Share the Story- Egress

In this issue’s Share The Story feature, we are delighted to have Malcolm Locke, CFO at Egress Software Technologies, join us. With their patented technology, Egress (Acquired by KnowBe4, 2024) became the first cybersecurity organisation to apply AI-enabled security tools with adaptive learning capabilities to their cloud email platform. The integration brings new scale and capability to what is now the cybersecurity market’s most advanced AI-powered human risk management platform. We had the opportunity to catch up with Malcolm and delve into the journey behind Egress and gain valuable insights.

About Egress   
Egress is a leader in adaptive and integrated cloud email security. Founded in 2007 by CEO Tony Pepper, COO Neil Larkins, and CTO John GoodyearThe concept behind Egress flowed from a previous business focused on input security. Recognising the changing landscape, they saw the opportunity in what they believed would be a shift in how data would be handled or shared. They weren’t wrong.

In those days, removable media such as memory sticks were commonly used to transfer information. However, they foresaw a future where data would be shared digitally. At that time, our devices also evolved, and phones started to connect to the internet. This further strengthened the concept of how they believed people would share information.
 
Egress aimed to provide customers with an easy and secure way to transfer data while maintaining control over it, even after it leaves their network perimeter. Their adaptive security model combines actionable intelligence with advanced technology to defend against threats before they materialise.
 
About the technology
Egress acknowledges that people pose the most significant risk to an organisations’ security and are most vulnerable when using email. Their Intelligent Email Security suite provides a set of scaled, AI-enabled security tools with adaptive learning capabilities to help prevent, protect and defend organisations against sophisticated email cybersecurity threats. It is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen.
 

Malcolm expands this further –

Q: During 2023, Egress became the first cybersecurity organisation to apply an adaptive security model to cloud email. Given the swift expansion of Artificial Intelligence (AI), does Egress identify particular subsets or types of AI as more significant threats to data security in the future?

The most pervasive application is phishing, as it's the most commonly used attack vector. In fact, our Threat Intelligence analysts believe that by the end of the year, AI will be used in almost every phishing attack. AI lowers the barrier to entry for cybercrime - making it easier to create sophisticated phishing campaigns at volume and velocity. Unfortunately, there are multiple ways it can be used in a single phishing campaign - from processing information at incredible speeds as part of reconnaissance, to automating entire campaigns, including generating real-time responses to victims directing them to the cybercriminals’ intended outcome – all without the target realising they’re not talking with the person they believe they’re communicating with, or with a person at all! Earlier this year, we observed a phishing campaign that used AI to personalise attacks that impersonated popular dating platforms, telling victims they are matched with someone in their area and using AI to determine this location. 

Generative AI is a particular concern. Our 2024 Email Security Risk Report found that 61% of Cybersecurity leaders are concerned about cybercriminals using generative AI chatbots to enhance their phishing campaigns, and 63% about the use of deepfakes in cyberattacks. Chatbots powered by large language models (LLMs) and natural language generation (NLG) can be used to write phishing emails, create phishing websites, and code malware payloads. We've also observed an increase in Zoom being used as a second step in multi-channel attacks, following an initial phishing email. Almost everyone has videos and photos on the internet – whether on corporate websites, podcasts and interviews, or social media. AI can process these for visual and audio outputs that can generate specific deepfakes – such as joining a Zoom meeting with your company’s board or taking a call from your CEO.” 

Q: Drawing from Egress’s successful corporate strategy. If you had to do it again, what advice could you share for early-stage founders navigating Go-To-Market (GTM) strategies and international expansion?

“ Many lessons learned, but one of the biggest was in respect to expanding into the United States. It is a key goal for many European software businesses due to the size of the market and potential for rapid scale. The 3 lessons we learned from our initial GTM in the US were:

  1. The saying “culture eats strategy for breakfast” is so true. We always had the right strategy for the US market, but to start with, we did not have the team that bought into the strategy and had the right ‘start-up’ mindset that we needed to get the business going in the US

  2. Knowledge transfer is key. A big investment of time is needed in training, coaching and mentoring the people you hire into the US team so that they can be effective. In your ‘head office’ is in your home market, this can happen naturally as new hires have direct and frequent access to the founders and key knowledge holders whom they learn from, but when setting up a new team in another location with a significant time difference, you need an orchestrated programme to ensure the knowledge transfer happens.

  3. The best way to achieve 1 and 2 is to take your very best people from your European team and put them in the US to carry the culture and the knowledge needed to make the US GTM successful.

  4. It’s obvious, but easier said than done - hiring the right leader for the US Team who is a great cultural fit with the whole company is vital. "

 
CLP’s financing within Egress’s funding roadmap 
"The debt funding that we secured from CLP was a critical bridge in getting the company to a successful exit without further equity dilution. At the time we secured the facility with CLP, our capital requirements were modest, but we also wanted to have access to more if we needed it (e.g. for acquisitions or navigating a longer path to exit if that became the strategy).

CLP understood this need and provided a facility that was structured perfectly for this. At the time of offering the funding, Egress had quite a high cash burn, but with a strategy to reduce this to break even over 18 months. CLP backed us to be able to do that (which we did). Overall, they have been a great partner. "
 

Thank you for joining us, Malcolm!      

Visit our Knowledge Centre for more information on Venture Debt or contact us to discuss your requirements.