PhishMe—a Leesburg, Va.-based cybersecurity startup that specializes in defending organizations from a range of complex phishing attacks—has raked in $25 million in billings through 2015. That includes 105 percent year-over-year growth for Q3, according to the company. With more growth expected soon, the company's CEO, Rohyt Belani, spoke to DC Inno about the strengths, challenges and decisions he views as important right now.
Finances?!
In the startup world, regardless of industry or directive, there's a hardline skepticism that accompanies investment, growth and the prospects for longterm stability. Indeed, most startups fail. That's an undeniable fact. While private businesses typically decline to disclose relevant financial information, publicly, the transparency of a startup's "success" can also be difficult to gauge.
The fact of the matter is that most private companies have no incentive to release sensitive business information; opportunistic competitors, skeptical investors and hesitant customers always stand in the audience.
We are honored to be ranked 99 in the @DeloitteTMT #Fast500 list of fastest growing tech companies in N. America! https://t.co/UptmXENa3u
— PhishMe (@PhishMe) November 13, 2015
In the case of PhishMe, the company offered a window into their books for a few reasons. PhishMe was recently named to the Deloitte 2015 North America Technology Fast 500 and the Inc.'s 2015 5000 list, based on growth during 2014. For the Inc. 5000 ranking, the company was required to provide revenue figures and other metrics. They were subsequently titled as one of the top 10 fastest growing security companies nationwide and No. 2 in the state of Virginia—showcasing 892 percent "growth" over the past three years. 2014 revenue totaled $10.2 million.
Identity
Founded in 2011, PhishMe has more than 15 million employees being actively trained across its enterprise customer base, according to a financial report shared with DC Inno. More than half of Fortune 100 organizations are clients. In an interview with DC Inno, Belani said that his company—which has grown from 80 employees in 2014 to now more than 200—plans to aggressively hire across sales, marketing and engineering in the coming months.
A sweeping majority of cyber attacks and breaches begin with a simple phishing email aimed at employees. This is a known commodity and yet it continues to be one of the easiest ways for hackers to gain entry into a system, even while defenses are substantial. Unsurprisingly, humans are easier to trick than a software program. With an email that looks similar to a message sent by a colleague, accountant or friend, a hacker can gain entrance into a business's system from a downloaded malware program. These email-based assaults range in sophistication.
Organizations suffered roughly $1.2 billion in damages from phishing-centric attacks in 2015 alone, Belani said. While the company produces software to stifle these attacks, where PhishMe really differentiates itself from the competition is by focusing on employee training.
"What we found is the human is the weakest link only because the industry has let them be so," Belani told DC Inno. He is confident that, with the proper education, even entry-level staff can act as another filter to detect attacks and notify the appropriate team.
In March, PhishMe raised a $13 million Series B funding round led by District-based Paladin Capital Group—an venture capital firm that's experienced in cybersecurity technologies, with 38 cyber investments over the last decade. New investors Aldrich Capital Partners from nearby Bethesda also participated. M.D. Raheel Zia, a Partner at Aldrich Capital, joined PhishMe’s board of directors.
Belani said his company is well funded, at the moment, and is not in the market to raise funds in the near future.
Interestingly, Belani added that he believes the cybersecurity investment market will look vastly less active in roughly 24 to 36 month, however, as the downfall of many cyber startups with "exaggerated" valuations will likely disappointment hopeful investors chasing exits. This impending and hypothetical decrease in industry investment, he said, may lead the company to consider a deal sooner rather than later. Belani declined to provide further details related to a hypothetical 2016 raise.
PhishMe's customers hail from a diverse list of industries, including healthcare, universities, government agencies and finance.
In terms of projected 2016 revenue, Belani said he similarly expects 90 to 100 percent growth over the next 12 months. He declined to provide a current revenue figure after briefly mentioning the 2014 Inc. 5000 number.
For reference, if the math holds ups and PhishMe takes home 100 percent growth in both 2015 and into 2016, revenue would eclipse $40 million after being in business for just 4 years.
Angle
Belani spoke to me on Friday just hours after he, himself, was targeted by a phishing scam. An email that appeared to originate from a colleague, complete with detailed information about a recent product development meeting, asked for a detailed progress report.
"I honestly would have responded, not noticing the sender, had it not started with the line 'Dear Rohyt' ... my colleague has literally never referred to me like that before." After further inspection, the email was fraudulent, sent by an unauthentic email. These are the types of attacks that PhishMe works to counter on multiple fronts.
On the product development side, it will be critical to further develop the company's latest offering called Triage, which was originally launched back in April at the RSA Conference in San Fransisco.
In October 2015, PhishMe acquired threat intelligence firm Malcovery Security, a developer of cloud-based security software centered on Threat Intelligence Platforms (TIPs). TIPs work as a user interface dashboard to review cybersecurity information in real-time.
The acquisition led PhishMe to mesh Malcovery Security's technology into their own products to build a more comprehensive system that, in essence, not only thwarts phishing but also provides actionable insight in realtime. The Triage program is, in broad strokes, a step after the acquisition.
Triage is still in development but the team is working hard, Belani explained, to effectively combine the tech made available by the acquisition. Early traction has been positive though—Belani told DC Inno that 19 Fortune 500 customers are paying Triage customer and another five are on trial runs. "We expect by end of Q2 to have Traige ready, in full-force," he said.
