Last week, Tessian was at RSA 2020 in San Francisco. While this was only my fourth month at Tessian, this was my ninth year at the annual cybersecurity conference, which I’ve previously attended on behalf of Mimecast, Proofpoint, and Cofense when I was part of their respective teams. 

Last year the agenda was very much focused on automation, machine learning (ML), and artificial intelligence (AI), but this year, the theme was much more…human. More specifically, it was the Human Element.

What is The Human Element?

This theme, of course, resonates with all of us here at Tessian. After all, it’s why we’ve created Human Layer Security. 

Humans and our propensity to break the rules, make mistakes, and get hacked are the foundation for everything we do at Tessian. We believe humans are an organization’s biggest asset, so long as they are empowered to make smart security-related decisions. 

But, how do you actually enable and empower people to make those smart security-related decisions? How do you actually protect the Human Element? 

While Tessian is clear and confident that stateful machine learning is the most effective way to protect the Human Layer, it seemed like a lot of other vendors relied on strong messaging alone to align with this year’s RSA theme and didn’t necessarily have the technology or functionality to back that messaging up.

The Human Element Applies to Both Inbound and Outbound Threats

If you look at cybersecurity historically, solutions have been focused on protecting networks, endpoints, and devices. You know, machines.

But phishing isn’t a machine or technology-related problem. It’s a human problem. Sure, we can use spam filters or Secure Email Gateways (SEGs) to mitigate the risk, but it’s inevitably people that are both behind the attacks and the last line of defense.

What about awareness training and phishing simulations? While this type of solution may have a positive effect in the short-term, the immediate gains wane over time as people forget the training and revert back to old behaviors. Tessian even published a report examining this problem.

Phishing is – and has been – a hot topic and the inbound space is crowded with vendors that claim to protect organizations from this type of attack. But, the Human Element isn’t limited to inbound threats. It’s just as – if not more – relevant to outbound threats.

Misdirected emails, insider threats, accidental data loss…these are all human problems that not only rely on people being aware of security policies and best practice, but also rely on people doing the right thing 100% of the time. This is a tall order when they are in control of more sensitive data and systems than ever before.

Unfortunately, to err is human. And that – in a nutshell – is the problem. Humans will make mistakes. Humans will break the rules. Humans will get tricked or hacked.

Visibility is Key

Fundamentally, CISOs and other IT decision-makers understand this, but they may not have always understood exactly how big of a problem the issue of human error is. And, in my experience, visibility of the scope of the problem is the lifeblood to any cybersecurity strategy or framework. 

Vendors know this, which is why we see so much messaging focused on fear-mongering; messaging focused on the size and scale of the problem with alarming stats that seem to only be trending upwards. We’ve been guilty of this in the past, too.

But CISOs are tired. They want strong solutions, not strong messaging.

Strong Messaging Doesn’t Solve Cybersecurity Challenges

It’s safe to say – especially given this year’s theme – that today, the cybersecurity industry and professionals within the industry have started to wise up to the problem of human error beyond phishing. In particular, they understand the challenges and consequences associated with accidental data loss and data exfiltration, and are beginning to have visibility of the scope of these problems, too.

But they have very few solutions.

While a lot of vendors shouted about the Human Element this year, their product offering hasn’t changed since last year, when they were shouting about AI, ML, and automation. 

SEGs and other cybersecurity solutions don’t suddenly empower employees to inspect and identify threats with 100% accuracy just because their messaging is now more people-focused than it has been historically. Actually solving problems related to the Human Element takes innovation and disruptive technology that challenge widely-accepted – albeit ineffective – approaches that have previously been classed as best practice. A new tagline isn’t enough.

The Future of People-Focused Cybersecurity Solutions

Cybersecurity is a broad, expansive industry that seeks to solve an incredible range of problems. There are firewalls, web applications, password managers, sandboxes, and simple spam filters and new start-ups are cropping up nearly every single day claiming to solve for one or more of these problems.

Why? Because the industry is one of the most important today given the digital landscape and is incredibly valuable because of that. In fact, the global cybersecurity market has grown 30x in the last 13 years and the industry received record venture capital investment in 2019. 

But, growth is only good if we as an industry look at the problems we’re solving holistically. If we collectively recognize the Human Element is a challenge we’re up against, the next generation of cybersecurity solutions have to take a new approach to protecting human-digital interactions.

Tessian is doing just that by creating Human Layer Security, a new category in the industry. We protect people on email from both inbound and outbound threats with stateful machine learning. 

It’s not just messaging, it’s our genuine product offering. 

Interested in how Tessian’s Human Layer Security platform can protect your data by protecting your Human Element? Book a demo now.