Tessian Culture
Why Shutting Down Tessian Was The Best Decision We Ever Made
Sunday, November 1st, 2020
When we set out to define our values, we asked our people what being a Tessian meant to them. The value that was born out of this – now our first and foremost value – is Human First. Human First is the value we’d always had but never captured in words. As soon as it crystallized, it was everywhere. Within weeks you would hear it in every other meeting, it would be the first question in every decision that touched our people, and it merged completely into how we think about our mission; even more than being a cutting-edge technology company, we’re a cutting-edge human company, building for human beings as they are, not how security standards want them to be. So what does it mean to be a Human First company in the age of coronavirus? Like many companies a lifetime ago – March 2020 – we went remote overnight. A formerly office-first company, we’d naively expected lower productivity & that everyone would be more relaxed not having to travel to and from the office every day. We were so wrong. A couple of weeks in, once the novelty of an extra hour in bed had worn off and we had realized that being remote wasn’t stopping work getting done, we started to pick up on themes – people working later and later, more and more questions in our employee engagement platform about mental health, self care, and dealing with stress.  We talked a lot more about our Employee Assistance Programme & we told people they should still try & take their paid leave. But compounded by being confined at home, those who managed to take leave found that they couldn’t help but gravitate back to their phone & laptop, with email & messaging pinging throughout the day (and night, since we’re an international team). Our Tessians couldn’t switch off with no-where to go and the spectre of their inboxes piling up and up. We knew we needed to stop saying things, and needed to do something big, fast. So we shut down the company. (For a day.) Why? Let’s roll back a moment. We asked people why they were struggling to switch off, and we listened to their fears of letting their teammates down with so much work going on, and the creep in hours to find overlap time with their international colleagues.  We realized that unless all our Tessians – from the CEO, to our newest graduates – were all offline, it was hard for anyone to be offline. Enter Refreshian Day.  Refreshian Day is not a vacation or holiday day. It’s a paid day we give to our Tessians, to do what they need to do to take care of themselves, when all Tessians are offline, together. When we know our people have been, or will be, working even harder than usual to bring our vision to life, it’s important to give something back. Our first Refreshian was in July; our second, October. And today we’ve announced our third in February 2021.  We ask only two things of our people on Refreshian day: Don’t work Take time to take care of you Being human means one size never fits all, and our Tessians have variously taken long walks, spa days, watched sunsets, crafted pottery and baked a lot (I mean a lot) of bread. Being a human first company means giving our people the space and time to revel in what makes them unique – even if it means shutting everything down from time to time. How would you spend your Refreshian day? Join us and find out.  “Finding peace in Cornwall” “Exploring Kew Gardens” “Dog walks in Greeenwich” “Escaped to Lisbon” “Sailing in Wales”
Recap: Tessian Webinar, Can Automation Supercharge Your IT Team?
By Maddie Rosenthal
Friday, October 30th, 2020
According to new research into the future of hybrid working, 85% of IT leaders believe their security teams will be under higher pressure, feel more stretched, and need extra resources in 2021.  Could automation shoulder some of the burden?  In case you missed it, Tessian hosted Karl Knowles, Head of Cyber at HFW, and Timor Ahmad, Head of Data Governance & Privacy at Lloyd’s, for a session that took a deep dive into how organizations can utilize automation to reduce risk on email. You can watch the full video on-demand, but we’ve summarized the highlights from the session along with some actionable advice you can use to give your security posture a boost.  1. Use this shift to remote working to create a more positive security culture  Can employees work remotely? Can they maintain the same quality of work?  These are both questions security and business leaders have asked for years but have been too hesitant to actually test. But now – as we’ve all been forced to make the transition from office to home – we’ve seen how people have adapted and we now have new ways of working. These changes naturally affect your organization’s culture.
So what does this mean for security leaders? It means you have the ability to mold and shape a more positive security culture. Take time to understand how your employees are working, what their new behaviors are, and how you can support them in a safe and compliant way.  Now is the time to integrate security awareness into the foundation of your organization and prioritize privacy for employees, clients, and customers wherever and however they work.  2. Be human-first in your approach to security  Working remotely, people may feel isolated, unmotivated, and unsupported. That’s why you have to prioritize employee wellbeing and help everyone adapt.  So, to help make security more human (and yes, fun) Karl and Timor suggested using cartoons, magazines, or digital games to help get employees involved and bring them along on your journey to security maturity.  But it’s not all about fun. It’s also about meaningful connections.  Security is a team sport and employees need to feel comfortable asking questions about security, sharing feedback about new solutions or policies, and reporting incidents and near-misses. You have to foster that environment. How?  Drop into team meetings on occasion, encourage people to open up to you, and always ask questions and provide ways for employees to give feedback.  Building this connective tissue with employees across the organization will help people feel more supported in their new way of working.  3. Share your security wins  According to Karl and Timor, it can be a challenge to help employees feel like they’re actually contributing to the success of the security program. But, they had a tip. Use data.  They explained how they use Tessian’s dashboard to display key charts and statistics around the organization’s security posture both at the board and employee level. The numbers include: How many phishing attacks are reaching employees How many of those were flagged to their security team  What the outcome would have been if the attack was successful.  Everyone contributes to a safe working environment, and these dashboards can help security leaders communicate that message with both technical and non-technical audiences.
4. Make your solutions work for you  Are you spending a lot of time configuring solutions and updating rules? Most security leaders are.  That’s because rules are static, meaning they don’t change over time. But – as we all know – over the last year, organizations have undergone a lot of change. People are working on different devices, in different locations, and are using different methods to share information. Hackers have changed their attack methods accordingly.   It’s unrealistic to expect security teams to be able to update rules at pace with all of the above. At Tessian, we think solutions should work for you.  How? Automation. Across three solutions, Tessian uses machine learning to understand employee behavior and communication patterns. And, it gets smarter over time. That means it can detect and prevent threats in real-time – without any manual investigation or rules – and keeps pace with the evolving threat landscape. 
5. Understand why your employees circumvent policies  According to Tessian research, over half of employees say they’ll find a workaround for security software or policies that make their job difficult or impossible to do. It’s essential, then, that security leaders understand why. The key is visibility into employee behavior.  Both customers explained how they use Tessian to get a more granular look at how employees handle data.   In one example, Karl looked at the data provided by Tessian Enforcer to understand why employees send emails to personal devices. In this case, Karl realized a key tool used by HFW was slowing employees down and making it hard to do their jobs on their work devices. That’s why people were sending work documents to their personal accounts  — so that they could work faster on their personal devices. With this understanding, HFW was able to create new policies that empowered people to work safely without security getting in the way.  6. Leverage in-the-moment warnings to reinforce existing policies  Whether it’s data exfiltration, misdirected emails, or spear phishing attacks, humans make mistakes. But, as Karl and Timor detailed, contextual, in-the-moment notifications can help raise awareness and train employees in real-time. According to Karl, data exfiltration has always been a problem in the Legal Industry. But HFW has revolutionized the way they tackle it by implementing real-time alerts that remind employees that sending data externally is a major security risk. Tessian Enforcer warnings look something like this:
Over time, these warnings have nudged employees towards safer behavior to help HFW downtrend risk and reduce the number of emails being sent externally.  Karl explained this in more detail by showing his Tessian dashboard. “In the graph, you can see exactly where we implemented the warning and our employees’ response to that new system. So we can see data exfiltration has decreased massively,” he said. 
Now that they’ve tackled this problem, their next focus is around bad leavers and how to reduce the risk of data exfiltration after someone exits the company. Here’s their plan: Once someone has handed in their notice, HR and compliance teams will monitor the employee’s behavior and see if it deviates from the norm. Are they sending more emails to personal accounts than usual? Do those emails contain sensitive information? Are they emailing new contacts? Tessian will instantly flag any anomalous behavior to help HFW stop the exfiltration attempts.  Want to learn more about how Tessian has helped HFW and Lloyds level-up their security without burdening security teams? Watch the full interview now.
Data Exfiltration, DLP, Human Layer Security, Spear Phishing
October Cybersecurity News Roundup
Friday, October 30th, 2020
October 2020 has been another remarkable month in cybersecurity. And, since COVID-19 sent the world indoors and made us ever-more reliant on the internet, the importance of information security and data protection has never been more apparent. October saw numerous high-profile data breaches, cyberattacks, and online scams — but also brought us one of the biggest GDPR fines yet, an innovative solution to deepfake technology, and even more jostling between the US government and Chinese big tech. Let’s take a look at the biggest cybersecurity headlines of October 2020. Paying Cyberattack Ransoms Could Breach International Sanctions Rules New guidance from the US Treasury has big implications for companies hit by ransomware attacks from certain countries. (Companies affected by ransomware find their files encrypted — replaced by useless strings of seemingly random characters — with cybercriminals promising to return the data if the company pays a ransom.) Paying up might be the least-worst option where a company’s critical data is at stake…ut according to an October 1 US Treasury advisory note, paying cyberattack ransoms could violate legal rules on international sanctions. Businesses suffering a ransomware attack by hackers from a sanctioned country — like Iran, China, or Russia (where many such attacks do originate) — now face the threat of huge fines and legal action if they choose to buy back their files.  The Treasury’s advice reiterates what cybersecurity leaders have been saying for many years: in cybersecurity, prevention is far better than cure. Amazon Prime Day Sees Huge Spike in Phishing Scams With millions of consumers confined to their homes, this year’s Amazon Prime Day was a chance for millions of shoppers to grab a bargain — and an unmissable opportunity for cybercriminals to steal their personal information. October 8 research from Bolster detected over 800 “spoof” Amazon webpages in September (up from 50 in January), as fraudsters ramped up their phishing efforts in anticipation of the two-day Amazon Prime Day event, hosted October 13-14. Some sites looked near-identical to Amazon’s genuine web properties, with perfectly duplicated branding and convincing domain names. Unwary shoppers were asked for details such as their CVV2 code and social security number. See what advice Tessian co-founder and CEO, Tim Sadler, offered consumers in Tech Radar. FBI Warns of Ransomware Attacks Targeting Healthcare Providers On October 29, the FBI and other agencies issued a warning regarding an “increased and imminent cybercrime threat to US hospitals and healthcare providers.” The threats include a new tool named anchor_dns, a backdoor that can reportedly “evade typical network defense products,” and the Ryuk Ransomware. Among other measures, the FBI is advising healthcare providers to create business continuity plans, patch networked systems, and implement multi-factor authentication in preparation for an attack. According to Associated Press, 59 US healthcare systems have been attacked via ransomware so far this year. Looking for more information on why the healthcare industry is especially vulnerable? We talk more about The State of Data Loss Prevention in Healthcare in this article. UK Public Body Unable to Provide Services Follow “Serious Cyberattack” On October 14, Hackney London Borough Council, a UK local government body, announced that it had fallen victim to a “serious cyberattack.”  In an update two days later, the council revealed the extent of the damage. Among other things, the council was unable to accept rent payments, process planning applications, or pay some social security benefits. The council said it was “working hard to restore services, protect data, and investigate the attack,” but that services could remain unavailable for “some time.” UK Data Regulator Issues $26 Million Fine to Airline UK airline British Airways received a £20 million ($26 million) fine on October 17 for “failing to protect the personal and financial details of more than 400,000 of its customers.” The fine relates to a cyberattack suffered by the company in 2018. The Information Commissioner’s Office — the UK’s data protection authority — found that the airline had failed to limit access to data, had not undertaken sufficiently rigorous testing, and should have implemented multi-factor authentication on its employee and third-party accounts. The British Airways fine amounts to the fourth-largest GDPR fine of all time — but the airline actually got off relatively lightly, considering that the fine was initially touted as £183 million ($238 million).  To learn more about compliance standards like the GDPR (including the largest breaches and fines to-date) check out The CEO’s Guide to Data Protection and Compliance. Adobe Launches Content Authenticity Initiative Tool to Fight Deepfakes As video and audio manipulation techniques become more accessible, cybersecurity and intelligence experts have been warning about a potential onslaught of deepfakes that could have an unprecedented impact on security, politics, and society. Not sure what a deepfake is? Read this article. Cybercriminals can use deepfake technology to create video or audio clips of high-profile and trusted individuals. Deepfakes have already been used in phishing attacks and could also be used for blackmail and disinformation campaigns. On October 20, Adobe’s Content Authenticity Initiative announced a new tool that will add “a secure layer of tamper-evident attribution data to photos, including the author’s name, location, and edit history” to help creatives authenticate their content. Once deepfakes are sufficiently convincing, there might be no way to distinguish them from genuine material. Adobe’s project marks a promising first step in this emerging security front. Hackers Discover 55 Vulnerabilities Across Apple’s Systems A group of hackers earned $300,000 via Apple’s bug bounty scheme after identifying 55 vulnerabilities across Apple’s infrastructure. The security issues included vulnerabilities that would have allowed an attacker to “(take) over a victim’s iCloud account,” “fully compromise an industrial control warehouse software used by Apple,” and “access management tools and sensitive resources.” The group said Apple had fully addressed the majority of vulnerabilities reported. Around 3 Million Credit Cards Compromised After Breach at US Restaurant Franchise On Oct 12, details of around 3 million credit cards were posted on the dark web following a huge data breach at US restaurant franchise Dickey’s Barbeque Pit. According to an investigation by Gemini Advisory, 156 of 469 Dickey’s outlets were involved in the breach, with the highest levels of exposure present in California. The details appear to have been stolen between July 2018 and August 2020. Given California’s strict data breach rules, including a private right of action under the California Consumer Privacy Act, Dickey’s could be liable for some eye-watering sums if the breach is found to have resulted from lax cybersecurity practices. Questions about the CCPA? We answer 13 of them in this article: CCPA FAQs: Your Guide to California’s New Privacy Law. Russia Planned to Launch 2020 Olympics Cyberattack The GRU, Russia’s military intelligence agency, “conducted cyber reconnaissance against officials and organizations” involved in the Tokyo 2020 Olympic and Paralympic Games, according to a UK government announcement on October 19. Russian cybercrime groups are alleged to have targeted “organizers, logistics services, and sponsors.” The Games were originally due to tale place this summer but were postponed due to COVID-19.  The UK government also revealed the full extent of Russia’s hacking campaign against the 2018 Winter Games, during which Russian hackers are alleged to have disguised themselves as Chinese and North Korean attackers to target the opening ceremony in Seoul, South Korea. ENISA 2020 Threat Landscape Report Shows Increase in Cyberattacks  The European Union Agency for Cybersecurity (ENISA) released its 2020 Threat Landscape Report on October 20, and cybersecurity leaders (unfortunately) won’t be surprised at its conclusion: cybercrime is on the increase. The report cites “a new norm,” triggered by the COVID-19 pandemic, in which the world is even more dependent on “a secure and reliable cyberspace.” ENISA found that the number of phishing victims “continues to grow,” that Business Email Compromise (BEC) resulted in “the loss of millions of euros,” and that state-sponsored actors are propagating “finely targeted and persistent attacks on high-value data.” If you’re a security leader looking for solutions to these problems, click here to learn more about how Tessian Defender detects advanced impersonation attacks that slip past SEGs, native features, and legacy tools. Researcher Breaches US President’s Twitter Account By Guessing Password Dutch “ethical hacker” Victor Gevers found himself in control of Donald Trump’s Twitter account on October 16 after guessing the US president’s password. Trump’s Twitter account has over 87 million followers and is frequently used to deliver messages of international importance. Gevers said he correctly guessed the password, “maga2020!”, after seven attempts. The incident reveals that the president was using a simple, easy-to-guess password, and that he had multi-factor authentication disabled. Rectifying either of these two basic security errors would have prevented unauthorized access to the account. Overruling of WeChat Ban Denied by California Judge Another month, another development in the long-running battle between the US government and Chinese tech firms. On October 23, California struck a blow to the Trump administration’s efforts to restrict WeChat — a Chinese app used for currency transfers, social networking, and instant messaging. In September, the US Department of Commerce ordered Apple and Google to stop distributing WeChat via their app stores, citing security issues. The order was blocked in California following a legal challenge by WeChat. The US Justice Department brought further evidence and asked the court to reverse its WeChat ruling. The court declined to change its decision, meaning that the Commerce Department’s banning order will remain unenforced in California — despite the federal government’s allegations regarding WeChat’s security issues.  Finnish Therapy Center Hacked, Exposing Patient Data One of the most shocking data breaches of 2020 was brought to light on October 24, when Finnish psychotherapy center Vastaamo revealed a hack that compromised hundreds of patient records. The highly sensitive nature of the breach means that it is being taken extremely seriously. Finland’s interior minister summoned a cabinet meeting to determine how best to respond to the breach, promising “speedy crisis help” to the affected individuals. The hackers are demanding a ransom in exchange for the return of the files, which were reportedly accessed between November 2018 and March 2019. The ransomware attack further suggests that businesses worldwide lack proper cybersecurity infrastructure — even when handling highly sensitive and valuable data. That’s all for this month. If we missed anything, please email [email protected] and stay tuned for the next roundup. Don’t forget: You can easily share this on social media via the buttons at the top right of this post. 
Compliance
6 Reasons to Download The CEO’s Guide to Data Protection and Compliance
By Maddie Rosenthal
Thursday, October 29th, 2020
Over the last several months, Tessian has published a ton of articles related to data compliance, the business value of cybersecurity, and the importance of executive buy-in when it comes to security strategies.  We’ve combined all of that information to create our latest eBook: CEO’s Guide to Data Protection and Compliance.  We know what you’re thinking. A guide for CEOs? Why? Let us explain by telling you why you should download it.  1. We explain why business leaders should care about cybersecurity While we don’t want to fear monger, it’s important to know that, according to Gartner, CEOs will be held personally liable for data breaches by 2024. But that’s not the only reason why business leaders should care about cybersecurity. They should care because cybersecurity can actually be a business enabler and competitive differentiator. More on this in point six.  2. We offer resources that will help bridge the gap between security and commercial teams Cybersecurity is a team sport and in order for strategies to be truly effective, the C-suite has to be on board. But, communicating risk, opportunity, and cybersecurity ROI can be tough….especially when – in most organizations – CISOs don’t have a seat at the table. We created this eBook to mitigate that disconnect. We considered both the CEOs and the CISOs perspective, avoided the “curse of knowledge”, and provided dozens of resources that will help security and commercial teams communicate better. Like what? A checklist for ensuring compliance A detailed breakdown of the steps organizations must take post-breach A shareable infographic of relevant statistics An industry-specific “worksheet” to help you understand the cost of a breach A list of the biggest breaches (and fines) under the GDPR, CCPA, HIPAA, GLBA, and PCI DSS Over 15 additional resources to help answer your questions  3. We share a high-level overview of 25 compliance standards While the GDPR and HIPAA tend to make headlines, there are actually dozens of regional and industry-specific data privacy regulations that you may be obligated to satisfy. Not sure where to start? We offer a high-level overview of 25 different compliance standards and explain who must comply and what data is protected.  4. We break down five compliance standards (in layman’s terms) While the high-level overview mentioned above will help business (and security!) leaders understand the broader compliance landscape, we wanted to double-click on a few. In the eBook we answer the following eight questions about GDPR, CCPA, HIPAA, GLBA, and PCI DSS: What is it? Who enforces it? When was it enacted? Who is obligated to comply? What are the penalties for non-compliance? What data is protected? What are the data requirements? What have been the biggest breaches? 5. We highlight the biggest breaches in recent history and how they could have been avoided As they say “history is a great teacher”. So, to help CEOs and CISOs understand potential vulnerabilities, the consequences of breaches, and how to prevent them, we outline the three biggest breaches (and fines) for each compliance standard.  Note: While – yes – some of this information is easy to find with a simple Google search, other information has been pulled from case dockets and breach notifications. That means we’ve done the heavy lifting for you.  6. We list the benefits of compliance from a business perspective This is what CEOs care about. Business value. Revenue drivers. And, while cybersecurity has historically not been viewed as a business enabler, this eBook proves that it is. We list 4 clear benefits of compliance beyond avoiding fines and explain how strong cybersecurity can help you build (and maintain) customer trust, attract investment, and help you streamline business operations.  Ready to learn more? Download the eBook and toolkit now.
Customer Stories, Data Exfiltration, DLP, Human Layer Security, Spear Phishing
How Tessian Is Preventing Breaches and Influencing Safer Behavior in Healthcare
By Maddie Rosenthal
Wednesday, October 28th, 2020
Company: Cordaan Industry: Healthcare Seats: 6,300 Solutions: Guardian, Enforcer, Defender  About Cordaan Cordaan – one of the largest healthcare providers in Amsterdam – provides care to over 20,000 people from 120 locations across Amsterdam. They do this with the help of 6,000 employees and more than 2,500 volunteers. Cordaan also works in association with research institutes and social organizations.  To help protect the organization’s people, sensitive data, and networks, Cordaan has deployed Tessian Guardian, Enforcer, and Defender to protect over 6,300 employees on email.  Tessian solves three key problems for Cordaan, which we explore in detail in the video below. Keep reading for a summary of the discussion. Problem: Healthcare employees are especially vulnerable to inbound attacks  When it comes to inbound attacks like spear phishing and business email compromise, the healthcare industry is among the most targeted. It also has the highest costs associated with data breaches. Why? According to Cas de Bie, the Dutch healthcare provider’s Chief Information Officer, it’s not just because organizations operating in this industry handle highly sensitive data. It also has a lot to do with the very nature of the work: helping people. 
Combine this empathetic approach with the stress of a global pandemic, and you’re left with an incredibly vulnerable workforce. With Tessian, Cas is now confident Tessian will identify spear phishing emails before his employees respond to them and that employees’ workflow won’t be disrupted in the process.  When talking about inbound attacks, Cas said “It’s all about awareness. While people probably do know what they’re supposed to do when it comes to email security, it’s different in real life. It’s hard to decide in the moment. Of course, they don’t do it on purpose. They want to make the right decision. Tessian helps them do that.” Problem: Reactive and rule-based solutions weren’t preventing human error on email in the short or long-term To ensure GDPR-compliance, Cordaan prioritized investment in privacy and security solutions. But, according to Cas, “standard” email security, spam filtering solutions, and encryption alone just weren’t enough. They weren’t keeping malicious emails out of inboxes, and they weren’t preventing data loss from insiders. They also weren’t doing anything to improve employee security reflexes in the long-term. 
So, to level-up Cordaan’s email security, Cas was looking for a solution that was: Technologically advanced User-friendly Proactive With Tessian, he found all three. Powered by contextual machine learning and artificial intelligence, our solutions can detect and prevent threats and risky behavior before they become incidents or breaches. How? With the in-the-moment warnings – triggered by anomalous email activity – that look something like this.
These warnings help nudge well-intentioned employees towards safer behavior and ensure data stays within Cordaan’s perimeter. And, because Tessian works silently in the background and analyzes inbound and outbound emails in milliseconds, it’s invisible to employees until they see a warning.   This was incredibly important to Cas, who said that “The added value of Tessian is that it influences behavior. That really resonated with the board and helped me make a strong business case. While I can’t show how cybersecurity creates revenue, I can show – via a risk management calculation – the potential fines we could avoid because of our investment in Tessian”.  Problem: Cordaan’s security team had limited visibility into – and control over – data loss incidents on email  While Cordaan had invested in other email security solutions, Cas and his team still lacked visibility into the frequency of data loss incidents on email. But, after deploying Tessian for a Proof of Value, the scope of the problem became crystal clear.
The reality is that employees do actually send unauthorized and misdirected emails more frequently than expected. (We explore this in detail in our report, The State of Data Loss Prevention 2020.) But, the good news is that this behavior can be influenced and corrected—all without access restrictions that make it harder (or impossible) for employees to do their jobs.  Cas explained it well, saying that “Of course there are things that we have to police and prohibit. But, most of the time, people aren’t doing things maliciously. So it’s nice that – with Tessian – we can take a more nuanced approach. We can influence behavior and help our employees do the right thing.” Learn more about how Tessian prevents human error on email Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships. Tessian Guardian automatically detects and prevents misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts Tessian Defender automatically detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of an organization’s email network. That means it gets smarter over time to keep you protected, wherever and however your work. Interested in learning more about how Tessian can help prevent email mistakes in your organization? You can read some of our customer stories here or book a demo.
Data Exfiltration, DLP, Human Layer Security, Spear Phishing
Tessian Included as a Cloud Email Security Supplement Solution in Gartner’s 2020 Market Guide for Email Security
By Maddie Rosenthal
Tuesday, October 27th, 2020
Gartner recently released its Market Guide for Email Security and Tessian is thrilled to have been included as a representative vendor for Cloud Email Security Supplement Solutions. So, what does that mean? According to the report, representative vendors offer “email security capabilities in ways that are unique, innovative, and/or demonstrate forward-looking product strategies.”  How has the threat landscape changed? According to Gartner’s guide, there are a number of factors related to the market’s direction that security leaders need to consider, including the ways in which hackers are targeting organizations and how (and where) we work. Keep reading to learn more. Email is the #1 threat vector
As noted in the report, “According to the 2020 Verizon Data Breach report, 22% of breaches involved social engineering, and 96% of those breaches came through email. In the same report, another 22% of breaches were a result of “human failure” errors, where sensitive data was accidentally sent to the wrong recipient.” “Business email compromise (BEC), the takeover or fraudulent use of a legitimate account to divert funds, continues to grow, and simple payroll diversion scams accounted for  $8 million in 2019.” The bottom line: Whether it’s protecting against inbound threats like ransomware attacks, business email compromise (BEC), or account takeover (ATO) or outbound threats like accidental and malicious data exfiltration, security leaders need to prioritize email security and reevaluate the effectiveness of current solutions. This is especially pertinent as many organizations have moved to the cloud.    Increased cloud office adoption According to Gartner, “Enterprise adoption of cloud office systems, for which cloud email is a key capability, is continuing to grow, with 71% of companies using cloud or hybrid cloud email.” We can expect these numbers to rise, especially given the sudden shift to remote working set-ups in response to COVID-19 and the steep and steady rise in the use of mobile devices for work. But, there’s a problem. Despite G Suite and O365’s basic security controls as well as anti-spam, anti-phishing, and anti-malware services; advanced attachment; and URL-based threat defenses, “email threats have become sophisticated to evade detection by common email security technologies, particularly those that rely only on standard antivirus and reputation.”
What capabilities set vendors apart?  So, what capabilities set vendors apart? In other words what capabilities should security leaders be looking for? Gartner recommends that security leaders “invest in anti-phishing technology that can accurately detect BEC and account takeover attacks. In particular, seek solutions that use AI to create a baseline for communication patterns and conversation style and detect anomalies in these patterns. For account take over attacks, seek solutions that use computer vision when reviewing suspect URLs. Adjacent technologies such as multifactor authentication are used to protect against account takeover attacks.”.   Gartner also says “the following capabilities can be used as primary differentiators and selection criteria for email”. These include the ability to: “Protect against attachment-based threats” “Protect against URL-based advanced threats”  “Protect Against Impersonation and Social Engineering Tactics Used in URL-Based, Attachment-Based and Payloadless Advanced Threats” And, to help security leaders narrow down their search, Gartner identified specific categories of vendors that provide some of the above email capabilities. Tessian is recognized as a representative vendor for CESSs.  Keep reading to learn more about our products and technology.  Why Tessian?  Tessian Human Layer Security offers both inbound and outbound protection on email and satisfies criteria outlined in the report, including display name spoof detection, lookalike domain detection, anomaly detection, data protection, post delivery protection, and offers these protection for both web and mobile devices. Here’s how. Powered by machine learning, our Human Layer Security platform understands normal email behavior by analyzing content, context, and communication patterns from historical email data to establish trusted relationship graphs. Tessian can then detect anomalies in real-time using those employee relationship graphs alongside deep content analysis, natural language processing, and behavioral analysis. Tessian Guardian automatically detects and prevents accidental data loss from misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts and ensures compliant email activity Tessian Defender automatically detects and prevents spear phishing, Business Email Compromise and other advanced targeted impersonation attacks. Tessian’s technology updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network without hands-on maintenance from security teams. That means it gets smarter over time to keep you protected, wherever and however you work, whether that’s a desktop computer in the office or a mobile device, tablet, or laptop at home. But Tessian doesn’t just detect and prevent threats.  When a security threat is triggered, contextual warnings provide employees with in-the-moment training on why an email was flagged unsafe (or an impersonation attempt)  or reinforce data security policies and procedures and improve their security reflexes. This nudges employees towards safer behavior in the long-term.  And, with Human Layer Security Intelligence, security and compliance leaders can get greater visibility into the threats prevented, track trends, and benchmark their organization’s security posture against others. This way, they can continuously reduce Human Layer risks over time. To learn more about how Tessian protects world-leading organizations across G Suite, O365, and Outlook, check out our customer stories or book a demo. 
Gartner, Market Guide for Email Security, September 2020 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Human Layer Security, Spear Phishing, Tessian Culture
8 Book Recommendations for Security Professionals
By Maddie Rosenthal
Thursday, October 22nd, 2020
Most security professionals rely on recommendations from their peers when it comes to vendors, solutions, and strategies. So, why not books? We asked our own cybersecurity experts what they were reading and rounded-up eight books to add to your reading list. The Cuckoo’s Egg In 1986, Clifford Stoll – a systems administrator at the Lawrence Berkeley National Laboratory – wrote this book. Based on his field notes, this is arguably one of the first documented cases of a computer hack and the subsequent investigation, which eventually led to the arrest of Markus Hess.  It’s now considered an essential read for anyone interested in cybersecurity. CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers  While this book covers all the fundamentals of IT security governance and risk management, it also digs deeper into people. After all, being a CISO isn’t just about technology. The insights in the book come directly from CISOs. In total, 75 security leaders contributed to the book, which means there’s plenty of actionable advice you can apply to your strategies.  Looking for more insights from security leaders? Check out Tessian’s CISO Spotlight series.  Art of Deception Written by someone pretty well-known in the security field – Kevin Mitnick – Art of Deception offers readers an insider’s view on what it takes to hack a system (and therefore what you can do to protect yourself).  Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers  Politics play a big role in cybercrime.  This book is focused on Sandworm, the group of Russian hackers who, over the last decade, has targeted American utility companies, NATO, and electric grids in Eastern Europe and paralyzed some of the world’s largest businesses with malware. But the author, Wired senior writer Andy Greenberg, also provides plenty of background on both the technology and the relationships between various countries. Social Engineering: The Art of Human Hacking If you want a breakdown of every aspect of social engineering – from elicitation, protecting, influence, and manipulation – this one’s for you. Written by Christopher Hadnagy – the lead developer of the world’s first social engineering framework – this book is a sort of intro to hacking humans that could help you level-up your phishing awareness program and defenses.   We take a deep dive into the psychology of human error in this report, with insights from Stanford Psychology and Communications professor Jeff Hancock.  The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats In the same vein as Sandworm, this book explores cyberwar, nation-state hackers, and the future. While it doesn’t offer highly technical insights, there is plenty of practical advice on how organizations and individual people can avoid being hacked.  Cult of the Dead Cow Cult of the Dead Cow explores some of the world’s most infamous hacking groups – particularly the cDc – and explains how technology, data, and – well – the world has changed because of them.  CISM Certified Information Security Manager All-in-One Exam Guide Yes, this is an exam guide…and yes you should add it to your reading list. If nothing else, to have on-hand as a reference. Why? It covers everything. Security governance, risk management, security program development, and security incident management. Curious as to whether or not other security professionals have their CISM certification? We interviewed 12 women about their journeys in cybersecurity. Read their profiles here and the full report, Opportunity in Cybersecurity Report 2020.
Spear Phishing
How to Identify a Malicious Website
Monday, October 19th, 2020
If you’re familiar with phishing or malware, you’ve likely heard of “malicious websites”. But, do you know how to spot one?  In this article, we’ll answer 4 key questions (and provide plenty of examples). What is a malicious website? How many websites are malicious? What red flags should I look out for to spot a malicious website? How can I avoid visiting or interacting with malicious websites? So, to start, let’s define what exactly a malicious website is. What is a malicious website?  A malicious website is any website that’s been designed to cause harm. In this article, we’ll focus on phishing websites and malware websites. A phishing website – sometimes called a “spoof” or “lookalike” website – steals your data. Phishing websites look like legitimate websites. But, when visitors are prompted to enter login credentials, personal information, or credit card details, the data is directed to cybercriminals. Looking for an example? Tessian researchers discovered 75 domains spoofing websites related to mail-in voting in August. For more information, read this article: How to Avoid Falling victim to Voting Scams in the 2020 Election. In this case, attackers were after personally identifiable information (PII) and credit card details.  Once a phishing website collects your data, it can be used in hacking operations and further phishing attacks, or sold on the dark web. A malware website, on the other hand, installs malicious software on your device. While this could happen after the visitor downloads an application or file, it can also happen without the visitor even noticing.  Why deploy malware? Malicious software can serve many different purposes, including extracting data from a person’s device, taking control of the device, or using the device as an entry point into a network. But phishing and malware sites aren’t the only problems.  Other websites, such as fake news and disinformation websites, might also be considered malicious websites. These sites aim to spread discord, affect election outcomes, and disrupt the activities of human rights groups. How common are malicious websites? It’s hard to say exactly how many malicious websites are out there. But one thing we do know is that malicious websites — particularly phishing websites — are popping up more and more frequently. One source that can help us understand the prevalence of malicious websites is Google’s Safe Browsing reports.  According to Google’s stats, phishing websites are increasingly common, whereas malware sites are less likely to be favored by cybercriminals.
In September 2020, Google counted nearly 1,960,000 phishing websites. This is up from around 68,000 in September 2010 — an increase of nearly 2800%. But malware sites have actually decreased in prevalence according to Google, with around 24.500 counted in September 2020, down from 78,500 in September 2010. Venafi’s 2018 research supports the view that phishing sites are on the increase. In a study of domains associated with major retailers across five countries, Venafi found there were: Twice as many spoof retail websites as genuine retail websites 12,000 spoof domains associated with one US retailer Real-World Example: BAHAMUT Let’s look at a real-life example of how criminals use malicious websites to dupe their targets into handing over data. Research from BlackBerry, published in 2020, studied the activities of a cybercrime syndicate known as BAHAMUT. The group targets consumers, businesses, and government officials via phishing emails, fake mobile apps, and a “staggering” network of malicious websites. Among many other activities, BAHAMUT set up convincing-looking malicious “news” websites that directly copied headlines from genuine sources. Links on these sites redirected to phishing websites that harvested Google, Yahoo, Microsoft, and Telegram users’ credentials. BAHAMUT also set up websites designed to distribute a series of malicious mobile apps. Once downloaded, these malicious apps set up a “backdoor” on the target device, allowing the group to track the user’s activities and location, and access the user’s files. Perhaps the most alarming aspect of BAHAMUT’s activities is the convincing nature of the group’s fake websites. Some of these sites were previously well-established, legitimate news sources, whose domains were re-registered and used as vehicles for cybercrime. Telltale signs of a malicious website As we can see from the example of BAHAMUT, it’s not always easy to identify a malicious website. Some may display no obvious signs that they will steal your credentials or distribute malware. But, there are some traits common to many malicious websites. For example: The website automatically asks you to run software or download a file when you’re not expecting to do so. The website tells you that your device is infected with malware or that your browser extensions or software are out-of-date. The website claims you have won a prize and requests your personal information to claim it. These are outdated tactics, and most sophisticated malicious websites will not be so transparent.  There can also be technical indications that a website is fake. For example: The URL looks suspicious. https://google.com is safe. https://google.[something].com is not. This is a subdomain of [something].com — which could be a malicious website. The site does not use https. Most sites use https, rather than http, which indicates that they are protected by an SSL certificate. However, some sites have not yet made the upgrade to https, and not all https URLs are safe. It can be very difficult to tell whether you are visiting a malicious website. The best tactic is to avoid arriving at a malicious website in the first place. But how? How to avoid visiting a malicious website When it comes to avoiding the harms associated with malicious websites — security and business leaders understand that prevention is better than cure.  And, while it is possible to stumble upon a malicious website while browsing the web, search engines, like Google take steps to remove malicious sites from their search results. They can’t catch them all, though. But it’s important to note that it’s far more common to end up on a malicious website after receiving a phishing email. Phishing emails are extremely common — 88% of organizations experienced spear phishing (targeted phishing attacks) in 2019. Phishing emails can include links to malicious websites. It’s easy to fall for this type of scam — a phishing email can appear to come from a trusted person, and might look like the sort of correspondence you receive from that person regularly. That means identifying phishing emails may be more important than identifying malicious websites. If you’re looking for tips, we’ve put together this guide (including an infographic): What Does a Spear Phishing Email Look Like. Note: Phishing can also take place via social media, phone, or SMS, but 96% of phishing attacks arrive via email. That’s why email is the threat vector security leaders are most concerned about. Email security solutions can help. How can Tessian help? Tessian Defender detects and prevents advanced impersonation attacks including spear phishing.  If employees don’t fall for the phishing email, they won’t land on the malicious website.  How? Tessian’s machine learning algorithms learn from historical email data to understand specific user relationships and the context behind each email. When an email lands in your inbox, Tessian Defender automatically analyzes millions of data points, including the email address, Display Name, subject line and body copy.  If anything seems “off”, it’ll be flagged. To learn more about how tools like Tessian Defender can prevent spear phishing attacks, speak to one of our experts and request a demo today.
Human Layer Security
The Ultimate Guide to Human Layer Security
By Tim Sadler
Friday, October 16th, 2020
There’s a big problem in cybersecurity. Despite stricter data compliance standards, incredible technological innovation, and more investment from businesses, data breaches are at an all-time high.  In fact, businesses are at risk of insider and outsider threats, with a reported 67% increase in the volume of security breaches over the past five years. Why is this happening? Because, historically, security solutions have focused on securing the machine layer of an organization: networks, endpoints and devices.  But the majority of these solutions provide blunt protection, rely on retroactive threat detection and remediation, and don’t protect a businesses’ most important asset: its employees.   So, when you can get a firewall to protect your network, and EDR to protect your devices, what do you get to protect your people? Human Layer Security.
What is Human Layer Security?
Tessian’s Human Layer Security technology understands human behavior and relationships, enabling it to detect and prevent dangerous activity. Importantly, Tessian’s technology learns and adapts to how people work without getting in the way or impeding productivity. We created this category nearly two years ago, and it was the thesis for our Series B fundraise.  Since then, we’ve seamlessly deployed Tessian solutions to customers across industries from SMBs to multi-national enterprises, and are now detecting and preventing millions of inbound and outbound threats on email.
Why do we need Human Layer Security? Your employees now control both your systems and your data. But people make mistakes, people break the rules, and people can be deceived. 88% of data breaches are caused by human error, with AIG reporting “human errors and behavior continue to be a significant driver of cyber claims.”  It makes sense. Employees can transfer millions of dollars to a bank account in a few clicks and can share thousands of patient records in an Excel file in a single email. You can read more about The Psychology of Human Error here. So, instead of expecting people to do the right thing 100% of the time, we think it’s better to preempt these errors by detecting and preventing them from happening in the first place. Each of our solutions – Tessian Enforcer, Tessian Guardian, and Tessian Defender – is uniquely positioned to do just that. People break the rules Whether done maliciously or accidentally, people in every organization can (and do) break the rules. Those rules can be related to anything, from a password policy to how sensitive information is stored. But, what about rules related to data exfiltration? Oftentimes, employees are blissfully unaware. They’re not familiar with the policies themselves or the consequences of poor data handling. So, they think nothing of emailing company information to their personal email account to print at home, for example.  But not all employees are well-intentioned. Case in point: In late-2019, an employee at a cybersecurity and defense company sold 68,000 customer records to scammers. This isn’t an isolated incident. According to one report, 45% of employees say they’ve taken work-related documents with them after leaving or being dismissed from a job and, according to another, more than half of UK employees admitted to stealing corporate data. A quarter of those would be willing to do so for less than £1,000. Tessian Enforcer prevents data exfiltration attempts (both malicious and negligent. Looking for more real-world examples of malicious and negligent insiders? Read this article.
People make mistakes From a simple typo to a misconfigured firewall, mistakes are inevitable at work. To err is human! In fact, 43% of employees say they’ve made a mistake at work that compromised cybersecurity.  Unfortunately, though, the consequences of these mistakes can be severe. Imagine an employee sends a misdirected email. Penalties and fines could be incurred, customer trust could plummet, and reputational damage could be long-lasting. And those are just the consequences to the larger organization. Individuals will likely suffer, too.  We all know the sinking feeling of making a mistake. But, misdirected emails cause employees more than red-faced embarrassment and anxiety. These accidents put people at risk of losing their jobs.   Tessian Guardian detects and prevents misdirected emails so that the right email is always shared with the right person.
People can be deceived  Businesses of all sizes and across industries work with a web of suppliers, contractors, and customers. And, most use email to communicate. That means it’s easy for hackers to impersonate internal and external contacts.  Business Email Compromise (BEC) attacks increased by over 100% in the last two years.  Worse still, the odds are against businesses and their employees. While a hacker only has to get it right once, we are expected to get it right every time. So, what happens if one employee is successfully tricked one time by a spear phishing email and wires money, shares credentials, or otherwise helps a hacker gain access to your network? The average breach costs organizations $3.92 million. But, these costs can be avoided with technology like Tessian Defender that detects and prevents advanced impersonation attacks.
Why focus on email? At Tessian, our mission is to protect every business’ business by securing the human layer. And we know that to be truly effective, Human Layer Security must protect people whenever and however they handle data.  But, we’re starting with email. It’s the most popular (we spend 40% of our time on it) and riskiest (most breaches happen here) communication channel. It’s also the threat vector IT leaders are most worried about.
You’re probably wondering how Tessian compares to other solutions and how our technology would fit in your larger security framework. We’ll tell you.  Tessian vs. Rule-Based Technology Traditional email security solutions are blunt instruments that tend to be disruptive for employees and admin-intensive for security teams who have to continuously create and maintain thousands of rules.  Don’t believe us? 85% of IT leaders say rule-based DLP is admin-intensive and over half of employees say they’ll find a workaround if security software or policies make it difficult or prevent them from doing their job.  The fact is, manually classifying emails, tagging emails sent to external contacts, encryption, and pesky pop-ups are roadblocks that slow the pace of business and create friction between security teams and other departments.   Worse still, these older technologies just can’t be configured to adequately defend against all the ways people make mistakes or cut corners on email. Tessian doesn’t require any rules and starts preventing threats within 24 hours of deployment.  Tessian vs. Training Training is a necessary part of every security strategy. But, the majority of employees aren’t trained frequently enough and lessons don’t always stick. Employees also tend to struggle applying what they’ve learned in training to real-world situations.  But we can’t blame employees. The average person isn’t a security expert and hackers are crafting more and more sophisticated attacks. It’s hard for even the most security-conscious among us to keep up. That’s why security leaders need to invest in technology that bolsters training and reinforces policies and procedures. That way, employees can improve their security reflexes over time.   That’s where Human Layer Security comes in. Tessian warnings act as in-the-moment training for employees. And, because Tessian only flags 1 in 1,000 emails on average, when a pop-up does appear, employees pay attention.
Tessian Human Layer Security Technology Human Layer Security works by understanding and adapting to human behavior. Our machine learning algorithms analyze historical email data and build a unique security identity for every employee based on relationships and communication patterns.  The best part is: these ML models get smarter and better over time as more data is ingested. This helps the technology establish what normal (and abnormal) looks like and allows Tessian to automatically predict and prevent security breaches on email across devices.    For every inbound and outbound email, our ML algorithms analyze millions of data points, including: Relationship History: Analyzing past and real-time email data, Tessian has a historical view on all email communications and relationships. For example, we can determine in real-time if the wrong recipient has been included on an outbound email; if a sensitive attachment is being sent to a personal, non-business email account; if an inbound email with a legitimate-looking domain is a spoof Content & context: Using natural language processing to analyze historical email data, Tessian understands how people normally communicate on email and what topics they normally discuss. That way, our solutions can automatically detect anomalies in subject matter (i.e. project names) or sentiment (i.e. urgency), which might indicate a threat. Best of all, all of this analysis happens silently in the background and employees won’t know it’s there until they need it. Tessian stops threats, not business. And not flow. And, with Human Layer Security Intelligence, security and compliance leaders can get greater visibility into the threats prevented, track trends, and benchmark their organization’s security posture against others. This way, they can continuously reduce Human Layer risks over time. First, you protected our networks. Then, you protected our devices. Now, you can protect your people with Tessian’s Human Layer Security.
Data Exfiltration, DLP, Human Layer Security, Spear Phishing
7 Concerns IT Leaders Have About Permanent Remote Working
By Laura Brooks
Wednesday, October 14th, 2020
According to Tessian research, 75% of IT leaders and 89% of employees believe the future of work will be “remote” or “hybrid” – a combination of working in the office and remotely.  This will have a significant impact on companies’ IT departments, who will be under pressure to deliver a seamless experience and create strategies that empower employees to work remotely and securely. In fact, 85% of IT leaders think they and their team will be under more pressure if their organization were to adopt a permanent remote working structure.  In this blog, we look at their top 7 concerns and explain how to overcome them.  1. Employee wellbeing Half of IT leaders’ are worried about staff’s wellbeing when they work remotely – making it the top concern among IT professionals.  Remote work can be incredibly stressful for employees. A survey by online employment platform Monster reported that over two-thirds of U.S. workers have experienced burnout symptoms while working from home. Why? Because people are more distracted, they’re taking less time off work, and they’re working longer hours. 61% of employees in another Tessian report said a culture of presenteeism in their organization makes them work longer hours than they need to.  The problem is that when people are stressed, tired and distracted, they make more mistakes that could compromise cybersecurity. In fact, 46% of employees say make more mistakes when they feel burned out.  IT professionals must recognize the correlation between employee wellbeing, their productivity, and security if they want to keep data and systems safe in a remote work world. Lead with empathy and find ways to prevent stressed and distracted employees from making costly cybersecurity mistakes.  2.Unsafe data practices 46% of IT leaders are also worried about employees practicing unsafe cybersecurity behaviors.  Their concerns are valid. A report published by Tessian in May 2020 revealed that 48% of employees feel they can get away with riskier cybersecurity behaviors when working from home, namely because they are working from unfamiliar devices and because they aren’t being watched by IT teams. A further 54% said they’ll find a workaround if security software or policies prevent them from doing their job. Educating employees on safe cybersecurity practices is a necessary first step. However, only 57% of companies implemented additional training at the start of the remote working period in March 2020. This isn’t trivial; businesses must continually educate staff on safe data practices because cybersecurity is rarely at the front of mind for every employee.  Businesses should also ensure that security solutions or policies do not stand in the way of people getting their jobs done. Workers will find the easiest or most convenient path, and this can often involve skirting around security rules. Security should, therefore, be as flexible as people’s working practices in order to mitigate unsafe behaviors online.
3. More data breaches Half of organizations we surveyed said they experienced a data breach or security incident between March and July 2020 – the period in which mandatory remote work arrangements were enforced. Consequently, 40% of IT leaders are worried their company will experience more data breaches if people continue to work remotely.  The causes of these data breaches included phishing attacks (49%), malware (45%) and malicious insider attacks (43%). In addition, 78% of IT leaders said they think their organization is at greater risk of insider threats when staff work from home.  To prevent data breaches caused by insider threats – and other threats caused by human error – IT teams need greater visibility into their riskiest and most at-risk employees. Only by understanding employees’ behaviors, can businesses tailor policies and training to prevent people’s actions from compromising company security and breaching sensitive data.  4. More phishing attacks Half of the security incidents reported between March-July 2020 were caused by successful phishing attacks – making phishing the top attack vector during this period of remote working.  Of the 78% of remote workers that received phishing emails while working on their personal devices, an overwhelming 68% clicked a link or downloaded an attachment from the malicious messages they received. It’s not surprising, then, that 82% of IT leaders think their organization is at greater risk of phishing attacks when people work remotely.  But why is phishing a greater risk for remote workers?  Because it is not uncommon for an employee to receive information about a new software update for a video conferencing app, or an email from a healthcare organization providing tips on how to stay safe, or a request from a supplier asking them to update payment details.  In fact, 43% of IT professionals said their staff had received phishing emails with hackers impersonating software brands, while 34% said they’d received emails from cybercriminals pretending to be an external supplier.  If the sender’s email domain looks legitimate and if hackers have used the correct logos in the body of the email, there’s very little reason why an employee would suspect they were the target of a scam. And, when working remotely, employees can’t easily verify the email with a colleague. They may, then, click the link to “join the meeting”, download the “new update” or share account credentials. To learn more about how to spot a spear phishing email, read our blog here.
5. The IT team’s bandwidth With organizations facing the threat of more data breaches and security incidents caused by unsafe cybersecurity behaviors, over a third (34%) of IT leaders worry that their teams will be stretched too far in terms of time and resource.  Security solutions powered by machine learning can help alleviate the strain. Solutions like Tessian use machine learning algorithms to understand human behaviors in order to automatically detect and prevent threats caused by human error – such as accidental data loss, data exfiltration or phishing attacks. When a potential threat is detected, the individual is alerted in real-time and a record of the incident is logged in a simple and accessible dashboard. IT professionals no longer have to spend hours manually looking back through logs to find incidents – the proverbial ‘needle in a haystack’.  When you consider that 55% of IT teams spend more time navigating manual processes than responding to vulnerabilities, finding ways to take away the manual, labor-intensive tasks will be critical in freeing up IT professionals’ time.  6. An increase to IT leaders’ workload In addition to concerns over their teams’ workloads increasing, IT leaders also fear they’ll face even longer to-do lists in a hybrid or remote working world. Why? To name a few: The majority of IT leaders will be implementing new BYOD policies, additional training programs, upgrades to endpoint protection as well as new VPNs in order to address employees’ expectations and safety.  They have to overcome challenges like data loss prevention (DLP), something 84% of IT leaders say is more difficult in distributed workforces.  They have to address and mitigate more security risks such as employees bringing infected devices or documents into the office, potentially compromising the company’s entire network.  According to Nominet’s 2020 report – The CISO Stress Report: Life Inside the Perimeter: One Year On – 88% of CISOs are moderately or tremendously stressed. What’s more, 95% work more than their contracted hours amounting to an extra 10 hours per week, on average.  As the pressure increases, businesses must find ways to alleviate stress and empower IT leaders to work effectively and efficiently in order to protect their company and employees.
7. Non-compliance with data protection regulations Nearly a third of IT leaders said that remote working could compromise compliance with data protection regulations.  In the last year, misdirected emails have been the number one cause of data breach incidents reported to the Information Commissioner’s Office. A previous Tessian report found that 58% of employees have sent an email to the wrong person during their career and, of these misdirected emails, nearly a fifth (17%) were sent to the wrong external party.  Their reasons? Nearly half said it was because they were tired and 41% said the error was made because they were distracted. Given that studies have shown people are feeling more fatigued and more distracted while working remotely, there is cause for concern that data breaches, caused by human error, will only increase.  Instead of expecting people to do the right thing 100% of the time while working away from the office, invest in security solutions that preempt these errors by detecting and preventing them from happening in the first place. That way, IT leaders can proactively stop sensitive information from leaving their environment, company IP stays secure, compliance standards are met, and customer trust is maintained. To find out more, read the full report – Securing the Future of Hybrid Work – here.
Spear Phishing
Everything You Need to Know About Wire Transfer Phishing
Wednesday, October 7th, 2020
Wire transfer phishing costs businesses billions of dollars every year — and the problem is only getting worse. That’s why business leaders and security experts are increasingly worried about this damaging form of cybercrime.  In this article, we’ll be answering the following questions: What is wire transfer phishing? How does wire transfer phishing compare to other social engineering attacks?  How can your business defend against wire transfer phishing?  We’ll also be taking a look at one of the biggest cybercrimes in history — a sustained wire transfer phishing scam against Google and Facebook. What is wire transfer phishing?
How wire transfer phishing works Like other types of social engineering attacks, cybercriminals use a number of different methods to carry out wire transfer phishing against businesses and individuals.  But, we can offer a “typical” example of this kind of attack. Imagine you’re an employee in a company’s accounts department. You routinely receive email invoices from suppliers, contractors, and service providers.  One morning, you get an email from Jane at IT Maintenance — someone who has emailed invoices regularly for the past five years. As always, Jane is friendly. She provides a normal-looking invoice for some computing services your company uses regularly. You pay the invoice in the usual way, using the bank account details provided. But you didn’t realize that Jane’s email address was subtly different this time — instead of the usual [email protected], the email came from [email protected]  You just fell victim to a wire transfer phishing attack — and paid money into a cybercriminal’s account. Can you spot the difference in the email addresses? This is just one example of email impersonation.  Wire transfer phishing vs. other types of phishing There are many types of phishing. But they all have one thing in common: the hacker is trying to trick targets into handing over information, transferring money, or granting access to networks.  Wire transfer phishing aims to trick the victim out of money by persuading them to transfer money into the attacker’s bank account. Below are other types of phishing motivated by a financial incentive.  Credential phishing involves creating a fake website designed to look like an account login page. The target believes they are logging into an online account. But in fact, they are sending their username and password to the attacker. Payroll diversion is where a scammer impersonates an employee and provides new bank details to an HR department. Gift card phishing involves persuading the target to purchase gift cards or make a payment via gift cards. But there are plenty of other “types” of phishing. While phishing typically refers to an email-based social engineering attack — 96% of phishing attacks occur via email – hackers can use other methods of delivery, too.  For example: Smishing is a type of phishing that takes place via SMS message.  Vishing takes place over phone or Voice over IP (VoIP) software. Social media phishing takes place over social media platforms. Wire transfer phishing could occur via SMS, phone, or social media — but email is much more common. For more information, see our article: Smishing and Vishing: What You Need to Know. Some types of phishing are defined by how they target victims. For example:  Spear phishing is any phishing attack that targets a specific individual. A spear-phishing email opens with “Dear [name],” whereas a bulk, “spray and pray” phishing attack addresses no-one in particular. Whaling is any phishing attack that targets a senior executive. High-profile targets typically have easier access to bigger funds. Business email compromise (BEC) involves spoofing or hacking a company email account (for example, [email protected]). Wire transfer phishing is very likely to involve spear phishing. After all, you’re not very likely to hand over money to an individual that doesn’t even use your name. Business email compromise and whaling also usually involve wire transfer phishing. Keep reading to find out just how much business lost (and hackers gained).  Wire transfer phishing statistics Businesses and banks are continually investing in new defenses against phishing. Some of these strategies work, and they are making a positive impact.  But due to the increasing volume and sophistication of such scams, businesses are losing more money than ever. Between June 2016 and July 2019, FBI statistics show that wire transfer fraud via BEC occurred 166,349 times, and cost businesses over $26 billion. In 2019, the number of bank transfer phishing scams occurring in the UK increased by 40%. In 2017, the FBI received 15,690 complaints about BEC (primarily involving wire transfer), resulting in over $675 million in losses. In 2019, this increased to 23,775 complaints and over $1.7 billion in losses. Defending against wire transfer phishing Business and cybersecurity leaders understand that wire transfer phishing is a severe threat — and they take steps to defend against it. Recognizing wire transfer scams Recognizing wire transfer scams can be extremely difficult. But, even the least sophisticated scams share some hallmarks, including: A sense of urgency — The person requesting a fraudulent transfer will often claim that the money is needed immediately or threaten late payment fines. Unsolicited contact — If you receive a request for money from a company you’ve never dealt with, this is likely to be a phishing scam (of very poor quality). Unprofessional communication — Phishing emails might be written in an unprofessional tone or contain grammatical errors. These traits are rarely present in successful wire transfer attacks, which can involve impersonations of specific people and careful recreation of invoices that appear identical to genuine documents.  If you’re a security leader who’s trying to help your employees spot spear phishing attacks, this article (and infographic) will help: What Does a Spear Phishing Email Look Like? Training can help, too. Running employee training programs It’s essential to make your employees aware of wire transfer phishing and other security threats. But employees should never be the last line of defense.
Phishing techniques have become so sophisticated that even the most tech-savvy employees can miss them (including the NSCS’s cybersecurity experts). Humans aren’t good at recognizing subtle changes in behavior and identity — no matter how much training they receive. That’s why email security is essential. Interested in learning more about the pros and cons of phishing awareness training.  Implementing email security software The best way to stop wire transfer phishing is to deploy email security software across all employee devices. Tessian Defender, for example, uses AI to learn your employees’ inboxes inside-out. Tessian knows what a “normal” email looks like — so it knows when a wire transfer phishing scam is occurring. Tessian can pick up on the tiny differences in email addresses that indicate spoofing. It can even detect behavioral changes that suggest that the sender isn’t who they say they are — and that their email has been compromised.  Once detected, employees are warned (which reinforces training), security teams are alerted, and the domain is automatically added to a denylist. Crisis averted.  Validating payments In addition to deploying email security software and increasing staff awareness, your finance team should take steps to validate wire transfers before making payments. For example: Keeping careful (and secure) records of vendors’ bank details  Verifying payments over the phone where practical Contacting the payee directly where there are any concerns These validation processes are important, but they can take time and resources — and they’re far from foolproof, as we’ll see below. Case Study: Facebook and Google $121 Million Wire Transfer Scam To help you better understand how wire transfer phishing works, let’s take a look at a real-life example. In 2019, a Lithuanian national named Evaldas Rimasauskas appeared in court in New York. Rimasauskas pleaded guilty to participating in the biggest phishing scam in history and received a 5-year prison sentence. Between 2013 and 2015, Rimasauskas and his associates used wire transfer phishing to scam Facebook and Google out of around $121 million.  So how did this team of cyber-criminals trick two of the world’s largest tech companies into giving up so much cash? First, the group set up a company with the same name as a genuine Taiwanese computer manufacturer that supplied Facebook and Google with hardware — “Quanta Computer.” Rimauskas set up bank accounts in the company’s name across Latvia and Cyprus. The scammers then emailed Facebook and Google employees from fake spoof accounts, pretending to be Quanta Computer employees. These emails were convincing enough to persuade the tech firms’ staff to pay invoices into Rimasauskas’ fake bank accounts. Once the cybercriminals had received payments from Facebook and Google, they quickly transferred the money to a network of accounts across Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong. How did the group get away with making such substantial transfers for so long? Didn’t the receiving banks question where this money was coming from? Well, the group also created fake invoices, contracts, and letters — purportedly from the tech firms’ employees — to verify the transfers. What can we learn from the Rimasauskas case? Even employees at well-resourced, tech-oriented firms can fall victim to wire transfer phishing. As well as impersonating people you know, scammers can set up companies with the same names as your service providers. Banks can’t be relied upon to prevent fraudulent wire transfers. It’s hard to deny the cleverness of Rimasauskas’ scheme. If Facebook and Google — two of the wealthiest companies on the planet — can lose $121 million this way, then any company could fall victim to a similar scam. To learn more about how Tessian can detect and prevent wire transfer phishing attacks and other advanced impersonation attacks, book a demo. Or, for insight into how we’re helping world-learning organizations, check out our customers page.
Data Exfiltration, DLP, Human Layer Security
Insider Threat Statistics You Should Know: Updated 2020
By Maddie Rosenthal
Tuesday, October 6th, 2020
Over the last two years, there’s been a 47% increase in the frequency of incidents involving Insider Threats. This includes malicious data exfiltration and accidental data loss. Why does this matter? Because these incidents cost organizations millions, are leading to breaches that expose sensitive customer, client, and company data, and are notoriously hard to prevent. In this article, we’ll explore: How often these incident are happening What motivates Insider Threats to act The financial  impact Insider Threats have on larger organizations The effectiveness of different preventive measures You can also download this infographic with the key statistics from this article. If you know what an Insider Threat is, click here to jump down the page. If not, you can check out some of these articles for a bit more background. What is an Insider Threat? Insider Threat Definition, Examples, and Solutions Insider Threat Indicators: 11 Ways to Recognize an Insider Threat Insider Threats: Types and Real-World Examples
How frequently are Insider Threat incidents happening? As we’ve said, incidents involving Insider Threats have increased by 47% since 2018. But the frequency of incidents varies industry-by-industry. Verizon’s 2020 Breach Investigations Report offers a comprehensive overview of different incidents in different industries, with a focus on patterns, actions, and assets.  They found that: The Healthcare and Manufacturing industries experience the most incidents involving  employees misusing their access privileges The Public Sector and Healthcare suffer the most from lost or stolen assets  Healthcare and Finance see the most “miscellaneous errors” (for example misdirected emails !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");
There are also several different types of Insider Threats and the “who and why” behind these incidents can vary. According to one study: Negligent Insiders are the most common and account for 62% of all incidents.  Negligent Insiders who have their credentials stolen account for 25% of all incidents Malicious Insiders are responsible for 14% of all incidents.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Looking at Tessian’s own platform data, Negligent Insiders may be responsible for even more incidents than most expected. On average, 800 emails are sent to the wrong person every year in companies with 1,000 employees. This is 1.6x more than IT leaders estimate.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Malicious Insiders are likely responsible for more incidents than expected, too. Between March and July 2020, 43% of security incidents reported were caused by malicious insiders. We should expect this number to increase. Over three-quarters of IT leaders (78%) think their organization is at greater risk of Insider Threats if their company adopts a permanent hybrid working structure. Which, by the way, the majority of employees would prefer. What motivates Insider Threats to act? When it comes to the “why”, Insiders – specifically Malicious Insiders – are often motivated by money, a competitive edge, or revenge. But, according to one report, there is a range of reasons malicious Insiders act. Some just do it for fun.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); But, we don’t always know exactly “why”. For example, Tessian’s own survey data shows that 45% of employees download, save, send, or otherwise exfiltrate work-related documents before leaving a job or after being dismissed.  While we may be able to infer that they’re taking spreadsheets, contracts, or other documents to impress a future or potential employer, we can’t know for certain.  Note: Incidents like this happen the most frequently in competitive industries like Financial Services and Business, Consulting, & Management. This supports our theory.  !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); How much do incidents involving Insider Threats cost? The cost of Insider Threat incidents varies based on the type of incident, with incidents involving stolen credentials causing the most financial damage. But, across the board, the cost has been steadily rising. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Likewise, there are regional differences in the cost of Insider Threats, with incidents in North America costing the most and almost twice as much as those in Asia-Pacific. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); But, overall, the average global cost has increased 31% over the last 2 years, from $8.76 million in 2018 to $11.45 in 2020 and the largest chunk goes towards containment, remediation, incident response, and investigation. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); But, what about prevention? How effective are preventative measures? As the frequency of Insider Threat incidents continues to increase, so does investment in cybersecurity. But, what solutions are available and which solutions do security, IT, and compliance leaders trust to detect and prevent data loss within their organizations? According to Tessian’s latest report, The State of Data Loss Prevention 2020, most rely on security awareness training, followed by following company policies/procedures, and machine learning/intelligent automation. But, incidents actually happen more frequently in organizations that offer training the most often and, while the majority of employees say they understand company policies and procedures, comprehension doesn’t help prevent malicious behavior. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); That’s why many organizations rely on rule-based solutions. But, those often fall short.  Not only are they admin-intensive for security teams, but they’re blunt instruments and often prevent employees from doing their jobs while also failing to prevent data loss from Insiders.  So, how can you detect incidents involving Insiders in order to prevent data loss and eliminate the cost of remediation? Machine learning. How does Tessian detect and prevent Insider Threats? Tessian turns an organization’s email data into its best defense against inbound and outbound email security threats. Powered by machine learning, our Human Layer Security technology understands human behavior and relationships, enabling it to automatically detect and prevent anomalous and dangerous activity. Tessian Enforcer detects and prevents data exfiltration attempts Tessian Guardian detects and prevents misdirected emails Tessian Defender detects and prevents spear phishing attacks Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network. Oh, and it works silently in the background, meaning employees can do their jobs without security getting in the way.  Interested in learning more about how Tessian can help prevent Insider Threats in your organization? You can read some of our customer stories here or book a demo.
Page