Proofpoint closes acquisition of Tessian. Read More ->

Request a demo
Request a demo
Request a demo
Request a demo
Request a demo

What We Learned From Our 7th Human Layer Security Summit

Andrew Webb • Thursday, March 3rd 2022
What We Learned From Our 7th Human Layer Security Summit

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

As the virtual curtain falls on our seventh Human Layer Security Summit we’d just like to say a huge thank you to our guests and to you, our attendees. There were some terrific insights, advice, and examples offered in every session – here’s what you missed..

New Vulnerabilities, Ransomware and Supply Chain Attacks: 3 Lessons to Make You Rethink Your Inbound Strategy

To kick things off, Paul Laudanski (Head of Threat Intelligence at Tessian), hosted David Kennedy (CEO and Founder at TrustedSec), and Elvis Chan (Asst. Special Agent in Charge at the FBI). Together they discussed ransomware and supply chain attacks; how they’re often devastating for businesses, and how to protect against them. 

 

As David says, “Why target one individual victim when you can target a thousand victims and get a much larger payout”. From the law enforcement side, Elvis Chan explains how we’re seeing more ‘ransomware as a service’, because as well as the technical elements of an attack, it’s also essential that bad actors can communicate clearly in English, and have access to money-laundering services to take the payment. “That’s a lot of sophisticated elements and organization,” says Elvis, “and that’s what the FBI is good at, going after syndicates and organizations”. Indeed, Elvis informs us that the FBI currently has over 100 investigations underway.

“Many organizations suffer from M&M syndrome – hard on the outside, soft on the inside”
David Kennedy CEO and Founder TrustedSec

As for why phishing is the most popular attack vector, David explains “It’s the easiest method. Many organizations suffer from M&M syndrome – hard on the outside, soft on the inside. You have to do a lot of research to go against the perimeter.” Attacking the human, however, can be done much more easily, and once you’re inside, moving around is simple. David also explains how attacks disrupt three main areas “They’re going after your backups, they’re selling your data, and they’re hitting you with DDOS – until you pay.”

The Defense In-Depth Playbook: How to Augment Microsoft 365 to Supercharge Email Security

Session 2 saw Matthew Pascucci (Director of Security Operations at Evercore) explain to Tessian CISO, Josh Yavor, how layering his security stack with solutions across network, endpoint, and application layers ensures they have the best possible defenses. “Microsoft are fantastic at what they do, but there are always areas for improvement,” says Matthew. 

 

He explains how the partnership between Tessian and Microsoft, combines the best of rules-based solutions with behavioral solutions. “The key is having them build off each other,”he said. They go on to discuss Evercore’s ‘after event’ operations, and what procedures and documentation they have in place. “There should be an understanding from a user what happens when they get an ‘in the moment’ alert from Tessian – it’s there to protect them, not stop business,” says Matthew. 

 

The session winds down with a discussion on why the days of on-prem Secure Email Gateways are numbered, and why the future is in the cloud. “There’s less patching, less hardware maintenance,” says Matthew. 

Preventing Advanced Attacks and Influencing Safe Behavior in the Fast-Paced World of Tech


Next up was Ben Aung (Chief Risk Officer at Sage) in conversation with Tessian’s Solutions Engineer Ashley Bull. Sage is one of the UK’s largest technology companies, offering back-office software products and services for small and medium-sized businesses. As such, they hold some of their customers’ most sensitive data: HR, financial, and accounting records. 

 

Ben explains how important support from the board of directors is, and how to put that support and interest from the board into action. “Winning that situation and making sure you set out your bigger picture in a way that’s easy to understand is key,” says Ben. He also explains what he loves about the capabilities of Tessian, and how he can tailor the advice specific to the user so that “in the moment, they’ll make the right judgment”.

Ensuring Ultimate Email Security in Law Firms, Where Reputation Is Everything

Amelia Dunton (Customer Success Manager at Tessian) hosts Simon Lambe (Head of IT Security at Mishcon de Reya) and David Aird (IT Director at DAC Beachcroft) to discuss why your reputation is crucial in any global law firm. Simon details how he has to balance the speed of response times with data protection. – while also protecting clients’ most important information.

 

David highlights how some of the practices that might be permissible in another sector, aren’t in the legal sector. Simon then details how he’s developed the cybersecurity strategy at Mishcon around three pillars – prevention, detection, and recovery. “I think historically people thought only about prevention,” he adds. They both then discuss risk appetite, and how it needs to be business-focused, not technology-focused. 

 

Finally, Amelia (who revealed herself as a DLP nerd 🤓), asks Simon for some of his data loss prevention examples; including finding one employee selling company IP to a competitor.

Creating a New Identity for Modern Security: Why Organizations Should Prioritize Securing the Human

Our next session has Matt Egan (Director of Technical Strategy at Okta) in conversation with Austin Zide (Product Manager at Tessian). They start by exploring Matt’s ‘hobby’, calling out brands with bad password policies. “Yeah I have a lot of fun with that!” says Matt – not all heroes wear capes. 

 

Matt then explains what trends he’s most excited about in Human Layer Security, and how we’re moving to a world of protecting the individual, not the IP address. He also details why many security teams are going wrong in security and specifically, identity – and how by changing this approach they can improve their overall security position. Finally, the session closes with how Tessian specifically integrates with Okta.

Security Philosophies from Trailblazers: Q&A with Helen Patton, Advisory CISO, Cisco

Closing out the Summit is the awesome Helen Patton (Advisory CISO at Cisco) in conversation with our own Josh Yavor. Helen reveals what she considers security must-haves, such as good asset management, multi-factor authentication, vulnerability management, and incident response capabilities. “All those things are hard to do well, and all of those things combined are going to help you deal with the threats of the day, whatever they are,” says Helen. 

 

She also explains how she uses Sounil Yu’s Cybersecurity matrix to find out where her strengths and weaknesses are, “it’s a maturity curve,” Helen said. She goes on to explain why it’s wrong to think of security as a technical discipline, and why it should be more a business discipline with a technical solution. Finally, she gives her thoughts on hiring. “When I look at job postings, and HR conversations, it’s broken,” she said. According to her, in order to improve the breadth of talent in the industry, we need a mindset change from what a security hire has done to what they will do.

 

So there you have it – That’s a wrap! If you want more from all seven summits, you can watch them on demand over on our knowledge hub. Sign up for our newsletter below and follow us on our social media platforms (LinkedIn and Twitter) so you’re first in the know for the next Human Layer Security Summit.

 

Andrew Webb Senior Content Manager