Regularly review Reports > Attack Simulator Insights to measure the effectiveness of phishing training.

  • This topic is empty.
  • Post
    • December 12, 2024 at 10:03 pm
    Weekend Wiki
    Keymaster
    The Attack Simulator Insights in Microsoft Defender for Office 365 provides detailed metrics on the performance and effectiveness of phishing simulations and user training. This data helps organizations assess user susceptibility to phishing attacks and the success of training initiatives. Here’s how to regularly review and leverage these insights:

    1. Accessing Attack Simulator Insights

    1. Log in to the Microsoft 365 Defender Portal:
      https://security.microsoft.com.
    2. Navigate to Email & Collaboration > Attack Simulation Training.
    3. On the dashboard, click Insights to view the summary and detailed reports of your simulations.

    2. Key Metrics in the Insights Dashboard

    The dashboard provides several important metrics:

    • Click Rate: Percentage of users who clicked on simulated phishing links.
    • Credential Submission Rate: Percentage of users who entered credentials after clicking.
    • Email Open Rate: Percentage of users who opened phishing simulation emails.
    • User Training Status: Shows which users have completed assigned training.

    3. Analyzing the Data

    Identify High-Risk Users

    • Use the User Breakdown section to find users who are repeatedly failing simulations or ignoring training assignments.
    • These users may need targeted training or follow-up sessions.

    Track Improvement Over Time

    • Compare results from multiple simulations to measure whether click rates or credential submission rates are decreasing.

    Assess the Effectiveness of Training

    • Evaluate the correlation between training completion and improved phishing resistance.
    • Check if users who completed training have lower click rates compared to those who haven’t.

    4. Scheduling Regular Reviews

    Frequency

    • Review insights monthly or after each simulation to ensure timely identification of risks.

    Automated Notifications

    • Use Microsoft Defender’s alerting feature to notify administrators of simulation results.

    Export Reports

    • Export insights as CSV or PDF for management reviews or compliance purposes:
      • Click Export Data in the Insights dashboard.
      • Use this data in presentations or external tools like Power BI for visualization.

    5. Best Practices for Ongoing Phishing Training

    1. Create Varied Simulations:
      • Use different templates, such as credential harvesting or ransomware links, to train users on diverse phishing threats.
    2. Rotate User Groups:
      • Target different departments or risk groups over time to ensure comprehensive coverage.
    3. Gamify Training:
      • Reward users with the best performance or lowest click rates to encourage engagement.
    4. Automate Training:
      • Configure the system to assign training automatically to users who fail a simulation.

    6. Example Workflow

    1. Launch a phishing simulation targeting 20% of users with a credential harvesting template.
    2. After 7 days, review the following:
      • Email open rate.
      • Click-through rate.
      • Credential submission rate.
    3. Assign follow-up training to users who failed the simulation.
    4. Monitor the training completion rates in the Insights dashboard.
    5. After 1 month, run a follow-up simulation to measure improvement.

    Would you like help setting up or customizing simulations, or automating reports for attack simulations? email us at [email protected]

  • You must be logged in to reply to this topic.
en_USEnglish
arArabic en_USEnglish