Tessian Human Layer Security Summit: Your Questions, Answered

  • 24 June 2020

Last week, Tessian hosted the world’s first Virtual Human Layer Security Summit and, over the course of three hours, thought leaders from some of the world’s leading organizations shared insights and advice around business continuity, cybersecurity, and what the future looks like.

Throughout the Summit, we asked the audience to submit questions but, with over 1,000 people tuning in, we weren’t able to address them all. Better late than never!

Here are answers to some of your most pressing questions. 

Did you miss the Human Layer Security Summit? You can view each session in the playlist below and you can read the key learnings from the day here: 13 Things We Learned at Tessian Virtual Human Layer Security Summit.

You can also sign-up for our newsletter to ensure you’re the first to hear about upcoming events and other relevant industry and company news.

1. What is Human Layer Security?

Human Layer Security (HLS) a new category of technology that secures all human-digital interactions in the workplace. Instead of protecting networks or devices, Human Layer Security protects people (employees, contractors, customers, suppliers).

Why? Because people control our most sensitive systems and data. They’re the gatekeepers of information. 

Tessian’s Human Layer Security technology understands human behavior and relationships, enabling it to detect and prevent dangerous activity like data exfiltration, accidental data loss, and spear phishing attacks. Importantly, Tessian’s technology learns and adapts to how people work without getting in the way or impeding productivity.

You can learn more about this new category of security in our Ultimate Guide to Human Layer Security

2. What are some of the key risk indicators used to measure human fallibility? 

In the context of email security, Tessian looks at three key human vulnerabilities: 

  1. People break the rules 
  2. People make mistakes
  3. People can be easily tricked

While risk indicators vary based on the vulnerability, monitoring data handling (both physical and digital) and assessing employee’s understanding of cybersecurity best practices should help you understand how risky or at-risk a particular employee is.

Read: Insider Threat Indicators: 11 Ways to Recognize an Insider Threat 

For example, if someone in your HR department consistently falls for phishing scams during simulations, they’re at risk of falling for one in real-life. Likewise, if someone in your finance department doesn’t change their passwords as requested, they may be more likely to break other security rules.

But, keeping track of every employee and their attitudes towards security is nearly impossible, especially in large companies. That’s why solutions like Tessian are essential. 

With Tessian Human Layer Security Intelligence, you’ll be able to see at a glance which employees are breaking the rules, making mistakes, and getting hacked. You’ll also be able to review historical data to see how behaviors have changed (for better or worse) in order to correct or reward individuals. 

Want to learn more about how Tessian Human Layer Security Intelligence helps security teams maintain visibility of the Human Layer risks in their organizations? Read our blog, which outlines use cases, benefits, and more.

3. In the context of remote-working, how does decreased focus impact security?

Over the last several months, we’ve been talking a lot about remote-working and how these new set-ups can impact cybersecurity. And, while there are a lot of technical challenges to overcome – from setting up VPNs to onboarding and offboarding employees while out of the office – we can’t ignore the more human challenges.

Tessian actually took a closer look at these challenges in our latest research report, The State of Data Loss Prevention 2020, and found that 91% of employees are less likely to follow safe security practices when working from home.

But why? 

47% said it’s because they’re distracted. And, it makes sense. When working from home, people have other responsibilities like childcare, roommates and, more often than note, they don’t have dedicated workstations like they do in their normal office environment. That means it’s easier to make mistakes. This isn’t trivial.

One misdirected email could cause a data breach. It only takes one click of a mouse. 

4. Does Tessian believe that employees are always trying to “get away” with something? 

The short answer: absolutely not. We believe that the average employee is just trying to do their job and, if you give people the opportunity to make smart security decisions, they will.

But, too often, security policies, procedures, and tech get in the way. And that’s where you run into problems. 

51% of employees say security tools or software impede their productivity and a further 54% say they’ll find a workaround if security software or policies prevent them from doing their job. So, what do you do? Find a better way! Make the easiest path the most secure path. 

This is a part of Tessian’s ethos. That’s why our solutions work silently in the background, have low flag rates for false positives, and reinforce security policies with contextual warnings.  

5. What are some effective ways to change human behavior? 

Training, a strong security culture, and tech. Importantly, you have to have all three.

You have to first educate employees on why security matters for the larger organization and then explain how individual behaviors can impact its overall security posture. Of course, one training session isn’t enough to make the message stick. Security awareness training should be ongoing. 

In fact, security should be baked into the overall business. That way, you create a strong security culture (which should start from the top-down) that really values and rewards secure behavior.

But, even reinforcing security best practices isn’t enough. (Read our report: Why the Threat of Phishing Can’t be ‘Trained Away’.) To err is human. 

Whether accidental or malicious, data loss incidents happen – even with regular training – which means your people shouldn’t be the last line of defense. Tech should be. Ideally, that tech will bolster training by reinforcing policies and procedures. 

Tessian does this via contextual warnings that empower the employee to make his or her own decision, while also giving security teams full oversight.

6. How can you teach people outside of the cybersecurity team how to spot phishing emails and other social engineering attacks? 

As we’ve said, the average employee just wants to do their job. They don’t want to be a security expert. That’s why it’s so important to teach people about security risks in terms they understand and care about.

We’ve found that one of the best ways to teach employees how to spot phishing emails is to use consumer examples. For example, stimulus check scams, Tax Day scams, and Census scams

Once you have several examples, make sure you point out what’s suspicious about the email and what to do if and when an employee receives one. If you work in a highly-targeted industry, make sure you reinforce frequent training with posters, PDFs, and other resources.

We put together a guide – including examples – for COVID-19 attacks, which you can download at the bottom of this blog: Coronavirus and Cybersecurity: how to Stay Safe From Phishing Attacks. Feel free to share it with your employees! 

7. What is your advice for a Cybersecurity Master’s student looking to explore the job sector?

There is no right (or wrong) way to break into the industry. Cybersecurity is incredibly diverse and no one job, company, or project is the same. While you’re in school, get as much work experience as you can to find out what really ignites your passion.

But, don’t take our word for it! Check out the profiles of over a dozen cybersecurity professionals on our blog. Or, read our report, Opportunity in Cybersecurity 2020, for an overview of the industry and what it has to offer new entrants. 

Oh, and be sure to check out our open roles, too.

Do you have more questions about Tessian or cybersecurity? Email [email protected] and we’ll get back to you. You can also book a demo to see how Tessian’s solutions can help prevent data loss incidents in your organization.