Interview With Gerasim Hovhannisyan , CEO & Co-Founder at EasyDMARC
In this Episode, HyeTech Minds hosts Gerasim Hovhannisyan, CEO & Co-Founder, EasyDMARC Inc. Founded in 2018, EasyDMARC is one of the first Armenia-based a cybersecurity startups helping business to minimize the probability of data leakage and financial loss by preventing email fraud. EasyDMARC provides tools and services to deploy email authentication in a shortest term and without any risk, it increases organisations ROI in email marketing by improving email deliverability.
Gerasim has long-standing experience in cyberspace. Before launching EasyDMARC, he used to lead the IT department at PicsArt – the number one photo editing app.
Narine: Hello Gerasim, welcome to HyeTech Minds. How are you doing there?
Gerasim: Hi Narine Jan, thank you for the invite.
Narine: Before jumping to our conversation, can you tell us what is your background, how you got into the entrepreneurship world?
Gerasim: I’m a system network engineer with more than 10 years of experience. Apart from that, I have managed large IT departments in different IT companies. I’m a Co-founder at EasyDMARC.
Narine: You also have worked for PicsArt – the first Armenian-based unicorn.
Gerasim: #1 photo editing platform over the world PicsArt. I was in charge of IT infrastructure at PicsArt. Actually, I learned a lot at PicsArt. So maybe I can say my entrepreneurial journey started from there.
Narine: Can you tell us what is the story behind EasyDMARC? What sparked the idea? And What exactly EasyDMARC about?
Gerasim: Several years ago, I had an incident with some partner company where I consulted for information security. Within several hours, I had to realize that the incident also caused financial and reputational damage to the company.
Back then I went through exploring the most up-to-date email security technologies. For several months, I tested various open-source solutions services, tried to solve something manually, and discovered that there is no single all-in-one solution that could give effective and sustainable results. This was the point when I realized we needed a new solution.
My co-founder of Avak joined me and we have started from scratch to build off and automate a new system at the end of 2017. Then they ended up with the first version of EasyDMARC, which works on CLA and solves many integrations, ongoing analysis, and monitoring problems when life in the service expires in January 2018. And we were very excited when we saw our first paying customer on February 1. Till now without any professional sales and marketing, we have sold more than 15,000 to G Suite customers at EasyDMARC, and brands like Tel Aviv Stock Exchange, Ferrari academics, trust.
Narine: Wow, That’s really super exciting.
The global pandemic caused a global shift to remote and hybrid work, forcing organizations to pivot the way they operate practically overnight. At the same time, cybercriminals saw an opportunity. They’re actually becoming more sophisticated. The FBI recently reported an up to 400% increase in cyberattacks from what they were seeing pre-coronavirus.
How would you say COVID-19 affected the increase in cyberattacks? What are some of the common attacks you have seen in your practice?
Gerasim: There are lots of types of cyberattacks. For example, DDoS, phishing, SQL injections. Let’s talk today about social engineering attacks. During pandemic 2020 lots of vendors reported a huge increase in social engineering attacks. We at EasyDMARC face more than three types of increased phishing attacks. Google also reported up to six times. So on average, four or five times decrease on different vectors. Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses manipulations to enforce people to provide confidential information or maybe some protections designed by cybercriminals.
Sometimes social engineering is called the art of manipulating people. Imagine people started to stay at home, or they started to use the internet or mobile devices more and more. And this opened a big big window for cybercriminals.
But not only during the pandemic also last several years, but these types of attacks have also become more and more common, more and more sophisticated. So we need to do something to prevent people from this type of attack. There is some interesting statistic, email phishing is the cause of 67 data breaches globally, which is huge.
Narine: What is the difference between Email Phishing and email scamming?
Gerasim: Cybercriminals can pretend to be someone and ask you to do something that they always push to do. The phishing email can have some vulnerable, dangerous malicious software attached. It can request some data, it can direct you to go to some vape website and the author provides some data. So any type can have various names. But the idea is to efficiently slang someone pretending as a trusted source and trying to steal some confidential data or money from you.
Narine: Considering all those threats, what are some of the solutions and toolbox EasyDMARC offers to businesses, in order to make them more prepared for cyber-attacks and protect their customers against the most common cybersecurity threats?
Gerasim: Widely adopted industry standards that can solve some of the problems. The simple way you need to protect your organization from fake emails on behalf of the corporate domain, okay. But more than 70% of organizations that tried to deploy the standards failed. Because of this, there are lots of limitations. It is hard to deploy, is even risky, and requires expert knowledge. According to a Verizon data breach investigation report 93% of successful attacks worldwide, were efficient or started from phishing. So what to do to simplify the deployment process and protect organizations.
That’s why we built EasyDMARC. It’s a solution to deploy industry standards without expert knowledge. Without this initial dispute of time.
In plain English, it minimizes the financial and data loss of organizations by preventing email phishing attacks. And we are proud that we are number one in the Jeetu Crowd platform by customer feedback for more than a year.
Looking for Funding?
List of 50 Venture Capitals investing in AI and Machine Learning startups!
In today’s technology-driven world, where we all depend on smart devices and applications, as a cybersecurity specialist, how would you emphasize the importance of cyber awareness for better protection from cybercriminals?
Gerasim: Nowadays, in remote first environments, very often organizations have no control over employees’ devices, which makes them a perfect target for cybercriminals.
Even when an organization has state-of-the-art technology, strict security policies, highly skilled staff, some organizations are not as secure as they could be. In fact, a recent Gartner study showed that 40% of IT managers reported that their organization had experienced at least one security breach in the last year.
So security awareness of people can drastically increase the level of security. It is very important in an organization’s security pipeline. You need to not only deploy hardware-software solutions, but you also need to educate people to be protected.
Narine: Then how can organizations address this problem? What are some of the effective ways to Improve employees’ Cyber Awareness?
Gerasim: The most important companies should have security awareness programs. A lots of organizations don’t even consider having one but organizations should implement good security awareness programs for their employees. It should include continuous training, communication, and reinforcement. Current security practices should be used also, as a benchmark to determine if training is helping to achieve the objectives and goals or not. So after training measure, train, measure train, this is the cycle that you need to implement, year by year to have an effective cyber Cyber Security Awareness Program.
You need to keep it simple, very consistent until you can get the results. There are very basic steps that can help to increase the security level and protect people. For example, strong passwords, best practices for mobile devices or laptops, there are lots of devices with enabled location and they give access to any software, any application, which is not good. And there are some golden rules you need to reject. You need not click on unknown messages, emails, or anything. Anything unknown shouldn’t be touched, it can have some malicious software attached and Nothing can prevent it from being attacked.
Narine: So Gerasim, what about the emails that come from people that actually you know? How can you distinguish them?
Gerasim: If the organization has properly deployed email authentication mechanisms, it can if it is a fake email. If not, it can be a fake one, which is hard, very hard to distinguish even for professionals. So that’s why we advocate deploying email authentication to use EasyDMARC to increase the coverage over the world, this is the solution that should be in place.
Narine: Are there any specific industries you’re focusing on?
Gerasim: At this moment, the very interesting industries for us ICT industry, there are lots of studies that show that even IT companies, or maybe most of the IP companies are very, very vulnerable for phishing attacks. And by some research, most of the IT companies during the last year had lots of incidents. So it companies finance, healthcare, and governments.
So these are very interesting industries for us. We also support nonprofits and education. We give big discounts, good packages for them, just to cover domains to make them secure.
Narine: I’m glad you talked about education. I think children are the most vulnerable group against cyber attacks. Nowadays I do not know if there is a child who does not use any type of social media platform. 96% of teens use social networking applications such as Facebook, MySpace, Chat rooms, and blogs. With Covid now you have children studying remotely.
And hackers are very well aware of it. They increasingly target children. What are the essential elements of cyber safety for children?
Gerasim: Same rules apply to children.
Of course, this is a very sensitive time. Like organizations or adults you can go to children say you don’t need to do this or that. It is very hard to teach them to not click on any kind of attractive banners, advertisement games, or promotional messages, which are very, very dangerous.
The first rule is to prove the child control software.
Likely there are lots of free solutions that parents can use to protect their children. The second important rule, I think, is that parents should build trust between children or teens. If there is something wrong, children should report it to their parents. Very often it can be very useful. And I know several cases when children didn’t report it was very dangerous. It is hard to talk and there is a big problem in the world.
Usually, the child controls software coverages are very small in all countries is not about only in some regions is the coverage of child control mechanisms, child control software’s content-control software, it is very small
Narine: You mentioned building trust between parents and children. I think this is absolutely critical to prevent children from cyber attacks.
So what about cybersecurity awareness programs or campaigns for children? I mean, what do you think is the best age for children to start cyber awareness education?
Gerasim: Different ages, tools can be different, or the interpretation can be different. But I think we need to start from an early age to teach children not to share personal data. If we start teaching from an early age we can get some good results.
Actually, there is lots of research, and some good papers, studies, which can help to work on this. We need to implement best practices for carts and be very, very careful to not block anything.
Narine: So Gerasim, what’s the future hold for your industry? What is next gonna happen in the cybersecurity world?
Gerasim: Interesting question. We’re living in a world where already there are lots of afternoon systems, starting from cars, trains, ending in reservoirs. But two months ago, there was an incident where cybercriminals tried to poison the water in a reservoir for a walled city. Maybe you have heard about it, it was in the USA.
Luckily, a security specialist found a preventative. So the talk already can bring not only financial data protection laws, but also it can have human impact. From this other side, attacks become more and more sophisticated, increasing computer resources in the world, opening a huge window to experiment for cybercriminals.
Our vision is to build solutions not only for organizations but also for end customers. I believe that with artificial intelligence, we can build four different adaptive systems, which can give the ability to fight against cybercrime. The smart accessible, this is the future to have a future just maybe.
Narine: I’m glad you talked about this incident that happened in the United States. This proves once again that cybersecurity is a critical element of our daily lives, business operations.
But, also as you fairly noticed it can have a major impact on humanity. And countries also are vulnerable to cyber-attacks. Armenia has a very complicated geopolitical situation. Securing cyberspace should be a high priority today. And startups have a huge role to play in this. In this sense, what do you think should be done to motivate more startups in Armenia to get into the cybersecurity ecosystem?
Gerasim: I think people in cybersecurity should love cybersecurity. It is always challenging. There is someone that is constantly trying to break what you build. There is not a single second that you can relax. Driving is really crazy. Maybe for some people, this can be motivating for me just like it is really you can give a value to humanity. This is all about people.
Narine: I think another boost would be to increase investments in cybersecurity startups. What do you think about how Armenia can attract more investments, specifically from the diaspora in the cybersecurity ecosystem?
Gerasim: I believe we, the most important impact can have just to show success stories. I believe in the next one, two year maximum three we will have several very big and good success stories which can motivate others to attract new resources and new investment resources from abroad.
Narine: Great point. I think showcasing success stories is really important to demonstrate your technical capabilities to the world.
So, Gerasim, what is the best way to learn more about EasyDMARC?
Gerasim: Go to our website https://easydmarc.com
Narine: Thank you so much Gerasim for your time and great conversation. I think we learn a lot of useful insights on how to protect ourselves from cyber-attacks. Stay safe
Gerasim: Thank you
Sign up for our monthly newsletter to get the latest tech trends and news happening in the global startup ecosystem. Do not miss out on the latest tech trends, startup news, weekly VC overview, tech jobs, and many more.