Headquartered in Virginia, Phishme is a provider of security solutions through training and awareness against malware and drive by attacks. The company has received a total funding of $2.5 million from Paladin Capital Group.
One of the more remarkable recent developments in the technology industry has been the evolution of the cyber security field. Twelve years ago, cybersecurity was a new phenomenon confined to the realm of computer geeks, and most threats originated from amateur hackers and script kiddies looking for thrills and bragging rights. Fast forward to the present day, cyber security has become a board level issue in the corporate world over attacks being carried out by nation-states and sophisticated cyber criminals that have profound ramifications for businesses. This increased relevance has also spurred a growing industry of cyber security firms that have captured the attention of the venture capitalist community.
Origins of Cyber Threats
In the early days of the Internet, cyber threats were generally perpetrated by geeks and pranksters who were more interested in the thrill of the hack than in gaining economic benefit (think of the characters from the ‘90s movie Hackers). Without significant resources, organization, or clear goals, these early hackers did not pose a systemic threat to private industry, and so cyber threats and security remained low on the corporate priority list. Any cyber security responsibilities were likely added to the CIO's list of duties, and any budget earmarked for cybersecurity was minimal. Venture capital investment in security firms was accordingly sparse, as well.
Today, most organizations recognize that cyber threats present a great risk to their business. No longer are adversaries disorganized amateurs. Threat actors are often backed by nation-states or sophisticated criminal organizations that compromise enterprise networks with economic motives. These attackers will exfiltrate intellectual property and other sensitive economic information, the loss of which can have a negative impact on an organization’s reputation and bottom line, as well as incur fines for regulatory violations. The power shift is striking. Whereas before, organizations possessed far greater resources than their attackers; however in the present day, attackers are backed by organizations (such as nation-states) that have far greater financial wherewithal than even Fortune 500 corporations. Enterprises have necessarily begun placing higher priority on cyber security, with many making the chief information security officer an important member of executive leadership.
The reason for this transformation is simple: adversaries are following the easiest path to the information. As the Internet has grown to contain more and more sensitive information, adversaries have realized how much there is to be gained by relentlessly—and often successfully—targeting enterprise networks. For these adversaries, carrying out a cyber-attack offers access to large amounts of money or information with relatively low risk of retribution or attribution. This has meant that any organization dependent on conducting business over the Internet is a potential target. As a result, the list of large corporations and government agencies that have been breached is as long as it is prestigious. In 2013, prominent organizations including Apple, Facebook, The New York Times, and The Wall Street Journal are just a few of the organizations that suffered data breaches.