PhishMe raises $13m to train enterprise staff in phishing detection

Could drafting in specialist training prevent company employees from falling for phishing campaigns?


PhishMe, a cybersecurity training provider, has raised $13 million in a Series B round of funding.

Phishing campaigns, emails and malicious web pages designed to dupe a user into handing over sensitive data, can cause chaos for businesses when employees fail to detect them. Malware payloads can be sent into corporate networks, systems can be damaged and sensitive information can be lost.

As with all cybersecurity threats, phishing campaigns are in a continual state of evolution -- jumping from long-lost uncles in Africa who want to give you money to fake emails sent by hackers pretending to be your CTO -- and the knowledge of how to detect these threats is become a critical factor in keeping business networks safe.

PhishMe trains employees in the enterprise to detect and avoid falling prey to phishing campaigns through consistent training, including spear phishing tests and a Software-as-a-Service (SaaS) platform.

On Thursday, the company announced a successful Series B funding round which raised a total of $13 million. PhishMe's original funding round raised $2.5 million, which brings investment in full to $15.5 million.

Paladin Capital Group and Aldrich Capital Partners were among the participants of the latest funding round.

The security vendor plans to use the funds to support company growth as well as develop and launch "a new product in the next several weeks that will go beyond just training," according to Rohyt Belani, CEO and co-founder of PhishMe. Speaking to eWeek, the executive said the new product's goal is to "bust the myth that humans are the weakest link in security," -- which is potentially quite the challenge to undertake.

Often, humans appear to be the weak links. From falling for phishing campaigns or social engineering techniques to connecting malware-ridden personal devices to corporate networks, employees often unwittingly provide the hook for cyberattacks to take place in the enterprise. Businesses can mitigate these risks by training staff -- as knowledge and technology can improve network security -- but nothing is foolproof.

Belani commented:

"We have found that humans can be the strongest asset for enterprise security. As people get conditioned to recognize phishing attacks, they want to be helpful and they want to report suspicious emails, as they see them in their inbox."

PhishMe accounts for over 100 employees and caters to hundreds of enterprise clients.

Read on: In the world of security

Read on: Fixes and Flaws