Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Dynamic Assignment of Cybersecurity Training

Understand the mechanics behind Dune's User Adaptive security awareness training.

Dune Security employs a sophisticated method for dynamically assigning training videos to users based on the points of weakness displayed when interacting with testing assets. This process ensures that each employee receives targeted and effective training to improve their cybersecurity awareness and reduce organizational risk. 

1. Data Collection and Analysis

User Interactions and Behavioral Data

  • Simulated Attacks: Dune Security tests users with various simulated social engineering attacks, including phishing, smishing, quishing, vishing, and more. These simulations are designed to mimic real-world scenarios closely​​​​, and are informed by threat-intelligence feeds.
  • Risk Behaviors Collected: Frequency and severity of risky behaviors are tracked, such as replying to test emails, clicking on malicious links, entering credentials into fake portals, falling for MFA attacks, downloading suspicious attachments​​​, and running executables.

Contextual Risk Factors

  • User-Specific Data: The user’s title is collected during user provisioning and is run through Dune Security’s Blast Radius Analysis, which standardizes hierarchical level and functions of each user within Dune’s system.  This Blast Radius serves two purposes: (1) It serves as a multiplier on the individual User Risk Score & (2) it helps to tailor simulated testing to the individual’s assumed level of access to sensitive information and potential impact within the organization​​​​.

2. Risk Scoring and Weakness Identification

User Risk Score (URS) Calculation

The User Risk Score (URS) quantifies an individual’s vulnerability based on several factors:

  • Frequency of Failures: How often an employee fails to identify and properly respond to simulated attacks.
  • Severity of Failures: The potential damage caused by these failures, such as clicking on malicious links or entering sensitive information​​​​.
  • Contextual Risk Factors (CRF): Personalized data points that consider the user’s role and exposure to risk within the organization​​.

3. Dynamic Assignment of Training Videos

Training Based on Identified Weaknesses

  • Content Method: Training content is categorized by method (e.g., email, SMS), difficulty level, and the specific type of attack vector (e.g., phishing, smishing)​​.
  • Motivational Factors: Training incorporates various motivational factors such as urgency, authority, fear, and curiosity to address the psychological tactics used in social engineering attacks​​.

Personalized Training Modules

  • Adaptive Learning: Based on the URS and specific failures, Dune Security assigns targeted training modules to employees. These modules are designed to address the particular weaknesses identified during the simulations​​.
  • Bite-Sized Training: Training is delivered in small, manageable segments to ensure it is effective without being overwhelming. This method also allows for quick learning assessments to confirm understanding and retention of the material​​.

4. Continuous Monitoring and Reassessment

Ongoing Risk Evaluation

  • Real-Time Updates: The URS is dynamically updated as employees complete training modules and interact with new simulations. This continuous feedback loop ensures that training remains relevant and effective​​​​.
  • Periodic Model Re-Training: The AI model is periodically re-trained with new threat intelligence data to stay current with evolving social engineering tactics and provide robust protection against the latest threats​​​​.

Comprehensive Reporting

  • Multi-Level Insights: Detailed reports and dashboards provide insights at user, departmental, and organizational levels. These reports help administrators understand trends, identify high-risk areas, and make informed decisions about additional training and security measures​​​​.

By leveraging advanced AI and machine learning techniques, Dune Security’s platform ensures that training is not only targeted and timely but also continuously adapts to the evolving threat landscape and individual user behavior. This dynamic approach significantly enhances the effectiveness of security training and reduces the overall risk to the organization.