• Jack Chapman, VP of Threat Intelligence at Egress


• 14.09.2021 02:06 pm

-Can you please tell us more about your background? What’s the story behind Egress?

I’m the VP of Threat Intelligence at Egress, which means I’m responsible for staying one step ahead of cybercriminals in order to protect organisations and their employees from phishing. In this role I leverage my knowledge of the latest tactics used by cybercriminals into product development for Egress Defend, our flagship anti-phishing software. Prior to this, I was Chief Technology Officer and co-founder of Aquilai, an anti-phishing company acquired by Egress earlier this year.

Egress was founded by our CEO, Tony Pepper, and COO, Neil Larkins. Egress is the leading provider of human layer security, which helps organisations to tackle the complex issue of insider risk. We understand that people are fallible – they get hacked, they make mistakes and break the rules. That’s why we focus on helping organisations to prevent human-activated breaches, and our platform defends against both inbound and outbound risks, protecting organisations and their people.

-What is unique about Egress and what does the company do to stand out among its competitors?

We’re unique in our approach to insider risk. Egress understands that employees are every organisation’s biggest security vulnerability but can also be their greatest defence. Egress is one of the only vendors globally to use intelligent technology to tackle both inbound threats and outbound risk – we know that employees are targeted by phishing attacks, but also that they want to be able to share sensitive content safely. By understanding all the elements of insider risk, rather than just some of them, we’re able to offer solutions that truly protect employees and organisations from today’s threats.

We’re also unique in our space because of the capabilities of our technology. Egress Defend is the only anti-phishing platform that’s built on a zero-trust approach, inspecting the context and content of every email before it is delivered to an employee’s inbox. This means it’s able to detect potential threats, including zero-day attacks, before they reach the employee. 

-Looking forward to next year, what are the main changes that you expect to take place? What's next for Egress?

In 2021, Egress continued its rapid global expansion with the launch of Egress Defend and the opening its first New York office, which joins its Boston office as our second footing in the North American market.  In 2022, we plan to accelerate our international expansion, with a significant focus on the US market. This will be driven by continued product innovation and increased demand due to a variety of factors, such as increasingly sophisticated cyberattacks and long-term hybrid working. The remote work revolution has highlighted the need for products that truly mitigate insider risk, and we expect to see this momentum continue into 2022. Over the next year we plan to help more organisations than ever before to tackle their most complex security vulnerability.

-Why are hackers targeting financial services with phishing attacks, and what are the implications of phishing attacks for organizations?

Financial services firms are bombarded by targeted phishing attacks. Egress’ recent Insider Data Breach Survey found that an astonishing 79% of organisations in the industry had been victims of successful phishing attacks in the last year, highlighting the true scale of the problem.

Hackers are targeting financial services organisations because they know that they’re lucractive targets for attack. Hackers know that organisations in the industry are dealing with high volumes of financial documents on a daily basis, which makes them targets for attacks such as invoice fraud. This commonly-used tactic which can cause significant financial damage to an organisation. Additionally, attackers know that financial services organisations hold large amounts of their clients’ personal and sensitive data, including financial information, which can be sold for a significant sum on hacker forums. Because they trade on the quality of their reputation and on operate on billable hours, attackers also see financial services organisations as being likely to pay a ransom to regain control of their systems.

The costs of an attack can also impact an organisation in the longer term, with associated costs including client churn, litigation from data subjects and remediation efforts. For financial services organisations, the reputational damage caused by phishing can be severe, particularly as many firms trade rely on their brand reputation. Phishing attacks have human costs, too, with 80% of attacks leading to consequences for the employee involved, from being fired, leaving voluntarily, facing disciplinary proceedings, or even facing legal action. That’s why financial services organisations must ensure they’re taking the threat of phishing seriously by adopting intelligent technology that can detect even the most sophisticated threats. By staying one step ahead of the attackers, organisations can ensure they’re protecting their employees and keeping their clients’ data out of the hands of cybercriminals.