Phishing emails represent 93% of data breaches today, according to one report. And more than 90% of these attacks are designed to steal passwords. Many hacks and data breaches appear to stem from ransomware and malware, but when investigators examine the root cause, it tends to be a stolen password.
That’s where Pixm, a developer of an artificial intelligence-enabled software that uses visual recognition to detect zero-day phishing attacks, comes in.
Arun Buduri, M.S., co-founder and president of Pixm, which is based in Waltham, Massachusetts, told MedTech Boston that its software runs locally on a device and stops an attack at the point of click.
“Say you get an email from payroll saying there is a problem and to ‘click here’ to access your account,” he said. “The page will open in your browser, and it looks like the regular login page but on a fake site. Pixm uses computer vision to detect that it’s fake, and we shut it down right there, and the IT team gets an immediate alert.”
With healthcare being the most targeted industry for cybersecurity attack, the cost of a data breach per stolen record is approximately $408 per record. To put that into context, the next in line is the finance industry, where the cost is about $206 per record.
And with phishing being the primary attack vector, there is a need for anti-phishing solutions that are readily detectable.
Other big names, like Microsoft, Mimecast and Proofpoint, are developing anti-phishing solutions. But Pixm tries to separate its solution from the others.
“We aren’t a rip-and-replace solution,” Buduri said. “We provide an additional layer of security at the point of click.”
Most companies can’t detect phishing attacks because their software is based in the cloud, and attackers know how to get around those defenses, he said. The software looks at and scans emails and links before being sent. After being scanned, attackers use stealth technology to determine who is trying to open a phishing link.
If the company is based in the cloud, the attacker blocks the company from identifying the attack page and intended target. When an email is delivered and an intended victim clicks on a link, that’s when the attack appears.
Through this stealth technology disguise, attackers can succeed.
“You have to be running on the device in real time at the point of click if you even want to see a phishing attack,” he said. “If you can’t see from the cloud, how can you prevent those?”
Pixm has two major features.
Despite employees in healthcare organizations going through phishing training, Buduri said that 25 to 30% still click email links and give away passwords.
“That’s an insanely high number,” he said. “So what we do is say, ‘It’s okay to click on those links,’ and the moment it opens in the browser, we detect the fake page and shut it down.”
Pixm’s software stands as a last line of defense. Its technology can also signal when someone is on a safe page. When someone enters a real login page, the tool displays a green bar. When someone visits a fake page, there’s a red bar.
On the IT side, the software gives visibility to every page that every employee logs in to, so staffers can locate the attack vector. That enables the team to further educate its employees and see how and where they are being targeted.
The software not only protects work accounts but also personal email and social media accounts such as Facebook and LinkedIn.
“This is important because attackers are targeting on personal accounts and using that to get into work accounts,” Buduri said.
Pixm recently took home $40,000 after winning the platinum award from MassChallenge, a network of zero-equity startup accelerators. The funding will be used to expand sales and go to market.
“The award speaks to the huge pain point of data breaches in healthcare,” he said.
The software is already being piloted at two multi-billion hospitals, one of which is OSF Healthcare.
Send this to a friend