The cybersecurity arms race continues to heat up: As some threats — like traditional, untargeted viruses — start to subside, other methods of criminal mischief gain in popularity — and impact. Phishing, where a forged email works to trick the user into believing its real, mixes social engineering and technical forgery, and is often the attack of choice for modern criminals. Spearfishing, where those attacks are specifically targeted, can be particularly devastating. Now, Virginia-based PhishMe has raised $42.5 million to try and help companies fight the problem.
After years of neglect, security spending is definitely in vogue again: Security professionals are seeing their salaries rise as companies find that an ounce of prevention goes down much easier than the headache of publicly dealing with a breach after the fact.
And now the industry is rushing to find ways to fill the biggest threats facing IT and various businesses, including using machine learning and data sharing to help mitigate the impact of ever-evolving threats, and tools like PhishMe to help train their users on what to avoid.
PhishMe's offering actually starts with training, and a variety of attack simulators that replicate common phishing scenarios (such as urgent warnings or an official looking email that a user must "verify their account" to proceed.").
It also offers ways to more easily let users flag emails as suspicious, and infrastructure to help triage those reports.