Despite its overarching prevalence in our lives, email might still conjure up notions of office-wide round-robins, placeholders, and other corporate hallmarks, as well as phraseology like ‘hope you’re well’, ‘all the best’, and other sayings rarely uttered aloud.
But at its core, email is increasingly a digital identification system, and a communications medium that carries with it a certain level of implicit trust, bar the obvious frauds asking for a money transfer out of the blue, or outright scams.
Founded in 2013 by Tim Sadler, Edward Bishop and Thomas Adams, three former engineers who worked in the financial sector – including stints with HSBC and RBS – Tessian started life as CheckRecipient – an allusion to its email scanning roots. Tessian then launched its first product just shy of three years ago, in September 2016, with Tessian Guardian, which aims to prevent compromise through direct emails.
Perhaps similarly to other (admittedly perimeter or network-focused cyber startups in the UK) Tessian’s model combs through historical email data to analyse the email traffic flow of an organisation, which Tessian then trains its algorithms upon.
“On every email you’re sending, we can then understand and predict whether the email looks like it’s appropriate for the recipient you’re sending it to,” says Tessian cofounder and CEO Tim Sadler, speaking with Techworld by phone. “In this scenario – if you’re sending something inappropriate to the recipient – we’ll then present a pop-up notification and the user can correct the mistakes… We’re the only people in the world taking that approach to preventing data loss on email.”
Since then, the company has expanded its portfolio with further features designed to stem email-based data exfiltration. Last year it launched Tessian Defender, which analyses incoming emails and is largely focused on preventing spearphishing attacks within organisations – the kind of fraud that is targeted at high-worth individuals. In late 2018 it emerged that one group had built a list of 50,000 chief executives to point their attacks towards.
Cyber seat belts and airbags
Sadler compares the safety measures Tessian provides to those you today see included in every car by law, such as airbags and seat belts.
“If you look at how most organisations are securing the human layer today, they use policies,” says Sadler. “They tell people how to behave, and they always use training. They try to educate people how to behave. But ultimately, they’re relying on their people doing the right thing from a security perspective 100% of the time.
“In the same way that we expect our cars to have seat belts and airbags, even though we have passed our driving tests and we know the highway code, we think enterprises need to adopt technology – to protect people, not just to rely on training them or telling them how to behave.”
And while new forms of instant messaging and collaboration platforms such as Microsoft Teams and Slack are picking up in the workplace, email usage is showing no signs of slowing down – in fact, it is projected to grow. Add to this that many people are beginning to use their email platforms as a kind of archive of record – or a digital filing cabinet – and protecting these assets is even more vital than ever.
Managing rapid growth
Speaking of Tessian’s performance at Techworld’s techies 2019 awards show in London, where the British startup won the award for Best Security Technology of the Year, Sadler says that this – along with the company’s general success in recent years – is “attributable to every single employee that we have at the company”.
“I think one of the biggest challenges we’ve had is we’ve grown exponentially in the past few years,” he adds. “When you’re growing that quickly it’s really important to make sure that you retain the most important thing, which is really the culture of the organisation.
“You’re trying to align people to a shared sense of mission, and you’re trying to create an environment that people feel like they’re doing the best work of their careers.”
While many IT jobs are an employees’ market at present, this is especially true of cybersecurity, where businesses have to work hard to retain talent.
“For me as a CEO, there’s two things I care deeply about,” Sadler explains, “making sure that people understand and are aligned with our mission, and also that people love coming to work.
“That’s been one of the key challenges: it’s easy to have a shared sense of mission and culture when you’re 15 people working around literally the same table, and you get lunch together every single day. But when you’re 150 people – which is the size we’re at right now – that’s more difficult: you need to start thinking of new ways to scale culture and also to communicate the mission and vision for the rest of the company.”
In terms of financial reward this includes making sure Tessian employees are stakeholders – all receive stock option. But also, says Sadler, people are ultimately “attracted to organisations where they can work with other great people”.
“We’ve really always had that in mind – every person that we’re hiring needs to add to our overall culture as an organisation,” he says. “The second thing is making sure people are aligned to our sense of mission and believe in what we’re doing… and they feel that they are building something that they believe in.”
The company recently raised $42 million (£33 million) in a Series B funding round, led by American firm Sequoia Capital, and accompanied by other existing investors Balderton Capital, Accel Partners and LocalGlobe. The funding, Sadler said at the time, valued the company at “well over $100 million,” Bloomberg reports.
The new round of capital, Sadler tells Techworld, puts the company in a good position to be in an “execution phase” for 2019 and 2020.
“Really what we’re focused on at the moment is scaling go-to-market,” says Sadler. “Hiring new salespeople, marketing people, and expanding our distribution throughout the world.
“Then on the other side we’re investing heavily in research and development as well, so looking at ways in which we can prove our existing product offering but then also develop new products and services we can offer to our customers.”
Britain’s cybersecurity startup scene
A series of high-profile cybersecurity incubators including Cylon (of which Tessian is an alumni) and those run by the NCSC in collaboration with Wayra, have helped push Britain’s cyber startups onto the world stage. Cyber unicorn Darktrace, which has gone from strength to strength, probably also helped, not to mention a concerted push by government to foster security research and startups within Britain.
Sadler believes that the UK is a “phenomenal place” for technology startups at the moment, and that it will continue to be.
“I think cybersecurity really shows the quality of companies that are based in the UK at the moment, that are building world-class cybersecurity products and platforms,” he says. However, Britain could be doing more to promote itself on the world stage in cyber.
“As with many things in the UK, we’re kind of reserved about our expertise and how great we are, and frankly, we need to do a bit more chest-beating, telling the world about the great companies that we have here,” says Sadler, pointing to Israel as a model of a country which has been effective at promoting early-stage cyber companies.
“I think the UK certainly has more work to do there. But I do think if you look at the underlying quality of companies being built here – it is pretty phenomenal.”