October - 2015 - issue > Top 100 Tech Companies Founded and Managed by Indians in the U.S.

PhishMe: Combating Phishing attacks through Human Resource

SI Team
Friday, October 23, 2015
SI Team
With the growing concern towards digitization in this age of internet, security is becoming a norm for the organizations across verticals. Though there are a number of products that help the organizations to create a defense line against cyber attacks, they remain vulnerable to such threats. Business firms seem to have forgotten that hackers target human vulnerability and weakness to break the organization, says Rohyt Belani, Co-founder and CEO, PhishMe. According to Belani, 95 percent of the organizations use the wrong mechanism to ensure security and do not train humans to be vigilant about the attacks. This situation has led many organizations to search for viable partners that can help them effectively combat phishing attacks.

With its headquarters in Leesburg, VA, PhishMe is one such company that is at the forefront of delivering threat management solutions for organizations that are combating phishing and advanced targeted attacks. Hackers attach Word documents and PDFs in the email which are laden with exploits.If the person opens it, the entire system can get infected, says Belani, who has extensive experience in the security industry. If we train the employees in a right way and give them the tools to be vigilant, they can be security assets to the organizations. In this pursuit, the company has set up a Software-as-a-Service (SaaS) solution PhishMe Simulator to avoid the email-based social engineering attacks against employees of the customer's organization. It engages and trains employees about the potential attacks, while the results are measured on the back-end to enable security operators get the complete report over the time and note down weak points, explains Belani.

The company has developed an email add-in button, PhishMe Reporter, which can be installed into the employees mail system. When this button is clicked, it discerns if the email is a special simulated phishing mail or one from an unknown source, says Belani. The button also has the capability to deliver the unknown messages to internal security teams for quick analysis. We maintain the scores of the employees and analyze how good they are at reporting phishing attacks, says Belani. PhishMe Reporter enhances the intelligence ecosystem inside the customers' organizations with user-generated reporting of possible attacks.

PhishMe has introduced the first version of their new product PhishMe Triage to give incident response and security teams the visibility into phishing attacks. This solution basically turns employees into informants and gives them the tools to detect possible attacks in near real time, says Belani. We also provide the internal security teams with the tools to act on the information and prevent infection of a few systems from turning into an enterprise-wide natural data breach.

One of PhishMe's customers, wanted to reduce the possibility of falling for phishing attacks. The customer approached PhishMe to decrease their users' susceptibility. When the customer started using the PhishMe Simulator, 28 percent of their organization was influenced by phishing attacks. After utilizing PhishMe Simulator for two years, the percentage decreased to four percent. We significantly increased the capability of the human resource to efficiently detect phishing attacks, says Belani.

Share on Twitter
Share on LinkedIn
Share on facebook