PhishMe® Acquired by Private Equity Syndicate and Rebrands as Cofense™

The Deal Valuing the Company at $400 Million Reinforces the Company’s Unique Vision, Innovation, and Execution

LEESBURG, VA. – February 26, 2018 PhishMe®, the leading provider of human-driven phishing defense solutions world-wide, today announced that the company has been acquired and has changed its name to Cofense™. The acquisition by a private equity consortium valued the company at $400 Million.

“PhishMe was founded to challenge the cliché that people are the weakest link in security. Our 1700+ enterprise and mid-market customers affirm that not only can their employees be conditioned to be less susceptible to cyber-attacks, but, in fact they can be turned into sensors that provide very timely intelligence,” said Rohyt Belani, CEO and Co-Founder of Cofense. “The Cofense solution set leverages internal employee-generated attack intelligence in concert with purpose-built response technologies to break the attack kill chain at delivery. Cofense reflects the full breadth of our portfolio of enterprise-wide attack detection, response, and orchestration solutions.”

Cofense now has the added backing of multiple private equity firms to support future innovation via organic and inorganic growth initiatives. With hundreds of enterprise customers in more than 50 countries and across 23 industry verticals, Cofense will continue to deliver leading solutions in phishing defense by offering solutions that sit at the intersection of human intelligence and technology.

“This acquisition further strengthens the alignment between our management team, employees, and investors as we focus on building an enduring company,” continued Rohyt Belani. “With cybersecurity a top priority for organizations everywhere, our goal is to continue bringing innovative products to markets around the globe to help stop active attacks faster than ever.”

The new identity and acquisition comes on the heels of another year of explosive growth for the company, with major milestones including:

  • Approximately 80% revenue CAGR over the last four years.
  • PhishMe Reporter® deployments on over 10 million end users’ work stations.
  • Launch of an industry-first free simulation tool, PhishMe Free™, geared towards the SMB market
  • Continued global expansion with new offices opening in Australia, Singapore, and Dubai.
  • Expanded partnerships through its Technology Alliance Program (TAP), adding 14 of the world’s leading security providers as partners to help customers maximize their return on investment.

Cofense’s unique approach and stellar management team won a number of industry accolades in 2017, including:

  • Being positioned as a leader in the 2017 Gartner Magic Quadrant for Security Awareness Computer-Based Training.
  • Ranked for a third year running in the Deloitte Fast 500.
  • Recognized as a 2017 Fastest Growing Company and a Best Place to Work by Washington Business Journal.
  • PhishMe CEO and Co-Founder, Rohyt Belani, received the EY Entrepreneur of The Year® Award in the Security category in the Mid-Atlantic region, was named a 2017 Washington Business Journal 40 under 40 honoree, and a 2017 Tech Titan by Washingtonian Magazine.
  • PhishMe CTO and Co-Founder, Aaron Higbee, was named a 2017 Loudoun Business Journal 40 under 40 honoree, and a 2017 Tech Titan by Washingtonian Magazine.

Cooley LLP served as Cofense’s outside legal counsel, and Boston Meridian served as the company’s financial advisor for the acquisition. Learn more at phishme.com.

About Cofense

Cofense™, formerly PhishMe®, is the leading provider of human-driven phishing defense solutions world-wide. Cofense delivers a collaborative approach to cybersecurity by enabling organization-wide engagement to active email threats. Our collective defense suite combines timely attack intelligence sourced from employees with best-in-class incident response technologies to stop attacks faster and stay ahead of breaches.  Cofense customers include Global 1000 organizations in defense, energy, financial services, healthcare and manufacturing sectors that understand how changing user behavior will improve security, aid incident response and reduce the risk of compromise.

About Cooley LLP

Clients partner with Cooley on transformative deals, complex IP and regulatory matters, and high-stakes litigation, where innovation meets the law. Cooley has 900 lawyers across 12 offices in the United States, China and Europe. Cooley partner Andy Lustig led the M&A team advising Cofense.

About Boston Meridian

Boston Meridian is an innovative investment bank focused on providing leading M&A and capital raising advisory services to growth companies. We provide senior partner focus to achieve rapid and successful results for our clients, unlocking the strategic value of technology.

PhishMe is now Cofense.

On February 27th 2007, while on the phone with my friend and co-founder Rohyt Belani, I typed the name phishme.com into GoDaddy™. We couldn’t believe our good luck and immediately registered it. As the co-founder who named this company PhishMe®, the emotional attachment is real. Somewhere in the pile of entrepreneurial startup books, I have a branding book that suggested your name is a vessel that should be big enough to carry your future products and services. We outgrew that boat quite some time ago.

Italian DHL-Themed Phishing leads to Ursnif, Spambot

PhishMe Intelligence™ recently intercepted a subtle, DHL-spoofing campaign delivering a heavily-obfuscated JavaScript file. When executed, this JavaScript file downloads and runs a variant of the Ursnif/Gozi-ISFB trojan. Ursnif, in addition to its banker and stealer pedigree, acts as a downloader to serve a nasty surprise to the infected system. This is the first time PhishMe Intelligence has observed Ursnif actively delivering a spambot onto an infected system. Given Ursnif’s usually stealthy tendencies, it is somewhat unusual to see such a pairing.

City, University of London, selects PhishMe to provide the highest degree of phishing and ransomware protection

University employs human behavioural conditioning techniques designed to build student and staff resilience to phishing

LONDON – February 13th, 2018 – Today, PhishMe®, the leading provider of human-focused phishing defence solutions, announced it has been selected by City, University of London to empower over 20,000 staff and students to be an active line of defence and source of attack intelligence in its fight against cybercrime. The university will deploy a dynamic suite of PhishMe solutions – PhishMe Simulator®, PhishMe Triage™ and PhishMe Reporter® – as part of a three-year programme.

Universities are being hit by hundreds of successful cyberattacks every year, with more than 1,152 intrusions into UK networks recorded in 2016-2017*. Massive, constantly changing populations of students and staff with many different endpoints are enough to tempt cybercriminals wanting to get their hands on valuable intellectual property and data that can be sold to the highest bidder. For City, improving defences against email-based phishing attacks, in particular, has formed a critical part of its overall strategy.

City engaged PhishMe in mid-2017, who ran a scenario during the annual freshers’ week to provide an indication of how susceptible they could be to phishing attacks. The results from the initial simulation showed a concerning susceptibility rate which was enough to convince the university that it needed PhishMe’s expertise in conditioning users to be more effective at identifying, reporting and mitigating phishing threats. PhishMe’s analytical data and one-touch reporting mechanism has been swiftly integrated into the university’s existing incident management system.

“Today, improving the security posture of the organisation can be found in the top two items of almost every CIO and CISO’s agendas,” says Claire Priestley, Director of Information Technology at City, University of London.

“When we launched the latest Information Security Strategy last year, PhishMe was an easy choice to augment our underpinning programme of information security initiatives. Our user community numbers at least 20,000 at any given time. The rapid growth in ransomware contained in phishing emails across all sectors last year necessitated a solution that would help us quickly and effectively build awareness, provide targeted training solutions and offer a one-touch reporting mechanism that integrated easily with our incident management system.”

“With access to cutting-edge research and users who have a high degree of susceptibility to phishing tactics, universities present a lucrative target for threat actors,” said Rohyt Belani, CEO & Co-Founder, PhishMe. “For staff, a constant stream of new students can make it difficult to pinpoint suspicious emails, while students are often not fully incorporated into the organizational infrastructure and will not have had basic awareness training which might have raised resilience to phishing attacks. Employing human-focused conditioning techniques is therefore an effective approach for educational institutions such as City, University of London, looking to dramatically improve detection and responses to potential security threats.”

For the university, the ability for users to report threats in real-time is just as important to improving their incident response efforts as the conditioning of those users to recognize real phishing threats as they appear.

Claire Priestley added: “Rapid reporting and identification means we can deliver a faster response, and the additional analytics provide invaluable data to help further develop our security intelligence and target our training support to the users that need it most, at the optimum times.”

PhishMe has experienced strong international growth over the past twelve months, with market expansion in Australia, Japan and across EMEA and META regions. Headquartered in Leesburg, Virginia, the company currently operates from 8 office world-wide offices including its EMEA headquarters and regional Phishing Defense Center in London. In the UK, PhishMe has seen strong demand for its human-focused anti-phishing solutions from organisations in the public sector, finance and education.

 

For more information on PhishMe’s security awareness training and phishing defence solutions, please visit https://phishme.com.

*Source: BBC News, http://www.bbc.com/news/technology-41160385

 

About City, University of London

City, University of London is a global higher education institution committed to academic excellence, with a focus on business and the professions and an enviable central London location.

City’s academic range is broadly-based with world-leading strengths in business; law; health sciences; mathematics; computer science; engineering; social sciences; and the arts including journalism and music.

City has around 19,500 students (35% at postgraduate level) from more than 150 countries and staff from over 75 countries.

In the last REF, City doubled the proportion of its total academic staff producing world-leading or internationally excellent research.

More than 130,000 former students from over 180 countries are members of the City Alumni Network.

The University’s history dates from 1894, with the foundation of the Northampton Institute on what is now the main part of City’s campus.  In 1966, City was granted University status by Royal Charter and the Lord Mayor of London became its Chancellor.  In September 2016, City joined the University of London federation and HRH the Princess Royal became City’s Chancellor.

Led by President, Professor Sir Paul Curran since 2010, City has made significant investments in its academic staff, its estate and its infrastructure and continues to work towards realising its vision of being a leading global university: it has recently agreed a new Vision & Strategy 2026.

About PhishMe

PhishMe is the leading provider of human-focused phishing defence solutions for organisations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defence by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organisation’s security decision-making process. PhishMe’s customers include the defence industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behaviour will improve security, aid incident response and reduce the risk of compromise.

PhishMe Attains SOC 2 Type I Compliance Across PhishMe Simulator and hosted PhishMe Triage Product Offerings

LEESBURG, VA. – February 9th, 2018 – PhishMe®, the leading provider of human phishing defense solutions, today announced it has successfully completed a Service Organization Controls (SOC) 2 Type I examination across the PhishMe Simulator® and hosted PhishMe Triage™ product lines, which help organizations address the human sources of risk associated with phishing attacks.

Created for entities operating in the booming technology and cloud computing sector, SOC 2 compliance is an industry standard in data security compliance. In pursuit of this industry-leading certification, organizations undergo a rigorous analysis that can include the following trust services criteria: security, availability, processing integrity, confidentiality and privacy.

“Achieving this certification demonstrates our continued commitment and investment in larger compliance efforts to exceed enterprise standards and expectations with respect to data security,” said Aaron Higbee, CTO and co-founder of PhishMe.

Coalfire Controls, LLC, an independent CPA firm, conducted the audit of PhishMe Simulator and hosted PhishMe Triage product lines, testing the suitability of design of controls, with a focus on security, availability and confidentiality principles in line with strict criteria.

 “In an ever-evolving market of cybersecurity offerings, it is essential that organizations are able to clearly demonstrate that their solution meets SOC 2 criteria, an industry standard in data security compliance,” notes Chris Beiro, Director, SOC Practice, Coalfire. “Coalfire examined PhishMe solutions and found that controls were suitably designed to meet the applicable trust services criteria.”

The purpose of SOC standards are to help provide confidence and peace of mind for organizations and their third-party partners. PhishMe earned the SOC 2 certification because it has sufficient policies and strategies that are designed to satisfactorily protect their customers’ data.

For more information on PhishMe, visit: https://phishme.com/.

 

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report and mitigate spear phishing, malware and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision-making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare and manufacturing industries, as well as other Global 1000 entities that understand how changing user security behavior will improve security, aid incident response and reduce the risk of compromise.