Email is still the most commonly used vector for targeted attacks like spear phishing and business email compromise - as well as the main channel for employees to send and receive sensitive data or conduct private business discussions – so it’s no surprise that 90% of data breaches begin with an email.
Tessian recognise that, despite stricter data compliance standards, incredible technical innovation, and more investment from businesses, data breaches are at an all-time high. Clearly there is a problem here, and that problem is that many modern security solutions continue to focus on the machine layer of an organisation, when humans often serve as an organisation’s biggest vulnerability.
Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.
Why is Human Layer Security so important?
When we pay for an email security service, we expect it to perform exactly as advertised at all times. Humans, however, are imperfect by nature, which means that people can make mistakes, break the rules, or be deceived.
On top of this, the shift to remote working over the past two years has made the human error problem an even greater threat, with stress, burnout and environmental distractions making employees more likely to slip up. In fact, studies show that 1 in 3 employees think they can get away with riskier behaviours when working remotely.
So, instead of expecting people to do the right thing 100% of the time, Tessian works to help businesses preempt these errors by detecting and preventing them from happening in the first place.
People make mistakes
When it comes to business systems and data, mistakes big and small can all snowball into a potentially devastating incident.
Working with emails in particular can easily lead to mistakes taking place, with highly sensitive data like invoices and data lists being sent and received on a daily basis. Just one document being sent to the wrong person - or one wrong document being sent to the right person - could result in a damaging data breach, reputational damage, or compromised accounts.
To put this into perspective, 800 misdirected emails are sent every year in organisations with 1,000+ employees, and 48% of employees have attached the wrong file to an email.
Tessian Guardian prevents accidental data loss by understanding individual employee’s networks, communication patterns, and evolving relationships. With this knowledge, the technology works to detect and prevent misdirected emails and misattached files so that the right email and the right files are always shared with the right person .
People break the rules
Employees unfortunately break the rules quite often. Sometimes the culprit may be a malicious, disgruntled individual trying to cause havoc, but more often it is simply an employee who isn’t aware of certain policies, or seriously underestimated the potential consequences of overlooking it on occasion.
A great example of this is passwords; despite so many businesses implementing secure password policies, the laughably insecure ‘123456’ continues to top the list for most common passwords year after year. Employees aren’t choosing this password because they want their business accounts to be compromised, but simply because it’s easier for themselves to remember.
Bringing the focus back to email security, one of the more frequent and damaging examples of breaking security protocol is data exfiltration. This involves company data being sent to an external, unauthorised recipient, and can occur by accident or maliciously, like the 2019 case in which an employee sold 68,000 customer records to scammers.
Tessian Enforcer detects and prevents data exfiltration attempts by analysing historical email data to understand what is and isn’t ‘normal’ for every employee, blocking email sends to suspicious, unauthorised recipients.
People can be deceived
Cyber criminals have shifted their focus over the last decade, no longer gaining access to company networks through brute force hacking, and instead manipulating employees into opening the door for them.
With attacks like phishing, business email compromise and social engineering tricking employees through tactics of impersonation, persuasion and urgency, employees can end up unknowingly downloading keylogger malware or ransomware, submitting their credentials into spoofed login pages, transferring payments to unauthorised accounts, and more.
Tessian Defender detects and prevents never-before-seen attacks and advanced spear phishing attacks like BEC, CEO Fraud, and Account Takeover in real-time by analysing hundreds of data points within email headers, body text, and attachments. Employees are alerted, security are notified, and administrators can add domains to a denylist with a single click.
Interested in learning more about Tessian?
Download Tessian’s Human Layer Security Platform Overview for more information about the solutions discussed in this article, or get in touch with our team today to schedule a more personalised online demonstration.