Security vendor PhishMe today announced that it has raised $13 million in a Series B round of funding that included the participation of Paladin Capital Group and Aldrich Capital Partners.
PhishMe's Series A round in 2012 raised $2.5 million, bringing the total funding to date up to $15.5 million.
PhishMe aims to give organizations a leg up in dealing with the risk of phishing emails by helping to train employees to identify potential phishing risks. Phishing emails are seemingly authentic emails designed to trick users into clicking or performing an action that will end up doing some form of harm. With the new funding, the plan is to expand PhishMe's technology to the next stage of its evolution.
"From a behavior management standpoint, we try to positively influence employee behavior about phishing attacks, which can be very sophisticated," Rohyt Belani, CEO and co-founder of PhishMe, told eWEEK.
In the last three years, the techniques and methods used in phishing attacks have changed; so PhishMe has been continuously improving how it works to limit phishing risks, Belani said. One key thing that PhishMe has learned is that it's not always necessary to get too technical with employees about phishing.
Many attacks can be thwarted if an employee notices that a given email has something out of context in it, Belani said. As an example, Belani said, if he received an email from PhishMe CTO and the email starts off with "Dear Rohyt," he would know something is wrong since the CTO never starts his emails that way.
"A lot of people think that technical ninjutsu needs to happen by dissecting Web addresses and doing crazy sandbox analysis," Belani said. "We humans can apply a different form of intelligence."
PhishMe has found that by adding human common sense to technology, many phishing attacks can be thwarted, he said.
The other key thing that PhishMe has learned over the years is that most humans, whether they admit it or not, have some form of attention deficit disorder (ADD) and will not sit through a 45-minute training session on phishing. As such, the PhishMe approach to education is to have training options that are delivered in smaller pieces—lasting from 90 seconds to 2 minutes—in the form of an engaging video or an infographic.
"We have found that succinct education done periodically is a lot better than infrequent education done in large lots," Belani said.
PhishMe plans to launch a new product in the next several weeks that will go beyond just training. The goal is to bust the myth that humans are the weakest link in security, Belani said.
"We have found that humans can be the strongest asset for enterprise security," he said. "As people get conditioned to recognize phishing attacks, they want to be helpful and they want to report suspicious emails, as they see them in their inbox."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.