Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

State of Email Security 2022: Every Company’s Riskiest Channel |  Read the Full Report →

Tessian Blog

  • All
  • Customer Stories
  • Compliance
  • Email DLP
  • Integrated Cloud Email Security
  • Data Science
  • NULL
    array(14) { [0]=> object(WP_Term)#9265 (11) { ["term_id"]=> int(5) ["name"]=> string(16) "Customer Stories" ["slug"]=> string(16) "customer-stories" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(5) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Read our latest Customer Stories, interviews and news. Learn how Tessian protects organisations in Financial Services, Legal, Technology and other markets." ["parent"]=> int(2) ["count"]=> int(46) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [1]=> object(WP_Term)#10862 (11) { ["term_id"]=> int(120) ["name"]=> string(10) "Compliance" ["slug"]=> string(10) "compliance" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(120) ["taxonomy"]=> string(8) "category" ["description"]=> string(143) "Read our latest articles, tips and news on Compliance including GDPR, CCPA and other industry-specific regulations and compliance requirements." ["parent"]=> int(0) ["count"]=> int(39) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [2]=> object(WP_Term)#10860 (11) { ["term_id"]=> int(116) ["name"]=> string(9) "Email DLP" ["slug"]=> string(20) "data-loss-prevention" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(116) ["taxonomy"]=> string(8) "category" ["description"]=> string(144) "Read our latest articles, tips and industry-specific news around Data Loss Prevention (DLP). Learn about the implications of data loss on email." ["parent"]=> int(0) ["count"]=> int(95) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [3]=> object(WP_Term)#10861 (11) { ["term_id"]=> int(2) ["name"]=> string(31) "Integrated Cloud Email Security" ["slug"]=> string(20) "human-layer-security" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(2) ["taxonomy"]=> string(8) "category" ["description"]=> string(301) "Integrated Cloud Email Security solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.  Learn more about what they are, the benefits of using them, and how you can best evaluate those on offer." ["parent"]=> int(0) ["count"]=> int(130) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "4" } [4]=> object(WP_Term)#10859 (11) { ["term_id"]=> int(486) ["name"]=> string(12) "Data Science" ["slug"]=> string(12) "data-science" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(486) ["taxonomy"]=> string(8) "category" ["description"]=> string(0) "" ["parent"]=> int(0) ["count"]=> int(1) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [5]=> object(WP_Term)#10858 (11) { ["term_id"]=> int(341) ["name"]=> string(17) "Data Exfiltration" ["slug"]=> string(17) "data-exfiltration" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(341) ["taxonomy"]=> string(8) "category" ["description"]=> string(154) "Access Tessian's library of free data exfiltration posts, guides and trend insights. Acidental data loss, insider threats, and misdirected emails content." ["parent"]=> int(116) ["count"]=> int(34) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [6]=> object(WP_Term)#10857 (11) { ["term_id"]=> int(433) ["name"]=> string(14) "Remote Working" ["slug"]=> string(14) "remote-working" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(433) ["taxonomy"]=> string(8) "category" ["description"]=> string(163) "Access free tips from security leaders and new research related to remote working and hybrid-remote structures. Level-up your cybersecurity for a remote workforce." ["parent"]=> int(116) ["count"]=> int(15) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [7]=> object(WP_Term)#10856 (11) { ["term_id"]=> int(384) ["name"]=> string(7) "Podcast" ["slug"]=> string(7) "podcast" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(384) ["taxonomy"]=> string(8) "category" ["description"]=> string(345) "Cybersecurity podcast series on the human factor, discussing why we need to focus on people - not just machines and data - to stop breaches and empower employees. Tim Sadler, CEO of Tessian meets with business, IT and security leaders to flip the strict on cybersecurity and share best practices, cybersecurity challenges, threat intel and more." ["parent"]=> int(2) ["count"]=> int(9) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [8]=> object(WP_Term)#10855 (11) { ["term_id"]=> int(411) ["name"]=> string(12) "Threat Intel" ["slug"]=> string(19) "threat-intelligence" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(411) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Tessian Threat Intelligence and Research team uncovers trends and insights in email security related to phishing, social engineering, and more. Learn more!" ["parent"]=> int(2) ["count"]=> int(21) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [9]=> object(WP_Term)#10854 (11) { ["term_id"]=> int(3) ["name"]=> string(7) "ATO/BEC" ["slug"]=> string(14) "spear-phishing" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(3) ["taxonomy"]=> string(8) "category" ["description"]=> string(166) "Get up to speed on the latest tips, guides, industry news and technology developments around phishing, spear phishing, Business Email Compromise, and Account Takeover" ["parent"]=> int(0) ["count"]=> int(143) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "5" } [10]=> object(WP_Term)#10853 (11) { ["term_id"]=> int(352) ["name"]=> string(15) "Life at Tessian" ["slug"]=> string(12) "team-culture" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(352) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about Tessian company news, events, and culture directly from different teams. Hear from engineering, product, customer success, and more." ["parent"]=> int(0) ["count"]=> int(42) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "6" } [11]=> object(WP_Term)#10863 (11) { ["term_id"]=> int(435) ["name"]=> string(21) "Interviews With CISOs" ["slug"]=> string(21) "ciso-spotlight-series" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(435) ["taxonomy"]=> string(8) "category" ["description"]=> string(164) "Learn how to navigate the threat landscape, how to get buy-in, and how to break into the industry from these cybersecurity leaders from Shell, Penn State, and more." ["parent"]=> int(0) ["count"]=> int(32) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "7" } [12]=> object(WP_Term)#9975 (11) { ["term_id"]=> int(436) ["name"]=> string(16) "Engineering Team" ["slug"]=> string(16) "engineering-team" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(436) ["taxonomy"]=> string(8) "category" ["description"]=> string(134) "Tessian's engineering team shares tips for solving complex problems. Get advice related to QAs, 502 errors, team management, and more." ["parent"]=> int(352) ["count"]=> int(17) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [13]=> object(WP_Term)#10851 (11) { ["term_id"]=> int(434) ["name"]=> string(16) "Cyber Skills Gap" ["slug"]=> string(16) "cyber-skills-gap" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(434) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about the cybersecurity skills gap and cybersecurity gender gap. Research and interviews with industry leaders and champions of diversity." ["parent"]=> int(435) ["count"]=> int(19) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } }
Customer Stories
Moving Beyond Rule-Based Systems to Protect Employees
Thursday, April 11th, 2019
Top 100 UK Law Firm, Foot Anstey, enjoys a reputation as an energetic, proactive firm, combining technical efficiency with a problem solving approach. This is supported by the firm’s top band rankings in independent legal directories, Chambers UK and Legal 500. Putting clients at the heart of the business and developing and investing in talent have been key to growth. The firm now operates out of seven locations and has over 500 employees. Foot Anstey is protecting employees with Tessian Guardian. 
The firm’s innovative IT and Risk teams identified that the risk of sensitive information being accidentally sent to the wrong person needed addressing. After dismissing the rule-based solutions on the market due to high user interruption, Foot Anstey opted for Tessian’s unique approach of intelligently preventing misdirected emails through machine learning. After an initial period, Tessian presented a detailed report containing email statistics and misaddressed emails caught by Guardian. As well as protecting several emails from being sent to the wrong recipient, Tessian has also provided Foot Anstey with a valuable insight into their email traffic and common sending behaviors. Tessian is now used by Foot Anstey to prevent multiple potential data leaks every day. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Foot Anstey Case Study hbspt.cta.load(1670277, 'ba3237d2-ac23-40a8-81fe-fa3e554ec9a1', {"region":"na1"});
Read Blog Post
Customer Stories
Better Email Security with Intelligent Technology
Thursday, April 11th, 2019
JTC is a publicly listed, award-winning provider of fund, corporate and private wealth services to institutional and private clients. Founded in 1987, JTC have c.600 people working across their global office network and are trusted to administer assets of c.US$85 billion. Putting clients at the heart of the business and developing and investing in talent have been key to JTC’s growth. JTC is protecting employees with Tessian Guardian, Tessian Enforcer and Tessian Constructor.
A shared journey There is a natural fit between JTC and Tessian. Tessian’s machine intelligent approach is revolutionising the way companies prevent against data loss is well suited to JTC’s forward thinking attitude, and entrepreneurial mindset. This natural fit was demonstrated early on in the relationship between JTC and Tessian. In the space of one month JTC listed on the London Stock Exchange, chose Tessian as their machine intelligent based email solution, and Tessian secured their $13 million Series A funding round led by Balderton and Accel. “Enterprises must contend with a vast array of scenarios where email can be used or abused to cause severely damaging yet avoidable incidents for the business,” says Tim Sadler, CEO and co-founder at Tessian. “This is especially true for JTC and other firms that are dealing with highly sensitive financial information. Machine intelligence can give organisations a way to learn normal sending patterns and automatically step in to check or prevent something that appears out of character or breaks policy. This mitigates any interruption to innocuous email use, meaning employees and IT teams won’t have to deal with needless, time-consuming administration.” JTC’s attitude to data protection, coupled with increasing regulatory demands and its higher profile following its listing on the LSE Main Market, catalysed them to seek out a solution that matched their forward-thinking attitude and appreciation for a seamless user experience.
The problem JTC’s innovative IT team had been actively seeking a machine intelligent solution to assist in remaining competitive, innovative and at the forefront in the financial services sector. This led JTC to identify that the risk of sensitive information being inadvertently sent to the wrong recipient or to unauthorized accounts as a priority. After looking around the market, JTC dismissed the rule-based solutions, due to unacceptably high user interruption and resource hungry administration and management, and opted for Tessian’s unique approach of intelligently preventing misaddressed emails, and unauthorized emails through machine learning. JTC also recognised spear phishing as a key inbound risk vector. In assessing the risk, they identified that, whilst existing rule-based email security controls are adequate for preventing weak-form impersonation spear phishing attempts, the risks of highly targeted strong-form impersonation spear phishing attacks were increasing. To combat this risk, JTC opted for Tessian’s Defender module which uses machine intelligence and an understanding of historical email relationships to prevent strong-form impersonation spear phishing attacks. The solution Explaining the reason for his firm’s adoption of the technology, JTC’s Chief Information Officer, Adam Jeffries says “Tessian stands head and shoulders above other providers, it requires no admin and creates zero disruption for employees. The technology directly helps our business in solving critical problems and we were very impressed with this. “IPOs are one of the most sensitive times for organisations and a single misaddressed email could put the entire process in jeopardy. For us, it made complete sense to invest in a tool like Tessian to stop the very apparent risk of email data loss.” Deployment The Outlook Add-in was straightforward to implement and fully installed to all users within a week. The seamless integration was then completed by the Gateway solution to provide full coverage across the organisation and ensure all our mobile workers had the protection available to them. Success JTC continue to find Tessian’s reporting to be fantastic, allowing them to realise and demonstrate to the various boards immediate value. Tessian’s ease of use allowed JTC’s GDPR team to actively prevent breaches whilst ensuring minimum impact on users in the form of Outlook pop-ups. The team found Tessian intuitive and easy to use, fitting seamlessly into their existing workflow with no disruption to users. They appreciated the speed and accuracy of the machine learning. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.  
JTC Case Study hbspt.cta.load(1670277, '5be0eaf0-6cab-4873-808e-47bcba1e42db', {"region":"na1"});
Read Blog Post
Customer Stories
Protecting Against Data Loss Caused by Human Error
Thursday, April 11th, 2019
Premier Asset Management is a fast-growing UK retail asset management group with a focus on delivering good investment outcomes for investors through relevant products and active management. Its range of investment strategies include multi-asset, equity and absolute return funds. Premier Asset Management is protecting employees with Tessian Guardian and Tessian Enforcer.
Enterprises face increased pressure to control, monitor and restrict the movement of their data. Premier Asset Management, a fast-growing UK retail asset management group, maximizes their resources to ensure they have the tools in place to do so. Premier Asset Management cares about resource maximization. The UK firm aims to deliver good value to its clients through generating long-term investment outcomes, offering a range of strategies to produce either income, capital growth or a combination of both.  Premier Asset Management turns to Tessian to provide effective, tailored solutions – all with high returns at a minimal cost. Tessian’s machine intelligent security platform protects against email-related data loss, while making the most effective and efficient use of resources. Its core technology is the Tessian Relationship Graph. By applying machine intelligent algorithms to historic email data, Tessian extracts metadata to learn about users’ unique relationships with their contacts. This mapping of baseline conversation patterns is then used to automatically detect inconsistencies and deviations from normal activity, which could signal a security threat. When abnormal activity occurs, the appropriate filters ensure that emails can be traced, redacted, kept confidential, or have appropriate access restrictions imposed on them – all without administrative burden. Tessian Guardian and Enforcer filters perform real-time, automatic analysis of outbound emails, preventing information from being accidentally or deliberately sent outside the secure confines of an enterprise network. Email security breaches can occur where there is malicious intent, such as when a person who is leaving a company sends client or competitive data to their personal account. However, these breaches can also occur when employees with good intentions send documents to their personal accounts to finish up work over the weekend. Premier Asset Management depends on Enforcer to address these problems by preventing people from sending highly sensitive data to personal, or unauthorized, email accounts. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Premier Miton hbspt.cta.load(1670277, 'e3d6c287-f151-4e14-b8c4-8741652ae2df', {"region":"na1"});
Read Blog Post
Customer Stories
Reducing the Risk of Human Error on Email
Thursday, April 11th, 2019
Forming part of the NEX Group, Traiana operates the leading market infrastructure for post-trade processing and risk management across asset classes, and provides client service and risk management technology across the financial sector. Global banks, broker/dealers, buyside firms and trading platforms use their cross asset class services to automate risk management and pre-trade/post-trade processing of listed and over the counter transactions. Triana is protecting employees with Tessian Guardian and Tessian Constructor.
The problem Due to sensitivity of the information that Traiana deal with on a regular basis, they set out to find a tool that could prevent misdirected emails without warning the user every time they sent an external email. They found that Tessian’s machine learning approach provided them with the intelligent solution they needed. The solution Tessian was rolled out firm-wide at Traiana. After an initial period, Tessian presented a detailed report containing email statistics and misdirected emails caught by Guardian. As well as preventing several emails from being sent the wrong recipient, Tessian also provided Traiana with a valuable insight into their email traffic and common sending behaviors. Tessian is now used by Traiana to prevent multiple potential data leaks every day. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Traiana Case Study hbspt.cta.load(1670277, '4af529a0-d88d-478a-8ef2-f5ec8879b7f8', {"region":"na1"});
Read Blog Post
Customer Stories
Keeping Research and Development Secured from Human Error
Thursday, April 11th, 2019
Vernalis Plc is a commercial stage pharmaceutical company with three marketed products, four additional products under development and a broad pipeline of research and development programs. Vernalis is protecting 125 employees with Tessian Guardian and Tessian Constructor.
The problem Given the highly sensitive nature of the R&D performed, securing their email environment from human error is a key priority for the company. The company had heard of incidents in the past where project related information had been sent to the wrong person and wanted to proactively address this step. The management team is acutely aware of the potential risks from misaddressed emails, and had spent some time looking at various vendors before choosing to work with Tessian because of the way in which the machine learning approach solves the problem. The solution Tessian was rolled out to 125 users across three Vernalis sites, including the UK and US. Vernalis now use Guardian and Constructor to detect and prevent email threats in the form of misaddressed emails and to implement their own custom compliance policy rules. Tessian’s machine intelligent platform has better equipped Vernalis to protect their firm from human error-related incidents over email. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Vernalis Case Study hbspt.cta.load(1670277, '1d9bb10d-1e20-45cd-bd92-d15d5b8b9064', {"region":"na1"});
Read Blog Post
Customer Stories
Proactively Protecting Customer Data
Thursday, April 11th, 2019
Armstrong Watson have been supporting, advising and protecting clients across the North of England and Scotland for over 150 years, providing a full range of unbiased specialist services and financial advice to businesses. The firm provides invaluable advice to companies operating across a range of sectors, and as such requires that client data be handled with discretion. Armstrong Watson is protecting employees with Tessian Guardian and Tessian Constructor.
Having curated a loyal customer base of trusting clients, Armstrong Watson were keen to proactively protect customer data. After identifying misaddressed emails as a key risk vector, the firm set out to find an intelligent solution to secure their clients’ data and ensure compliance with GDPR. Armstrong Watson chose Tessian to help mitigate the risk of misaddressed emails as it is simple to install and offers seamless protection, while also allowing employees to communicate unimpeded. The platform’s logging and auditing features also allow the firm to prove diligence, and demonstrate that appropriate organisational and technical measures are being taken to prevent data loss as required by the GDPR. The rigour and efficiency of Tessian’s client support team provided the firm with additional value and peace of mind.
Armstrong Watson Case Study hbspt.cta.load(1670277, 'c3c8adb7-689f-460e-b6a1-45320ddec8c3', {"region":"na1"});
Read Blog Post
Interviews With CISOs
Tessian Spotlight: Full Archive
Wednesday, April 10th, 2019
  Earlier this year we started a new series of interviews called “Tessian Spotlight”—an exploration into the world of cutting-edge enterprise innovation and cybersecurity. In this series, we interview inspiring technology and security leaders across different sectors in order to learn about their backgrounds and accomplishments, the challenges they foresee in the future and their top insights that have helped them succeed in their respective fields. Mark Ramsey, CISO, Americas Division, ASSA ABLOY Mark Ramsey has over 30 years’ experience in software engineering and security. He is committed to education around cybersecurity, and teaches masters-level students at Fairfield University where he has been a Professor for the past 33 years. Read full interview here Company Profile Giampiero Astuti, Group CIO, Astaldi Giampiero Astuti has served as Group Chief Information Officer at global construction company Astaldi since 2003. Before joining Astaldi, he worked as CIO in different industries (Financial Services, IT, and Pharma / Biotech) both in Italy and abroad. Read full interview here Company Profile Jaya Baloo, CISO, KPN Telecom Jaya Baloo joined KPN Telecom 6 years ago, as the Chief Information Security Officer, to build up the Cybersecurity department, which currently has over 100 employees. Jaya was recognized as one of the top 100 CISO’s globally by The CISO Platform in 2017, won the Cyber Security Executive of the Year Award in 2015 and is also a well-known speaker at security conferences across the world. Read full interview here Company Profile Kevin Delange, CISO, International Game Technology Kevin has an extensive background in information security, systems architecture and communications. As Chief Information Security Officer at International Game Technology, he holds global responsibility for information security as well as governance, compliance and threat intelligence. Read full interview here Company Profile Richard Wakefield, CTO, Salford Royal NHS Foundation Trust Richard is the Chief Technical Officer at Salford Royal NHS Foundation Trust, which he joined in 1998. His responsibilities range from infrastructure provision and digital equipment to cybersecurity. Read full interview here Company Profile Craig Walker, Global CIO, Shell International Petroleum Company Craig Walker has nearly 30 years of experience with Shell spanning locations such as the US, Colombia, South Africa, Saudi Arabia, UAE and the UK. Originally joining Shell as a programmer in 1981, and after a 6-year stint at KPMG in the early 2000s, Craig is now the global CIO for the Shell Downstream business. This includes trading, manufacturing and refinery as well as the B2B businesses such as marine, aviation and retail. Read full interview here Company Profile Thomas Tschersich, Senior Vice President, Internal Security and Cyber Defense, Telekom Group Thomas is the Senior Vice President of Internal Security and Cyber Defense at Telekom Group with over 20 of cybersecurity experience. His wide-ranging role involves managing all aspects of security for Telekom Group from personal and physical security to cybersecurity. Read full interview here Company Profile Johan Kestens, former Chief Information Officer at ING Belgium and Luxembourg As the former Chief Information Officer for ING Belgium and Luxembourg, Johan was, until September 2018, responsible for the complete IT stack and was part of the Executive Committee. An engineer by training, Johan has worked with a number of organizations before joining ING, including McKinsey, SWIFT, SAP and A.T. Kearney. Read full interview here Company Profile Michael Mrak, Head of Department Compliance & Information Security at Casinos Austria Michael has been with Casinos Austria for 26 years. He started in the IT department and eventually took over the role of Data Privacy Officer in 2001. Responsible for overall information security strategy and, working closely with the CEO, Michael establishes policies relating to compliance and anti-money laundering. As well as overseeing all the activities related to the development, implementation, maintenance and adherence to the organization’s privacy policies, he is also the link between his organization and the Austrian Ministry of Finance. Read full interview here Company Profile Don Welch, Chief Information Security Officer at Penn State University As Chief Information Security Officer for Penn State University, Don is in charge of a range of things including identity and access management, security operations, privacy and compliance. This involves overseeing the unique responsibilities of each of those teams. Read full interview here Company Profile Sarat Muddu, IT Security Director, Kelley Drye & Warren Kelley Drye & Warren’s IT Security Director Sarat Muddu talks about the process of implementing change in this Tessian Spotlight Series. According to Sarat, it’s important to embrace innovation in order to ward off threats. Read full interview here Company Profile Graham Thomson, CISO, Irwin Mitchell Graham Thomson is the Chief Information Security Officer at leading law firm Irwin Mitchell. In this Tessian Spotlight Series, Graham talks about his career in information security and why he uses Tessian to keep Irwin Mitchell’s employees safe on email. Read full interview here Company Profile Duncan Eadie, IT Director, Charles Russell Speechlys As IT Director, Duncan Eadie is responsible for designing and delivering the IT strategy at Charles Russell Speechlys. In this Spotlight Series, Duncan speaks about the risks law firms face from cyberattacks, and the importance of embracing technological innovation. Read full interview here Company Profile Craig Hopkins, Chief Information Officer, City of San Antonio Craig Hopkins has been Chief Information Officer and IT Director for the City of San Antonio for over two years after spending more than 20 years in financial services. As CIO Craig also manages systems integration, user experience, cyber and physical security, and portfolio prioritization for the city. This includes aligning the City of San Antonio’s 42 departments and almost 13,000 employees and developing a business strategy to ensure that each department accomplishes their mission, takes care of their employees, and remains secure. Read full interview here Company Profile Helen Rabe, Global Chief Security Officer, Abcam Helen Rabe is a distinguished security leader, with wide reaching experience across banking, telecoms, food and drink and more recently life sciences. As Global Chief Security Officer at Abcam, we spoke with Helen to understand her core driving principles when it comes to leading enterprise security programs and what impact cybersecurity technology can truly have on an organization. Read full interview here Company Profile Bridget Kenyon, Global Chief Information Security Officer, Thales eSecurity Bridget Kenyon is the Global CISO for Thales eSecurity where she manages operational information security across the organization. Previously, Bridget has served as the Head of Information Security at University College London where she built and matured the information security governance function for the university. Bridget is a member and editor for the International Organization for Standardization where she has edited and developed the management standards in the 27001 series. Additionally, Bridget has published a book on ISO 27001, which serves as an ideal guide for organizations preparing for the certification. Read full interview here Company Profile
Read Blog Post
Interviews With CISOs
Tessian Spotlight: Jaya Baloo, Chief Information Security Officer at KPN Telecom
Tuesday, April 9th, 2019
Jaya Baloo joined KPN Telecom 6 years ago, as the Chief Information Security Officer, to build up the Cybersecurity department, which currently has over 100 employees. Jaya was recognized as one of the top 100 CISO’s globally by The CISO Platform in 2017, won the Cyber Security Executive of the Year Award in 2015 and is also a well-known speaker at security conferences across the world. What are the greatest challenges you have overcome since you became CISO? The one thing I keep telling my team that I can guarantee is we are going to get hacked. It’s because we are such a big network and also because we are an intermediate target to get to other targets. Obviously, we try to prevent as much as we can, respond as quickly as possible and verify as many actions as possible. The main challenge is to always keep thinking of new ways that we could improve our existing security measures in novel ways. We recently set up a new unit that invents new security solutions which we cannot find in the market, for example a post-quantum VPN tool. How should CISOs work with the rest of the board? People need to realize that security is actually sticky in that it is something very relatable to each and every role. You inherently realise that if you do not address a security issue then you will be exposing yourself to a risk. As a CISO, you should use this to your advantage, relate your cybersecurity objectives to the motives of the board and make it as relevant to them as possible. I also don’t believe that support for cybersecurity ends with the board, effective storytelling might work for senior leadership but you ultimately need every employee on your side to realise how they can best defend the company within their role in order for this to work. What needs to change about how most organizations are handling their information security? A lot of companies are quite relaxed about their cybersecurity, almost too relaxed. This is usually because they are not measuring what is actually going on in their company. They tend to generally want to trust their employees, partners and vendors. The issue is that trust is ultimately just a social contract and the health of this contract needs to be checked. So only if you monitor the behavior of your employees, partners and vendors can you give your trust to them freely. This is not a well-known threat for many of the larger companies. How much of a role does human error play in data breaches? Human error plays a huge role in data breaches. Whenever I talk about employees being a threat, I don’t simply mean the malicious ones who want to wreak havoc across your organization. A lot of accidental actions create many of these problems. That’s why creating cybersecurity awareness across a company is so difficult to scale. All forms of attacks tend to begin with some form of targeted phishing which is very challenging because of the social engineering aspect. That’s why you need a system in place that takes these issues into account and why the best solutions a company can have is a mix of technology and user awareness. Do you have any advice for new CISOs to help set them up for success? CISOs typically come from a very technical background and tend to think that they need to develop their metaskills such as presentation or storytelling. Obviously this is not a bad thing but it does become an issue when they invest in these new skills at the detriment of those core technical skills that got them there in the first place. So I would recommend obviously investing in those metaskills but also doing a technical training session once a year with your team. Try to stay abreast of the newest technical trends as well by networking and speaking to other CISOs.  
Read Blog Post
Interviews With CISOs
Tessian Spotlight: Kevin Delange, Chief Information Security Officer at International Game Technology
Friday, April 5th, 2019
Kevin has an extensive background in information security, systems architecture and communications. As Chief Information Security Officer at International Game Technology, he holds global responsibility for information security as well as governance, compliance and threat intelligence. What are the greatest challenges you have overcome since you became CISO? Most of the challenges you tend to face as CISO are people challenges like understanding how different areas work and what their state of security is. This is critical, but can be difficult especially when you are trying to integrate all the different operations into a single security unit. What are specific tactics you use to engage the board? The two main functions of my job are to communicate updates to the board and keep a finger on the pulse of the business. This means that I need to translate tech speak into business speak for the board, because if I can’t communicate it well, then nobody will listen. Therefore, the art of presentation is key and you should avoid communicating anything too technical. Ultimately, when speaking to the CISO, the board is interested in understanding our risk profile. If the profile is acceptable and you can communicate that clearly, they will be happy. What are the most important KPIs or security indicators that gaming companies should care about? From a high level, the two most important security aspects that every company should care about — not just gaming companies — are knowing what your attack surface is (i.e., the different attack points) and what your defences are. Based on those two, you can then determine what your KPIs should be. Other than that, understanding how well you are implementing governance, risk and compliance requirements and meeting your regulatory obligations should be on every company’s mind. You need to make sure you are operating in line with the regulatory requirements. If you are compliant and you understand what your attack profile and defences are, you can solve a huge portion of what the board is concerned about. What needs to change about how most organizations are handling their information security? Companies should accept that it is just a matter of time before something happens, and they need to be prepared for attacks to get through their defences. I’ve been exposed to a lot of organizations that focus entirely on preventing attacks and do not have a plan for dealing with successful attacks. It is important to be prepared for every scenario, and this is not something that many companies are doing. The key is understanding that technology is ultimately a means to achieving an acceptable risk profile. What are the greatest information security threats to the gaming industry and how would you address these? The biggest threat is phishing, and this is not unique to the gaming industry. Being able to deal with phishing attacks and reacting to successful ones should be at the top of everyone’s mind. Phishing attacks are basically 90% of the way people are attacking you; all other attack vectors are significantly smaller. Many threats can be dealt with quite well, but addressing the social engineering aspect that makes phishing attacks hyper-targeted is extremely difficult. What do you read/listen to stay on top of advancements in information security? Information security is all about being up-to-date. The joke used to be that technology changes in dog years; now it’s more in the mayfly territory, where every single day something new comes up. I take advantage of any article that highlights new possible attack vectors, or helps me understand how I could deal with these attacks. If you don’t know what you are dealing with, then you will simply not be able to deal with it. Another option is to go to tradeshows or networking events that involve a lot of knowledge sharing.  
Read Blog Post
Interviews With CISOs
Tessian Spotlight: Richard Wakefield, Chief Technical Officer at Salford Royal NHS Foundation Trust
Friday, April 5th, 2019
Richard is the Chief Technical Officer at Salford Royal NHS Foundation Trust, which he joined in 1998. His responsibilities range from infrastructure provision and digital equipment to cybersecurity. What are the greatest challenges you have overcome since you became Chief Technical Officer? The most difficult challenge was initially dealing with cybersecurity, but there has been a huge transition in how we view it. It used to be seen as something we did alongside the ‘day job’, but now it has taken a much more central role. The main challenge is embedding cybersecurity culture and awareness into teams, and ensuring that security is dealt with in the right way at all levels. Part of my role is to introduce cybersecurity topics to the board, to make sure leadership are aware of the risks that the organization is presented with. How these risks are perceived will then influence our strategic direction when it comes to cybersecurity. How should security executives ideally work with the rest of the board? Security executives should first become aware of the language they are using, and change it if necessary to suit their audience. Many of them come from a technical background and speak in highly technical terms. People from other backgrounds will struggle to understand cybersecurity if it is presented in a highly technical manner, and they may consequently fail to realize its importance. Analogies are powerful ways to help translate to a non-technical audience. It comes down to understanding your audience, including their backgrounds and motivations. This has been one of the most important things I have understood in the last couple of years. How are most organizations handling their information security, and what should ideally change? I think a lot of people don’t understand cybersecurity and how it could impact on them personally or on the organization they work in. People tend to view it as something that restricts people, rather than being an area that protects them. Most organizations need to do a better job of embedding their security team into the wider business culture. Security measures should be viewed as coming from within the organization, rather than as something alien. Another important aspect is to foster a transparent culture between employees about cyber risks, and have everyone be willing to report their mistakes. What are the greatest information security threats to the healthcare industry? Medical devices now have far more digital capabilities than ever before, but with this comes a higher risk of these capabilities being exploited. Hacking groups are aware of the value of the information held in these devices. Unfortunately, I see this risk increasing over the coming years as everything becomes far more digitally integrated. Another risk unique to the public healthcare sector is that funding tends to be very tight. Usually, cybersecurity is viewed as a cost-avoidance tool by decision-makers and is not prioritized enough as a result. This makes attracting and retaining cybersecurity talent, as well as having the right level of security in place, important challenges. The Salford Royal NHS Foundation Trust is fortunate enough to have a great team, but many other organizations struggle to retain talent. Do you have any advice for new cybersecurity executives to help set them up for success? It’s all about the relationships you have with the key influencers in your organization. You could be doing all of the right things but if you don’t have the right support at the right level then you won’t achieve anything. It is also extremely important that you establish a cybersecurity performance baseline when you are just starting out. A lot of people start changing things as soon as they start, but if you can’t compare your changes to anything, then you won’t know if you’re improving. Therefore, the first thing you should do is simply observe and establish a baseline for yourself of what is going on.  
Read Blog Post
Email DLP, Integrated Cloud Email Security
Tessian recognized as “2018 Market Leader” for Email and Data Protection
Thursday, April 4th, 2019
Tessian, a email security platform powered by machine learning algorithms, has been named a market leading product by leading cyber-security website Expert Insights. Tessian utilizes powerful technologies to help businesses protect their sensitive data. Tessian works within the inbox, learning communication habits so that it can identify security threats. This means that Tessian offers strong protection against phishing attacks, misdirected emails and data loss. Expert Insights, a B2B IT security review website, has named Tessian a ‘Market leader’ in this area. They state that Tessian gives businesses excellent protection against phishing. They recommend the service highly to businesses looking to protect themselves against misdirected emails and data loss. Misdirected emails are one of the biggest challenges facing businesses. Sensitive emails being sent to the wrong people can have damaging effects on companies. Services such as Tessian offer a unique solution to this problem. By getting to know an individual user’s communication habits, the product can tell when users have misdirected an email. The service will then alert the user and stop the email being sent. This also allows for strong phishing protection from within the inbox, as the service can tell when an email isn’t legitimate and automatically delete it. Tessian’s sophisticated features allow businesses to go beyond traditional email security methods and provide multi-layered protection against data loss. The risks of data loss for business will continue to grow and this product offers an intelligent solution. To learn more about Tessian, contact us here.
Read Blog Post