The Ultimate Guide to Human Layer Security

  • By Tim Sadler
  • 24 January 2020

There’s a big problem in cybersecurity. Despite over 3,000 products in the market, data breaches are at an all-time high. Businesses are at risk of insider and outsider threats, with a reported 67% increase in the volume of security breaches over the past five years.

Worse still, this increase in security breaches is happening despite organizations spending more than ever to protect their systems and data, up from $1.4 million to $13 million.

Why is this happening? Businesses haven’t been protecting their most important asset: their employees.

Historically, email security solutions have layered defenses first on top of networks, then devices, and finally cloud applications. The majority of these solutions provide blunt protection, or rely on retroactive threat detection and remediation, which leaves obvious (and unfortunate) gaps in a business’ armor.

So, when you can get a firewall to protect your network, and EDR to protect your devices, what do you get to protect your people?

First, we protected our networks with firewalls. Then, we protected devices with EDR. Now, we need something to protect our people.

What is Human Layer Security?

  • Human Layer Security (HLS)

    Human Layer Security (HLS) is technology that secures all human-digital interactions in the workplace. By focusing on the human layer (employees, contractors, customers, suppliers) as opposed to the machine and systems layer (networks, devices, apps), HLS keeps business’ sensitive data and systems safe.

Tessian’s Human Layer Security technology understands human behavior and relationships, enabling it to detect and prevent dangerous activity. Importantly, Tessian’s technology learns and adapts to how people work without getting in the way or impeding productivity.

We created this category over a year ago, and it was the thesis for our Series B fundraise.  Since then, we’ve seamlessly deployed Tessian solutions to customers across industries from SMBs to multi-national enterprises, and are now detecting and preventing millions of inbound and outbound threats on email.

Why do we need Human Layer Security?

Your employees now control both your systems and your data and, the fact is, people make mistakes, people break the rules, and people can be hacked.

It’s no wonder that 88% of data breaches are caused by human error, with AIG reporting “human errors and behavior continue to be a significant driver of cyber claims.” After all, employees can transfer millions of dollars to a bank account in a few clicks and can share thousands of patient records in an Excel file via a single email.

Instead of expecting people to do the right thing 100% of the time, we think it’s better to preempt these errors by detecting and preventing them from happening in the first place.

Each of our solutions – Tessian EnforcerTessian Guardian, and Tessian Defender – is uniquely positioned to do just that, and these solutions can be explored by the specific type of human error they protect against.

People break the rules

Whether done maliciously or accidentally, people in every organization can and do break the rules. Those rules can be related to anything, from a password policy to how sensitive information is stored. But, what about rules related to data exfiltration?

Oftentimes, employees are blissfully unaware of policies related to – and the risk associated with – sending emails containing work-related information to domains outside of their own organization. Take, for example, an employee who sends a file to their personal email account so that they can work from home over a long weekend.

Sometimes, though, work-related information is extracted with more nefarious intent and, unfortunately, this can happen in even the most secure environments. Case in point: In late-2019, an employee at a cybersecurity and defense company sold 68,000 customer records to scammers.

This isn’t an isolated incident, either; more than half of UK employees admitted to stealing corporate data. A quarter of those would be willing to do so for less than £1,000.

  • Tessian Enforcer

    Tessian Enforcer prevents data exfiltration by allowing organizations to track and prevent sensitive information being sent to unauthorized or unsafe destinations based on triggers controlled by administrators.

People make mistakes

To err is human and, entrusted with both systems and data, employees put themselves in decidedly vulnerable positions as they maneuver dozens of human-digital interactions each day. From a simple typo to a misconfigured firewall, mistakes are inevitable in the workplace.

Unfortunately, though, the consequences of these mistakes are far-reaching.

If an employee accidentally fires off an email containing sensitive customer data to the wrong person – otherwise known as a misdirected email – penalties and fines could be incurred, customer trust could plummet, and reputational damage could be long-lasting. And those are just the consequences to the larger organization. Individuals will likely suffer, too, with misdirected emails no doubt causing employees and supervisors tremendous anxiety and even putting them at risk of being terminated.

  • Tessian Guardian

    Tessian Guardian prevents accidental data loss by safeguarding employees from sending sensitive information to the wrong person.

People can be hacked

Businesses of all sizes work with a web of suppliers, contractors and customers spanning different time zones and regulatory environments. As a result, we’ve seen a rise in targeted spear phishing attacks where cybercriminals are convincingly impersonating internal and external contacts.

Worse still, the odds are against businesses and their employees. While a hacker only has to get it right once, we are expected to get it right every time.

So, what happens if one employee is successfully tricked one time by a spear phishing email and wires money, shares credentials, or otherwise acts as an entry point for a bad actor to gain access to your network? With the average cost of a data breach in the United States climbing to $8.19 million in 2019, the company will likely take a hard hit, especially with the sharp increase in GDPR fines.

  • Tessian Defender

    Tessian Defender detects and prevents advanced spear phishing attacks in real time by analyzing hundreds of data points within email headers, body text, and attachments. 

Why focus on email?

To be truly effective, Human Layer Security must protect all human-digital interactions within the enterprise. This is a massive remit.

So, Tessian started with email, because it’s the most popular (we spend 40% of our time on it) and riskiest (most breaches happen here) communication channel.

“You get all sorts of human error still creeping in...People are still clicking on phishing emails all the time, despite training. And one of the things that really exacerbates the cost of dealing with incidents, including increasing the need for and costs of notifications to regulators and data subjects, is the use by employees of company email for private matters, particularly private financial matters.”
Jonathan Ball Norton Rose Fulbright (AIG)

But why is email currently so poorly protected and how does Tessian fit into larger security frameworks to keep your people and your data safe?

Rule-Based Technology

Traditional email security solutions are static, disruptive and admin-intensive. Some demand that employees manually classify every email based on sensitivity or tag all emails being sent to external contacts; this is time consuming and not reliable. (Alert fatigue is real.)

Others may require that employees encrypt emails, which adds friction and slows the pace of business. These older technologies can’t be configured to adequately defend against all the ways people make mistakes or cut corners on email.


Aware of these tech shortcomings, most companies layer in security training.

The hope is that through a combination of training and policies, employees will adopt secure behaviors. Unfortunately, though, two thirds of employees are not regularly trained about cyber threats on email, which is the #1 threat vector in an organisation. What’s more, a significant percentage of those who are trained don’t retain what they’re taught.

Training is incomplete, irregular and doesn’t stick. Hence the need for HLS.

Human Layer Security

In addition to policies, training, and other security solutions, organizations need an extra layer of security.

Human Layer Security works by understanding and adapting to human behavior without compromising productivity. This is only made possible by machine learning (ML), and Tessian built our HLS platform out of the gate using stateful ML.

We built our outbound email protection first, and leveraged the email data from hundreds of customers (with their consent, of course) to build our inbound threat stack. Our stateful ML models analyze historical email data in order to understand human relationships and communication patterns.

Once we know what normal and abnormal look like, Tessian can automatically predict and prevent security breaches.

How is Tessian using machine learning to secure the human layer on email?

We get it—ML/AI are used often and interchangeably in the cybersecurity space. But, the simple truth is that a solution built on ML enables better email protection because ML models get smarter and better over time as more data is ingested.

Tessian’s Human Layer Security platform consists of intelligent and fully customizable email filters. For every inbound and outbound email, our filters analyze a vast array of data points in real time to create a comprehensive assessment of the correspondence.

In the simplest terms, to determine whether an email is safe or unsafe to send/receive, we examine:

  • Relationship History: Analyzing past and real-time email data, Tessian has a historical view on all email communications and relationships. For example, we can determine in real time: if the wrong recipient has been included on an outbound email; if a sensitive attachment is being sent to a personal, non-business email account; if an inbound email with a legitimate-looking domain is a spoof by detecting an unusual IP address.on
  • Content & context: Using natural language processing to analyze historical email data, Tessian understands how people normally communicate on email and what topics they normally discuss. As a result, our filters automatically detect anomalies in subject matter (i.e. project names) or sentiment (i.e. urgency), which might indicate a threat.

Tessian understands and adapts to how people work, so it can prevent threats before they happen. It gets out of the way so people can proceed confidently with business as usual without being slowed down, or having to add threat detection to their to-do list.

First, you protected our networks. Then, you protected our devices. Now, you can protect your people with Tessian’s Human Layer Security.

Tim Sadler co-founder and Chief Executive Officer