated that Guardian was able to detect and prevent email threats in the form of misdirected emails, the report also provided the company with some significant insights via these email statistics. This had a direct impact on Com Laude’s business model, allowing the firm to use these findings to set key rules designed to further protect their customers. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Read Blog Post
Customer Stories
Securing the Email Environment from Human Error
Tuesday, March 12th, 2019
Travers Smith is a leading corporate law firm headquartered in London. It advises national and multinational companies across the full range of corporate and commercial matters. Travers Smith is protecting employees with Tessian Guardian and Tessian Constructor.
Given the highly sensitive nature of the work performed and the client confidentiality requirements outlined by the Solicitors Regulation Authority, securing their email environment from human error was a key priority for the firm. Risk and IT teams were acutely aware of the potential risks from misdirected emails and chose Tessian Guardian because of the admin – free nature of the product and minimal disruption and effort that it requires from end users at the organization. Travers Smith successfully deployed Tessian firm wide with minimal effort from the firm’s IT team. After a set period of time using the software, Travers Smith was presented with a comprehensive report containing details of Tessian’s performance and examples of misdirected emails that had been prevented. Thanks to Tessian, Travers Smith is now better equipped to protect clients’ sensitive information and avoid the scenario of confidential information accidentally being sent to the wrong people. Moreover, Tessian allows the firm to demonstrate diligence to clients and regulators by showing that the risk is being measured and managed appropriately. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Read Blog Post
Customer Stories
Seamlessly Implementing Email Security
Tuesday, March 12th, 2019
Grosvenor Law is a specialist personal and business dispute resolution firm based in Mayfair, London. They work on significant and complex disputes worldwide across a range of business sectors, on behalf of corporate clients and high net worth individuals. Grosvenor Law is protecting employees with Tessian Guardian and Tessian Constructor.
Given the highly sensitive nature of the work performed and the client confidentiality requirements outlined by the Solicitors Regulation Authority, securing their email environment from human error is a key priority for the firm. There has been an increasing number of high profile losses of confidential data in the legal sector in recent years and months. The Chief Executive of Grosvenor Law had already taken a number of measures to reduce the risk of inadvertent data loss over email, but chose to add to their existing risk management measures by working with Tessian given the unique machine learning intelligence of the system. The firm opted to use Guardian to prevent and detect misdirected emails, as well as Constructor to implement some of their own custom communication policies. After some time, Tessian issued the Chief Executive with a report detailing the findings of how the software had successfully prevented misaddressed emails for Grosvenor Law. It also showed how Tessian’s machine learning algorithms had developed an understanding of the organization’s regular email patterns and behavior in order to accurately detect anomalies. By having outgoing email content from their organization automatically checked by Tessian software, Grosvenor Law is able to protect their client data from one of the most common causes of data loss. They are also able to demonstrate diligence to clients and regulators that this risk is being measured and controlled. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Read Blog Post
Interviews With CISOs
Tessian Spotlight: Johan Kestens, former Chief Information Officer at ING Belgium and Luxembourg
Tuesday, March 12th, 2019
As the former Chief Information Officer for ING Belgium and Luxembourg, Johan was, until September 2018, responsible for the complete IT stack and was part of the Executive Committee. An engineer by training, Johan has worked with a number of organizations before joining ING, including McKinsey, SWIFT, SAP and A.T. Kearney. What are the greatest challenges you overcame while you were CIO at ING? There were several challenges. Firstly, we increased collaboration between the Belgian and Dutch IT operations to create a single IT organization and adopted the same agile way of working. We also brought IT professionals much closer to other teams in the business and removed as many coordination barriers as possible, which made the IT team more efficient and cost-effective. Another challenge was gaining more control of the IT change portfolio. There is always more demand than there is capacity so we changed it from a demand-driven organization to a capacity-driven one. This helped get many more things done and we had some very positive results in areas such as big data. The final challenge was creating better risk awareness and control in the business and enhancing the level of discipline in the organization. What needs to change about how most organizations are handling their IT strategy? I noticed that in many companies there is sometimes a distance between the business and IT people. This might be because of the different business jargon, personalities and delivery goals but this divide needs to disappear. Many parts of the economy are being disrupted through digital businesses and IT is increasingly becoming the main driver of business. The IT strategy for many is starting to become the strategy. For this to work effectively, you need to bring non-technical teams and IT teams closer. Improving communication and understanding between teams will help them work together most effectively. How should CIOs ideally work with the rest of the board? If you look at most company boards, I would say a lot of them are likely struggling to understand what is going on in IT. Many of them know that their digital business is becoming more important but it is like watching a soccer game; it is different when you are sitting in the stadium than when you are playing in the field. I have also sensed a mixture of fear and distrust regarding IT because some people feel that they do not have the expertise to really assess it. Most boards are made up of professionals with a commercial or finance background. An area where this is especially clear is cybersecurity, it is very frightening for board members to ultimately carry responsibility but not understand all techniques used to attack their business. Constantly reading about the newest data breaches in the news will likely do little to assure them. CIOs should do their best to address all of these concerns. What are the greatest information security issues to the banking industry and how would you address these? The biggest security incidents often happen from within, so integrity of staff must be a prerequisite. At the larger organizations, security becomes much more of a numbers game. Even with very good employee screening procedures, data breaches will likely happen either by accident or through malicious employee intent. Another important issue is adopting the right mindset when dealing with information security. I think about it in a similar way to healthcare, a new variant of flu comes out every winter and the medical industry is quite fast to respond to this but it never goes away completely. You have to adopt a framework where you understand you are never going to be completely immune as cyberattacks are always evolving. Even if you have never had a data breach before, you can never be completely sure that an employee will never fall prey to a spear phishing email. The best you can do is remain vigilant and constantly stay abreast with the newest developments. This is why I am a big fan of collaboration between industry participants or even governments. Cybercrime is like a virus, it tends to go from country to country, so by working together, you can be aware of it ahead of its arrival. All parties benefit when they collaborate together against a problem like cybercrime. What do you read/listen to stay on top of advancements in IT? Gartner reports are a very good source of information as they cover different trends well. I also follow a few networks such as CIONET to understand what is going on in the industry right now. Finally, small CIO events like dinners or breakfasts with only 10-12 participants is amazing for knowledge sharing. The size of the audience allows everyone to participate and every once in a while you get a nugget of gold. Keeping in mind that what might be very esoteric today could become very important tomorrow is key.  
Read Blog Post
Human Layer Security
Human Error is Incredibly Difficult to Understand, Let Alone Predict
Monday, March 4th, 2019
Email still remains the main communication channel for enterprises. Despite its incredible efficiencies and economies of scale, email as a communication tool is reliant on human interaction and judgement. This makes human error particularly prevalent on email. One example of a mistake that can occur over email due to human error is an email being directed to the wrong person. A misdirected email might happen for any number of reasons, just a few of which include stress, alertness, being in a hurry or simply bad luck. For example, staff members at a major Australian bank mistakenly sent emails that contained data from over 10,000 customers to the wrong recipient due to an error that changed the email’s domain name. Over the past few years the workforce has become more mobile, meaning that more data now exits organizations’ premises and networks. Many employees manage their inbox on the move, replying to an urgent email after work while commuting or messaging international clients in the early hours of the morning. While this flexibility is advantageous for employees and businesses, different diligence levels outside working hours and on mobile devices raise the chance of a misdirected email being sent. Let’s take a small-scale example. Even for a small organization where each employee sends a moderate number of emails per day, Tessian data shows that the likelihood of a misdirected email leaving the organization in a given month is high. That risk increases dramatically with the size of an organization. No matter how many Secure Email Gateways and firewalls you employ, failing to address this risk could mean your organization’s data being compromised. Mistakes due to human error are not limited only to outbound email. Over the past few years, inbound attacks such as spear phishing have become more frequent and more sophisticated. For example, someone may receive an email from an attacker impersonating a supplier requesting a transfer for an outstanding payment. The degree of urgency included in the email and the fact that the attacker utilizes a legitimate relationship makes the likelihood of the recipient falling for the attack more likely. In order to stay vigilant in this changing environment, security officers and business leaders should focus on two simple questions: 1. What’s the most likely cause of data loss for our organization? 2. What’s the maximum damage that a human error could cause? This awareness can help security leaders gain a better understanding of the risks they need to manage on an ongoing basis. Ultimately, this awareness could help mitigate the likelihood of data loss, and associated consequences like financial penalties or reputational damage. Mistakes due to human error are inevitable, but the negative consequences are not. Tessian’s machine-intelligent email filters use machine learning to understand relationships and behaviors on email, identifying in real time when people are about to make a mistake – whether it’s entering the wrong reply-to address or potentially falling for a spear phishing attack. Thoughtful, intelligent notifications located within the email client stop the threat before it can cause damage to your organization. Take action against misdirected emails and spear phishing today.  
Read Blog Post
Interviews With CISOs
Tessian Spotlight: Michael Mrak, Head of Department Compliance & Information Security at Casinos Austria
Monday, March 4th, 2019
Michael has been with Casinos Austria for 26 years. He started in the IT department and eventually took over the role of Data Privacy Officer in 2001. Responsible for overall information security strategy and, working closely with the CEO, Michael establishes policies relating to compliance and anti-money laundering. As well as overseeing all the activities related to the development, implementation, maintenance and adherence to the organization’s privacy policies, he is also the link between his organization and the Austrian Ministry of Finance. What are the greatest challenges you have overcome at Casinos Austria as Head of Department Compliance and Information Security? Dealing with the number of regulations is definitely number one. It is a developing field for lawmakers and this makes the laws less stringent than they should be. Additionally, this means that we sometimes have to deal with laws that are in conflict with each other such as money-laundering and data privacy. Another issue that I face, which is probably the case for many compliance officers, is keeping the awareness of compliant behavior high. It is a constantly ongoing process that requires continuous education about the rules that must be followed and we deal with this by running educational campaigns. While there are many ways to approach user education, I find running in-person educational sessions to be much more effective than the rest (e.g. e-learning). What are the greatest information security issues in the gaming industry and how should these be addressed? Different gaming markets tend to have different issues but one overall issue I found is, surprisingly, not technical but social, namely dealing with social engineering tactics. This is actually quite a problem because advanced spear phishing attacks that use social engineering methods are very difficult to recognize and therefore challenging to prevent. This is usually dealt with by keeping awareness high but, as mentioned before, that requires constant communication. Because it is such an issue, this will be my main focus for 2019. How should compliance and information security executives ideally work with the board to address information security issues? In an ideal situation, the most important aspect is to get support from the top as I cannot execute my plan if I do not have the support of the board. Additionally, constant communication within the organization is key so having weekly meetings with the board and other departments to discuss strategic issues is ideal. How are most organizations in the gaming industry handling information security and what do you think should change? Surprisingly, a lot of our competitors in the gaming industry do not have a high level of information security. This seems to be especially common with some of the younger organizations that might be prioritizing high growth over security practices. Casinos Austria has been operating since the 60s so we have very well established compliance procedures. It is not the case that these younger organizations do not care about information security but rather that they usually address this in an unstructured way without many processes. It is extremely important to have a clearly defined information security strategy and that usually means having processes in place.
Read Blog Post
Human Layer Security
Announcing our Partnership with Sequoia and a New Era of Cybersecurity
By Tim Sadler
Wednesday, February 27th, 2019
I’m delighted to officially share with the world today that Tessian’s raised $42m in Series B funding led by Sequoia and partner Matt Miller is joining the board. I got to properly know Sequoia and Matt last year after a destiny-crafting introduction from the legendary CyLon. We’ve been fortunate to have a lot of interest from investors, but I try not to take meetings unless we’re actually fundraising. Sequoia was different. Instead of spending time talking about ARR and our metrics, Matt was interested in our vision, founding story, team and challenges. Sequoia call themselves company-builders, and that’s exactly how it felt from day one. We couldn’t be more excited to welcome Matt to the Tessian board and to work with him to create a new category of enterprise cybersecurity. When Tom, Ed and I started Tessian in our apartment in 2013, we started with a grand vision but laser focus on trying to execute one thing extremely well—preventing sensitive data loss caused by human error. Over the past three years, we’ve been quietly expanding the capabilities of our machine learning engine to address other gaping holes in enterprise security. Today, we’re also delighted to share our vision with the world for the very first Human Layer Security platform for the enterprise. Enterprises have spent the past two decades protecting their networks with firewalls, their devices with endpoint security but have completely neglected the most important data processors of all—their people. The new capital raised in our Series B will allow us to leverage the technology we’ve applied to email security and expand this to provide automatic protection for the myriad platforms and applications in use everyday by people in global organizations. Of course, none of this would have been possible without our most important allies. First, I’d like to thank all of our customers for their incredible support and belief in us over the years. Cybersecurity, by definition, is a risk-averse industry. It’s been inspiring to see how many enterprises are willing to adopt new technology to solve their greatest problems. Second, and to whom we owe the greatest thanks—the employees of Tessian. It’s because of your brilliance, creativity and relentless grit that we’ve achieved what we have today. As I’m sure any founder will attest, fundraising is a necessary part of company building but not the ultimate goal. We now have a huge amount of work ahead as we execute against our plans for 2019—a year that’s shaping up to be our biggest yet.
Read Blog Post
Risk of Spear Phishing to Enterprises
Tuesday, February 26th, 2019
Spear Phishing attacks are on the rise, and they’re more sophisticated than ever. Why? Because they’re extremely profitable for perpetrators. The FBI estimates that Business Email Compromise due to spear phishing has cost businesses more than $12 billion between December 2016 and May 2018. Spear phishing harms your enterprise by exploiting employees’ trust in their colleagues, partners, and customers.  Spear phishing attacks are costly with serious business impacts. What are the risks of Spear Phishing to a business? • Significant loss of funds due to wire-transfer fraud (BEC) • Malicious intrusion by hackers into business-critical systems • Significant damage to IT infrastructure due to malware or stolen credentials • Widespread loss of sensitive customer data • Widespread loss of company intellectual property • Reputation damage and regulatory penalties The Evolution of Spear Phishing 281 billion emails are sent every single day, as reported by Radicati. Since its introduction in the 1970s, email has become the main artery of communication for the enterprise. Enterprise email networks have significant cybersecurity vulnerabilities: • Email networks are open gateways • Email networks have human nodes • Email networks are dynamic in nature This exploitation began with spam in 1978. Spam is an inbound email threat that is bulk in nature i.e. emails are sent to large numbers, sometimes millions, of recipients with minimal personalisation. These properties make it relatively easy to defend against, and almost every email provider or legacy Secure Email Gateway now includes spam filtering as a standard part of their feature set. As enterprises got better at defending against spam, so too did perpetrators at trying to dupe targets. A new era of inbound email threats was born: phishing. Phishing emails are often pharming for credentials by mimicking the identity of a trusted website or service (e.g. Facebook or Gmail). As with spam, phishing is relatively easy to filter and most email platforms and legacy Secure Email Gateways include anti-phishing filters. To outmaneuver these filters, perpetrators have developed more sophisticated tactics to reach their targets. As a result, there has been a dramatic increase in a new type of inbound email threat: Spear Phishing. Unlike spam and phishing, spear phishing is highly targeted toward a specific individual within an enterprise and will often impersonate the identity of a trusted third party in order to trick the target into taking some form of action e.g. paying an invoice, sending data or downloading malware. These characteristics make spear phishing much more difficult to prevent from a technological perspective and thus mean that attackers have a higher success rate. Why are Spear Phishing attacks getting worse? 95% of all attacks on enterprise networks are the result of successful spear phishing. —  According to Allen Paller, director of research at the SANS Institute Human error and existing rule-based systems are your primary risk factor. Employees are often victims of spoofing and impersonation as malicious emails continue to bypass most email platforms and legacy Secure Email Gateways. Malicious emails continue to easily circumvent legacy spam filters, firewalls and gateways through increasingly sophisticated CEO fraud and brand spoofing campaigns. Due to human nature, unaware or preoccupied users (even those actively engaged in an awareness training program) are easily lured into downloading an attachment or clicking on a malicious email link to inadvertently provide attackers with access to sensitive corporate networks and data. 93% of respondents agree that humans and technology need to work side-by-side —  According to Allen Paller, director of research at the SANS Institute Because of the rise in spear phishing, email providers and legacy Secure Email Gateway platforms have attempted to build in some rule-based controls to prevent these kinds of attacks by detecting basic patterns which highlight an impersonation attempt. However, there’s a wide spectrum of spear phishing impersonation techniques, and rule-based controls are inadequate at preventing more sophisticated tactics. About Tessian Tessian is building the world’s first Human Layer Security platform to fulfil our mission to keep the world’s most sensitive data and systems private and secure. Using stateful machine learning to analyze historical email data, Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat?
Read Blog Post
Spear Phishing
Attackers are Using Microsoft Forms to Exfiltrate Data
Friday, February 22nd, 2019
Attackers are using Microsoft Forms links to get past email URL protection and steal sensitive information. We were alerted to this new tactic by one of our clients in the financial services sector. They recently received a spear phishing email containing a Forms link. In an attempt to protect firms from credential pharming and malware, several email security providers including Proofpoint, Mimecast and O365 Advanced Threat Protection re-write and scan URLs within emails to verify that the URL is safe to visit. The effectiveness of this approach has been questioned before, and now a new vulnerability involving the use of Microsoft Forms is being exploited by attackers. How are they exploiting Microsoft Forms? Microsoft Forms is an online tool for creating quizzes and surveys and automatically collecting the results. Forms were fully released to enterprise users of Office 365 in 2018. Here’s how they work You create a survey or quiz via Microsoft Forms and distribute it to your audience by embedding a link in an email. To fill out the form, a recipient will click the link within the email and be directed to a Microsoft Form containing fields that capture whatever data the form is designed to collect. Crucially, because the links direct users to a genuine Microsoft site, Forms links are trusted by the URL protection from Secure Email Gateways and ATP. Attackers have become aware of this and are now using authentic Microsoft Forms to collect sensitive information from unwitting targets. Any data input into the form is automatically sent to attackers, bypassing security defenses.
Many enterprises have become overly reliant on URL protection to prevent spear phishing attacks. To make things worse, with URL protection in place, employees begin to trust the links they receive in their inbox and become less vigilant to attacks. As attackers become more sophisticated they are finding simple ways to get past URL protection. Instead of focusing on the URL or on other payloads that can be sent in a spear phishing email, enterprises should aim to identify the actual impersonation behind the attack. This will not only reduce their vulnerability to attacks like this one, but also protect them from zero-payload attacks such as Business Email Compromise. We have reported this attack to Microsoft and have recommended that unique client IDs are used in the Forms URLs to allow enterprises to build custom policies to warn users when the client IDs do not match. We will update you when we hear from Microsoft.
Read Blog Post
Page
[if lte IE 8]
[if lte IE 8]