Despite businesses making significant investments in phishing awareness training, users are still clicking on phishing links. Why?
Developing good cyber hygiene requires constant vigilance. Simulated phishes and regular training sessions fall short in this respect for three reasons.
- Cybersecurity awareness training is often disconnected from reality. The consequences of clicking on a simulated phishing email is not the same as clicking on a real one.
- Training isn’t customized to users’ experiences—accountants and medical assistants do not receive the same types of email threats.
- User awareness drops as time elapses between training sessions. According to Verizon, phishing click rates rise within an hour after user awareness training, while reporting rates fall.
For SMBs, phishing training also presents challenges. Enterprise-grade phishing training platforms require the IT resources to manage them, including selecting and delivering the training content, managing the platform, tracking the analytics, and identifying problem users who need more training. For SMBs with little to no IT, this simply is not manageable. According to Gartner, most security awareness training programs require at least one full-time resource.
For MSPs who service SMBs, the challenge is the same, if not greater. Managing multiple clients, MSPs need the admin resources to manage the trainings and the platforms for their clients. While some MSPs are perfectly capable of doing so, those with fewer resources might find it difficult to manage.
Introducing Threat Coach™: Automated phishing awareness training
To fill the awareness gap between simulated phishes and period training sessions, Vade Secure developed Vade Threat Coach, automated phishing awareness training in Vade Secure for Microsoft 365. An integrated feature, Vade Threat Coach delivers training when users need it most—when they’ve engaged with a phishing email.
Vade Threat Coach training samples feature real phishing emails and websites detected by Vade Secure, which protects 1 billion mailboxes globally. New threat samples are added to Vade Threat Coach as they are detected, along with threats reported to Vade Secure via our feedback loop.
Powered by a combination of AI and user feedback, Vade Threat Coach training content is personalized at the user level. If a user clicks on a Microsoft phishing email, the phishing training includes real examples of Microsoft phishing emails and websites.
This AI-based approach ensures that the training content is dynamically rendered and relevant to the user. Because new samples are added daily, the user is being trained on the latest phishing techniques in the wild.
Additionally, because the training reflects the brand impersonated in the phishing email the user clicked on, the training is connected to the user’s real experience—the mistake that triggered the training. Connecting training to an emotional event makes the user more likely to retain the training, unlike periodic and generic phishing training sessions. Vade Threat Coach currently features threat samples from 10 of the most impersonated brand in phishing attacks, with new brands being added with each release.
Fully automated for MSPs
Vade Threat Coach requires no manual set-up or ongoing administration by MSPs. Once the feature is enabled via a simple toggle switch, it works automatically on their behalf. They can also select a group of users and target brands from the Vade admin console to send a one-off training.
Because it’s included in Vade Secure for Microsoft 365 at no additional charge, Vade Threat Coach allows MSPs to deliver added value to their clients without needing to justify or build in an additional fee. For MSPs who already offer security awareness training, Vade Threat Coach will fill the gaps in structured training with complementary, on-the-fly learning content that reinforces best practices and improves cyber vigilance.