This is a transformative shift away from the traditional, one-size-fits-all approach to user security awareness training, which businesses spend over $290,000 and 276 hours on each year.
Training only works when it resonates with the person receiving it. By understanding the areas in which certain employees face specific security challenges, the Human Layer Risk Hub enables security and risk management leaders to provide bespoke training, protection or processes based on an individual's or business department’s unique risks. This tailored, real-time feedback continuously educates employees about threats, reinforces company policies, and drives people toward safe email behavior.
This is especially important today; human error and poor email security decisions are leading causes of data breaches. Until now, security teams have often lacked visibility into threats posed by employees, and struggled to know where to invest resources to mitigate these risks and provide help to staff who need it most.
With the Human Layer Risk Hub, security leaders can now define, quantify, mitigate, and reduce human layer risks by understanding what’s driving risk in their organization and whether specific users or departments are disproportionately contributing it.
It works by creating individual risk profiles for every employee in an organization, using a range of signals that are hidden within email data and are detected by Tessian’s advanced machine learning models. Signals such as employees’ email usage patterns, relationship graphs, and security decisions on historic and real-time emails provide insight into which employees are targeted most by phishing attacks, which are the most careful or careless with data, and which are more likely to deal with sensitive data over email, for example.
These signals are combined to build a Behavioral Intelligence Model (BIM) for each employee and are applied across five risk drivers - accidental data loss, data exfiltration, social engineering, sensitive data handling and security awareness - to generate individual risk scores.
The BIM and security risk scores are dynamically updated, decreasing when an employee makes a correct security decision and increasing when they do something risky, such as clicking on a phishing email or sending company data to personal email accounts. When risky or anomalous email behavior is detected, Tessian alerts the individual to the threat in-the-moment, advising them on what to do.
Risk scores and drivers are aggregated at employee, department, and company-level and are benchmarked against peers.
With this level of insight, security and risk management leaders can quickly and easily identify employees or employee groups who require a refresh of security policies, extra training, or tighter access controls. Tessian intelligently, and automatically, proposes actions that teams can take within the Tessian platform to improve security awareness, change behaviors, and drive risks down.
In addition, CISOs can effectively measure and report on their company’s overall progress of risk reduction, while also demonstrating ROI to the board, thanks to audit logs which provide defensible proof against data breaches.
Ed Bishop, Chief Technology Officer and co-founder of Tessian: “Following conversations with our customers, it’s clear that they not only want visibility of the human layer risks in their organization, but they also want to know how they can continuously lower that risk over time.
“We believe that to properly understand your company’s overall risk, you need to understand the behavior of each of your employees. By doing so, we’ve created a solution that gives security and risk managers full visibility into human layer risks plus the tools they need to mitigate threats and nudge employees towards adopting safe security practices on email. The Human Layer Risk Hub will be critical to managing human layer risk; the central operating system for securing the human layer.”