Sunday Security announced it has raised $4M in seed funding to elevate cyber-risk protection for senior executives and key personnel across the entire spectrum of their online digital identities and interactions.
Founded by security veterans Zack Ganot, CEO and Shaked Barkan, CTO, the round was led by MoreVC, with participation from renowned security executives and serial entrepreneurs including John Donovan, former CEO at AT&T and chairman of the President’s National Security Telecommunications Advisory Committee; Amit Singh, CBO, Palo Alto Networks (PANW); Shailesh Rao, president, Global Go-To-Market at PANW; Tom Kemp, founder and former CEO at Centrify and many more industry leaders.
With giants such as CrowdStrike, Palo Alto Networks (PANW) and Check Point, in place, enterprise cybersecurity presents formidable barriers to cyberthreats. Attackers are forced to shift the bullseye not just to what can be hacked, but who can be hacked — individuals, primarily those at the top, who offer key access to the organization and its data. Yet, the security of these key stakeholders and the assets they control rests largely on the integrity of personal accounts and devices that can fall to cyber attackers in just a few wrong moves.
Traditionally, security teams have relied on security awareness programs to tackle the personal cybersecurity problem, but recent attacks which involved a significant personal targeting element such as the recent breaches at Okta, Microsoft and Nvidia, have proven a more technological approach is needed.
Prior to founding Sunday, Ganot and Barkan ran Pandora Security, a cybersecurity consulting firm focused on high-profile individuals.
“While at Pandora, we got to see firsthand just how insecure executives actually are in their personal lives, leaving the door wide open for attackers to gain further access to the enterprise. Executives are mainly focused on performing in their demanding positions and can’t be expected to become cybersecurity experts as well – that’s where Sunday comes in,” said Zack Ganot, Sunday Security’s CEO and co-founder.
“Current solutions to the ‘personal cybersecurity’ problem fall into two main categories — they’re either consumer-based, designed to create a feeling of security without much substance, or they’re intrusive and unpopular, trying to force the enterprise security model onto the personal space,” said Zack Ganot. “Our platform helps organizations create effective protection around their key personnel, without violating the critical ‘separation of church and state’ between their personal and professional lives.”
A recent survey by Influential Executive showed that in 2020, 94% of Fortune 500 CEOs are on LinkedIn and 62% are on Facebook, YouTube, or Twitter, up from 39% just five years earlier. Additionally, the adoption of personal online accounts has increased massively in recent years, with an estimated average of almost 300 accounts per internet user in the US. The global pandemic and widespread WFH policies have dramatically increased our personal digital footprint, making it an attractive attack surface on the way to the enterprise and its data. While the growth of our online footprint continues to soar, there has been little innovation in the protections offered outside the enterprise perimeter.
In a recent blog post evaluating the Okta hack, Microsoft wrote “LAPSUS$ has been known to target the personal accounts at organizations they wish to hack. They first targeted and compromised an individual’s personal or private accounts which allowed them to look for additional credentials that could be used to gain access to corporate systems. Given that employees typically use these personal accounts or numbers as their second-factor authentication or password recovery, the group would often use this access to reset passwords and complete account recovery actions.”
“Sunday’s innovative solution is attempting to reimagine the relationship between consumer and enterprise cybersecurity,” said Tom Kemp, former CEO at Centrify. “Currently, there’s a painful informational gap between personal and corporate identities and bridging it would create a new level of protection for both the individuals and the enterprise they represent, as well as a new category in the market — enterprise-grade personal cybersecurity,” he said.
Armed with a deep understanding of the problems enterprises face in the personal cybersecurity realm, Sunday Security’s founders have created a novel approach, providing security teams with first-time visibility into the personal attack surface, together with monitoring and remediation capabilities for a wide range of popular personal accounts.
“The founding team at Sunday Security are deeply familiar with the vulnerabilities they seek to protect,” said Sian Goldofsky, principal at MoreVC. “Sunday’s offering secures a critical, exploitable and sensitive asset– its people. Critically, Sunday is securing organizations from accounts not managed by the enterprise and they are doing so without invading privacy or exposing the organization to sensitive personal data.”