Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Jan 31 Live Webinar | How to Keep Socially Engineered Attacks From Sneaking Into Email | Save Your Seat →

Tessian Blog

  • All
  • Customer Stories
  • Compliance
  • Email DLP
  • Integrated Cloud Email Security
  • Data Science
  • NULL
    array(14) { [0]=> object(WP_Term)#10376 (11) { ["term_id"]=> int(5) ["name"]=> string(16) "Customer Stories" ["slug"]=> string(16) "customer-stories" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(5) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Read our latest Customer Stories, interviews and news. Learn how Tessian protects organisations in Financial Services, Legal, Technology and other markets." ["parent"]=> int(2) ["count"]=> int(46) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [1]=> object(WP_Term)#10380 (11) { ["term_id"]=> int(120) ["name"]=> string(10) "Compliance" ["slug"]=> string(10) "compliance" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(120) ["taxonomy"]=> string(8) "category" ["description"]=> string(143) "Read our latest articles, tips and news on Compliance including GDPR, CCPA and other industry-specific regulations and compliance requirements." ["parent"]=> int(0) ["count"]=> int(39) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [2]=> object(WP_Term)#10868 (11) { ["term_id"]=> int(116) ["name"]=> string(9) "Email DLP" ["slug"]=> string(20) "data-loss-prevention" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(116) ["taxonomy"]=> string(8) "category" ["description"]=> string(144) "Read our latest articles, tips and industry-specific news around Data Loss Prevention (DLP). Learn about the implications of data loss on email." ["parent"]=> int(0) ["count"]=> int(96) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [3]=> object(WP_Term)#10862 (11) { ["term_id"]=> int(2) ["name"]=> string(31) "Integrated Cloud Email Security" ["slug"]=> string(20) "human-layer-security" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(2) ["taxonomy"]=> string(8) "category" ["description"]=> string(301) "Integrated Cloud Email Security solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.  Learn more about what they are, the benefits of using them, and how you can best evaluate those on offer." ["parent"]=> int(0) ["count"]=> int(131) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "4" } [4]=> object(WP_Term)#10415 (11) { ["term_id"]=> int(486) ["name"]=> string(12) "Data Science" ["slug"]=> string(12) "data-science" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(486) ["taxonomy"]=> string(8) "category" ["description"]=> string(0) "" ["parent"]=> int(0) ["count"]=> int(1) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [5]=> object(WP_Term)#10435 (11) { ["term_id"]=> int(341) ["name"]=> string(17) "Data Exfiltration" ["slug"]=> string(17) "data-exfiltration" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(341) ["taxonomy"]=> string(8) "category" ["description"]=> string(154) "Access Tessian's library of free data exfiltration posts, guides and trend insights. Acidental data loss, insider threats, and misdirected emails content." ["parent"]=> int(116) ["count"]=> int(35) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [6]=> object(WP_Term)#10907 (11) { ["term_id"]=> int(433) ["name"]=> string(14) "Remote Working" ["slug"]=> string(14) "remote-working" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(433) ["taxonomy"]=> string(8) "category" ["description"]=> string(163) "Access free tips from security leaders and new research related to remote working and hybrid-remote structures. Level-up your cybersecurity for a remote workforce." ["parent"]=> int(116) ["count"]=> int(15) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [7]=> object(WP_Term)#10905 (11) { ["term_id"]=> int(384) ["name"]=> string(7) "Podcast" ["slug"]=> string(7) "podcast" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(384) ["taxonomy"]=> string(8) "category" ["description"]=> string(345) "Cybersecurity podcast series on the human factor, discussing why we need to focus on people - not just machines and data - to stop breaches and empower employees. Tim Sadler, CEO of Tessian meets with business, IT and security leaders to flip the strict on cybersecurity and share best practices, cybersecurity challenges, threat intel and more." ["parent"]=> int(2) ["count"]=> int(9) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [8]=> object(WP_Term)#10909 (11) { ["term_id"]=> int(411) ["name"]=> string(12) "Threat Intel" ["slug"]=> string(19) "threat-intelligence" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(411) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Tessian Threat Intelligence and Research team uncovers trends and insights in email security related to phishing, social engineering, and more. Learn more!" ["parent"]=> int(2) ["count"]=> int(21) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [9]=> object(WP_Term)#10908 (11) { ["term_id"]=> int(3) ["name"]=> string(7) "ATO/BEC" ["slug"]=> string(14) "spear-phishing" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(3) ["taxonomy"]=> string(8) "category" ["description"]=> string(166) "Get up to speed on the latest tips, guides, industry news and technology developments around phishing, spear phishing, Business Email Compromise, and Account Takeover" ["parent"]=> int(0) ["count"]=> int(144) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "5" } [10]=> object(WP_Term)#10906 (11) { ["term_id"]=> int(352) ["name"]=> string(15) "Life at Tessian" ["slug"]=> string(12) "team-culture" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(352) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about Tessian company news, events, and culture directly from different teams. Hear from engineering, product, customer success, and more." ["parent"]=> int(0) ["count"]=> int(42) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "6" } [11]=> object(WP_Term)#10900 (11) { ["term_id"]=> int(435) ["name"]=> string(21) "Interviews With CISOs" ["slug"]=> string(21) "ciso-spotlight-series" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(435) ["taxonomy"]=> string(8) "category" ["description"]=> string(164) "Learn how to navigate the threat landscape, how to get buy-in, and how to break into the industry from these cybersecurity leaders from Shell, Penn State, and more." ["parent"]=> int(0) ["count"]=> int(32) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "7" } [12]=> object(WP_Term)#10899 (11) { ["term_id"]=> int(436) ["name"]=> string(16) "Engineering Team" ["slug"]=> string(16) "engineering-team" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(436) ["taxonomy"]=> string(8) "category" ["description"]=> string(134) "Tessian's engineering team shares tips for solving complex problems. Get advice related to QAs, 502 errors, team management, and more." ["parent"]=> int(352) ["count"]=> int(17) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [13]=> object(WP_Term)#10903 (11) { ["term_id"]=> int(434) ["name"]=> string(16) "Cyber Skills Gap" ["slug"]=> string(16) "cyber-skills-gap" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(434) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about the cybersecurity skills gap and cybersecurity gender gap. Research and interviews with industry leaders and champions of diversity." ["parent"]=> int(435) ["count"]=> int(19) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } }
Threat Intel
Tessian Threat Intel Roundup: July 2022
by John Filitz Friday, July 29th, 2022
Impersonation attacks are a significant contributing factor to the growing phishing challenge, with APWG reporting over 1 million phishing attacks in Q1 2022 – the highest number of attacks recorded for a quarter.   Threat actors are targeting well-known brands to carry-out sophisticated social engineering attacks and are leveraging legitimate 3rd parties to conduct their attacks. Threat actors are also using open source intelligence to impersonate and target specific individuals within companies.   Once trust has been established, the threat actor can further compromise the information system – this includes compromising vendors within the target’s supply chain – by delivering a malicious payload.   The challenge in detecting impersonation attacks is expected to become more protracted in the short term. This is due to the majority of organizations still relying on legacy rule-based email security solutions that are unable to detect sophisticated impersonation attacks.   Sign-up for our Threat Intel update to get this monthly update straight to your inbox.  
Impersonation attacks mimicking well-known and trusted brands, and will remain a mainstay for threat actors to perpetrate attack campaigns that include fraud and account compromise as key objectives.   Impersonation attacks are becoming more targeted and are leveraging open source intelligence, targeting smaller companies as well as specific individuals at those companies, with the C-suite particularly targeted.   Legitimate 3rd party services providers,  including mass-mailing services and payment providers are increasingly common methods employed by threat actors.   Account Takeover-based impersonation attacks, specifically within the supply chain ecosystem of a particular company, pose among the greatest threats. This is due to the threat actor operating within the “circle of trust” and having access to multiple targets.
The FTC has reported a sharp increase in impersonation fraud, with losses totaling $2 billion in the period October 2020 to September 2021. Some of the leading corporations are the most impersonated. In the technology space, this includes Microsoft, Google, Amazon and Apple as among among the most impersonated brands.   Email impersonation attacks come in different guises including:   Typosquatting – in this instance the threat actor sets up an email domain that appears to be legitimate – however with one or several characters replaced with look-a-like characters, for example using zero instead of “o.”   Email domain spoofing – the threat actor will manipulate the email headers so that false email address is displayed to the sender, for example the sender’s email address is “fraudster@cybercrime.com,” but the recipient sees “billgates@microsoft.com” in their inbox. Often email domain spoofing will include some degree of brand impersonation, including use of brand logos and email footers, to enhance the legitimacy of the malicious email.   Account Takeover – ATO attacks are possibly the most insidious form of impersonation attacks due to the threat actor leveraging a compromised and “trusted” email account to perpetrate an attack.   Threat actors often use a sense of urgency combined with some intelligence to get the target to carry-out their request, for example, such as requesting urgent payment of a known supplier invoice but to a bank account number controlled by the threat actor.   Malicious payloads in the form of attachments or links are also commonly used. The malicious nature of the payload is obfuscated to bypass rule-based security controls.   In the case of a malicious attachment, common obfuscation methods include changing the file name to a “.doc” or “.pdf” or in the case of a malicious link, using third-party mailing services to deliver the malicious links. This can include the use of link-redirects that will redirect the victim using a “safe” link to a safe website, which then redirects to a malicious website.   One noteworthy impersonation attack campaign included the NOBELIUM campaign detected by Microsoft Threat Intelligence. In this campaign, threat actors leveraged a legitimate mass-mailing service Constant Contact to impersonate the US International Development Aid agency (USAID) to distribute malicious URLs to a “wide variety of organizations and industry verticals.”   More recent impersonation campaigns are leveraging a combination of phishing email and a call-back number impersonating a well-known and trusted security vendor in an attempt to compromise the target via remote administration tools (RAT).
The need to upgrade email security is increasingly moving up the priority order list.   Legacy rule-based solutions are unable to detect multi-tiered impersonation attacks that remain undocumented in most threat intel engines on which legacy solutions rely.   Adaptive, machine learning powered behavioral detection is essential to detect unknown and rapidly evolving threats, including supplier based ATO attacks.   Leveraging security solutions that incorporate security awareness training as part of the active defense measures remains a key element of ensuring that end-users are in a better position to detect impersonation attacks.
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
New Study from Forrester Consulting: The Total Economic Impact™ of Tessian Cloud Email Security Platform
by Negin Aminian Tuesday, July 19th, 2022
A commissioned study conducted by Forrester Consulting on behalf of Tessian in July 2022 reveals that a composite enterprise of 10,000 protected inboxes saw 268% Return On Investment (ROI) over three years after deploying Tessian. This amounts to over 29,600 labor hours saved.   In addition to the significant time savings, the benefit of having Tessian deployed focused on reducing email security risk against advanced email threats, as well as preventing email data loss. Additional key benefits included quantifiable improvements to the security culture of customer organizations, leading to lower click-through-rates and a greater awareness of the cyber risks posed on email. 
Tessian commissioned Forrester Consulting to conduct a Total Economic Impact™ study to examine the ROI that a composite enterprise realized by deploying Tessian over a 3 year period. The value of having Tessian deployed was distributed accordingly:   • Savings of  $3.1 million due to inbound email threat prevention, including against advanced malicious emails that upstream solutions failed to detect.   • Savings of $2.6 million from preventing email data loss incidents thanks to Tessian’s advanced email data loss protection capability.   • $2.9 million in savings from preventing accidental email from being sent – this includes preventing misdirected and miss-attached emails from being sent.   For modeling purposes Forrester Consulting used full Tessian Platform implementation for a 10,000 end-user enterprise. The study found total benefits of $8.6m, a net present value (NPV) of $6.2m, and an ROI of 268%.
Risk Reduction   Email remains the preferred delivery mechanism for devastating malware attacks, including ransomware. The FBI notes in its latest IC3 report that Business Email Compromise (BEC) has led to losses of $43 billion in the past 5 years, with 65% of these losses occurring in the period 2019 to 2021.   According to the study, this is supported by Forrester’s own research, finding that email-based phishing attacks are playing an increasingly prominent role in security breaches, rising from 23% in 2020 to 31% in 2021. This represents a 35% year-over-year increase. Of concern are the increasing sophistication of BEC, account takeover attacks (ATO), and the devastating impact that insider threats pose, particularly from a data breach perspective.   An information gap that Forrester Consulting identified in the study is the lack of research available and awareness surrounding email data loss. This was mirrored both in published research and in the enterprise. Only after deploying Tessian, did customers realize the magnitude of the data loss risk they faced.
Challenges before Tessian   Some of the key email security challenges prior to interviewed organizations choosing Tessian, included:   • A lack of detection and prevention capability of existing email security tools against advanced threats. Interviewees noted that advanced email threats are becoming more prevalent and more targeted at senior executives.   • Previous email security tools had limited or no email data loss capabilities. Due to the sensitive nature of data processed by the interviewees’ organizations, they could no longer take the risk of not addressing email data loss risk arising from either exfiltration and misdirected emails. • Existing email security solutions that relied on rule-based policies resulted in excessive and disruptive banner warnings without context and didn’t offer protection. In this noisy environment every email had to be treated as a threat, the organizations had no trust in the security efficacy of their existing email security solutions.
Solution Requirements   Prior to choosing Tessian, the features interviewees wanted in an advanced email security solution included:   • Definitive and demonstrable AI and ML capabilities. • High-quality and actionable alerts. • Advanced protection capabilities for inbound as well as outbound email. • API-based integrations into the existing security stack and email environments.  • Fast deployment and low management overhead. • Ability to scale as well as providing a flexible and strategic partnership.
Impact of Tessian   The enterprise organizations that Forrester evaluated found Tessian delivered the following:    • Halving the phishing rate for a large healthcare enterprise, while also reducing the time to diagnose and respond to phishing campaigns from 8.5 hours down to 5 hours.   • Blocking 143 malicious emails in 1 month for a financial services company, and significantly reducing the click-through-rate while improving the security awareness of employees to better identify malicious emails.   • Detecting and preventing 901 malicious emails in one month at another financial services company that had gone undetected by other upstream email security tools.
For data exfiltration, Tessian had the following impact:   • Detected and enabled fast and effective protection and response against data exfiltration attempts for a healthcare enterprise.   • Enabled a culture shift in the professional services company, reducing data exfiltration over email due to the proactive warnings provided by Tessian.      
For misdirected emails Tessian had the following impact:   • 270 instances of accidental data loss in 90 days were prevented for a professional services firm. • 243 misdirected emails and 9 incorrect attachments were detected in one month at a financial services firm.   • Significant reduction in misdirected emails at a healthcare company with the director of information security citing an overall improvement of security awareness among end-users, evidenced by fewer accidental data loss instances every month.
Additional benefits   Better security decision-making: The Forrester study also found there was better end-user security decision-making due to contextual prompts end-users receive in real time on likely malicious emails. Security administrators also leveraged the improved risk analytics to better understand how email security risk is trending in their environment.   Greater investigation efficiency and ability to demonstrate ROI to leadership: Another key benefit realized was significantly faster investigations of email security incidents, as well as a low effort in communicating the ROI of Tessian and how it is reducing email risk to the executive leadership.    Enhanced end-user experience: The user experience and positive feedback from end-users of Tessian were among the notable findings. The positive feedback was tied to the fact that Tessian makes end-users feel more secure and confident on email. This was in large part due to the context driven alerts on likely malicious emails, as well Tessian’s ability to prevent email mistakes from happening.  Improved security culture: The impact Tessian was having on improving the security culture across the organizations interviewed was significant, with one of the interviewees sharing that thanks to Tessian, their latest phishing-prone score was 10% lower than the industry benchmark.
Tessian for advanced email ecosystem protection    Although there are numerous cloud email security solutions on the market today, only Tessian  offers the most comprehensive cloud email security protection available. Thanks to our machine learning powered behavioral detection and cloud email security platform approach, Tessian offers protection against advanced email threats as well as prevents email data loss.    Combined with in-the-moment security awareness coaching, the easy ability to demonstrate ROI, and the strategic and flexible nature of our customer partnerships, leads Tessian to be among the most liked security tools by security leaders and end-users alike.   Want more information on how Tessian can protect your organization? Book a call with one of the team below or try our free email threat assessment.
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Integrated Cloud Email Security, ATO/BEC
How to Prepare for Increasing Cyber Risk
by John Filitz Wednesday, July 13th, 2022
Each year it seems we are met with new complex challenges and risks that few could have predicted. In turbulent times, it is prudent to take stock of what business and security leaders can control. Allocating dedicated resources to more effectively manage both known and unknown risk is fast becoming essential to shore-up organizational resiliency.   Turning the focus to the sector that is germane to what we do at Tessian, effectively managing cybersecurity risk is now more critical than ever. In fact, cybersecurity risk is now considered the number 1 risk faced by businesses according to Allianz’s 2022 Global Risk Barometer, followed by business interruption (2) and natural disasters (3).   Read on to learn more about some of the key cyber risks organizations are faced with today, and how best to mitigate it.
Cybersecurity risk is increasing The costs associated with breaches are increasing each year. The global cost and impact of cybercrime damages is expected to reach $10.5 trillion in damages by 2025 – representing a 350%+ increase from 2015.    A sign of the worsening cyber risk can be seen in the cybersecurity insurance industry. Given the high number of recent claims, up by 500% in 2021, has resulted in cyber insurance premiums seeing significant escalations – essentially doubling over the past year. And as a result of recent developments in Ukraine, leading insurers are now excluding suspected nation-state cyber attacks from coverage provisions.  
Persistent and increasing email security risk   Due to its open nature, email remains the preferred method for delivering a malicious payload, including ransomware – responsible for up to 95% of breaches. Email also attracts the greatest investment in the attacker value chain and is the riskiest channel for data loss.    Until recently, detecting and preventing email threats relied on static, rule-based solutions like Secure Email Gateways (SEGs). These solutions are only able to detect known threats because they rely on a threat detection engine of already documented threat campaigns. But threats have become more advanced and are proliferating at an alarming rate, with the net result these threats are going undetected by SEGs and are reaching victims’ mailboxes.   According to Verizon’s DBIR 2022, email-delivered social engineering attacks are growing in complexity, with phishing responsible for 60% of these attacks. In addition, the FBI reported that $43 billion has been lost globally due to Business Email Compromises (BEC) in the past 5 years, with a 65% increase in BEC fraud related losses reported globally in the period 2019 to 2021.  
The growing ransomware challenge   Advanced cyber threats like ransomware are also trending in the wrong direction. Ransomware related damages exceeded $20 billion for 2021 – representing a 57x fold increase from 2015. By 2031 ransomware damages are expected to reach $265 billion. Responsible for 75% of cybersecurity insurance claims, Ransomware-as-a-Service offerings are mainstreaming the ability to carry out devastating ransomware attacks.    Russia-based Conti ransomware gang aka Wizard Spider has been linked to 50 incidents in April 2022 alone, including attacks on the Costa Rican and Peruvian governments. Currently there is a $15million bounty on Conti from the US government – indicative of the scale of the problem. The FBI estimates that over 1,000 Conti ransomware victims have paid in excess of $150 million in ransom in the past year.    Also concerning is the increasing proliferation of wiper-malware seen in 2022 in cyber attacks against the Ukraine in 2022. Disguised as ransomware, wiper-malware essentially wipes all data from infected hosts. In response to the growing ransomware threat, CISA announced the formation of a ransomware taskforce at the end of May 2022.   
Software supply chain vulnerability   Software supply chain cyber risk is another leading concern for CIOs and CISOs. The acceleration of digital transformation and cloud adoption, and increased speed of deployment through DevOps processes, have resulted in dramatically expanding the attack surface area with vulnerable code and applications exposed online.    Software supply chain attacks remain a vulnerable element given the high impact and high reward for the attackers as has been demonstrated in the SolarWinds and Kaseya attacks. 
Final thoughts for staying safe in a volatile cybersecurity environment   Prioritizing cybersecurity program development is now a core aspect of effective organizational risk management. There however remains a collective need in the vendor and the broader business community to elevate and educate executives particularly at the board level, on the importance of proactive cybersecurity risk management.    Assume you will suffer a breach. From this risk-aware position think about the proactive steps you can take to improve your cyber resilience. The escalating email, ransomware, wiper malware and supply chain vulnerability risks underscore the imperative for investing in intelligent and agile cybersecurity defenses.   Continuously seek out innovative solutions that keep your environment safe, while at the same time ensure high degrees of employee engagement on the importance of security awareness.  
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Email DLP, Integrated Cloud Email Security, ATO/BEC
What is an Integrated Cloud Email Security (ICES) Solution?
Thursday, July 7th, 2022
In recent years, the shift away from on-prem email platforms to cloud-based platforms has been dramatic, with Gartner estimating that 70% of organizations now use cloud productivity suites like Microsoft 365 and Google Workspace. But as email migrates from legacy on-prem approaches to the cloud, securing these cloud based services becomes the next big challenge. Enter Integrated Cloud Email Security.
What is an Integrated Cloud Email Security (ICES) Solution? The term ‘Integrated Cloud Email Security (ICES)’ was coined in the Gartner 2021 Market Guide for Email Security. ICES solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.     ICES solutions are cloud-based, and use APIs to detect anomalies in emails with advanced techniques such as natural language understanding (NLU), natural language processing (NLP) and image recognition. Using API access to the cloud email provider, these solutions have much faster deployment and time to value, analyzing email content without the need to change the Mail Exchange (MX) record.   Taking it one step further, ICES solutions can also provide in-the-moment prompts that can help reinforce security awareness training (SAT), and are able to detect compromised internal accounts. In the report, Gartner reflected on the future of ICES solutions, suggesting that they would eventually render SEGs redundant:   “Initially, these solutions are deployed as a supplement to existing gateway solutions, but increasingly the combination of the cloud email providers’ native capabilities and an ICES is replacing the traditional SEG.”
Gartner predicts that by 2023, at least 40% of all organizations will use built-in protection capabilities from cloud email providers rather than a secure email gateway (SEG)… But why?   In short, legacy SEGs are no match for the cyber threats of tomorrow. Email is responsible for 96% of cybersecurity breaches, making it the greatest threat vector. In fact, in the 12 months between July 2020 and July 2021, Tessian detected 2 million malicious emails that had bypassed SEGs. So why are traditional SEGs not fit for today’s cybersecurity landscape?
Rule-based approaches don’t cut it SEGs were developed in 2004 with on-premise email servers in mind and use a rule-based approach to threat detection. They use deny lists, allow lists and signatures for message authentication to help stop attacks – with these lists created using threat intelligence. They are reactive by design, and protect email data against threats that are already known. This means that SEGs offer no protection against zero-day attacks (a significant and growing threat vector), and are easily evaded by attackers using advanced social engineering campaigns. SEGs also fail to detect business email compromise (BEC), account takeover (ATO) and advanced spear phishing attacks.
The migration to the cloud   More and more, organizations are adopting SaaS offerings like Microsoft 365 – which have SEG capabilities natively included. This shift was well underway before the pandemic, but has since been accelerated with data suggesting that ICES solutions are here to stay and will displace SEGs from the cybersecurity stack.. The rise of offerings like Microsoft 365 and Google Workspace and the move away from SEGs comes as no surprise, with enhanced functionality at the platform level that can include:   Blocking emails from known bad senders Scanning attachments with AV Blocking emails with known bad URLs Content analysis to identify SPAM   Given these native SEG-like capabilities in cloud productivity suites, makes ICES solutions the perfect supplement to ensuring comprehensive email protection. ICES solutions are so effective because they  provide protection against many of the threats SEGs fail to detect – when used in combination with SaaS offerings like Microsoft 365.
What are the benefits of ICES solutions?   ICES solutions offer more than just threat detection. Key features of ICES solutions  can include:   BEC and ATO Attack detection using NLU, NLP, social graph analysis and image recognition Context-aware banners to warn users Phish Reporting Mail Security Orchestration, Automation and Response (MSOAR) capabilities to assist in automatic reclassification of emails and removal from inboxes
How to evaluate ICES vendors   The number of  ICES solutions available on the market is continually growing. There are a few key things you should consider when evaluating which ICES solution to use. Taking a look at your current email security framework and comparing it to your end goal, the following elements should be analyzed:   Time-to-value, return-on-investment time horizon Cost of effort to install and manage False positive rate ML- and AI-based technology to detect advanced social engineering attacks including BEC and ATO attacks Ability to analyze and map conversation history Computer vision to analyze suspicious data and links in emails User education controls to reinforce training, including context-aware banners and/or in-line prompts Ability to analyze emails prior to delivery to the end user API integration  of email events into Extended Detection and Response (XDR) or Security Information and Event Management/Security Orchestration, Automation and Response (SIEM/SOAR) solutions   Still struggling to decide? Have a look at the 2021 Gartner Market Guide to Email Security, which contains further information on ICES vendors, including Tessian.
Why choose Tessian?   Tessian was recognized as a Representative Vendor for Integrated Cloud Email Security (ICES) in the recently released 2021 Gartner Market Guide for Email Security.     What sets Tessian apart from other ICES solutions is its advanced email security and email data loss prevention (DLP) capability, including:   Advanced Spear Phishing Protection Advanced Attachment and URL Protection   Internal Impersonation & CEO Fraud Advanced Spoof Detection Counterparty & Vendor Impersonation  Brand Impersonation External Account Takeover  Invoice Fraud Bulk Remediation Automated Quarantine  Threat Intelligence   Tessian also offers protection against both malicious and accidental data loss, in-the-moment security awareness training for suspected phishing emails and in-the-moment security awareness notifications. 
To summarize, there are four key Tessian differentiators:   Threat prevention: Tessian protects against both known and unknown email attacks, including business email compromise, account takeover, spear-phishing, and all impersonation attacks that bypass SEGs, M365, and G Suite. Protection also includes class leading email DLP. Education and awareness: With Tessian’s in-the-moment training, organizations can educate and empower users to build continuous email security awareness  Reduced admin overhead: Tessian removes the burden on SOC and admins by automating repetitive tasks such as maintaining triage and review. This eliminates the need for human verification of email threats, reducing FTE requirements. Data-rich dashboards: With Tessian, security teams have clear visibility and the ability to demonstrate clear ROI     To find out more about Tessian as an ICES solution, and the key findings listed in the 2021 Gartner® Market Guide for Email Security, click here. 
Read Blog Post
Threat Intel
Tessian Threat Intel Roundup for June
by Charles Brook Tuesday, July 5th, 2022
The Tessian Threat Intel team continues its focus on business email compromise (BEC) campaigns. We issued a Threat Advisory for a PayPal themed campaign we have been tracking since January.   The threat actors in this campaign are seeking to illicit payment fraud and potentially compromise credentials. Other key threats that we are focussing on include increasingly advanced methods for Account Takeover (ATO) and the persistent threat of email-delivered ransomware, including a spike of wiper-malware. Sign-up for our Threat Intel update to get this monthly update straight to your inbox.
  Tessian Threat Intelligence has recently tracked and observed scammers, on numerous occasions sending emails with fake invoice payment requests from payment service providers such as PayPal. From early evidence we are seeing, online fraud campaigns are on the rise, with the potential to evolve to ATO based attacks. Although the primary targets are private consumers, we are likely to see similar attacks targeting vendors and suppliers in the enterprise. The increasing sophistication and targeted nature of attacks observed across the cybercrime landscape represent the maturation of cyber crime, with threat actors targeting specific entities rather than random targets. A number of these phishing attacks are leveraging open source information, as well as relying on information gathered from previous data breaches to identify high yield targets.
  Tessian Threat Intel continues to track BEC and payment fraud campaigns with executive impersonation observed as a consistent theme.  Cryptocurrency payment fraud has already resulted in over $1billion in losses according to the FTC and is up 60x in 2021 compared to 2018. Ransomware-as-a-Service gang activity emanating from Russia is on the rise once again, with REvil re-emerging after an initial law enforcement crackdown. Wiper-malware is surging in 2022, first seen in Russian cyber attacks against Ukraine. Russian APT groups have been observed exploiting the Follina vulnerability.  Microsoft released a patch for Follina in June but we may see a spike in attachment-themed phishing abusing the vulnerability before the fix is widely implemented. Chinese APT groups have been using ransomware as a decoy to carry out espionage campaigns. Other attack campaigns that have captured our attention include the increasing phenomenon of voicemail themed phishing campaigns observed by Zscaler. We expect email delivered ransomware, including the growing prominence of wiper-malware to remain leading threats in 2022. A recently launched carding site ‘BidenCash’ gave away a list of stolen card details for free across darkweb forums to promote their store.
  Having intelligent and layered cybersecurity defenses in place, particularly securing email and the endpoint, are critical for staying safe. Leveraging behavioral cybersecurity solutions that can detect sophisticated social engineering attempts is essential, as threat actors continually develop intelligent methods to bypass rule-based security controls. Practicing good cybersecurity hygiene and regularly testing your security controls, including business continuity and disaster resilience capabilities, are of fundamental importance to cyber resilience. Conducting in-the-moment and contextual cybersecurity awareness training on advanced email threats for your employees should be prioritized  – end-users are your first line of defense.
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Email DLP
Product Update: Actionable Event Triage
by Dan Harrison Friday, July 1st, 2022
Security and risk management teams are focused on detecting, investigating, and responding to cyber security incidents. Given the high number of security tools deployed in the environment of a typical organization, reviewing security events that could be actual incidents requires dedicated FTE resources and time. This creates two challenges.   1: A delayed response time in triaging security events and finding incidents can also result in worsening the fallout from a breach, thereby elevating the level of risk. 2: Security teams find it increasingly time consuming to handle this volume of events, potentially resulting in analyst burn out, loss of retention and a reduced quality in event investigation.   Improving the efficiency for event triage is essential to help security and risk leaders speed up investigations and remediate incidents. 
Working Smarter, Not Harder   A recent Tessian commissioned study by The Ponemon Institute found that “it can take an average of 72 hours to detect and remediate a data loss and exfiltration incident caused by a malicious insider on email and an average of almost 48 hours to detect and remediate an incident caused by employees’ negligence or error on email.”    This is why Tessian has focused on making the investigation process more efficient for our users with a new event triage workflow.
Enhanced security event management   Tessian has improved security efficiency for customers through enhanced event triage in the Tessian Portal for all of our data loss modules, Guardian, Enforcer and Architect. Our latest feature update includes:   The ability for security admins to view the full email body and attachment for a flagged email. The ability for users to label events within its workflow status. The event statuses can be marked as Open, Incident, Safe, False Positive, and Other.   These capabilities enable Tessian users to get more context on a security event and easily collaborate with team members, leading to a more efficient end-to-end investigation process. These enhanced capabilities extend across M365 and GSuite mailboxes.
Making the SOC more efficient   The new event triage enhancements demonstrated below, enables security analysts to view the email body and to more effectively triage the security events. The advantage this brings to security teams is being able to immediately access the event content, rather than requesting the email content often from a separate team. This speeds up the investigation workflow and reduces the dependency security teams have on other parts of the organization. Further enhancements include being able to assign security events to team members and labeling the event with its workflow status (open, incident, safe, false positive, other).
These new feature enhancements will enable:   • The ability to complete end-to-end investigations all within the Tessian Portal resulting in a more efficient response to security threats.   • Improved SecOps efficiency in dealing with actual events vs. false positives.   • The ability to more easily collaborate with team members through the assignment of events, helping teams remain focused on what matters most.   • Insight into the outcome of data loss events through event status tagging, helping the CISO gauge risk using real data and helping to measure Tessian’s Return on Investment
A note on privacy The ability for security teams to view the full body of emails and their attachments may pose a privacy concern to customers. In recognition of this, we have built in some privacy guard rails which customers can use to control and monitor data access. Only Tessian users who have the necessary permissions to view the full email body and attachments will be able to do so. In addition, whenever a user requests to view the email’s full body and attachment, an audit event will be created which can be viewed within the Tessian portal.
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Life at Tessian
Tessians 2022 DEI Report
by Tessian Tuesday, June 28th, 2022
As a human first company, we want Tessian to be a place where everyone has the opportunity to bring who they are to work, and be included and valued as they are. Diversity, equity and inclusion (DEI) is so important to us, not only because it’s the right thing to do, but also because it’s essential for our success. Diversity is necessary for innovation, so prioritizing it is a really important part of our future as a company.   We recently published our second annual DEI Report, and I’ve been reflecting on our journey over the last year and the three big lessons I’ve taken into this year’s strategy.
Data. Data. Data.   We can’t just guess how we’re doing on DEI, we need data. When we first launched our 2021 DEI Strategy, it was based on analysis of a number of different kinds of data that helped act as signposts towards our DEI Focus Areas. Since then, we have improved our data set to add anonymized candidate data, and employee data about lots more personal attributes.   Anything we can explore – we do. It can be difficult to know where you’re going to find the most interesting and impactful insights before you start looking. Here’s how we do it:   We start off with a big pile of data, everything from representation to experience, to compensation to retention, all split by all the different personal attributes we collect voluntary data on. There are some standard measures we look at: pay gaps, representation vs benchmarks, significant variations in experience etc. but that often opens the door to lots of further questions, that require further data exploration We do our best to turn over every single stone and ask ourselves: is something going on here? Usually the answer is no, but it’s important that we employ that rigour everywhere, so that when the answer is yes, we don’t miss it. It’s easy to get distracted by what we assume the most significant DEI concerns are, often based on our own biases, so it’s so key to start as objectively as possible. Don’t guess or intuit where you should be focusing attention! Start with as much data as you can get, and let that guide your thinking.
If you don’t actively pay attention, anything can slip   Focus is necessary, but it’s hard. Throughout this journey, we’ve been so conscious that there are infinite dimensions of diversity to consider, and infinite topics we could focus our attention on. But resources are finite, and if we want to make an impact, we need to focus on just a few things.   As hard as it feels, focus isn’t just about deciding where you are going to focus, it’s also about deciding where you’re not going to dedicate energy. In 2021 one of those “non-focus areas” for us was gender representation. We found that we were above the benchmark compared to other companies similar to us, and there was nothing to indicate that might drop. So we put our energy into other places.   Throughout 2021, our gender representation gradually fell by 7 percentage points as we happened to hire fewer women and people from underrepresented genders. By the time the end of the year came, these few percentage points had put us below the benchmark compared to other similar companies.   Focusing on other kinds of representation, and other DEI areas meant we didn’t notice this gradual change in our gender representation, and so didn’t get ahead of it. This was a really important lesson for us this year; this time around we are paying more attention to movement in metrics even when they don’t directly relate to our focus areas for the year.   This is key to keeping focus dynamic, and adapting to the information you have today.
Working with everyone, necessity of the team activity   The final lesson I’ve taken from our DEI journey so far: DEI is necessarily a team activity. None of us can do it alone.   Once we have our focus areas, we develop tactics that we hope will address them. So far on our journey, the accountability to these tactics has been with the People & Talent team. But the more work we do, the more we realize we need the whole company 100% behind us, prioritizing this work.   Hiring is a great example of this: in a fast growing business, often representation comes down to hiring. If you’re growing but you aren’t hiring diversely, then overall representation will fall. So one of our Focus Areas this year is hiring more people from underrepresented genders and ethnicity backgrounds.   Of course, our brilliant Talent partners care so deeply about this, and are moving heaven and earth to build up a diverse pipeline of candidates. But it isn’t always easy. Building a diverse pipeline in a notoriously non-diverse industry can take time, and this is often time we feel we don’t have in such a fast-moving company. Or there might be a particular experience level we feel like a candidate should possess that limits the diversity in the candidate pool.   This is where the rest of the company comes in. In this case: the Hiring Manager and hiring team. Every single Tessian needs to be bought into our strategy so that we can resolve these challenges in the right way. One of our Tessian values is We Do The Right Thing, so it’s really important to us to take these tensions seriously and work together to make the best decisions for our people.   There are a few basic things we ask of all Tessians…   Help us reach diverse candidates by sharing our DEI work and our open roles widely…think LinkedIn, Discord, Slack. Any communities our Tessians are a part of! Continue to give us feedback on how they’re feeling, about DEI and our workplace more generally. We use an employee engagement tool, Peakon to collect this feedback so that people can stay anonymous if they choose. And most importantly: Get to know each other! Connection building is the core of belonging so we encourage lots of ways for our people to connect deeply. This is especially important in a globally distributed, hybrid team – we have to OVER deliver on opportunities to get together both in person and virtually. What’s Next?   And as with any journey like this, it’s far from over. We all have so much work to do in DEI and there are a hundred new questions swimming around our heads on where we should focus next, and how to make our DEI Strategy more effective. For example…   Goals: Right now our DEI Goals sit with the People team. Should we transition our DEI Goals to the company level, so it’s every one of us that is responsible for addressing them? We know accountability is key, but is the accountability in the right place for maximum impact?   Engagement: How much time and engagement should we be asking of our people? Do we need everyone to know every detail of our strategy? Or is it enough that they know their own role, and the WHY behind DEI at Tessian?   We’re committing to continuing to ask ourselves these hard questions and hold ourselves accountable to the very highest standards of DEI. It’s not always easy, but it is the right thing to do.   Want to join us on our journey? We’re hiring, all open roles are here. What’s it like to work at Tessian? Here’s 200 reasons you’ll love it.
Read Blog Post
ATO/BEC
How Bad Actors Are Using the Cost of Living Crisis to Launch Attacks
by Andrew Webb Monday, June 27th, 2022
Most people – we hope – can smell a rat when supposedly African Royalty offers us several thousand dollars as a ‘gift’ to help them get money out of the country, but what about when a well known brand you love offers you free samples or invites you to enter a competition?    The recent Heineken Father’s Day beer contest on WhatsApp is just the latest in a long line of seasonal or topical attacks that are run almost like marketing campaigns. Like all phishing attempts there are a few common themes. One is a sense of urgency, in this case the fact that there are only a certain number of freebies available. There’s also nudging text like ‘don’t miss out’ ‘exclusive’ and ‘enter now’.
The Threat Actor’s Editorial Calendar   But what’s also interesting is that this attack came on Father’s Day, when a brand like Heineken might legitimately launch such a campaign and when people are thinking about last minute gifts for Dad – it feels legit because it plugs into where your employees’ heads are at. Heineken wasn’t the only ‘Dad brand’ that suffered a scam, UK hardware stores ScrewFix and B&Q also had exclusive Father’s Day competition prizes that were actually scams.    That topicality and seasonality is played out throughout the year, on national awareness days, public holidays and yearly events like tax deadlines and Black Friday. As one attendee at our October Human Layer Security Summit told us “in the Fall, someone is always going to click on FREE STARBUCKS PUMPKIN SPICED LATTE”. We’ve seen this in the world of entertainment too. In November 2021, fans were promised early access to the new season of Squid Games, only after filling in a short ‘survey document’.
Cost of Living Scams   Having targeted tech and finance brands for years, as well as logistics and delivery brands during the pandemic, it seems scammers are teeing up a summer of cyberattacks on consumer brands and retailers. The cost of living crisis, rising inflation and surge in food and energy costs now makes grocery stores, food companies and energy companies prime targets for scams. In June, we saw a scam featuring UK supermarket Tesco, with the promise of a £500 gift card.    In May the UK energy regulator, Ofgem, alerted consumers to a new energy rebate scam as energy prices soared. Meanwhile in the US fuel company Shell highlighted a gas card phishing scam involving their Fuel Rewards program. And with some US employers offering to pay towards employees’ gas costs, you can see why things are getting confusing. The brand and sector may change but the scam is always the same; the promise of something for free coupled with a sense of urgenc
Education and awareness These new threat vectors join the long queue of existing ones that your staff and organization are already vulnerable to. As we saw with Covid bad actors thrive in times of confusion and uncertainty. And after global pandemics, global economic turbulence and spiraling cost of living is the next theater on which bad actors like to strut their stuff. So what to do?      As Bobby Ford said at our Human Layer Security summit, the way you ‘crack the nut’ is putting a little piece of cybersecurity awareness in all your other programs, projects and meetings happening across your organization. That can be a quick update at the all-hands or creating material, updates and awareness within your team that you don’t just push out, but people actively come and seek out.    Work with your allies. Who else in the company can you form an alliance with? Perhaps you can bring in your internal comms or PR team’s experience? Getting the people team involved to make cybersecurity part of the onboarding process helps new joiners orient themselves before they touch your network.    Finally, the C-suite is critical to supporting any initiative you design, which matters because as Mike Privitte notes in this Linkedin post, “Phishing doesn’t have “work life balance.” Company executives and their families will only see increased attempts outside of the 9-5 space”.
Read Blog Post
ATO/BEC
Tessian Threat Intel Advisory: PayPal Email Invoice Fraud Detected
by Charles Brook Monday, June 20th, 2022
Summary Tessian Threat Intel is issuing a threat advisory on cyber threat actors requesting payment from unsuspecting victims using fraudulent invoices issued via PayPal. We have alerted PayPal.   Overview Tessian Threat Intel analysts have observed scammers, on numerous occasions, sending emails with fake invoice payment requests. Historically many of these sorts of attempts would be detected by traditional spam filters and end up in the junk folder or in quarantine. This is due to the email senders being repeat offenders with the same template and text – easily detected as spam or malicious by rule based email security solutions.    Since early March 2022, Tessian identified ways in which threat actors have been adapting their techniques to reach victim’s inboxes by abusing the legitimate capability of sending invoices to 3rd parties using PayPal’s email-delivered invoicing services.    To be clear, this is not a vulnerability within PayPal. Nor is it an example of an account takeover (ATO).  Rather, threat actors are creating invoices in PayPal and then issuing them to victims through PayPal’s service.     Technically, an email  from PayPal would pass some of the most fundamental checks in email security like SPF, DMARC and DKIM. This would ensure with a high degree of probability that similar emails would avoid detection by rule based email security solutions, as well as giving an air of legitimacy to the email.    An email sent from a financial services provider like PayPal, would increase the probability of  the victim seeing and interacting with the email, including acquiescing to its demands for payment. 
Examples of fraudulent PayPal invoices   The screenshot below is a legitimate email from PayPal containing a fraudulent invoice. In this example, the attacker has created a paypal account with the profile name “bit-coins payments,” which is displayed as the sender display name.    The threat actor has then created an invoice using the invoicing service available in PayPal (see Fig 2), and has then sent it with a message added by the attacker for the recipient. Grammatical style errors can also be observed, similar to what we have seen in common   phishing emails.
The below screenshot shows the PayPal invoicing service.
In the example below, we can see the actual link addresses which would redirect the recipient to the PayPal generated invoice if clicked.
Technical breakdown of the message headers As you can see below, both SPF and SKIM are a pass, and the sender IP ties back to PayPal directly. This sort of email has a high probability of passing rule based email security solutions and being delivered into a victim’s inbox.   Authentication-Results: spf=pass (sender IP is 173.0.84.227)  smtp.mailfrom=paypal.com; dkim=pass (signature was verified)  header.d=paypal.com;dmarc=pass action=none  header.from=paypal.com;compauth=pass reason=100 Received-SPF: Pass (protection.outlook.com: domain of paypal.com designates  173.0.84.227 as permitted sender) receiver=protection.outlook.com;  client-ip=173.0.84.227; helo=mx2.slc.paypal.com;
Threat Mitigation Steps   Once PayPal was informed, Tessian found that the invoice was taken offline and no longer accessible. Thank you PayPal for your quick engagement.   In order to not fall victim to similar types of email-delivered invoice fraud we recommend:   Be careful of unsolicited emails, especially those containing requests for payment or including links to invoices. Always verifying the authenticity of an invoice with the actual purchase order.  If necessary, contact PayPal or any vendor requesting payment via independent method i.e. telephone to verify the authenticity of the request. Have a failsafe system in place in your accounting department that requires two members of staff to verify the authenticity of invoices matched against purchase orders. Adopt intelligent cloud email security solutions like Tessian that use behavioral intelligence to detect and prevent advanced email attacks, including increasingly sophisticated email-delivered invoice and wire fraud.
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Virtual Cybersecurity Events To Attend in 2022
Monday, June 20th, 2022
  SANS London – September 5-10, 2022   This series of cybersecurity courses and workshops is self-described by SANS as ‘hands-on’.  Whether you are joining in-person in London or virtually via live stream, each course includes presentations from industry experts with real-time support from GIAC-certified teaching assistants.   A detailed agenda with speaker profiles is already online, as well as a short video that gives you an idea of what the courses are like. You can find it all here.   Tickets cost between €6,000-€7,000, with a few different add-ons (e.g. certifications and ‘on demand’ access), and discounts for early birds available.   Cloudflare Connect Sydney – September 8, 2022   This hybrid event invites attendees to learn from Cloudflare executives and special guest speakers about the present and future of internet and network security. Previous events have included keynotes, demos, hands-on labs, and real-world use cases.    Details for the Sydney event aren’t out yet, but the May event in New York explored a few questions including; Where is networking going next?, How can enterprises keep their data and workforces secure as workplace needs evolve?, Is Web3 really the future for the Internet?.   The in-person price for previous Cloudfare events was about £300 and included access to exclusive breakout sessions – but you could attend the keynote virtually, free of charge.   FutureCon Cybersecurity Events – Various dates   FutureCon organizes a huge number of virtual events in cybersecurity (2-3 per month!), with each one being shaped by their belief that “Cybersecurity is no longer just an IT problem”.   Events are aimed at C-suit executives and CISOs and include high-level cybersecurity training with an appreciation for the ever-changing threat landscape. Their panels consist of C-level executives who share their experiences in mitigating attacks, and there are also opportunities to demo the newest technology.   Events are $100, with discounts for early birds and reduced access options.   UKsec Cyber Security Summit — September 12-13, 2022   The UKsec Cyber Security Summit will be held in London and will focus on helping businesses to better protect their networks, data, and infrastructure from cyberattacks.   The agenda for September has yet to be announced, but last year’s event included sessions on digital supply chain security, best practices in incident reponse, and building a strong cybersecurity culture in your organization. Registration costs £499 or £1,999 for vendors.   International Cyber Expo – September 27-28, 2022   Following on from the National event in April, this exhibition and conference in London is attended by CISOs, government officials, and policymakers alike. The agenda is created by a board of experts that is chaired by Professor Ciaran Martin CB, former CEO of the National Cyber Security Centre and Professor at Oxford University.   The gathering includes ‘CISO Roundtables, Immersive Cyber Demonstrations, and a Global Cyber Summit’ and promises world-class education combined with practical business guidance. What’s more – tickets are free!   (ISC)2 Security Congress – October 10-12, 2022   This event, taking place in Las Vegas (but also available online) includes dozens of sessions around professional development, with topics usually including cloud security; DevSecOps; governance, risk, and compliance (GRC); and career development.   Keynote announcements are still to come, but the agenda is otherwise complete and includes speakers such as Joshua Bregler (Head of Information Security, McKinsey), and Andrew Neal (Vice President Research, Gartner).   Virtual passes are $665 and onsite passes are $1,595, but there are also early bird deals and single-day passes available.   Gartner IT Symposium/Xpo – October 17-20, 2022   The Gartner IT Symposium/Xpo is a huge annual gathering of CIOs and senior IT leaders. The event is running over 4 days in Barcelona, Spain, and is tailored for a wider IT audience but includes discussion of cybersecurity, artificial intelligence, culture, and more.    There will be 40+ expert speakers and 100+ sessions, designed to help businesses improve their strategies and find future-proof technologies.   Tickets are between €4,000 and €6,000 with a public/private sector split.   ALLOWLIST Cybersecurity Conference – October 20, 2022   This conference, taking place in Leeds, England, aims to bring together solutions, industry peers, and business leaders. The event claims to be ‘the biggest of its kind in the North of England’, with speakers Alan Case (Head of Channel UK and Ireland, Heimdal Security) and Scott Riley (Founder, Cloud Nexus), and topics including real-world threats small businesses are facing, the ransomware of tomorrow, and hackers’ best-kept secrets.   Ultimately, attendees are promised that they will ‘learn something new and have a great time while doing so!’, with not only cybersecurity talks and demos but entertainment from Radio 4 comedian Alfie Moore.   Early-bird tickets are £60 until 30th June.   Executive Women’s Forum — October 24-27, 2022   The Executive Women’s Forum describes itself as a “powerful community and caring sisterhood of women professionals in the information security, risk management, privacy, and related fields.”   The 2022 agenda hasn’t been announced yet, but attendees are promised access to over 1,000 infosec thought leaders aiming to help executive women improve their professional standing and learn from their peers. The standard rate for registration is $895, with discounts for members and early birds available.   Cyber Security Summit – October 27, 2022   This one-day hybrid event began in New York City in 2013 and has grown ever since – ranking as one of the “Top 50 Must-Attend Conferences” by DigitalGuardian.   Designed to connect C-Level and Senior Executives with cutting-edge technology providers and IC experts, expert contributors include Marene Allison (CISO, Johnson & Johnson), Chad Adams (Cyber Security Advisor for DHS Region Six), and Sean Atkinson (CISO, Center for Internet Security). Attendance also earns you 8 CPE credits.   Tickets are $195 for in-person admission and $195 for virtual.   FS-ISAC 2022 Europe Summit – Postponed to November 2022   While the event was originally scheduled for May 10-12, 2022, it’s since been postponed to November 2022. This year’s presentations will all be focused our the central theme The New Cyber Era: Hyper Connected & Unbound.    Expect to hear from industry leaders about technology, cloud, application, and data security, compliance, and cross-border intelligence. You can even submit your own presentation here. It’s not too late. You must be a member of FS-ISAC to attend. Learn more about eligibility and annual dues here.   Cyber Security & Cloud Expo – December 1-2, 2022   This London-based event is set to include 5,000 attendees (56% director level and above) from around the world, 100+ speakers, and 125+ exhibitors.   The agenda looks at the issues security professionals face today and showcases innovative developments in the solutions market. Speakers have not been announced, but last year’s included Ian Hill (Global Director of Cyber Security, Royal BAM Group), David Everett (Executive Director, Cyber Assessments, JP Morgan Chase & Co), and Robin Smith (CISO, Aston Martin)   There is a huge range of pricing tiers for this event, from free to £479 with some virtual options.
Read Blog Post
Interviews With CISOs
Almost Half of Chief Information Security Officers (CISOs) Have Missed A National Holiday Due to Work
by Andrew Webb Saturday, June 18th, 2022
Being a CISO or Security Leader in today’s InfoSec world is not for the faint hearted. CISOs are some of the hardest working people in any company, regularly working extra hours and overtime to keep the company secure from threats.   But this constant vigilance for threats can mean that CISOs miss out on everything from time with the family to getting enough down time to recharge.   We recently undertook research to see just how much time CISOs “lose” investigating potential breaches and threats and the headline is: security leaders don’t work hard, play hard. They work hard…then work harder.   In fact, 42% say they’ve missed out on a federal or national holiday like Fourth of July, Thanksgiving or Christmas because of work.   You can see the full details here. But here’s some highlights.
CISOs hard work isn’t going unnoticed   While no one wants to miss out on family time, it’s not all bad news. 89% of CISOs we surveyed believe the work they do is appreciated by employees outside their team. Furthermore 66% of employees say they understand the role of the CISO. That’s a ringing endorsement of how valuable and visible the relatively new role of CISO has become in just a few short years.   However, just because the rest of the organization knows who you are and what you do, doesn’t mean it’s plane sailing. As a result of their demanding roles, CISOs are struggling to keep up with developments that further strengthen the business like training, hiring talent, and staying on top of the latest threat intel. They’re also missing out on important personal and social things outside of work, like public holidays and family vacations. Most concerning is the fact that some CISOs are even putting their health at risk by skipping workouts or missing doctor’s appointments.
What are CISOs busy doing? So where is all the time going? What is it that’s causing CISOs to lose, on average, 11 hours a week in overtime?   According to Forrester’s research, organizations spend up to 600 hours per month resolving employee-related email security incidents.   And a quarter of CISOs say they spend 9-12 hours investigating and remediating each threat caused by human error, while more than 1 in 10 spend more than a day investigating and remediating each threat caused by human error.   On top of this, 38% believe they’re spending too much time in meetings and reporting to the board, and 33% also feel as though they’re being drained of time because of other administrative tasks.   Looking for more detail on the things that are taking up CISOs time? We’ve got you covered here, but it’s clear that investigating breaches and dealing with the fallout from them is a major drain on time, resources, and mental health.
What would you do if your schedule was cleared? We asked CISOs what they would do if they were able to claw back those Lost Hours, and it turns out their three primary objectives are:    Spending time with family/friends  Further strengthening the business   Resting
Did you know that organizations with over 1,000 employees could save as many as 26,357 hours a year by automating security with Tessian?   While Tessian’s Human Layer Security platform can help you automate your security, which would help you strengthen your email security defenses and save you time, we’d rather use this opportunity to share some mindfulness and productivity tips to help you switch off.   • Share the load: While – yes – CISOs are the Head Honcho within IT and security teams, that doesn’t mean you have to do everything. Remember that delegation is validation, it’s okay to ask for help, and your best bet is to prioritize, then divide and conquer.   • Set boundaries and stick to them: It can be difficult to establish a division between work and life. With mobile access to Slack, email, and Google Docs, “work creep” can seem inevitable. Likewise, if you’re working from home, personal tasks can take up mental space that could compromise your productivity. That’s why you need to define your work space and working hours, and try to create healthy habits that give you a chance to recharge.   • Unplug (like, actually…): This is easier said than done, especially when CISOs are considered the superheroes of any organization. “When duty calls”, right? Yes and no. If you don’t take time for yourself, you won’t be up for the job. Consider mindfulness apps for day-to-day relaxation, and limit the number of people who have access to you while you’re OOO.  
Ready to learn more?    Want to find out how your security teams and employees can reclaim their Lost Hours? Get in touch with the Tessian team today to learn how Human Layer Security can help stop “Oh Sh*t!” moments from clogging up your schedule. 
Read Blog Post
Life at Tessian
Welcoming Our New Chief People Officer
by Andrew Webb Tuesday, June 14th, 2022
We are welcoming Kelly Sheridan as Tessian’s new Chief People Officer! Kelly will be responsible for leading Tessian’s people strategy, with a key focus on attracting and growing talent, developing and evolving the company’s culture, and providing a great employee experience as the company grows and scales.    We sat down with Kelly to ask her a few questions and get to know her a little better.
Kelly, first thing first, how did you get into the world of HR?    So, my path to Chief People Officer is certainly not the traditional route. I graduated with a liberal arts degree from Syracuse University but I didn’t really have a “what I wanted to be when I grow up”  moment. I knew I wanted to move to Boston, and it was there that I found myself landing a career in marketing. Over 12 years, I worked my way up at a variety of financial services companies and, in 2005, I joined the largest regional accounting firm in New England as their head of marketing. I loved every minute of the marketing stage of my career.   About a year after that, a new CEO came in and said he wanted to do some restructuring. He asked me to take over HR. I had zero experience, zero knowledge and, I thought, zero interest in HR. But he was certain it was where I needed to be and he promised me support, training, consultants, etc.    Here I am, 17 years later, as a Chief People Officer. Needless to say he was right; HR was my calling. He delivered on his promises and I still consider him a friend and mentor.
That’s an amazing story. So, what happened next?    The accounting firm was acquired by Grant Thornton and, as a result, HR was centralized in Chicago. So, in 2013 I left to pursue my next role as VP, Global HR at SharkNinja – a consumer goods brand which makes Shark Vacuums and Ninja Blenders. I had the chance to help grow both the People function and the global footprint, which saw me opening a design center in London and relocating to China for five months.    I later joined Bullhorn, the global leader in software for the recruitment industry, as its VP People. While I loved that role, I knew I wanted to take a step into a Chief People Officer (CPO) role and build a function from the ground up, and this is what I did at Nuvolo.   The last two and a half years have been a ride!  We grew our employee headcount from 250 to over 500, hiring 285 people globally in 10 months in 2021 all while building all of the processes, programs, and policies that go along with scaling a fast-paced tech organization.
Sounds like your experience in growing and scaling teams in fast-paced tech companies is perfectly suited for the Chief People Officer role at Tessian. So what made you decide to join our company?    There are a few reasons but I think the single most compelling was the people I met – starting with Tim, the CEO. Every conversation I had during the hiring process felt genuine, authentic, and easy.. Everyone was caring, and I could really get a sense of the energy and passion behind the work the people at Tessian do. Everyone is excited about what the future holds.    With that in mind, it’s clear that the culture at Tessian is a really strong one. I’m excited to join an organization that has already built something special already, and I also see limitless opportunities ahead.
What do you see as the biggest opportunities for Tessian?    For me, it’s about building an incredible employee experience. There is no doubt that exists here; I’ve seen it throughout the interview and onboarding process. But as we grow and scale, there will be further opportunities to evolve and innovate so that we are providing programming, initiatives, coaching, learning, and experiences that help every employee at Tessian expand their careers, the business, and our brand.    We’re so happy to have you onboard Kelly. Now you’re here, what’s going to be your focus for the next 3-6 months?   I actually look at this in smaller blocks. My first 90 days will be about meeting people and trying to learn as much as I can about Tessian, the market and our customers. Through listening and learning, I aim to find where there is room for improvement, and how we can enhance the employee experience and our business strategy.    Then, it’s about how we translate business objectives into our People strategy so that we are attracting, developing and keeping our exceptional team!
Read Blog Post