Assess: Identify Your Most Vulnerable Users and Top Clickers
Security Awareness Training
The first step to building an impactful security awareness programme is to assess the current state of your programme—who your vulnerable users are, what they know, and what they believe. Proofpoint Security Awareness Training provides you with a range of valuable tools, including phishing simulations, tests, culture assessments, and internal cybersecurity assessments. These help you establish a baseline by identifying your most vulnerable users, your Very Attacked People™, what user attitudes and beliefs are about security awareness, and your current gaps. And it allows you to focus your programme on real risk by assessing users with real-world threats.
See user risk through a whole new lens
Proofpoint helps you identify your most vulnerable users, including top clickers and users that are being targeted with a significant volume of attacks. With this, you get a data-driven security awareness programme that goes beyond phishing simulation. We provide you with unique insights of user risk profiles that are based on users’ interaction with real world threats. This means you can assess and identify those who need the most attention, and easily assign them targeted education with our built-in automation.
Proofpoint also helps you understand how users feel about security and what they believe. Our culture assessment tool provides insights into the current state of your culture so you can determine what needs to be changed.
- Conduct a more targeted, sophisticated phishing campaign that simulates real-world attacks.
- Provide thousands of templates of simulated phishing, SMS, and USB attacks based on lures seen in tens of billions of messages a day by Proofpoint threat intelligence.
- Easily send predefined knowledge assessments on today’s most important cybersecurity and compliance topics to get a baseline on user security awareness knowledge.
- Auto enrol users who fall for simulated attacks and fail knowledge assessments into targeted simulated phishing tests and additional training.
- Phishing tests allow you to uncover your Very Attacked People and top clickers via integration with the Proofpoint email security solution.
- Assign users short culture assessments to learn more about their attitudes towards security and implement the right changes to motivate users.
Use Threat Intel to Form Your Program
Proofpoint provides your people with timely education of emerging threats seen at scale. Reinforce cybersecurity best practices with threat-driven content and phishing simulations that mimic real-world threats.
Watch the Demo
You can set up phishing simulations and tests, USB, SMS, and SMShing campaigns in minutes. This allows you to gauge your users’ susceptibility to these important threat vectors. You also get unique insights into user vulnerability. And you can easily see if your users demonstrate consistent positive reporting behaviour by flagging simulated messages using the PhishAlarm email reporting button.
Learn More About Very Attacked People
You get predefined cybersecurity assessments and tests on topics such as data protection, passwords, compliance, phishing and more. What’s more, our Adaptive Learning Assessments lets you assign users with questions that relate to the individual training modules you assign—helping you uncover specific user knowledge gaps and decide what training to assign them in the future. Our assessments help you answer questions such as:
- What do my users know?
- Who are my most and least knowledgeable users?
- Which security topics do my users struggle with?
How security-aware are your users?
Proofpoint provides a concise survey to help you gauge your security culture, evaluating the three dimensions below:
- Responsibility: Do employees feel that they and their coworkers are responsible for acting to prevent cybersecurity threats?
- Importance: Do employees believe a threat could affect them personally?
- Empowerment: Do employees feel empowered to identify and report suspicious behaviour?
Learn more about security culture in this blog.
Learn more about why measuring cybersecurity culture is important and impactful to running an effective security awareness programme
Very Attacked People
Dive deeper into the current state of your security awareness programme and user vulnerability via integrations with our Threat Protection Platform.
Uncover who your Very Attacked People are. Learn how they’re being attacked and by what types of threats, and whether they’re engaging with malicious messages. By combining this information with phishing test results, you can focus your programme on these highly vulnerable users. This will more effectively reduce your overall risk.
Learn more about Very Attacked People and top clickers
Nexus People Risk Explorer
Improve your visibility into people risk using vulnerability, attack and privilege data. Using Nexus People Risk Explorer, you can look at a subset of the organisation and get a ranked list of risky users. Analyse the list of vulnerabilities based on the security controls you have (such as security awareness training). And get information on the users that each control should be applied to, along with a risk reduction score if a particular control is applied.
Learn more about Nexus People Risk Explorer
“User awareness training is working. Halifax Health now has an extremely low malicious-link click rate of 1% to 2% among its 4,000 employees.”
Halifax HealthRead customer story
“We are…moving to provide Proofpoint Security Awareness Training to [our] employees to proactively keep pace with the changing threat landscape. As attacks change, [we] want to ensure that [our] employees are always aware of the most current best practices. This will keep protection as strong as possible. In the past, it might take us four weeks to manually configure such a campaign…now with PSAT, we can set it up in minutes.”
AgravisRead customer story
“Our employee phishing click index remains at industry-best levels, at or below 15 clicks per 100,000 attacks. In one month, we measured the smallest number of clicks on suspicious emails—just 36 total…and our employees continue to show improved phishing awareness through these internal measures.”