I had never met a professional computer hacker before Terry McCorkle, CEO and co-founder of PhishCloud, and a master hacker having done it for literally his entire career. We were introduced by Pat LaPointe of Frontier Angels, who thought we should take a look at Terry’s company as a possible investment opportunity for our angel network. During my initial conversation with Terry I learned that phishing was the top cybercrime in 2020 and 65% of American companies had been victims of phishing attacks last year. He says it’s only going to get worse as cyber criminals increase the sophistication of their phishing expeditions. The VisionTech Screening Committee and I were so intrigued, we invited Terry to pitch during our April Pitch Week. Here’s a sneak preview. I hope you’ll join us for Terry’s pitch.
BP: How does one gets to be a certified hacker?
TM: I’ve been in cybersecurity for 22 years now and when I started there was no school for hacking. The Internet was new so I started from scratch, learning on the job, which has been a big advantage for me. I got my start while in the Army and later with the Air National Guard, working first in radio and telephone systems, then computer networking, and finally into cyber security. While with the Air National Guard, I was part of the Information Warfare Squadron and traveled the globe doing penetration testing and red teaming, both elements of hacking. My role was to act as an attacker using phishing. I served for 15 years in the military in this role.
BP: The first company you founded and exited was Spearpoint Security Service. What’s the story?
TM: My partner Billy Rios and I founded Spearpoint in late 2010 with a research project that set out to determine just how vulnerable the industrial control systems (ICS) of major companies like Siemens, Rockwell and Honeywell were to cyber attacks. Our goal was to find 100 bugs in 100 days. We did it the right way, working through the U.S. Department of Homeland Security, By the end of the 100 days, we’d uncovered 665 bugs simply by accessing their systems on the Internet. We were amazed at just how easy it was. Many corporations had never conducted threat assessments and had no idea of the risks. We went on to work with these and other companies to fix their vulnerabilities.
This was Billy’s and my first startup and we revolutionized the cybersecurity industry. Two years later, in early 2012, we sold Spear point to Cylance. Blackberry recently acquired Cylance for $1.6 billion.
BP: What’s your PhishCloud elevator pitch?
TM: I’m going to borrow from Wikipedia on what exactly phishing is: the fraudulent attempt to obtain sensitive information or data such as usernames, passwords, credit card numbers, or other sensitive details by impersonating oneself as a trustworthy entity in a digital communication. In the past, phishing was somewhat obvious if one was paying attention. However, the threat is growing as cybercriminals have gotten increasingly sophisticated, using artificial intelligence and analytics to drive their schemes in emails, social media sites, and literally everywhere people go on the web.
PhishCloud is real-time phishing detection; a user-focused endpoint solution that can stop the threat in real time by showing users which links are safe, unsafe, or potentially risky before they click. PhishCloud runs on Windows and Apple OS X; supports Chrome, Firefox, Microsoft Edge and Outlook Desktop; social sites like Facebook, Twitter, LinkedIn, and Reddit; and instant messaging platforms. When companies deploy PhishCloud across their enterprise to employee users, not only can they reduce phishing attacks, but they can also respond quicker to attacks and reduce false reports.
BP: What unmet need in the market are you filling?
TM: The biggest gap is the lack of adequate IT security protection. Seventy-five percent of all organizations are targeted every year. Many are compromised and don’t even know it because the network protection is either not there or cybercriminals know their way around it.
The other thing is every employee who works online is a point of risk. Traditionally, employers have used training to try to thwart phishing attacks that start with employees. But training just isn’t enough. Cybercriminals are attacking from everywhere and using encryption to fly under the radar. During the pandemic, with more employees working remotely, the threat has only gotten worse as people use their work laptops for shopping, socializing, and likely let their kids use them, too. A colleague at Aon Insurance told me the click rate on phishing sites is up 20% with employees working remotely. So the threat level to employees is at an all-time high. And, it’s not their fault. That TurboTax or Microsoft link looks safe so they click. If it’s a phishing attack and they click, you’re toast.
The final gap in the market is most cybersecurity solutions are reactive, addressing issues after the damage is done. PhishCloud’s approach is entirely different. We live in the browser, below the encryption level, to proactively assess threats and alert users: a red message means stop, it’s malicious; a yellow message means to pause; and green means go. Employees are empowered to spot phishing attacks and avoid them.
BP: Who are your competitors?
TM: There are similar looking companies but their focus is the top 100 brands like Amazon. The big difference is they are reacting to threats and PhishCloud is proactively stopping them.
BP: How big is the market?
TM: The global cybersecurity market as a whole is predicted to reach just under $200 billion (US) by 2025. The market PhishCloud is focused on, the endpoint market, is currently $9.2 billion and predicted to grow to $15.4 billion by 2024.
BP: What kind of traction are you seeing?
TM: We currently have 13 direct customers and eight managed service providers in the United States, Canada, and Japan that offer our solution to their customers. What’s really exciting for us is our relationship with a Japanese telecom company. They have used PhishCloud for a year and have recently decided to be a reseller. This is a significant opportunity as their country is not as advanced as the U.S. in their anti-phishing efforts.
BP: What will this investment round be used for?
TM: We’re raising $750,000 and the majority of this is for API (application programming interface) development with our partners. This includes API for Microsoft Team and Slack, communications platforms many medium to large companies have come to depend on over the last year. We will also direct some of the funds to marketing.
BP: You’ve had one exit. What’s your strategy for Phish Cloud?
TM: Our goal is definitely to be acquired. There are three potential categories of acquirers: a complementary IT security company, a phishing training company that wants a more robust offering, and finally, an integrator like the Japanese company we’re currently working with. But first, I want to have a million users.
BP: Why should VisionTech investors back you?
TM: Looking at VisionTech’s current investment portfolio, I think PhishCloud is a good fit. The second reason is a bit more altruistic. Phishing is a huge threat to governments, energy grids, companies of all sizes, and individuals. We need to enable and empower users to protect themselves from an increasingly sophisticated enemy that is relentless. This is not a scenario of lone hackers going after individuals. This is an all-out war against attacks by foreign governments and the dedicated “skim shops” that exist to takeover bank accounts. We need to subvert them. PhishCloud is a powerful solution. If you believe what we’re doing is important, invest in us.
To learn more about PhishCloud, visit their website. VisionTech Angels’ April Pitch Events will be virtual on Tuesday, April 27 and Thursday, April 29 at 6 p.m. Pitch events are open to our members and accredited investors interested in joining our group. To register, check your email for an invitation, go to our Events page or email Ben Pidgeon at firstname.lastname@example.org.