Abstract: Aspects of the disclosure relate to providing training and information based on simulated cybersecurity attack difficulty. A computing platform may retrieve data associated with a plurality of attack templates for simulating cybersecurity attacks. Subsequently, the computing platform may use one or more models to compute a predicted failure rate for each template of the plurality of attack templates in order to yield a plurality of predicted failure rates for an organization. Based on the plurality of predicted failure rates, the computing platform may use one or more of the plurality of attack templates to configure a simulated cybersecurity attack on the organization. Then, the computing platform may send, via the communication interface, to an administrator user device associated with the organization, information about the simulated cybersecurity attack and may execute the simulated cybersecurity attack.

Abstract: An electronic device will identify an electronic message received by a messaging client that is associated with a first recipient, and it will analyze the electronic message to determine whether the electronic message is a simulated malicious message. Upon determining that electronic message is a simulated malicious message, the device will identify an actuatable element in the electronic message. The actuatable element will include a service address. The device will modify the electronic message by appending a user identifier of the first recipient to the service address of the actuatable element. Then, when the actuatable element is actuated, the system may determine whether the first recipient actuated the actuatable element or an alternate recipient did so based on whether the user identifier of the first recipient is still appended (or is the only user identifier appended) to the actuatable element.

Abstract: Various embodiments assess security risks of users in computing networks. In some embodiments, an interaction item is sent to an end user electronic device. When the end user interacts with the interaction item, the system collects feedback data that includes information about the user's interaction with the interaction item, as well as technical information about the electronic device. The feedback is compared to a plurality of security risk scoring metrics. Based on this comparison, a security risk score for the user with respect to a computing network.

Abstract: Various embodiments assess security risks of users in computing networks. In some embodiments, an interaction item is sent to an end user electronic device. When the end user interacts with the interaction item, the system collects feedback data that includes information about the user's interaction with the interaction item, as well as technical information about the electronic device. The feedback is compared to a plurality of security risk scoring metrics. Based on this comparison, a security risk score for the user with respect to a computing network.

Abstract: Aspects of the disclosure relate to providing training and information based on simulated cybersecurity attack difficulty. A computing platform may retrieve data associated with a plurality of attack templates for simulating cybersecurity attacks. Subsequently, the computing platform may use one or more models to compute a predicted failure rate for each template of the plurality of attack templates in order to yield a plurality of predicted failure rates for an organization. Based on the plurality of predicted failure rates, the computing platform may use one or more of the plurality of attack templates to configure a simulated cybersecurity attack on the organization. Then, the computing platform may send, via the communication interface, to an administrator user device associated with the organization, information about the simulated cybersecurity attack and may execute the simulated cybersecurity attack.

Abstract: Aspects of the disclosure relate to dynamically providing cybersecurity training based on user-specific threat information. A computing platform may receive, from a targeted attack protection (TAP) server, user-specific threat information indicating at least one threat that has been encountered by at least one user. The computing platform may identify one or more users to receive cybersecurity training in a first cybersecurity training topic based on the user-specific threat information indicating the at least one threat that has been encountered by the at least one user. Subsequently, the computing platform may load one or more cybersecurity training modules based on identifying the one or more users to receive the cybersecurity training in the first cybersecurity training topic. Then, the computing platform may provide the one or more cybersecurity training modules to one or more user computing devices.