Cyber Guru Phishing (hereafter CGP) is an innovative anti-phishing and anti-smishing training program that delivers effective results thanks to its unique experiential methodology. Leveraging advanced automation and a proprietary machine learning algorithm, CGP is designed for all staff members, regardless of their level of cyber expertise. It helps keep two key human defense traits “in shape”: alertness and responsiveness. This is achieved by simulating Phishing and Smishing attacks, which are sent to all users at a frequency set by the organization—typically about once a month per user.
The Machine Learning management engine can automatically adapt simulations, creating personalized training programs for each user and reducing human involvement to just the campaign approval stage. The emails and SMS messages selected by the system cover different topics and difficulty levels, tailored to the company’s specific needs and each user’s behavioral characteristics. These are sent at varying intervals, but consistently on different days and times to minimize the “word of mouth” effect.
This personalized training approach is a major strength of the platform, turning attack simulations from a simple test of user skills into a true learning journey, guided by a digital “personal trainer”—all without adding organizational or management complexity.
Figure 4 - The analysis engine places users into different categories based on their actual abilities.
If a user falls for a simulation, they are guided through a specific dynamic landing page into a step-by-step learning path, where they’ll receive helpful tips to improve their ability to spot attacks. On the other hand, more attentive users can “report” a simulated attack, demonstrating their awareness. The platform offers several ways to implement the reporting mechanism, including the easy creation of dedicated buttons that can be added to the email client used by users (desktop app, web app, or smartphone app).
If the automated Machine Learning engine identifies groups of users who remain particularly vulnerable to attack simulations, the training can be reinforced by creating targeted reinforcement campaigns (remediation campaigns). The platform is designed to make these actions as simple as possible, automatically suggesting the most effective steps based on the situation detected.
The solution includes advanced graphical reporting and analysis tools—a true business intelligence resource that allows managers to track user progress and identify the most vulnerable areas of the organization, where automatic or manual remediation paths can be activated.
Figure 2 - User skills analysis dashboard.
As described, CGP is a natural addition to the Cyber Guru training programs, boosting individuals’ responsiveness to phishing-based attacks. Since the greatest security threats to organizations often lurk in the email inboxes of employees and collaborators, the phishing attack simulations carried out by Cyber Guru Phishing—customized to each user’s unique characteristics—help employees and collaborators change their behavior and quickly spot attacks coming via email, SMS, USB, and QR Code.