PhishMe Adds New Modules to CBFree to Help All Organizations Thwart Ransomware and Business Email Compromise

Leesburg, VA – May 3, 2017 – PhishMe (cofense.staging.wpengine.com), the leading provider of human-phishing defense solutions, today announced the availability of five new interactive modules for its complimentary computer-based training (CBT) program, CBFree. Unlike any other security awareness training programs on the market, CBFree is a unique, high-quality, and interactive experience that provides employees with free security awareness training for today’s top cybersecurity threats, including malware and spear-phishing.

EY Announces PhishMe CEO Rohyt Belani as Entrepreneur Of The Year 2017 Mid-Atlantic Award Finalist

Tysons, VA, April 25, 2017 – EY today announced that CEO and co-founder Rohyt Belani of PhishMe is a finalist for the Entrepreneur Of The Year® 2017 Award in the Mid-Atlantic region. The awards program, which is celebrating its 31st year, recognizes entrepreneurs who are excelling in areas such as innovation, financial performance and personal commitment to their businesses and communities. Rohyt Belani was selected as a finalist by a panel of independent judges. Award winners will be announced at a special gala event on June 15, 2017 at the Ritz-Carlton, Tysons Corner.

PhishMe Appoints Mel Wesley as Chief Financial Officer

Industry Veteran to Position PhishMe for Continued Global Expansion and Explosive Growth

Leesburg, VA – March 30, 2017 – PhishMe® (cofense.staging.wpengine.com), the leading provider of human-phishing defense solutions, appointed technology industry veteran Mel Wesley to head up its finance department as the company’s new Chief Financial Officer (CFO). As PhishMe’s CFO, Wesley will shepherd the company as it continues to grow aggressively, capitalizing on the burgeoning demand for its solutions that thwart cyber attackers in their tracks.

Ransomware Leads in Growth and Impact While Hackers Remain Committed to Data Theft

PhishMe’s 2016 Malware Year in Review analysis shows fast growth of Ransomware while hackers continue to quietly attempt to steal data

LEESBURG, VA – March 14, 2017: PhishMe Inc., the leading provider of human phishing defense solutions, today released findings showing that while Ransomware delivered the greatest impact and growth in 2016, threat actors continue to attempt data breaches and theft.

PhishMe Wins Four 2017 Info Security Products Guide Global Excellence Awards®

PhishMe Wins for Best Security Service, Best Deployment in the U.S. and Top CEO and CTO Categories

LEESBURG, VA – March 3rd, 2017PhishMe, the leading provider of human-phishing defense solutions, was recently honored with four 2017 Info Security Products Guide Global Excellence Awards®, winning in every category in which it was a finalist. These prestigious global awards, put on by the industry’s leading information security research and advisory guide, recognize security and IT vendors with advanced, ground-breaking products and solutions that help set the bar higher for others in all areas of security and technologies. More than 40 judges from a broad spectrum of industry voices from around the world weighed the nominations, and their average scores determined the 2017 Global Excellence Awards finalists and winners. 

PhishMe Reports Explosive Growth: Annual Run Rate Approaches $50 Million

Continued Growth Driven by Innovative Offerings and Strong Execution

 LEESBURG, VA January 31, 2017: PhishMe Inc., the leading provider of human phishing defense solutions, today announced another year of record growth, with Annual Run Rate (ARR) approaching $50 million. PhishMe’s more than 300 employees now serve 1,200 enterprise customers world-wide to defend against cybercriminals, hacktivists and state-sponsored hackers.

Employee reporting of suspicious emails substantially outweighs susceptibility to attacks

Following a thorough analysis of 40 million phishing simulation emails, PhishMe’s latest research measures global susceptibility and resilience to phishing threats

 LEESBURG, VA December 13th, 2016: PhishMe Inc., the leading provider of human phishing defense solutions, today released its 2016 Enterprise Phishing Susceptibility and Resiliency Report, which illustrates employee susceptibility to phishing emails and resilience improvements when engaged in security reporting. With phishing still the most common cyber-attack vector leading to data breach, the report analyzes the most successful triggers, themes and emotional motivators leading employees to fall for phishing emails, as well as how reporting can drive a decrease in time to attack detection from days to minutes.

The PhishMe research teams analyzed data compiled from over 40 million phishing simulations performed between January 2015 and July 2016. Responses were gathered from a sample of over 1,000 PhishMe customers across the globe, including Fortune 500 and public sector organizations from 23 industry verticals. Published today, PhishMe’s 2016 Enterprise Phishing Susceptibility and Resiliency Report identified the following insights:

  • Business context phishing simulation emails still the most challenging: Office communications and finance-related themes generated the highest susceptibility rates, with 19.9 percent and 18.6 percent respectively, driven by sentiments of curiosity, fear and urgency.
  • Reporting outweighs susceptibility to phishing: Over a relatively short amount of time, reporting rates bypass susceptibility rates when at least 80% of the company has been conditioned to identify and empowered to report suspicious emails.
  • Active reporting can significantly decrease breach detection times: Samples analyzed show reporting of suspicious emails reduced security team response time to approximately 1.2 hours over the currently industry average of 146 days to detect a security breach.

PhishMe’s analysis revealed that business or office-related phishing emails proved to be the most effective simulations, as well as the most difficult for users to recognize and report. Phishing emails with sentiments of curiosity, fear and urgency scored the highest percentage in average response rates, suggesting that employees are at risk of increased susceptibility to phishing campaigns that include an emotional pull, even at a subconscious level.

“Our analysis shows that continued exposure to simulations lowers the chance of an employee falling for a phishing email – the key being consistent exposure,” stated Aaron Higbee, Co-Founder and CTO at PhishMe. “Once employees are conditioned to identify phishing attacks, our data shows that reporting them to the IT Security team starts to outweigh organizational susceptibility.  It only takes one employee to report a targeted attack to give incident response teams a chance to stop a potential data breach. Armed with this new data, we hope that more CISOs focus their attention on the ratio of Report-To-Click instead of dwelling on susceptibility metrics.”

The 2016 Enterprise Phishing Susceptibility and Resiliency Report also analyzes variances in phishing simulation response by themes, emotional triggers, and average response rates per industry. In looking at one particular type of phishing email type, the “file from scanner” scenario generated the highest number of response rates in the transportation sector at 49 percent, followed by healthcare at 31 percent and insurance at 30 percent. On the other hand, the non-profit sector scored the lowest response rate, at a 5 percent.

“Understanding what motivates your employees to open or fall for a phish is a critical step in building their resiliency to attacks and enabling faster incident response” continued Higbee “At its core, a phishing simulation program allows organizations to assess, measure, educate and empower all employees about phishing threats while creating a wider net of human sensors to help reduce the risk of a full-blown data breach.”.

 

To download a full copy of the 2016 Enterprise Phishing Susceptibility and Resiliency Report, click here.

Ransomware Delivered by 97% of Phishing Emails by end of Q3 2016 Supporting Booming Cybercrime Industry

PhishMe Q3 Malware Review finds encryption ransomware has hit record levels, while ‘quiet malware’ remains a significant threat

 LEESBURG, VA November 17, 2016: PhishMe Inc., the leading provider of human phishing defense solutions, released findings today that show the amount of phishing emails containing a form of ransomware grew to 97.25 percent during the third quarter of 2016 from 92% in Q1. Remaining at the forefront is the Locky encryption ransomware, which has introduced a number of techniques to resist detection during the infection process.

Published today, PhishMe’s Q3 2016 Malware Review identified three major trends previously recorded throughout 2016, but have come to full fruition in the last few months:

  • Locky continues to dominate: While numerous encryption ransomware varieties have been identified in 2016, Locky has demonstrated adaptability and longevity
  • Ransomware encryption: The proportion of phishing emails analyzed that delivered some form of ransomware has grown to 97.25 percent, leaving only 2.75 percent of phishing emails to deliver all other forms of malware utilities
  • Increase in deployment of ‘quiet malware’: PhishMe identified an increase in the deployment of remote access Trojan malware like jRAT, suggesting that these threat actors intend to remain within their victims’ networks for a long time

During the third quarter of 2016, PhishMe Intelligence conducted 689 malware analyses, showing a significant increase over the 559 analyses conducted during Q2 2016. Research reveals that the increase is due, in large part, to the consistent deployment of the Locky encryption ransomware. Locky executables were the most commonly-identified file type during the third quarter, with threat actors constantly evolving the ransomware to focus on keeping this malware’s delivery process as effective as possible.

“Locky will be remembered alongside 2013’s CryptoLocker as a top-tier ransomware tool that fundamentally altered the way security professionals view the threat landscape,” explained Aaron Higbee, CTO and Co-founder, PhishMe. “Not only does Locky distribution dwarf all other malware from 2016, it towers above all other ransomware varieties. Our research has shown that the quarter-over-quarter number of analyses has been on a steady increase, since the malware’s introduction at the beginning of 2016, and thanks to its adaptability, is showing no signs of slowing down.”

While ransomware dominates the headlines, the Q3 PhishMe Malware Review reveals that other forms of malicious software delivered using remote access Trojans, keyloggers and botnets still represent a significant hazard in 2016. Unlike ransomware, so-called ‘quiet malware’ is designed to avoid detection while maintaining a presence within the affected organization for extended periods of time. While only 2.75 percent of phishing emails delivered non-ransomware malware, the diversity of unique malware samples delivered by these emails far exceeded that of the more numerous ransomware delivery campaigns.

Rohyt Belani, CEO and Co-founder of PhishMe added, “The rapid awareness and attention on ransomware has forced threat actors to pivot and iterate their tactics on both payload and delivery tactics. This sustained tenacity shows that awareness of phishing and threats is not enough. Our research shows that without a phishing defense strategy, organizations are susceptible to not just the voluminous phishing emails used to deliver ransomware, but also the smaller and less-visible sets of emails used to deliver the same malware that has been deployed for years. Only by preparing for these attacks is it possible to empower users to act as both human sensors for detecting attacks and partners in preventing threat actors from succeeding.”

To download a full copy of the Q3 2016 Malware Review, click here.

 

Connect with PhishMe Online

 About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

PhishMe Ranked No. 152 Fastest Growing Company in North America on Deloitte’s 2016 Technology Fast 500™

Company Attributes Massive Revenue Growth to its Unique Approach to Preventing and Mitigating Cyber Attacks

Leesburg, VA – November 17, 2016 – PhishMe, a global provider of phishing defense and intelligence solutions for the enterprise, today announced it ranked No. 152 on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America based on revenue growth. PhishMe grew 564.1 percent over the last three years, as enterprises implement its suite of products to mitigate cybersecurity threats.

“The  unprecedented increase in frequency and damage caused by cyberattacks in the recent past has created a demand for innovative defensive solutions that can adapt to the attackers changing tools and techniques,” said Rohyt Belani, PhishMe CEO. “Our dogged focus on innovation followed through with strong execution have supported the company’s explosive growth over the last three years. We are honored to be recognized on this coveted list by Deloitte.”

“Today, when every organization can be a tech company, the most effective businesses not only foster the courage to explore change, but also encourage creativity in using and applying existing assets in new ways, as resourcefully as possible,” said Sandra Shirai, principal, Deloitte Consulting LLP and U.S. technology, media and telecommunications industry leader. “This ingenious approach to innovation calls for the encouragement of curiosity and collaboration both within and outside the office walls.”

“This year’s Fast 500 winners showcase that when organizations are open to diverse perspectives and insights, they are able to create an environment for their employees and customers to see the possibilities and ingenious solutions that might lie ahead,” added Jim Atwell, national managing partner of the emerging growth company practice, Deloitte & Touche LLP. “Entrepreneurial environments foster change and innovation within businesses, and we look forward to watching these companies continue to drive change across all sectors.”

PhishMe, Inc. previously ranked number 99 as a Technology Fast 500™ award winner for 2015. Overall, 2016 Technology Fast 500™ companies achieved revenue growth ranging from 121 percent to 66,661 percent from 2012 to 2015, with median growth of 290 percent.

About Deloitte’s 2016 Technology Fast 500™

Deloitte’s Technology Fast 500 provides a ranking of the fastest growing technology, media, telecommunications, life sciences and energy tech companies – both public and private – in North America. Technology Fast 500 award winners are selected based on percentage fiscal year revenue growth from 2012 to 2015.

In order to be eligible for Technology Fast 500 recognition, companies must own proprietary intellectual property or technology that is sold to customers in products that contribute to a majority of the company’s operating revenues. Companies must have base-year operating revenues of at least $50,000 USD, and current-year operating revenues of at least $5 million USD. Additionally, companies must be in business for a minimum of four years and be headquartered within North America.

As used in this document, “Deloitte” means Deloitte LLP and its subsidiaries. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.

About PhishMe

PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.

PhishMe Appoints Shane McGee as General Counsel & Chief Privacy Officer

Expansion of Management Team Signals PhishMe’s Commitment to Privacy, Compliance and Ethics

 Leesburg, VA – November 10, 2016 – PhishMe, a global provider of phishing defense and intelligence solutions for the enterprise, announced today it has expanded its senior leadership team and appointed Shane McGee as general counsel & chief privacy officer. McGee will be responsible for all of PhishMe’s legal affairs, acting as a strategic business partner and providing advice and oversight in several areas including privacy, compliance and ethics.

“PhishMe is growing and maturing as a company and we’re excited to welcome someone to the team with experience as extensive and impressive as Shane’s,” said Rohyt Belani, CEO of PhishMe. “This addition to the management team is the next step in our continuing growth and ongoing commitment to protect our company and customers globally.”

McGee joins PhishMe from FireEye where he was chief privacy officer and vice president of policy and managed the company’s global privacy program. He also led FireEye’s government affairs team, whose aim was to promote security policy changes around the world to safeguard against the increasing amount of cyberattacks from hackers and state-sponsored actors. He will now bring this expertise to PhishMe to continue those efforts and help lead the way in cracking down on phishing and malware scams, most notably ransomware, which has recently become the top cybercrime.

“In our digital world, cybersecurity is one of the fastest growing market sectors today, and PhishMe is in a position to make a real difference in the business community,” said McGee. “By joining PhishMe, a global leader in cybersecurity, I now have the unique opportunity to work with more than half of the Fortune 100 companies in their efforts to avoid and mitigate the damage done by cyberattacks.”

For nearly 20 years, McGee has been a practicing attorney focusing on data privacy and security law. He served as Mandiant’s General Counsel in charge of handling legal and government affairs for the company, and negotiated and finalized the sale of Mandiant to FireEye for more than $1 billion. Prior to joining Mandiant, McGee was a partner with SNR Denton (now Dentons) a large international law firm, where he was chair of the firm’s U.S.-based Data Protection Group.

Over the course of his career, McGee has counseled some of the world’s largest technology companies on privacy, compliance and security issues. He has represented several clients in privacy-related FTC inquiries, counseled clients on transactions involving large volumes of consumer data, and joined litigation teams on cases involving technology rights and advanced electronic discovery issues. Before going into law, McGee was programmer, consultant and instructor, and remains a Certified Information System Security Professional (CISSP).

 

About PhishMe

 PhishMe is the leading provider of human-focused phishing defense solutions for organizations concerned about their susceptibility to today’s top attack vector — spear phishing. PhishMe’s intelligence-driven platform turns employees into an active line of defense by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. Our open approach ensures that PhishMe integrates easily into the security technology stack, demonstrating measurable results to help inform an organization’s security decision making process. PhishMe’s customers include the defense industrial base, energy, financial services, healthcare, and manufacturing industries, as well as other Global 1000 entities that understand changing user security behavior will improve security, aid incident response, and reduce the risk of compromise.