PhishMe: Employee Awareness-Based Security Solution

Wouldn’t life be much easier if those emails claiming ‘You have won a billion dollars!’ come true? Phishing mails are getting smarter, disguised as a bank, service provider, or any other trusted entity, manipulating victims to click on malicious links, causing a debacle for individuals and businesses. “There’s a need for a more practical focus on cybersecurity,” says Rohyt Belani, Co-Founder and CEO of PhishMe. With over 13 years of expertise in the information security industry, Belani has set out to eliminate phishing threats for companies of all sizes.

As people get conditioned to recognize phishing attacks, they want to be helpful and they want to report suspicious emails, as they see them in their inbox


An anti-phishing solution has to meet several criteria—ease of use, good value, compatibility with other systems, and actionable data delivery. PhishMe has created a ‘human-input’ based security solution against phishing attacks, conforming to their notion, intelligence is not always artificial. It focuses on harnessing organization-specific attack intelligence and vetting it against known external phishing threats intelligence for an accurate picture of what’s really happening across the organization. PhishMe is dedicated to providing the highest quality cyber security solutions, thus creating ‘PhishMe Simulator,’ which trains employees to identify live phishing threats.

Rohyt Belani

Co-Founder & CEO

“As long as people have the right approach, they can definitely learn the necessary skills,” believes Belani. The best information a company can gather, comes from its employees—whether it is compromised data or attack intelligence—and, when it comes to phishing, the employees are the targets and the gateway for security breaches and sensitive information gathering.

Serving a diverse range of organizations like the defense industrial base, energy, financial services, healthcare, and manufacturing industries, PhishMe provides easy integration to multiple platforms. "As people get conditioned to recognize phishing attacks, they want to be helpful and they want to report suspicious emails, as they see them in their inbox," says Belani, hence creating a common database that is used and synced concurrently across all simulation systems, defining a single synthetic representation of the world. This helps in the creation, modification, and correlation of run-time databases—taking minutes or hours instead of days, weeks or months.
AVANGRID, an energy and utility company, needed a solution against cybercrimes as an attack could cut the power to thousands of customers and cause millions of dollars in damage. And since the company is subject to NERC/CIP regulations, it risks incurring fines up to $1 million per day per violation. Using PhishMe Simulator, employees were trained to identify spam emails and report any such activity that has already happened. Using awareness as a tool, AVANGRID and its employees were able to overcome phishing threats while improving the common database, helping other companies stay secure. The company has calculated a reasonable cost at approximately 60 cents per employee for each simulation, a value for money, considering the improvements in susceptibility rates and the attacks the company has already averted thanks to heightened phishing awareness.

PhishMe’s intelligence-driven solutions empower employees to be an active line of defense and source of attack intelligence by enabling them to identify, report, and mitigate spear phishing, malware, and drive-by threats. The phishing incident response platform and phishing threat intelligence enables SOC and IR teams to respond faster to real threats—decreasing the risk of data breaches. One of the ways PhishMe protects the company is by encouraging employees to step up and accept that higher responsibility—to teach them to stop and think before they download an attachment, for instance, and prevent breaches from happening.