Review: How CybeReady delivers targeted, timely security awareness training

A business man touches a futuristic lock + circuit board security interface.
Thinkstock

All of the cybersecurity programs that we have ever evaluated as part of this series have had one thing in common. None of them ever claimed to be completely, 100% effective in every case. And even if they somehow achieved that goal for a brief snapshot in time, hackers are always advancing their tactics and finding new ways to compromise networks. At some point, a threat is going to get through even the most carefully planned defenses.

With something like email, which is designed to foster communications both within an organization and with the outside world, the certainty of threats slipping though the cracks along with hundreds of other legitimate messages is well known. Users will eventually need to deal with threats like phishing attacks sent directly to their email regardless of whatever protections their workplace provides. And, in an ironic twist, users with more complex defenses might seem safer, but it means that the attacks that do come through are likely going to be pretty advanced, having already tricked their way into an inbox. At that point, it’s completely up to the user to figure out that an attack is taking place and take appropriate action.

The key to stopping whatever attacks get past email defenses is having users trained to spot and report attacks. Unfortunately, companies have historically done a poor job of this. Making workers sit through videos or classes is better than nothing, but it doesn’t often translate into a workforce that is fully aware of the dynamic threats levied against them, or users who retain that information for the long term. And employee turnover means that there will always be those who missed the last scheduled training program.

The CybeReady platform is designed to educate users about the dangers of phishing and other email attacks that target them and evaluate them as they perform their normal jobs, without getting in the way or taking up too much of their time. Training is done only as needed and always on the spot, and never takes up more than about two minutes. On the backend, entire training campaigns can be crafted for the next several months in only a few minutes, so the administration of the CybeReady platform is minimized.

Unlike most training regimens, CybeReady is installed in the cloud and delivered to organizations as a service. Setting up the platform only requires giving it access to the user directory of employee emails. Firewalls or mail gateway protection devices may also need to whitelist the domains used by CybeReady to launch their simulated attacks.

CybeReady Setup CSO

Designed to minimize the time spent by management on training programs, CybeReady allows administrators to spend just a few minutes planning out training exercises months in advance.

CybeReady can be configured to launch a variety of simulated email attacks against the workforce. Administrators can design entire campaigns using various attacks like CEO impersonations, password reset ploys, mail with malicious attachments, social engineering based phishing, and many others. Each group of attacks has quite a few possible delivery choices, so no two employees will probably get the exact same emails.

CybeReady See Attacks CSO

When setting up a training campaign for users, administrators can optionally look at the full text of each simulated attack to ensure that it is appropriate for their organization.

Administrators can preview the full text of each attack if they want, or simply have the platform choose which ones to launch. In addition to different emails, the timeframe of the attacks also vary widely. Campaigns can be configured to run for several months, with various employees getting simulated attacks on different days, different weeks, and different times of day. All of that is handled by the CybeReady platform. All the administrator needs to do is set up the general parameters for the campaign, the timeframe, and then push the launch button.

CybeReady initially configures users into logical groups based on things like their locations or job functions. However, after users either click on or ignore attacks, those groups can change. Some people might graduate to the typical non-clicker group, meaning they rarely fall for the click bait put out by the platform. Others might fall into the serial clicker category of those who engage with every simulated scam. Based on those classifications, CybeReady dynamically changes the type and frequency of simulated attacks within a campaign. Non-clickers might be sent more advanced phishing attacks to push their skills, while serial clickers are given test emails more frequently, and thus get more training.

User training with CybeReady is very intuitive, and takes place the second they click on a simulated attack. This is based on the reasoning that, for example, when someone stumbles physically out on the sidewalk, the first thing they do is look back and see what tripped them up. The CybeReady training uses that same logic, figuring that the program has about one minute of a user’s undivided attention after they fall for an attack.

CybeReady Training Message CSO

As soon as a user clicks on a simulated phishing attack email, they are notified that they just performed a dangerous action. They are then shown hints about how they could have spotted the danger signs in the specific email that entrapped them. CybeReady says that instant on-the-spot training works best for memory retention.

When a simulated attack link is clicked on, a splash screen pops up informing them that they just fell for an email scam that was modeled after a real threat making the rounds. It warns them that had this been a real attack, their computer and their personal information might be compromised. It then provides four bright red bullet points that show how they could have spotted the specific attack that ensnared them. For example, it might point out that the signature in the simulated attack lacked full contact details, or that requests for money transfers are almost always an attempt to defraud someone. Each simulated attack will have its own warning page, so users get exact information regarding the method used to trick them, and how to prevent it from happening in the future.

On the backend, the fact that a user clicked on an attack is recorded by the program. At some point in the future, CybeReady might send another similar attack to a user to see if they remember the lesson. Depending on the results of that follow-up attack, the user’s classification within the program might change. They might graduate to a higher proficiency group, or they might be assigned to more intensive training. All of this is done in the background by the program without local administrators needing to do anything.

CybeReady Run Campaign CSO

Once a campaign is configured, it only takes one button press to launch it and start providing weeks or months of nonobtrusive training for workers across an enterprise.

Even new users are onboarded without any human intervention. Because CybeReady has access to the mail directory, it will notice when a new email address is added. That person will get a welcome email explaining the training. If they are coming in late to an ongoing campaign, CybeReady will provide them with more intensive training to get them up to speed with their peers, and to get them properly classified based on their cybersecurity practices without regard to their newness in the organization.

At the conclusion of a campaign, or at any time while one is running, administrators can securely log into the CybeReady cloud portal to view reports about how the training is helping users. The reports are multiple pages long and filled with interesting graphs showing changes over time such as the reduction in bad practices by serial clickers or the overall workforce’s continuing ability to defend against modern phishing and other email attacks. It’s also broken down by factors like job type and company divisions, so it’s easy to tell where any ongoing vulnerability is located and craft future campaigns that target those areas. The reports are suitable for presentation to business leaders and easy to understand, so anyone can evaluate not only their workforce but also the effectiveness of the training.

CybeReady Serial Clicker CSO

The program tracks how many times people click on various email traps, as well as improvements in their behavior over time. As workers improve or stumble, they are automatically moved to other groups for either more intense, specific or more difficult training to keep their skills sharp regardless of their overall proficiency.

Users will always be the last line of defense for email-based attacks. Training them to spot phishing and other dangers is arguably just as important as having robust cybersecurity protections. The CybeReady platform makes for an effective way to accomplish that training without over-taxing either the users or those charged with overseeing the program. It would be a good asset for any organization that uses enterprise email regardless of any protections they might have already invested in, and can help turn their human workforce into an effective defense against an almost ubiquitous threat.

Related: