Skip to main content

March 2023

CYBERSECURITY

Picnic Corporation raises Series A extension funding to advance its human attack surface management solution

Picnic Corporation, the creators of the industry’s first automated enterprise-wide human attack surface management platform, announced today the completion of an extension of its Series A funding, led by Energy Impact Partners and Bright Pixel (former Sonae IM) with continued participation from existing investors Crosslink Capital and Rally Ventures. In this round, Picnic added new venture investment from Red Shepherd Venture and strategic individuals such as Chris Key, former Chief Product Officer of Mandiant and the founder of Verodin. With this financing, Picnic’s total funding has eclipsed $20 million.

Picnic emerged from stealth early last year with the first platform of its kind designed to prevent social engineering attacks and initial access by disrupting attacker Open-Source Intelligence (OSINT) reconnaissance on companies and their employees. The company’s technology platform continues to deliver security outcomes to customers that directly reduce the risk of social engineering attacks, which remain the #1 attack vector for threat actors.

“Traditional cybersecurity focuses on responding to attacks after they have happened,” said Picnic’s CEO, Matt Polak. “Picnic’s platform enables cyber defenders to proactively reduce risk by emulating attacker reconnaissance. This unique lens enables proactive security outcomes that prevent social engineering attacks and reduce the significant downstream costs of financial fraud, intellectual property loss and data exfiltration, and ransomware.”

“Everyone knows the human element is the single largest attack vector security. Picnic is the first platform I’ve seen that prioritizes who inside the organization will be targeted, and how, based on human attack surface data. I invested in Picnic because I believe their technology can change the game for security teams,” said Chris Key, former Chief Product Officer of Mandiant and the founder of Verodin.

“At the root of nearly all cyberattacks today is the exposed personal and corporate data leveraged by cybercriminals for credential stuffing, impersonation, and spear phishing attacks”, said Tansel Ismail, Vice President, Energy Impact Partners. “Threat actors are increasingly utilizing the personal data of employees to conduct social engineering attacks in order to harvest corporate credentials, while breach repositories and employee password reuse continue to fuel credential stuffing attacks. Picnic’s platform addresses the threat at the source by automating the management of the public data exposure of companies and their employees to prevent exploitation via social engineering or credential reuse. It is an essential technology that we are proud to continue to support.”

“Picnic’s privacy-centric platform remediates a critical blind spot companies have had in trying to prevent attacks,” said Carlos Neto of Bright Pixel. “Attackers today are leveraging data from employees’ personal accounts to breach organizations. In this threat environment, companies need to know what data is out there that poses a risk and be able to reduce and proactively neutralize the data before it can be exploited. Picnic’s platform allows security teams to do exactly this, and we are excited to be a part of what they are doing.”

“Before an employee gets a call, email, or text message from a threat actor impersonating someone from their company or a trusted third party, the adversary has already done a significant amount of reconnaissance on the digital footprint of the organization and its people,” said Matt Bigge, Partner at Crosslink Capital. “The footprint always informs how the attack will be conducted. Picnic understands this and has built a technology that allows cyber defenders to not only know their full attack surface but also understand how an attacker is going to come at them, so they can prevent attacks at their initial phase. It’s a novel and most effective approach to protecting the human element today and why we continue to invest in Picnic.”

“In today’s world there is a blending of work life and personal life and hackers are increasingly leveraging personal employee data to breach enterprises, which means corporations must be able to protect this data,” said Charles Beeler, Managing Director and co-founder of Rally Ventures. “It’s not optional anymore. Picnic recognized this early on and built a platform to address the problem in an ethical way. Their solution provides both visibility of all the exposed data criminals can see along with threat modeling that links personal data with enterprise risk. It’s an essential technology for security teams who need to be able to see through the fog of information and focus on finding vulnerabilities.”

Learn more about Picnic’s platform, its benefits and capabilities, and schedule a demo at https://getpicnic.com/schedule-a-demo/.

About Picnic

Picnic Corporation is an innovative cybersecurity firm that provides enterprises with the capability to manage their external human attack surface and to detect, prevent, and protect against social engineering and credential stuffing attacks. Picnic’s platform automatically emulates threat actor reconnaissance on the public data footprint of an organization and its people for defensive purposes. Our technology continuously monitors and reduces company and employee OSINT exposure, commonly leveraged for social engineering and initial access, preemptively disrupts attacker reconnaissance and resource development, and proactively neutralizes human risk beyond the corporate perimeter to prevent organizational compromise. For more information, contact Picnic at [email protected], visit us at getpicnic.com, and follow us on Twitter and LinkedIn.