Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

October 27 | Fwd:Thinking. The Intelligent Security Summit (Powered by Tessian). Save Your Seat →

guide icon

Tessian Blog

See All Posts
Email DLP
A Brief History of Data Loss Prevention Solutions
Thursday, January 9th, 2020
For many organizations, Data Loss Prevention (DLP) is at once one of the most important components of their security framework and the biggest headache for administrators. Why? Because most risks to data security actually come from within an organization, which means security teams have to classify and monitor data across hundreds – even thousands – of different entry and exit points of a corporate network. This includes user devices like laptops and mobile devices, email clients, servers, and gateways within the network. While every vendor offers a slightly different functionality – and can solve for data loss on email, endpoints, or networks – the goal of DLP software is essentially the same: to minimize the risk of data leaving the organization. To understand the agility and efficiency of some modern solutions, it’s important to understand not only the history of DLP but the history of email. This is, after all, where employees now spend 40% of their time. How has email changed over the years? Today, most of us have at least one email address. It’s the main form of communication both in the workplace and with consumer-facing brands. While a decade or two ago, we might have used traditional mail, picked up the phone, or even met in person to share information, now we freely send sensitive data and information like bank account details, medical records, and confidential trade secrets via email every day. And, the fact is, most of us don’t consider the security of these exchanges. But, with the exchange of sensitive information comes potential risks. As such, there’s an urgent need to keep email – and therefore data – safe and secure. Back in the 1990s, when email started to take off, there was little-to-no email security. It soon became apparent that some kind of filtering system was necessary. This way, people could not only limit the volume of emails they received, but they could ensure that whatever landed in their inbox was relevant. While this filtered out spam broadly, we remain exposed to targeted email threats like phishing or spear phishing attacks. Internet Service Providers (ISPs), Secure Email Gateways (SEGs), and anti-virus software took filtering a step further, using pattern and keyword recognition to identify potentially threatening emails, but it’s still not enough. In fact, the number of phishing attacks continues to rise and 2019 saw the highest number in three years. Of course, this isn’t the only problem with email. As we mentioned, there are also data risks within an organization. Data could be lost through a simple mistake, for example sending a misdirected email. Or, there could be more nefarious intent, like a disgruntled employee leaving the company on bad terms and taking valuable information with them. So, how do you solve all of these problems? There are two schools of thought: one is data-centric and the other is human-centric. Data vs. human behavior When you consider the objective of DLP, you realize there are two distinct approaches to take. Data-centric approach: Rule-based solutions use the content of an email to perform analysis. These rules consider keywords, attachments, seniority level, and even the role or department of an employee to identify sensitive information and keep it within the organization. Human-centric approach: Instead of focusing only on the data, human-centric approaches like those offered by Tessian seek to understand complex and ever-evolving human relationships in order to protect sensitive information. While both approaches have their merits, there are some clear shortcomings to a data-centric approach.
That means that the more effective solution is one that’s adaptable and can discern the variations in human behavior over time. A solution like this relies on machine-intelligent software that learns from historical email data to determine what is and isn’t anomalous in real-time. Learn more about human-centric DLP Tessian Guardian and Tessian Enforcer are advanced DLP solutions that leverage machine learning to offer superior data protection in real-time.
Read Blog Post
ATO/BEC, Email DLP, Integrated Cloud Email Security
A Year in Review: 2019 Product Updates
By Harry Wetherald
Wednesday, January 1st, 2020
2019 was a big year for email security. While the world did see a record number of data breaches (up 33% from 2018) we also saw tighter security-related policies and regulations drafted and implemented, and, in general, an increased awareness amongst businesses about the importance of proactive security strategies. While we may be biased, it seems note-worthy that human error became more and more of a talking point in the cybersecurity space. In fact, human error and the importance of machine learning and artificial intelligence in protecting people has been one of the most talked about trends by analysts going into the new year. Similarly, companies are waking up to the fact that humans are their biggest risk. It’s about time. After all, misdirected emails – emails accidentally sent to the wrong person – have been one of the top data security incidents reported under GDPR according to the Information Commissioner’s Office. We believe it’s unreasonable to expect employees to do the right thing 100% of the time when it comes to making security-related decisions; people break the rules, people make mistakes, and people can be hacked. To err is human! What’s more, we have seen how quickly the threat landscape continues to evolve, which is why throughout 2019, we rolled out a series of important product updates that have kept our user base – which saw triple digit growth over the last 12 months – safe. Here are the most important product updates to Tessian’s Human Layer Security platform for 2019.
1. Human error, quantified. The new Tessian Dashboard gives customers an at-a-glance view of breaches and near-misses on email Keen to discover trends related to the number of breaches that were prevented by Tessian over the last 30 days? Our easy-to-navigate dashboard gives administrators a complete overview of activity, including any malicious and anomalous emails detected, misdirected emails prevented, and unauthorized email attempts thwarted. Module performance for Tessian Defender, Guardian, Enforcer, and Constructor are all visible on one page, and visual representations of data make it easy to monitor and drill down on activity day-by-day. If suspicious activity is spotted, you can quickly and easily generate a report without navigating off the page. The Tessian Dashboard also allows administrators to view user health at a glance, including the percentage of users active on the Add-in and Gateway and any connection issues across the network. This will help in-house security teams ensure every employee within their organization is protected by Tessian’s modules at all times. 2. Evolving algorithms. Tessian Defender can now detect and prevent more spear phishing attempts than ever Throughout 2019, Tessian Defender was improved through a series of subtle but impactful tweaks to our algorithms to be even more adept at detecting spear phishing attempts, including advanced, difficult-to-detect direct spoof attacks. The fact is, bad actors are using increasingly sophisticated techniques to trick unsuspecting people into handing over sensitive information or granting access to controlled networks. It’s imperative that we stay ahead of the curve, hence the regular updates. Tessian Defender has improved over time – and will continue to improve – enabling the detection and prevention of even the most advanced spear phishing attempts.
3. Thwarted first-attempts. It’s now even more difficult for employees to exfiltrate sensitive data Tessian Enforcer can now detect the first attempt an employee makes to exfiltrate data over email. How? By inferring what is and isn’t likely to be authorized communication based on the vast amount of data Tessian’s ML algorithm was trained on, which doesn’t necessarily rely on prior email history of a particular email address. For example, if an employee attempts to send an email to their personal, freemail account and that email address contains the employee’s first name or surname, Tessian Enforcer presents a warning to the user advising them that the behavior is potentially unsafe and prompting them to reconsider the action. Data exfiltration remains an incredibly unwieldy problem for businesses. Tessian gives businesses much-needed oversight of the problem over email.
4. In-situ learning opportunities. Employees have an opportunity to understand why an email is unsafe with contextual warnings While Tessian prides itself on low flag rates so that security doesn’t impede productivity, we wanted to maximize the opportunity to educate users through our warnings. This way, when users do see a notification, they understand why. Improved warnings across all four modules were designed for a more user-friendly experience that seamlessly reinforces any previous or ongoing security training. With more context included, employees can now see exactly why an email is being flagged as suspicious and – importantly – they can make their own decision on how to proceed. This is at the core of Tessian’s mission. Employees should be empowered by security solutions instead of burdened by them. 5. New detection capabilities. Customers can create rules that are specific to their environment Every business or enterprise is different and IT and Infosec security leaders need some flexibility in creating filter conditions that are applicable specifically to their operations. Because we’ve introduced new detection capabilities, users can now combine more conditions to create filters for their individual use cases; for example, scanning attachment content, identifying hidden fields in spreadsheets, and reading Azure Information Protect and other DLP labels. At the most basic level, these rules look something like this: If A and B, then C, except when D or E. These variables can apply to a number of elements contained in an email, from the recipient(s) to language patterns. One way an administrator might use these new detection capabilities would be to configure a filter which only allows the finance team, for example, to share spreadsheets with people outside of their organization if the recipient’s email address is recognized as a customer, except when the attachment contains a hidden row titled “social security numbers”. Protect your most valuable asset: your people Tessian is committed to creating the world’s first Human Layer Security platform and exciting developments lie ahead as we build out a holistic platform to protect people using email and, eventually, other interfaces frequently used in the workplace. Not yet a Tessian customer? Across four modules, Tessian protects the human layer by detecting and preventing both inbound and outbound threats. This includes advanced spear phishing attacks, accidental data loss, and data exfiltration. Tessian is quickly and easily deployed to Office 365, Exchange, and G-Suite, product updates are seamlessly rolled out for users and administrators, and the technology – which doesn’t disrupt workflow – was built with productivity in mind. To understand how Tessian can fit into your existing security framework, request a demo now.
Read Blog Post
Integrated Cloud Email Security
Tessian Attends New Statesman’s Cybersecurity in Financial Services Conference
Tuesday, December 3rd, 2019
Last week, the Tessian team was delighted to attend New Statesman’s second annual Cyber Security in Financial Services conference hosted in London. New Statesman is a leading British political and cultural publication that was founded/started in 1913. The conference was attended by security executives from leading financial institutions. Attendees shared their experiences and best practices on how to secure the industry throughout a series of keynote speeches, panel discussions and networking sessions. Topics included digital transformation, open banking and threat intelligence. Tessian’s Head of EMEA and APAC, Abhirukt Sapru joined GlobalData’s Ed Thomas on a panel to discuss the risks and opportunities of smart machines, artificial intelligence, and IoT in finance. Chaired by New Statesman’s Managing Editor, Will Dunn, the conversation started off by looking at the current threat landscape within the industry and examining the weak points that continue to make financial institutions vulnerable. The panel discussed that many organizations continue to use security solutions with pre-programmed rules, which are limited in their ability to detect and prevent evolving threats. Abhirukt went on to address the prevailing problem within the industry: people. “The threat landscape is more about the person than the machine.” He continued by talking about how humans are bound to make mistakes and break the rules, both accidentally and maliciously. Abhirukt recounted the regrettable time during his days as a banker when he misdirected an email containing sensitive data to the wrong person. He went on to say that organizations can invest a lot of money into security solutions, but if they don’t account for the human factor, then one mistake can cause substantial damage. Ed also added that from his experience that “issues with security really start with people and processes.” The discussion continued to the topic of awareness and education. Both Abhirukt and Ed agreed that if education and cybersecurity awareness isn’t adopted at the top, then it is highly unlikely that it will trickle down throughout an organization. This aligned with one of the key themes of the conference: cybersecurity needs to be a board issue. The discussion concluded with a Q&A session where questions focused on what financial institutions can do to discover the best solutions to invest in. The key takeaway? When it comes to securing data, financial institutions will continue to be at risk unless they get proactive with their security strategy. To learn more about how Tessian is helping financial institutions like Evercore, speak to an expert today.
Read Blog Post
Customer Stories
Ensuring Data Security under GDPR
Monday, December 2nd, 2019
Coastal Housing Group is a not-for-profit social housing provider specializing in community residential properties. The business predominantly operates in South Wales, United Kingdom. In addition to residential properties, Coastal Housing has a robust commercial portfolio that focuses on mixed-use town center regeneration projects. Coastal Housing is protecting 250 employees with Tessian Defender and Tessian Guardian.
Protecting a bustling business Coastal Housing has provided housing opportunities to communities across South Wales since 2008. Mark Elias is Coastal Housing’s IT Infrastructure Manager. He understands how important data security is in the housing sector.  Coastal Housing handles and processes a considerable amount of sensitive information and utilizes multiple, complementary technologies to help keep this information protected. While the organization goes to great lengths to provide staff with the reassurance that they are conscientious about security, the IT team recognized that they could do more. With a growing mobile workforce and data regularly exiting the organization’s directly controlled network, the IT team wanted to see how machine learning could fortify their security stack. Tessian’s offering was exactly what Coastal Housing was looking for.
Staying vigilant under GDPR Tessian integrated seamlessly into Coastal Housing’s layered infrastructure. Tessian was up and running in a short period of time and was very easy for the IT team to understand. Having implemented Tessian Guardian, Coastal Housing can now prevent accidental data loss from misdirected emails, mitigating the impact of human error and helping IT teams control an unwieldy problem. Coastal Housing’s IT team deployed Tessian and educated employees about how the product works quietly in the background. With a low false positive rate, Coastal Housing’s employees liked the fact that when a warning did appear, it provided context on what had happened. Guardian accurately flags mistakes without disrupting their day-to-day workflow. Coastal Housing employees now feel assured that they won’t accidentally send sensitive information to the wrong destinations. In addition to the problem of accidental data loss, Coastal Housing’s IT team are acutely aware of how sophisticated spear phishing attacks are becoming. While employees are being as vigilant as they can be, it’s unrealistic to assume they will be able to spot a threat 100% of the time. Armed with Tessian Defender, Coastal Housing has secured their system from inbound spear phishing threats, protecting the organization from data being pilfered and systems being compromised.
Maintaining security while growing Coastal Housing understands that for security to be effective it cannot be static. As threats evolve, so must the technology designed to protect against them. Being a bustling business, Coastal Housing will continue to adapt and to respond to the ever-changing landscape. The organization will continue to focus on investing in platforms that are capable of doing the same.
Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Coastal Housing Case Study hbspt.cta.load(1670277, '880a4a55-f9d1-4c59-ba27-5cf49853b297', {"region":"na1"});
Read Blog Post
ATO/BEC, Integrated Cloud Email Security
It’s the Most Fraudulent Time of the Year
Saturday, November 30th, 2019
With Black Friday just around the corner, the holiday shopping season is upon us and retailers will face their busiest time of the year. In the last six weeks of 2018, for example, UK retailers and US retailers saw sales of £79.7bn and $719.2bn, respectively, as shoppers rushed to scoop up the best deals. No wonder, this window is often referred to as the “Golden Quarter”. But retailers and their customers may get more than they bargained for as this surge of shoppers makes the “Golden Quarter” a golden time for cybercriminals to launch phishing campaigns. We often think about consumers as the main victims of retail-related phishing attacks in the holiday shopping season. And quite rightly; shoppers receive hundreds of emails from retailers promoting their latest deals around peak shopping days like Black Friday and Cyber Monday. It’s a ripe opportunity for cybercriminals, who are looking to steal personal data and payment details, to “hide” in the noise, pose as legitimate brands and prey on individuals who are not necessarily security savvy. However, it’s also important to remember that retailers themselves are at greater risk of phishing attacks during this time, as well. In fact, our latest report reveals that nearly two thirds of UK and US retailers (64%) receive more phishing attacks in the three months leading up to Christmas, compared to the rest of the year. Black Friday, in particular, is a prime time for seasonal scammers as UK retailers (56%) and US retailers (57%) saw an increase in the number of phishing attacks during the Black Friday / Cyber Monday weekend last year. Given that phishing attacks have only grown in frequency and severity since then, there is no doubt that phishing will continue to be a persistent threat for retailers this year too. It’s also concerning to see that 70% of IT decision makers at UK retailers and 65% at US retailers believe their staff are more likely to click on phishing emails during the holiday shopping season. The reason? Employees are at their busiest and working at a much faster pace, meaning they are less likely to check the legitimacy of the emails they are receiving. Hackers will take full advantage of the fact that security won’t be at the front of mind for busy and stressed retail workers, and will craft sophisticated spear phishing campaigns to encourage individuals to click on malicious links, download harmful attachments or wire huge sums of money. On top of this, staff will also receive more emails at this time. Consider how many colleagues, temporary workers, customers and third party suppliers retail workers engage with during the holiday shopping season. Knowing inboxes will be filling up with timely requests and orders, hackers can easily deceive employees and get them to comply with their requests via spear phishing emails that convincingly impersonate colleagues, senior executives or trusted suppliers. With the average phishing attack now costing a company $1.6 million, there are significant financial consequences for a retail worker being duped by a phishing attack. It’s understandable, then, that the IT decision makers we surveyed said that “data breaches caused by human error” are the number one threat to their business in the final quarter of the year. Phishing came in a close second, with one in five IT decision makers in retailers believing phishing is the greatest threat to their organization during the holiday shopping season. Given the people-heavy nature of the industry, retailers are, sadly, an easy target for cybercriminals. Our report clearly shows that retailers need to do everything they can to build robust defenses and minimize incidents of human error that could lead hackers to steal data and compromise systems this holiday season.  
Read Blog Post
Customer Stories
Securing Systems Amid Tight Regulation
Sunday, November 24th, 2019
Hill Dickinson is a leading commercial law firm with offices across the UK, Europe and Asia. With 850 employees worldwide, Hill Dickinson delivers advice and strategic guidance to businesses, organizations and individuals, advising on non-contentious advisory and transactional work for all forms of commercial litigation and arbitration. Hill Dickinson’s clients include multinational companies, major corporations, UK and foreign banks and financial institutions, public sector organizations, private individuals and professional bodies. Hill Dickinson is protecting 850 employees with Tessian Guardian and Tessian Enforcer. 
Improving client service with new technology As Director of IT and Operations at Hill Dickinson, Keith Feeny recognizes that the focus on security across the legal sector has increased dramatically over the past five years. Heightened client requirements and a tougher regulatory climate have made it necessary for law firms to take a more proactive approach to security. In particular, Hill Dickinson’s health practice works with some of the largest healthcare providers in the United Kingdom. Ensuring the security of sensitive data like patient records is a top priority. As Keith says, “Having big directories of sometimes quite similar names can increase the chance of an email being accidentally sent to the wrong person.” The need to mitigate these risks led Hill Dickinson to look for security products that wouldn’t restrict normal business, but which could effectively deal with the dangers of human error on email. With that goal in mind, Keith began to consider Tessian as a more intelligent solution.
Facilitating business as usual Hill Dickinson’s main priority when looking for an email security solution was finding a tool that would pose minimal interruption to business as usual. Keith was able to deploy Tessian firm-wide with minimal involvement from his IT team. Keith was particularly impressed with Tessian’s lack of false positives. Unlike other solutions which place a warning on every external outbound email, with Tessian “you’re getting 10 warnings out of 1,000 emails. The advantage of that is when people actually receive the warning, it gets their attention.” After deploying Tessian, Hill Dickinson now has indepth visibility on email security. As a result, Keith can easily surface intelligence on how many potential breaches have been avoided to the Executive and main LLP Boards, which enables strategic decisions to be taken with security in mind. Building a security culture for a mobile workforce Tessian has become a core part of Hill Dickinson’s security infrastructure. With more employees working from home and using personal devices, Hill Dickinson takes the risks of data loss and exfiltration seriously. Integrating with Tessian’s Gateway means that Hill Dickinson emails are covered on mobile devices as well as desktop computers, giving Keith additional peace of mind. Armed with Tessian’s Guardian and Enforcer filters, Keith is confident that Hill Dickinson is in a strong position to mitigate the risk of regulatory, financial and reputational damage caused by human failure on email. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.  
Hill Dickinson Case Study hbspt.cta.load(1670277, 'f7c13b7c-6ceb-4b9b-b173-d2d308ed646e', {"region":"na1"});
Read Blog Post
7 Ways to Survive this Black Friday
Friday, November 15th, 2019
Shoppers are expected to smash previous Black Friday spending records this weekend, with experts forecasting global sales of around $36.9 billion on Friday alone. With over 165 million people heading to stores or shopping online during the frenzy that follows Thanksgiving, retailers will be busier and more distracted than ever. And this makes them a prime target for cybercriminals. Here are our top tips for your business to survive the Black Friday weekend: 1. Think before you click on email Phishing is the biggest risk for one in five IT decision makers at UK and US retailers during the holiday shopping season. No wonder – over 60% receive more phishing attacks during this time than any other point in the year. Peak shopping days like Black Friday, Small Business Saturday and Cyber Monday are a golden opportunity for hackers to hide in chaotic inboxes and take advantage of individuals who are not security savvy. Is your business defending against this risk? 2. Keep calm and carry on When dealing with throngs of shoppers, processing thousands of orders and meeting overwhelming sales targets, retail staff will be under pressure to deliver. With more emails being sent and received and with staff working at a fast pace for long hours, mistakes will inevitably happen. In fact, 67% of IT decision makers at UK and US retailers believe staff are more likely to click on a phishing email during the holiday shopping season. Put measures in place to protect your people, especially when security is the last thing on their mind. 3. Train temporary staff on the threat Temporary seasonal workers play a critical role in helping retailers out during this busy time but they rarely benefit from the cybersecurity training that full-time employees receive. This makes them more vulnerable to threats like phishing. If just one employee falls for a scam, the retailer could face a security breach exposing the personal and financial data of thousands of consumers. Make sure all staff are trained on the phishing threat and know what action to take should they receive one. 4. Keep customer service teams alert Over a quarter of retail IT practitioners are concerned that customer service workers will fall for phishing attacks during this peak shopping season. Hackers will target these teams with phishing emails that contain malicious attachments or links, knowing that staff will need to deal with every customer enquiry they receive. Stay on high alert: encourage customer service teams to flag any messages that look suspicious. 5. Protect your customers from seasonal scams Consumers will be inundated with emails touting Black Friday deals this weekend. It’s a golden opportunity for cybercriminals looking to steal personal data and credit card information to pose as legitimate retail brands and lure consumers to fake sites. We increasingly see hackers impersonating brands in sophisticated spoofed emails; it’s surprisingly easy to do if the company doesn’t have email authentication records like DMARC in place. Worryingly, a third of retailers we surveyed do not have these checks in place. The problem is that consumers are more likely to click on malicious links or download harmful attachments when an email looks like it comes from a legitimate brand and email address. Protect your customers by protecting your brand. 6. Be wary of spoofed suppliers Not only can hackers target your third-party suppliers to gain access to company information, but they can also impersonate suppliers’ domains and send seemingly legitimate emails to your staff, asking them to wire money or share credentials. Nearly one in three retailers say employees have received spear phishing emails impersonating an external supplier. Always examine what the sender is asking you to do—are you being asked to carry out an urgent request? If this isn’t normal, it may be a fake request. 7. Don’t rely on tick-box training Don’t make cybersecurity training a one-off exercise. Continually teach and reinforce safe email behavior so that your staff are able to make the right cybersecurity decisions both at work and in their personal life. Our handy cheat sheet will help. Encourage your employees to print it and keep it on their desk so that they can identify the cues of a malicious message. To find out more about how to avoid seasonal scams, read our report.
Read Blog Post
Customer Stories
Defining Customer-First Culture with Email Security
Sunday, November 10th, 2019
Webb Henderson are trusted legal and regulatory advisors, delivering intelligent advice and business solutions throughout the Asia-Pacific region and beyond. The firm provides specialist legal advice in the areas of telecoms and media, competition law and regulation, corporate and finance, and disputes. Webb Henderson operates through its offices in Sydney and Auckland, serving clients domestically and globally from these locations. Webb Henderson is protecting 100 employees with Tessian Guardian, and Tessian Enforcer.
Securing data and protecting customers As the partner responsible for Webb Henderson’s technology and security strategy, Ara Margossian believes that staying ahead of constantly changing threats is a principal security challenge for the firm: “Supply chain security has become a fundamental requirement for our clients, particularly those operating in sensitive industries and highly regulated sectors. Our clients are having very specific discussions with us about our security posture and data protection strategies. It’s never been more important that the work that we undertake for our clients is kept confidential and secure.” With clients increasingly seeing security as a top priority, it was important for Webb Henderson to ensure that their own security strategy was taking advantage of market-leading solutions. One of the biggest security risks that law firms like Webb Henderson face is the possibility of sensitive client information being exfiltrated to unauthorized recipients. Law firms primarily deal with unstructured data, making it difficult to solve the problem with rules-based Data Loss Prevention (DLP) solutions. The firm needed a product that would ensure Webb Henderson’s clients’ confidential data remained secure, which is what led the firm to Tessian.
Seamless integration into a layered system One of the firm’s top considerations when deciding to move forward was the intuitive nature of Tessian’s notifications and a positive user experience for employees. For Webb Henderson, it was important that any new technology was integrated smoothly so that the firm’s lawyers could focus on their work, rather than being distracted by new workflows and unfamiliar systems. With a low false-positive rate and minimal maintenance requirements, Tessian was a good fit with Webb Henderson’s firm’s objective of balancing the need for user education and visibility with the need for security to be robust and as unobtrusive as possible. An evolving partnership Tessian now forms part of Webb Henderson’s multi-layered approach to security and provides greater insight and control in relation to the risks faced by the firm from email communications. Using machine learning to anticipate and react to risky behaviors in real time has made a real difference for Webb Henderson. Tessian’s Guardian and Enforcer filters now play a critical role in the firm’s security stack, while Tessian Constructor is being used to add a further layer of protection. With clients increasingly challenging the legal sector on data protection and cybersecurity, Tessian and Webb Henderson plan to continue to work together to mitigate risks that arise from human error to ensure the security and safety of Webb Henderson’s data and its reputation. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.  
Webb Henderson Case Study hbspt.cta.load(1670277, '1647bef9-e950-47a1-ba25-8a953aa163fd', {"region":"na1"});
Read Blog Post
Interviews With CISOs
Tessian Spotlight: Bridget Kenyon, Global Chief Information Security Officer at Thales eSecurity
Tuesday, November 5th, 2019
Bridget Kenyon is the Global CISO for Thales eSecurity where she manages operational information security across the organization. Previously, Bridget has served as the Head of Information Security at University College London where she built and matured the information security governance function for the university. Bridget is a member and editor for the International Organization for Standardization where she has edited and developed the management standards in the 27001 series. Additionally, Bridget has published a book on ISO 27001, which serves as an ideal guide for organizations preparing for the certification. What are the greatest challenges you’ve faced while being in the role? Have these changed over time? One of the greatest challenges that I have faced at Thales eSecurity has been the ongoing divestment, acquisition and merger activity that is currently taking place across the organization. With this occurring, it is important that we are appropriately transitioning all of the systems as well as spinning up new IT environments as required. With the merger, we have two separate environments that need to merge, and we need to ensure that they become aligned. For example, our organizations had two separate classification schemes for data. We had to work out how the schemes would fit together, considering things such as how policies and processes were being used in practice. One of the most exciting things with this merger, though, is that it has unblocked some of the security initiatives that I was trying to get started. Finally, with the merger it is a good chance to re-assess who has access to what, such as elevated privilege on certain systems. Are there any core security principles you are guided by in your approach? First – clear and simple communication. With the changes that are currently taking place across the organization, it’s important that clear communication is maintained at each level. One of the great things about this organizational change is that it has given us the opportunity to re-define aspects of our reporting and ultimately fine tune and simplify it so that it can become more effective. A second principle is to make sure that ideas are actionable. There is a tendency in information security to provide a lot of technical details dressed up as KPIs. Ultimately this heap of data becomes more of a talking point rather than an actionable item. Third, as security professionals we should be coming up with strategies and solutions to support the business. In the end the business is our customer, and everything that we do has to help it become better, not get in the way. How important is the human factor when it comes to your role and what impact does human error have on your cybersecurity planning? I think of human error not as a fault in our make-up, but as an intrinsic part of human behavior; we have evolved to find and use the most efficient and energy-efficient solutions, so it’s totally normal to want to write a password down if it’s hard to remember, for example. Making security work for us is about understanding how people operate, and the decisions they make in real life situations. It’s also vital to equip people with a better understanding of the risks. Giving staff a to-do list without any context, for example, is not a reliable approach- while half of your audience may indeed just want to know what to do in what order, the other half will ask “why” something is being required, and balk at adopting a seemingly arbitrary set of rules. The other side of this is the idea of changing business processes and technology to better support employees. I believe that the purpose of IT is to support people performing business operations. If the IT processes are fit for the business purpose, then employees are not expected to stretch and bend their essential behaviors to fit the technology- and security issues are prevented. To avoid people writing passwords down as in my previous example, you could provide a password manager, or use fingerprints instead of a password for logging in. Within your role, have you led any projects to make IT fit people’s needs? At UCL, we had a password management system where students and employees had to change their password every 150 days. The worst problem with this system manifested when students had been away from UCL during the summer months; when they came back to UCL in the autumn term they had either forgotten their password or it had expired. This resulted in massive queues of students at the Service Desk during the first few weeks of term, as passwords had to be reset in person. We realized that we needed a way to improve this system and, due to our set-up, it had to be an in-house solution. After much thought, I invented a password reset system where, when the end user typed in their new password, there would be a colored bar underneath, indicating the strength of the password (nothing new here, but bear with me). Next to the bar was a number, and that number increased when you created a stronger password. The truly novel part was that the number represented the number of days that you got to keep that password! We had this system implemented, coupled with a system that would help you reset your password with SMS, and it helped solve the problem. Trends show a gap in women leadership within the security landscape, what do you think it will take to get more women involved in the industry? I believe that there are two elements. First, there are a lot of role models out there – but they’re unreachable. Somebody who is considering coming into cybersecurity may look at these role models and feel like they represent an unattainable ideal. A woman may work as a CISO; however, how many other women fell by the wayside? I would like to see more stories of women in reachable security positions. The second point is to encourage recruiters to suppress their bias when hiring and be less surprised when they are faced with a woman applying for a technical or leadership role in information security. Looking forward – what kind of security culture are you working towards at Thales eSecurity? I strive for a culture where the different parts of the organization are aware of how they can have an impact and contribute to security. I want people to feel a sense of agency and have the ability to propose change within the organization. We need a collaborative approach to security. The board, for example, could prescribe an outcome, and then it is up to the employees throughout the organization to work towards fulfilling it. I believe that it’s important for people to play a part in designing the policies that they themselves must comply with.
Read Blog Post
Email DLP, Integrated Cloud Email Security
The Dark Side of Sending Work Emails “Home”
By Cai Thomas
Friday, October 11th, 2019
This article was originally published on TechRadar Pro. In the last four years, the number of remote working jobs has more than doubled, as employers acknowledge the need to change traditional working practices. In fact, it’s expected that 50% of the UK workforce will work remotely by 2020, further blurring the lines between home and the office. This shift has huge benefits; improving people’s work-life balance, increasing employee productivity and boosting employee retention rates. However, it does also pose a problem for one very important aspect of business: data security. Data security is at a greater risk as staff are more likely to send important and, even, confidential company information to personal email accounts, with the usual intention of working on documents at home. Worryingly, many are completely unaware how risky these actions are. According to tech firm Probrand, nearly two-thirds of UK employees have forwarded customer emails to their personal email accounts and 84% of them did not feel they were doing anything wrong. So what are the risks with sending work home? And who are the workers you need to be wary of? 1. The 24/7 worker While a number of the emails sent ‘home’ contain non-sensitive information, like travel arrangements, cinema tickets or food recipes, we’ve seen that around 10-15% of emails sent to personal accounts contain company sensitive information. We’ve all been there; it’s late on a Friday, that Monday deadline is looming, and the employee thinks to themselves, “I’ll just have to finish this document at home over the weekend”. So they send the document to their, or their partner’s, personal freemail account. However, this can have devastating consequences for the company’s reputation and it could destroy customers’ trust in the business. The problem is that by sending emails ‘home’, the information the messages contain now sits in an environment that is not secured by the company, leaving the data vulnerable to cybercriminals. It’s also important to note that this simple act of sending work home means your company is now at risk of breaching data protection regulations, like GDPR, due to the fact that you, as the Data Controller, no longer have oversight as to where the data is held. Boeing, for example, faced scrutiny after an employee shared a spreadsheet containing the personal information of 36,000 co-workers with his spouse, simply because she was better at Excel formatting than him. The incident sparked an internal security investigation and was brought to the attention of the Washington state Attorney General and other officials in California because employee data had left the control of the company. 2. The leaver We often see a spike in data exfiltration during an employee’s notice period. Workers know they’re not supposed to, but the temptation to take information that will give them an advantage in their new role is hard to ignore. As such, we see people sending company IP and client data to personal accounts prior to moving to another employer. This happens most frequently in industries such as financial services, legal, healthcare and recruitment, where a person’s client base and network is king. The task of manually monitoring suspicious ‘leaver’ behaviour over email has become incredibly challenging for IT staff, due to the increased employee churn rate year on year. A study by LinkedIn found that young workers now switch jobs four times in their first 10 years after graduation. However, by not putting a stop to this act, companies could face losing their competitive advantage as well as their clients’ business due to leaked secrets, strategy and IP. 3. The malicious insider This is where employees steal data from their company for personal or financial gain. Despite being less common, the threat of the ‘malicious insider’ is something businesses have come up against more frequently in the past few years. Employees will typically steal confidential company secrets and/or client data with the intention of selling it on the dark web or handing it over to a competitor to damage their current company. Just last year, Bupa fell victim to this crime after the personal data of 500,000 customers was sold on the dark web while audit firm SRBC and Co.’s reputation was tarnished after its client’s earnings estimation was maliciously leaked over email. An intelligent solution for a flexible workforce There can be no denying that monitoring all employee email behavior is an arduous task for IT and compliance teams to undertake. With the average employee sending and receiving 124 emails a day, and with daily email traffic increasing 5% year on year, deciphering data exfiltration within email logs is like finding a needle in a haystack. To help tackle the problem of data being leaked to unauthorized accounts, some organizations opt to simply blacklist all freemail domains. However, this can impede productivity and is usually ineffective given that many clients, small businesses and contractors use freemail accounts, as do prospective applicants looking for jobs at the company. Businesses need a more intelligent approach to data exfiltration – one that can look at the emails each employee has sent and received in the past, in order to identify non-business contacts with whom each employee interacts with. Machine learning, for example, can evolve to understand the differences between authorized and unauthorized freemail accounts, and it can analyze email content to determine whether it is sensitive or non-sensitive. By doing so, machine learning can make an accurate prediction as to whether an employee is exfiltrating data and acting against company policies. There will always be reasons for people to bend the rules and leak data outside of their organization – maliciously or for convenience. The consequences for doing so, though, could be devastating for any company; huge fines, loss of competitive advantage and a damaged reputation. So as more businesses adopt remote working practices, it’s important that technologies are place to ensure company sensitive data is secure and not at risk of ‘being sent home’.
Read Blog Post
Spear Phishing Demystified: the Terms You Need to Know
Thursday, October 10th, 2019
Jargon is a hallmark of all industries. Cybersecurity is no different, but using the right security terminology has a real impact. When an organization’s data and systems are threatened by spear phishing attacks, being aware of evolving trends and the definitions of key terms could be the difference that helps prevent the next threat. Spear phishing is the number one threat facing businesses today, but research still suggests that “lack of knowledge and awareness about cyber-attacks could hinder the growth of the spear phishing protection market.” In this article we define and explain key spear phishing concepts and terms. (To learn more about how to prevent spear phishing attacks with machine-intelligent technology, read about Tessian Defender.) Spear phishing definition, and other attack types Although media outlets and security companies rightly pay a lot of attention to spear phishing, advanced impersonation spear phishing attacks come in many forms. Once you’ve read our breakdown of different key terms and what they mean, you’ll come away with a clearer understanding of the range of sophisticated inbound email threats. Spear phishing Spear phishing describes an advanced impersonation phishing attack directed at specific individuals or companies. (Head to the “Other useful terms” section below to see a definition of regular “bulk” phishing.) Similar to “bulk” phishing, spear phishing attacks are designed to trick people into taking an action like transferring funds or clicking on a malicious link. In contrast to bulk phishing, spear phishing attackers often gather and use personal information about their target to increase their probability of success. Because spear phishing emails are low-volume as well as more sophisticated in their construction and convincing in execution, they are far harder for traditional email security products to catch. CEO fraud / executive fraud CEO fraud is a type of spear phishing attack where attackers impersonate a CEO or another high-level executive. Here, attackers aim to trick the executive’s colleagues into carrying out actions that place data, money and/or credentials at risk. Attackers often use social engineering techniques (see “Other useful terms” below) to convey urgency and prevent targeted employees from thinking twice about following the instructions of the “CEO”. A notorious example of this kind of fraud saw an impersonation of Pathé France’s CEO lose Pathé €19.2m. Whaling Whaling is related to CEO fraud, with a key difference: instead of impersonating senior executives and targeting lower-ranking employees, attackers target the big fish themselves (hence the term). A whaling attack might involve attackers trying to get the executive in question to divulge key credential information or other sensitive organizational data. This information can then be used to access confidential systems, or to make subsequent spear phishing attacks within the organization more authentic and effective. Because they are many times more likely to be targeted than rank-and-file employees, because they tend to be very busy, and because of their access and influence, senior executives can be especially profitable targets for attackers. Forms of impersonation used in spear phishing attacks Although all spear phishing attacks revolve around impersonation of some kind, impersonation itself can take many forms. Attackers impersonate people on email in order to: • Steal money, data and credentials • Compromise systems • Take over accounts Essentially, all spear phishing attacks use impersonation as a strategy. Mechanisms differ from the easy (display name impersonation) to the complex (direct spoofing). Here’s how we break impersonations down: Business Email Compromise According to the FBI, Business Email Compromise (BEC) attacks cost organizations $1.2bn in 2018 alone. BEC is closely related to spear phishing – and commonly confused with it – but is potentially still more damaging and severe. Attackers impersonate employees or external counterparties and send spear phishing emails to people within the organization being targeted, using social engineering techniques to convince targets to wire funds outside the organization or to click on dangerous links that risk compromising systems and/or data. Readers should bear in mind that there are several different interpretations of BEC. For example, it’s often confused with Account Takeover (ATO): ATO describes the unauthorized takeover of someone’s actual account, using harvested credentials or “brute force” hacking. Domain impersonation These attacks involve attackers spoofing or impersonating an organization’s domain in order to appear legitimate. There are three main kinds of domain impersonation: root, top-level and subdomain. Below is an example of each of these impersonations, using the domain as a starting point: • Root: OR • Top-level: • Subdomain: Display name impersonation Display name impersonations involve attackers setting deceptive display names on their email accounts in order to mislead recipients. This might mean impersonating a senior executive within a company, or the name of a key supplier or partner. The technical skill required is effectively zero: most mainstream email clients offer users ways to change display names in their account settings. Display name impersonations are particularly effective when received on mobile devices, as the sender’s actual email address is usually hidden.
Attackers can also change a sender’s display name to include a genuine-seeming email address, such as “Thomas Edison <>
Freemail impersonation Freemail impersonation describes spear phishing attacks where criminals use the fake personal email address of a senior-level executive. An attacker impersonating the CEO of a company – let’s use Thomas Edison again – could send an email from to an employee working in the finance department, for example, requesting an urgent transaction. Here’s the example from before:
Automatic “Out of office” replies are a useful tool for attackers planning freemail spear phishing campaigns. By probing lists of contacts, attackers can learn when a particular executive is out of the office. Details volunteered in OOO autoreplies may tell them how long the executive is out of the office for, and even where they’ve gone. With this knowledge, attackers are free to impersonate the executive’s personal email account (or simply register an authentic-looking freemail address) and target the executive’s colleagues with a convincing impersonation.
Other useful terms Credential harvesting Credential harvesting is often an end goal of spear phishing attacks. Attackers will use coercive emails to direct recipients to fake login pages or other websites, where credentials can be harvested. Attackers can monetize credentials by selling them, or by using stolen account information to make purchases. In an enterprise environment, compromised credentials can also place entire systems at risk, doing significant financial and reputational harm to the business. Having harvested credentials, attackers can even take over email accounts and begin targeting victims’ contacts. Payload Many spear phishing emails contain a payload: on email, this might be a malicious link or attachment that, when opened, triggers malware on affected devices or systems. Increasingly, spear phishing attacks don’t have a payload at all, relying on persuasive language to coerce an employee into making a mistake. In turn, this makes these attacks especially hard for traditional security tools to defend against. Phishing Generally, phishing attacks are sent in bulk to a large audience, meaning the attackers’ language is relatively untargeted and unpersonalized. While phishing attacks can be successful, most attacks can be identified by traditional email security tools. This is why attackers have evolved to rely on spear phishing to extract money, data and credentials from organizations. Ransomware Ransomware attacks are growing in popularity and also need little or no technical skill to carry out. In a ransomware attack, an attacker holds an organization “hostage” by deploying malicious software across critical infrastructure. The attacker will threaten to steal money or data, or to cripple the organization’s systems unless a ransom is paid. Perhaps the most famous example of such an attack is the NotPetya worm which crashed systems around the world in 2017. Many ransomware attacks start with a spear phishing email containing a dangerous payload. Social engineering Social engineering describes the techniques attackers use to persuade people to take a dangerous action. Attackers may rely on the seniority of the person they are impersonating, or the illusion of urgency being created, to prompt a lower-ranking employee to take a desired action. Often, attackers will build trust with a target by communicating ‘normally’ for periods of time, using entirely innocuous language: this heightens the effect of coercive language when an attack is finally launched. Spoofing A spoof describes an impersonation where an attacker forges an email by modifying the email address from which the email appears to have been sent. (Many people don’t know that it’s possible for anyone with their own mail server to specify any From: address when sending an email, a loophole often leveraged by more sophisticated attackers.) As an industry, cybersecurity is responding to a rapidly evolving threat landscape and growing more complex every day. It’s vital to understand the range of different concepts and terms that surround the exploding spear phishing crisis. A reminder: if you have further questions about spear phishing, speak to a Tessian expert.
Read Blog Post
Interviews With CISOs
Tessian Spotlight: Helen Rabe, Global Chief Security Officer of Abcam
Wednesday, October 9th, 2019
Can you give an overview of your career history prior to joining Abcam? I’ve had a fairly linear career journey in IT in general where security has always been a feature given that I’ve worked across the full systems lifecycle from project management to service delivery. A lot of my earlier career focus was on reactive remediation projects for organizations that had been compromised. More recently, I made a conscious decision to specialize and moved into a dedicated security role at Costa. It proved a successful decision and it’s led me onto CBRE and more recently Abcam where I am the Global Chief Security Officer (CSO). Can you give an outline of your responsibilities as Global Chief Security Officer of Abcam? It’s a wonderfully diverse role with many fascinating security considerations and unique challenges. Physical building management systems and specialized laboratory equipment are within my remit and they are an important part of our holistic security strategy. Abcam is a life-science company with a strong e-commerce element which facilitates external feedback on products using reviews and ratings submitted by customers. Abcam has a corporate culture driven by altruistic and humanitarian values which creates a unique security and risk profile that’s different from industries like banking and telecoms that I’ve been in previously. What are some of the challenges you’ve faced since being in the role? Abcam is undergoing a major digital transformation as part of its growth strategy. Trying to establish a security program in an organization already impacted by a large change initiative is not easy. I need to ensure the security program does not contribute to ‘change fatigue’ and lose its effectiveness. I’m attempting to deliver security across an organization in a way that emphasizes helping people to understand that security adds value rather than being a process blocker, it requires a major communication initiative. I’ve had success with this by positioning security more as a lifestyle choice, this involves helping employees understand how security behaviors can benefit their personal lives as much as it can in the business world. It’s about embedding a security message in a relatable context, that’s how I believe you create positive security behaviors. How important is the human factor when it comes to your security considerations? To me personally, it’s a key factor in the success of my strategy. The human element in cybersecurity is complicated and it shouldn’t be treated as mutually exclusive from the technology enabling solutions we implement. One of the things that technology cannot fix outright is the insider threat, whether malicious or unintentionally negligent. Training employees in order to mitigate the insider threat can’t be a one off and training only goes so far in mitigating this risk. There needs to be a balanced approach in providing human intervention through validation processes alongside automated technology solutions, one should not be relied on over the other. I also support the notion that any security initiative or new policy requires a proportional internal ‘PR’ campaign around it to be effective. For example, if we’re taking something away from users like USBs and pulling away norms you’re going to get the inevitable backlash so we have to communicate what value the users are getting out of the situation to sell it internally prior to it being implemented and impacting them. I don’t think we can easily solve the human problem, human behavior is too variable for us to nail down entirely, and we shouldn’t rely on AI technology as the panacea, but what we can do is prepare for the known threats coming at us. Security needs to be more front line and supporting users for things like phishing and whaling BEC that we know are growing more sophisticated and involve critical human decision making. When cybersecurity technology is at its best, what can it bring to an organization? Value creation…if the technology offers users an intuitive, seamless experience and ensures security, it adds immediate value. This doesn’t necessarily have to be a tangible thing, if your users embrace the solution, by extension security benefits from the success and longer-term support for its initiatives. End users ultimately want to have to have a symbiotic relationship with technology. The best solutions have to be a meshing of technology and the soft line of people, understanding how each of these couple into each other and add value is crucial. What are the common misconceptions about the role of cybersecurity? There is a belief that security owns everything, that it provides oversight for all risks but this is a huge misconception. Most of the time we’re responsible but not accountable, security awareness programs should also include a basic overview of who security is and what it is accountable for. An example would be an introduction to the classic 3 lines of defence model to help business users understand the engagement model between business risk and security. This is why it’s important to have an understanding of the softer elements of security in order to make sure it works for end users, that’s the sign of a successful security program. To achieve this, my advice is to step outside the line of what’s considered the CSO role and to be creative.  
Read Blog Post