Abstract: Systems and methods are described for security maturity determination. Initially, first value for security knowledge level and second value for security awareness level of a user are determined. Further, third value for security culture level of a group of the user is determined. Thereafter, fourth value of security maturity of user is determined based at least on function of first value, second value, and third value. The user is then grouped into class of users comprising one or more additional users, wherein the fourth value of security maturity of the user falls within a predetermined range of security maturity values associated with class of users, class of users comprising one or more additional users. A phish prone percentage of user is benchmarked with phish phone percentage of one of one or more additional users of class of users. The benchmarking of phish prone percentage of user is displayed.

Abstract: Systems and methods are disclosed that are useful for minimizing organization risk in the case of a cybersecurity attack, through computer-based simulation of cybersecurity attacks, incident response tracking and incident response training provided responsive to the simulation outcome. A server is configured to execute a simulated cybersecurity attack on a plurality of users and their computer systems on a company network associated with a company, tracking responses such as interactions with at least one of the computer systems or network components to the simulated cybersecurity attack and validating whether one or more responses of a predetermined set of responses have occurred to minimize the impact of the simulated security attack on the entity.

Abstract: Systems and methods are disclosed for creating simulated phishing attack messages that have characteristics which make them appear genuine, while also having characteristics that a user should recognize as being false. Simulated phishing emails may appear to be more realistic to a recipient user if the user observes that the email has also been sent to an individual known to the recipient within the same company. However, it may not be desirable to send the simulated phishing email to such additional recipients. The systems and methods include communicating a simulated phishing email from a server of a simulated phishing attack system to a recipient user of an entity. The simulated phishing email appears to the recipient user as though it is also addressed to one or more non-recipient users of the entity, even though the email is not sent to the non-recipient users.

Abstract: Systems and methods are described for verifying whether simulated phishing communications are allowed to pass by a security system of an email system to email account of users. One or more email accounts of the email system with the security system may be identified to use for a delivery verification campaign. Further, one or more types of simulated phishing communications may be selected from a plurality of types of simulated phishing communications. The delivery verification campaign may be configured to include the selection of the one or more types of simulated phishing communications from the plurality of types of simulated phishing communications. The selected one or more types of simulated phishing communications of the delivery verification campaign may be communicated to the one or more email accounts. Further, whether or not each of the one or more types of simulated phishing communications was allowed by the security system to be received unchanged at the one or more email accounts.

Abstract: Systems and methods are described for leveraging the knowledge and security awareness of well-informed users in an organization to protect other users and train them to identify new phishing attacks. Initially, a report of a message being suspicious may be identified and it may be determined whether message is a malicious phishing message. In an example, a well-informed user of an organization may report the message as suspicious. Further, on determining the message to be a malicious phishing message, a simulated phishing message or a template may be created. The simulated phishing message may then be communicated to one or more devices of one or more users.

Abstract: System and methods are disclosed for organizations to run a test against an active directory list to see if any user-provided passwords have been part of an existing data breach. Utilizing information from such a test identifies users that have weak passwords, reused passwords or shared passwords that have been associated with an earlier breach. With this information, the organization can seek to reduce risk by training staff for this specific issue in a timely and appropriate manner to significantly reduce the risk of a future breach by those identified users. Training can be customized and targeted at those users who attempt to use passwords that have been associated with a breach (either of their own account or of another account on the same or related domain.

Abstract: Methods, systems and apparatus for implementing a security awareness program are provided which allow a device of a security awareness system to receive attributes of an implementation of a security awareness program from an entity, such as a company. Responsive to the attributes, the device determines a configuration for each of a baseline simulated phishing campaign, electronic based training of users of the entity for security awareness and one or more subsequent simulated phishing campaigns. The device initiates execution of the baseline simulated phishing campaign to identify a percentage of users of the entity that are phish-prone.

Abstract: The present disclosure describes systems and methods for using a template for a simulated phishing campaign, A database includes a plurality of templates for simulated phishing campaigns, each template of the plurality of templates identifying a list of a plurality of types of simulated phishing communications and at least a portion of content for the simulated phishing communications. A campaign controller selects a template from the plurality of templates for a simulated phishing campaign directed to a user of a plurality of users; and communicates, to one or more devices of the user a first type of simulated phishing communication of the plurality of types of simulated phishing communications with at least the portion of content identified by the template.

Abstract: Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed.

Abstract: The present disclosure describes systems and methods for determining a subsequent action of a simulated phishing campaign. A campaign controller identifies a starting action for a simulated phishing campaign directed to a user of a plurality of users. The simulated phishing campaign includes a plurality of actions, one or more of the plurality of actions to be determined during execution of the simulated phishing campaign The campaign controller responsive to the starting action, communicates a simulated phishing communication to one or more devices of a user. The campaign controller determines a subsequent action of the plurality of actions of the simulated phishing campaign based at least on one of a response to the simulated phishing communication received by the campaign controller or a lack of response within a predetermined time period and initiating, responsive to the determination, the subsequent action of the simulated phishing campaign.

Abstract: Systems and methods are described for tailoring shareable content object reference model (SCORM)-compliant content to one or more users. A learning management system (LMS), configured to be SCORM-compliant, initiates shareable content object (SCO) to provide content to users. The LMS implements an instance of application programming interface (API) comprising a plurality of functions to be called by SCO during runtime to access data model elements accessible via LMS. The LMS is configured to support one or more data model elements undefined by SCORM. Further, LMS receives a call to a function of the plurality of functions of the API from SCO to access information about users. The call references a name of a data model element undefined by SCORM. The data model element identifies information about users. The LMS provides information about the users to SCO and the SCO tailors the content to the users based on the information.

Abstract: Systems and methods are described for facilitating assessment of security awareness of a candidate prior to a decision on whether or not to hire the candidate. Security awareness of the candidate in association with an application for a job may be assessed using responses to one or more simulated phishing communications provided by the candidate. Responses to the one or more simulated phishing communications may be used to determine a risk score for the candidate. Further, the risk score for the candidate may be used to make a decision on whether or not to hire the candidate.

Abstract: Embodiments disclosed herein describe a server, for example a security awareness server or an artificial intelligence machine learning system that establishes a risk score or vulnerable for a user of a security awareness system, or for a group of users of a security awareness system. The server may create a frequency score for a user, which predicts the frequency at which the user is to be hit with a malicious attack. The frequency score may be based on at least a job score, which may be represented by a value that is based on the type of job the user has, and a breach score that may be represented by a value that is based on the user's level of exposure to email.

Abstract: The present disclosure describes systems and methods for using a model for a predetermined role for simulated phishing campaigns. A campaign controller communicates simulated phishing communications to one or more devices of a user using a model that the campaign controller selects from a plurality of models in a database that have been established for predetermined roles of a company. The model is selected based on one or more attributes of the user that are identified by the campaign controller. The campaign controller identifies one or more attributes of each user of a plurality of users for the simulated phishing campaign, and the campaign controller selects a respective model for each user based on the attributes of each user, wherein the models are not all the same for all of the users.

Abstract: The systems and methods disclose an automated effective template generation and recommendation for selection. A semantic similarity of a plurality of messages may be identified that at least meets a similarity threshold, each of the plurality of messages reported by a plurality of users as a potentially malicious message. The plurality of messages may be indexed under a common template identifier. One or more messages of the plurality of messages indexed under the common template identifier may be determined to have a report-to-reach ratio less than a report-to-reach threshold. Responsive to the determination, the one or more messages may be identified to be used for generating one or more simulated phishing templates. A recommendation of the one or more templates may be provided to a system administrator and/or a security awareness and simulation training platform to create and deliver simulated phishing messages using the templates.

Abstract: Methods and systems are provided for automated management of compliance training. One or more events triggered from one or more platforms that a user uses to carry out a job function is received via one or more adapters. In response to and based at least on the one or more events, a change of status of the user in the one or more platforms may be identified. Whether or not the change of status is to be allowed may be determined in each of the one or more platforms before the user completes a training. Responsive to the determination, the change of status of the user in the one or more platforms may be controlled.

Abstract: The present disclosure describes systems and method for performing a vulnerabilities assessment of an organization. A campaign controller executes one or more simulated phishing campaigns directed to a plurality of users of an organization, using a plurality of models determined by the campaign controller based at least on identification of the organization. The campaign controller stores to a database the results of execution of the one or more simulated phishing campaigns and based on the results, the campaign controller determines one or more vulnerabilities to phishing for the organization. In one embodiment, the campaign controller determines a percentage of the plurality of users of the organization that are phish-prone. In some embodiments, the users of the organization that are phish-prone interacted with a link of a simulated phishing communication.

Abstract: System and methods are disclosed for organizations to run a test against an active directory list to see if any user-provided passwords have been part of an existing data breach. Utilizing information from such a test identifies users that have weak passwords, reused passwords or shared passwords that have been associated with an earlier breach. With this information, the organization can seek to reduce risk by training staff for this specific issue in a timely and appropriate manner to significantly reduce the risk of a future breach by those identified users. Training can be customized and targeted at those users who attempt to use passwords that have been associated with a breach (either of their own account or of another account on the same or related domain.

Abstract: Systems and methods are described for leveraging the knowledge and security awareness of well-informed users in an organization to protect other users and train them to identify new phishing attacks. Initially, a report of a message being suspicious may be identified and it may be determined whether message is a malicious phishing message. In an example, a well-informed user of an organization may report the message as suspicious. Further, on determining the message to be a malicious phishing message, a simulated phishing message or a template may be created. The simulated phishing message may then be communicated to one or more devices of one or more users.

Abstract: The present disclosure describes systems and methods for using a template for a simulated phishing campaign, A database includes a plurality of templates for simulated phishing campaigns, each template of the plurality of templates identifying a list of a plurality of types of simulated phishing communications and at least a portion of content for the simulated phishing communications. A campaign controller selects a template from the plurality of templates for a simulated phishing campaign directed to a user of a plurality of users; and communicates, to one or more devices of the user a first type of simulated phishing communication of the plurality of types of simulated phishing communications with at least the portion of content identified by the template.