Phosphorus Cybersecurity, a provider of full scope security for IoT devices, announced the completion of a $38 million Series A funding round led by SYN Ventures and MassMutual Ventures.
The new capital will be used to fuel the company’s growth and technology development for its Security of Things solutions, with a majority of the proceeds to be deployed into engineering talent to fortify its software, enhance the user experience and accelerate inbound demand. Continued strong demand for the company’s services, combined with an abundance of interest from investors, has enabled Phosphorus Cybersecurity to double its workforce over the past year and stay true to its commitment to add 50 new jobs by 2024, the majority of which will be in software engineering.
The company is also planning additional enhancements to its technology platform, including extended device coverage and more seamless integration with security platforms. Self-service demos and deployment will also be made available in 2022.
Founded in 2017 by Chris Rouland, Rebecca Rouland and Earle Ady, Phosphorus Cybersecurity provides unprecedented IoT defense solutions for enterprise customers. Through its automated security solutions against IoT’s most critical vulnerabilities, Phosphorus Cybersecurity enables organizations to scale IoT technologies without adding additional employees to secure them.
“The billions of IoT devices in use today are highly insecure and vulnerable to a wide range of attacks, which expose enterprises to many serious risks, from data breaches to ransomware,” said Chris Rouland, who previously founded Endgame and Bastille, and stood up X-Force at IBM. “We have secured millions of IoT devices in our customer environments, and I remain surprised at how lax these security practices have been, particularly since IoT is becoming a more important attack vector and growing rapidly year over year.”
Most enterprises have three times as many embedded devices as they do people, and this number will only continue to grow, as IoT devices are expanding at an estimated CAGR of 31%. This presents a massive, unprotected and often undetected cyber-attack surface. IoT is the softest target on the enterprise network with a seven-year half-life for vulnerability patching and infrequent credential rotation.
Phosphorus Cybersecurity has found that 20% to 30% of today’s corporate networks are comprised of IoT devices, with little to no security programs in place. Across the enterprise, as high as 26% of all IoT devices are end-of-life and no longer supported with firmware updates by their manufacturer; and as many as 50% have known vulnerabilities or default passwords, with 20% of those vulnerabilities being critical CVEs (CVSS score of 9 or above). As an example of these weaknesses, Phosphorus CybersecurityTM recently observed one case in which hackers launched a ransomware attack on a prominent US company after infiltrating the network through an unprotected door controller.
“Phosphorus’s unique capabilities for hardening and defending IoT infrastructure are a real game-changer for the cybersecurity industry as until now these solutions have been mostly limited to ‘discovery’ instead of actual remediation and prevention of the risk exposure,” said Jay Leek, Managing Partner of SYN Ventures. “With the IoT market expanding rapidly, there is already a tremendous need for rigorous security at the endpoint level, and that need will increase exponentially in the coming years. We see Phosphorus playing a market leading role going forward, as its technology is by far the best solution for preventing these types of risks.”