The market for security awareness training is expected to reach $10 billion by 2027, a ten-fold increase since 2014. Despite increased investments in phishing training, the cyberthreat remains the top Internet crime by victim count. According to the IC3 Internet Crime Report, phishing accounted for more than 300,000 reported security incidents in 2022, a total more than four-times the second crime category. The cost of attacks also increased 18% year-over-year to $52.1 (USD) million.
These trends raise an important question. As more organizations adopt training programs, why aren’t they helping to solve the problem?
In this post, we examine why and where most training programs fall short, and how Vade Threat Coach™ helps MSPs deliver phishing awareness training that improves clients’ security posture.
Why traditional phishing training lacks results
Developing good cyber hygiene requires constant vigilance. Phishing simulations and regular training sessions fall short in this respect for three reasons.
- Training is disconnected from reality. The consequences of clicking a simulated phishing email are not the same as clicking a real one.
- Training isn’t personalized to the user. Email threats often vary by role, a distinction that standardized training programs can’t address. For example, email threats targeting executives are different from those sent to Human Resources personnel.
- Training isn’t time sensitive. Standard training programs administer instruction at predetermined intervals, not when users encounter a threat. Without timely reinforcement of instruction, user awareness drops.
Another issue is updating and administering the education. Many training programs rely on human intervention from at least one admin. These individuals must select and deliver the training content, manage the platform, track the analytics, and identify problem users who need more training. Many SMBs lack the personnel or resources to support this function. So do MSPs with multiple clients.
Introducing Vade Threat Coach™: Automated Phishing Training
To fill the awareness gap between simulated phishes and scheduled training sessions, Vade developed Threat Coach™—automated phishing awareness training in Vade for M365. An integrated feature, Threat Coach™ delivers training when users need it most—whenever they interact with a phishing email.
Phishing email exercise in Vade Threat Coach™
The solution features actual phishing emails and websites from Vade’s real-time threat intelligence. This intel comes from an alliance of more than 1.4 billion protected mailboxes, millions of daily reports from vigilant users, and contributions from cybersecurity analysts.
Powered by AI and enhanced by people, Threat Coach™ personalizes training at the user level. If a user clicks a Microsoft phishing email, they receive training that uses real examples of Microsoft phishing emails and websites.
[Related Content]: Boosting MSP Margins with Email Security for Microsoft 365
Microsoft phishing exercise in Vade Threat Coach™
This AI-powered approach ensures the relevancy of training for every user. It also connects the instruction to lived experience—the user’s mistake that triggered the training. Connecting training to an emotional event makes the user more likely to retain the training, unlike periodic and generic phishing training sessions. And because new samples are added daily, the instruction reflects the latest phishing techniques and threats.
Fully automated for MSPs
Threat Coach™ requires no manual set-up or ongoing administration by MSPs. Once the feature is enabled, it works automatically. From the Vade admin console, MSPs can also manually send one-time training after selecting a group of users and a target brand.
Vade Threat Coach™ admin settings
Because it’s included in Vade for M365 at no additional charge, Threat Coach™ allows MSPs to deliver added value to clients without needing to justify or charge an additional fee. For MSPs who already offer security awareness training, Threat Coach™ will fill the gaps in structured training with complementary, on-the-fly learning content that reinforces best practices and improves cyber vigilance.
