¿Qué es Conceptos Técnicos?

Conceptos Técnicos - Comfidentia

Simulaciones de Phishing (también “simulacros de phishing” o “pruebas de concienciación”) son herramientas de entrenamiento que simulan ataques de phishing reales para evaluar la concienciación del personal, identificar vulnerabilidades humanas y mejorar la respuesta a amenazas de ingeniería social. Estas simulaciones son parte fundamental de los programas de concienciación en seguridad y permiten a las organizaciones medir la efectividad de la formación e identificar empleados que necesitan capacitación adicional.

¿Qué son las Simulaciones de Phishing?

Las simulaciones de phishing son pruebas controladas que imitan ataques de phishing reales para medir la efectividad de los programas de concienciación en seguridad, identificar empleados vulnerables y proporcionar entrenamiento práctico.

Componentes del Sistema

Diseño de Simulaciones

Plantillas de Ataque: Diferentes tipos de ataques de phishing
Niveles de Dificultad: Simulaciones adaptadas al nivel de conocimiento
Personalización: Contenido específico para la organización
Realismo: Simulaciones que imitan ataques reales

Ejecución y Monitoreo

Envío Automatizado: Distribución automática de simulaciones
Seguimiento en Tiempo Real: Monitoreo de interacciones
Métricas de Comportamiento: Análisis de respuestas del personal
Alertas y Notificaciones: Notificaciones de eventos críticos

Análisis y Reportes

Métricas de Vulnerabilidad: Medición de susceptibilidad
Análisis de Tendencias: Identificación de patrones de comportamiento
Reportes Ejecutivos: Informes para la gerencia
Recomendaciones: Sugerencias de mejora

Sistema de Simulaciones

Gestión de Simulaciones

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
import pandas as pd
import numpy as np
from datetime import datetime, timedelta
import json
import random

class PhishingSimulationSystem:
    def __init__(self):
        self.simulations = {}
        self.templates = {}
        self.campaigns = {}
        self.results = {}
        self.behavior_analysis = {}
        self.improvement_recommendations = {}
    
    def create_phishing_template(self, template_id, template_config):
        """Crear plantilla de simulación de phishing"""
        self.templates[template_id] = {
            'template_id': template_id,
            'name': template_config['name'],
            'category': template_config['category'],
            'difficulty_level': template_config['difficulty_level'],
            'subject_line': template_config['subject_line'],
            'sender_name': template_config['sender_name'],
            'sender_email': template_config['sender_email'],
            'email_content': template_config['email_content'],
            'phishing_indicators': template_config.get('phishing_indicators', []),
            'social_engineering_tactics': template_config.get('social_engineering_tactics', []),
            'target_audience': template_config.get('target_audience', 'all'),
            'success_criteria': template_config.get('success_criteria', {}),
            'created_date': datetime.now(),
            'version': 1.0
        }
    
    def create_simulation_campaign(self, campaign_id, campaign_config):
        """Crear campaña de simulación"""
        self.campaigns[campaign_id] = {
            'campaign_id': campaign_id,
            'name': campaign_config['name'],
            'description': campaign_config['description'],
            'template_id': campaign_config['template_id'],
            'target_audience': campaign_config['target_audience'],
            'scheduling': campaign_config['scheduling'],
            'delivery_method': campaign_config.get('delivery_method', 'email'),
            'randomization': campaign_config.get('randomization', True),
            'follow_up_training': campaign_config.get('follow_up_training', True),
            'status': 'scheduled',
            'created_date': datetime.now(),
            'start_date': campaign_config.get('start_date'),
            'end_date': campaign_config.get('end_date'),
            'total_recipients': 0,
            'emails_sent': 0,
            'emails_delivered': 0,
            'emails_opened': 0,
            'links_clicked': 0,
            'attachments_opened': 0,
            'data_entered': 0,
            'reported_phishing': 0,
            'false_positives': 0
        }
    
    def execute_simulation(self, campaign_id, recipient_list):
        """Ejecutar simulación de phishing"""
        if campaign_id not in self.campaigns:
            return False
        
        campaign = self.campaigns[campaign_id]
        template = self.templates[campaign['template_id']]
        
        campaign['status'] = 'running'
        campaign['total_recipients'] = len(recipient_list)
        
        for recipient in recipient_list:
            simulation_id = f"SIM-{len(self.simulations) + 1}"
            
            # Crear simulación individual
            simulation = {
                'simulation_id': simulation_id,
                'campaign_id': campaign_id,
                'template_id': campaign['template_id'],
                'recipient_id': recipient['recipient_id'],
                'recipient_email': recipient['email'],
                'recipient_name': recipient['name'],
                'department': recipient.get('department', 'unknown'),
                'role': recipient.get('role', 'employee'),
                'risk_level': recipient.get('risk_level', 'medium'),
                'sent_date': datetime.now(),
                'delivered': False,
                'delivered_date': None,
                'opened': False,
                'opened_date': None,
                'link_clicked': False,
                'link_clicked_date': None,
                'attachment_opened': False,
                'attachment_opened_date': None,
                'data_entered': False,
                'data_entered_date': None,
                'reported_phishing': False,
                'reported_date': None,
                'response_time_minutes': None,
                'vulnerability_score': 0,
                'training_assigned': False
            }
            
            self.simulations[simulation_id] = simulation
            
            # Simular entrega
            if self.simulate_delivery():
                simulation['delivered'] = True
                simulation['delivered_date'] = datetime.now()
                campaign['emails_delivered'] += 1
            
            campaign['emails_sent'] += 1
        
        return True
    
    def simulate_delivery(self):
        """Simular entrega de email"""
        # Simular tasa de entrega del 95%
        return random.random() < 0.95
    
    def record_email_opened(self, simulation_id):
        """Registrar apertura de email"""
        if simulation_id not in self.simulations:
            return False
        
        simulation = self.simulations[simulation_id]
        
        if not simulation['opened']:
            simulation['opened'] = True
            simulation['opened_date'] = datetime.now()
            
            # Calcular tiempo de respuesta
            if simulation['delivered_date']:
                response_time = simulation['opened_date'] - simulation['delivered_date']
                simulation['response_time_minutes'] = response_time.total_seconds() / 60
            
            # Actualizar estadísticas de campaña
            campaign_id = simulation['campaign_id']
            if campaign_id in self.campaigns:
                self.campaigns[campaign_id]['emails_opened'] += 1
            
            # Calcular score de vulnerabilidad
            self.calculate_vulnerability_score(simulation_id)
        
        return True
    
    def record_link_clicked(self, simulation_id):
        """Registrar clic en enlace"""
        if simulation_id not in self.simulations:
            return False
        
        simulation = self.simulations[simulation_id]
        
        if not simulation['link_clicked']:
            simulation['link_clicked'] = True
            simulation['link_clicked_date'] = datetime.now()
            
            # Actualizar estadísticas de campaña
            campaign_id = simulation['campaign_id']
            if campaign_id in self.campaigns:
                self.campaigns[campaign_id]['links_clicked'] += 1
            
            # Recalcular score de vulnerabilidad
            self.calculate_vulnerability_score(simulation_id)
        
        return True
    
    def record_attachment_opened(self, simulation_id):
        """Registrar apertura de adjunto"""
        if simulation_id not in self.simulations:
            return False
        
        simulation = self.simulations[simulation_id]
        
        if not simulation['attachment_opened']:
            simulation['attachment_opened'] = True
            simulation['attachment_opened_date'] = datetime.now()
            
            # Actualizar estadísticas de campaña
            campaign_id = simulation['campaign_id']
            if campaign_id in self.campaigns:
                self.campaigns[campaign_id]['attachments_opened'] += 1
            
            # Recalcular score de vulnerabilidad
            self.calculate_vulnerability_score(simulation_id)
        
        return True
    
    def record_data_entered(self, simulation_id):
        """Registrar entrada de datos"""
        if simulation_id not in self.simulations:
            return False
        
        simulation = self.simulations[simulation_id]
        
        if not simulation['data_entered']:
            simulation['data_entered'] = True
            simulation['data_entered_date'] = datetime.now()
            
            # Actualizar estadísticas de campaña
            campaign_id = simulation['campaign_id']
            if campaign_id in self.campaigns:
                self.campaigns[campaign_id]['data_entered'] += 1
            
            # Recalcular score de vulnerabilidad
            self.calculate_vulnerability_score(simulation_id)
        
        return True
    
    def record_phishing_report(self, simulation_id):
        """Registrar reporte de phishing"""
        if simulation_id not in self.simulations:
            return False
        
        simulation = self.simulations[simulation_id]
        
        if not simulation['reported_phishing']:
            simulation['reported_phishing'] = True
            simulation['reported_date'] = datetime.now()
            
            # Actualizar estadísticas de campaña
            campaign_id = simulation['campaign_id']
            if campaign_id in self.campaigns:
                self.campaigns[campaign_id]['reported_phishing'] += 1
            
            # Recalcular score de vulnerabilidad
            self.calculate_vulnerability_score(simulation_id)
        
        return True
    
    def calculate_vulnerability_score(self, simulation_id):
        """Calcular score de vulnerabilidad"""
        if simulation_id not in self.simulations:
            return 0
        
        simulation = self.simulations[simulation_id]
        
        score = 0
        
        # Puntos por acciones de riesgo
        if simulation['opened']:
            score += 10
        
        if simulation['link_clicked']:
            score += 30
        
        if simulation['attachment_opened']:
            score += 40
        
        if simulation['data_entered']:
            score += 50
        
        # Puntos negativos por reportar
        if simulation['reported_phishing']:
            score -= 20
        
        # Ajustar por tiempo de respuesta
        if simulation['response_time_minutes'] is not None:
            if simulation['response_time_minutes'] < 5:  # Respuesta muy rápida
                score += 10
            elif simulation['response_time_minutes'] > 60:  # Respuesta lenta
                score -= 5
        
        # Ajustar por nivel de riesgo del usuario
        risk_level = simulation.get('risk_level', 'medium')
        if risk_level == 'high':
            score *= 1.2
        elif risk_level == 'low':
            score *= 0.8
        
        simulation['vulnerability_score'] = max(0, min(100, score))
        return simulation['vulnerability_score']
    
    def analyze_campaign_results(self, campaign_id):
        """Analizar resultados de campaña"""
        if campaign_id not in self.campaigns:
            return None
        
        campaign = self.campaigns[campaign_id]
        campaign_simulations = [s for s in self.simulations.values() if s['campaign_id'] == campaign_id]
        
        if not campaign_simulations:
            return None
        
        # Métricas básicas
        total_simulations = len(campaign_simulations)
        delivered_simulations = len([s for s in campaign_simulations if s['delivered']])
        opened_simulations = len([s for s in campaign_simulations if s['opened']])
        clicked_simulations = len([s for s in campaign_simulations if s['link_clicked']])
        data_entered_simulations = len([s for s in campaign_simulations if s['data_entered']])
        reported_simulations = len([s for s in campaign_simulations if s['reported_phishing']])
        
        # Calcular tasas
        delivery_rate = (delivered_simulations / total_simulations * 100) if total_simulations > 0 else 0
        open_rate = (opened_simulations / delivered_simulations * 100) if delivered_simulations > 0 else 0
        click_rate = (clicked_simulations / total_simulations * 100) if total_simulations > 0 else 0
        data_entry_rate = (data_entered_simulations / total_simulations * 100) if total_simulations > 0 else 0
        report_rate = (reported_simulations / total_simulations * 100) if total_simulations > 0 else 0
        
        # Calcular score de vulnerabilidad promedio
        vulnerability_scores = [s['vulnerability_score'] for s in campaign_simulations]
        avg_vulnerability_score = sum(vulnerability_scores) / len(vulnerability_scores) if vulnerability_scores else 0
        
        # Análisis por departamento
        dept_analysis = {}
        for sim in campaign_simulations:
            dept = sim.get('department', 'unknown')
            if dept not in dept_analysis:
                dept_analysis[dept] = {
                    'total': 0,
                    'clicked': 0,
                    'reported': 0,
                    'vulnerability_scores': []
                }
            
            dept_analysis[dept]['total'] += 1
            if sim['link_clicked']:
                dept_analysis[dept]['clicked'] += 1
            if sim['reported_phishing']:
                dept_analysis[dept]['reported'] += 1
            
            dept_analysis[dept]['vulnerability_scores'].append(sim['vulnerability_score'])
        
        # Calcular métricas por departamento
        for dept, data in dept_analysis.items():
            data['click_rate'] = (data['clicked'] / data['total'] * 100) if data['total'] > 0 else 0
            data['report_rate'] = (data['reported'] / data['total'] * 100) if data['total'] > 0 else 0
            data['avg_vulnerability'] = sum(data['vulnerability_scores']) / len(data['vulnerability_scores']) if data['vulnerability_scores'] else 0
        
        # Análisis temporal
        hourly_analysis = {}
        for sim in campaign_simulations:
            if sim['opened_date']:
                hour = sim['opened_date'].hour
                if hour not in hourly_analysis:
                    hourly_analysis[hour] = {'opened': 0, 'clicked': 0, 'reported': 0}
                
                hourly_analysis[hour]['opened'] += 1
                if sim['link_clicked']:
                    hourly_analysis[hour]['clicked'] += 1
                if sim['reported_phishing']:
                    hourly_analysis[hour]['reported'] += 1
        
        # Determinar nivel de riesgo
        risk_level = self.determine_campaign_risk_level(avg_vulnerability_score, click_rate, data_entry_rate, report_rate)
        
        results = {
            'campaign_id': campaign_id,
            'total_simulations': total_simulations,
            'delivery_rate': delivery_rate,
            'open_rate': open_rate,
            'click_rate': click_rate,
            'data_entry_rate': data_entry_rate,
            'report_rate': report_rate,
            'avg_vulnerability_score': avg_vulnerability_score,
            'risk_level': risk_level,
            'department_analysis': dept_analysis,
            'hourly_analysis': hourly_analysis,
            'vulnerable_users': len([s for s in campaign_simulations if s['vulnerability_score'] > 70]),
            'high_risk_users': len([s for s in campaign_simulations if s['vulnerability_score'] > 90])
        }
        
        return results
    
    def determine_campaign_risk_level(self, avg_vulnerability, click_rate, data_entry_rate, report_rate):
        """Determinar nivel de riesgo de la campaña"""
        risk_score = 0
        
        # Factores de riesgo
        if avg_vulnerability > 80:
            risk_score += 40
        elif avg_vulnerability > 60:
            risk_score += 30
        elif avg_vulnerability > 40:
            risk_score += 20
        
        if click_rate > 30:
            risk_score += 25
        elif click_rate > 20:
            risk_score += 15
        
        if data_entry_rate > 15:
            risk_score += 30
        elif data_entry_rate > 10:
            risk_score += 20
        
        if report_rate < 10:
            risk_score += 15
        elif report_rate < 20:
            risk_score += 10
        
        # Determinar nivel
        if risk_score >= 80:
            return 'critical'
        elif risk_score >= 60:
            return 'high'
        elif risk_score >= 40:
            return 'medium'
        else:
            return 'low'
    
    def generate_improvement_recommendations(self, campaign_id):
        """Generar recomendaciones de mejora"""
        results = self.analyze_campaign_results(campaign_id)
        if not results:
            return []
        
        recommendations = []
        
        # Recomendaciones basadas en métricas generales
        if results['click_rate'] > 25:
            recommendations.append({
                'type': 'click_rate',
                'priority': 'high',
                'description': f"Alta tasa de clics ({results['click_rate']:.1f}%) - implementar entrenamiento adicional en identificación de phishing",
                'action': 'Schedule additional phishing awareness training'
            })
        
        if results['data_entry_rate'] > 15:
            recommendations.append({
                'type': 'data_entry',
                'priority': 'critical',
                'description': f"Alta tasa de entrada de datos ({results['data_entry_rate']:.1f}%) - riesgo crítico de compromiso",
                'action': 'Implement immediate security awareness intervention'
            })
        
        if results['report_rate'] < 15:
            recommendations.append({
                'type': 'reporting',
                'priority': 'high',
                'description': f"Baja tasa de reporte ({results['report_rate']:.1f}%) - mejorar canales de reporte y incentivos",
                'action': 'Improve reporting channels and create reporting incentives'
            })
        
        if results['avg_vulnerability_score'] > 70:
            recommendations.append({
                'type': 'vulnerability',
                'priority': 'high',
                'description': f"Alto score de vulnerabilidad ({results['avg_vulnerability_score']:.1f}) - revisar programa de concienciación",
                'action': 'Review and enhance security awareness program'
            })
        
        # Recomendaciones basadas en análisis por departamento
        for dept, data in results['department_analysis'].items():
            if data['click_rate'] > 40:
                recommendations.append({
                    'type': 'department_training',
                    'priority': 'medium',
                    'description': f"Entrenamiento específico para {dept} - alta tasa de clics ({data['click_rate']:.1f}%)",
                    'action': f"Schedule department-specific training for {dept}"
                })
            
            if data['avg_vulnerability'] > 80:
                recommendations.append({
                    'type': 'department_intervention',
                    'priority': 'high',
                    'description': f"Intervención inmediata para {dept} - score de vulnerabilidad crítico ({data['avg_vulnerability']:.1f})",
                    'action': f"Implement immediate intervention for {dept}"
                })
        
        # Recomendaciones basadas en usuarios de alto riesgo
        if results['high_risk_users'] > 0:
            recommendations.append({
                'type': 'high_risk_users',
                'priority': 'critical',
                'description': f"{results['high_risk_users']} usuarios de alto riesgo identificados - atención inmediata requerida",
                'action': 'Schedule one-on-one security training for high-risk users'
            })
        
        return recommendations
    
    def generate_campaign_report(self, campaign_id):
        """Generar reporte de campaña"""
        if campaign_id not in self.campaigns:
            return None
        
        campaign = self.campaigns[campaign_id]
        results = self.analyze_campaign_results(campaign_id)
        
        if not results:
            return None
        
        recommendations = self.generate_improvement_recommendations(campaign_id)
        
        report = {
            'campaign_id': campaign_id,
            'campaign_name': campaign['name'],
            'template_name': self.templates[campaign['template_id']]['name'],
            'report_date': datetime.now(),
            'executive_summary': {
                'total_participants': results['total_simulations'],
                'risk_level': results['risk_level'],
                'key_metrics': {
                    'click_rate': results['click_rate'],
                    'data_entry_rate': results['data_entry_rate'],
                    'report_rate': results['report_rate'],
                    'avg_vulnerability': results['avg_vulnerability_score']
                }
            },
            'detailed_results': results,
            'recommendations': recommendations,
            'next_steps': self.generate_next_steps(recommendations),
            'status': campaign['status']
        }
        
        return report
    
    def generate_next_steps(self, recommendations):
        """Generar próximos pasos basados en recomendaciones"""
        next_steps = []
        
        critical_recommendations = [r for r in recommendations if r['priority'] == 'critical']
        high_recommendations = [r for r in recommendations if r['priority'] == 'high']
        
        if critical_recommendations:
            next_steps.append({
                'timeline': 'Immediate',
                'actions': [r['action'] for r in critical_recommendations],
                'priority': 'Critical'
            })
        
        if high_recommendations:
            next_steps.append({
                'timeline': 'Within 1 week',
                'actions': [r['action'] for r in high_recommendations],
                'priority': 'High'
            })
        
        medium_recommendations = [r for r in recommendations if r['priority'] == 'medium']
        if medium_recommendations:
            next_steps.append({
                'timeline': 'Within 1 month',
                'actions': [r['action'] for r in medium_recommendations],
                'priority': 'Medium'
            })
        
        return next_steps

# Ejemplo de uso
phishing_sim = PhishingSimulationSystem()

# Crear plantilla de phishing
phishing_sim.create_phishing_template('TEMP-001', {
    'name': 'Banking Phishing Simulation',
    'category': 'financial',
    'difficulty_level': 'medium',
    'subject_line': 'Urgent: Verify Your Account Information',
    'sender_name': 'Security Team',
    'sender_email': 'security@bank.com',
    'email_content': 'Please click the link below to verify your account...',
    'phishing_indicators': ['urgent_language', 'suspicious_link', 'generic_greeting'],
    'social_engineering_tactics': ['urgency', 'authority', 'fear'],
    'target_audience': 'all_employees'
})

# Crear campaña de simulación
phishing_sim.create_simulation_campaign('CAMP-001', {
    'name': 'Q1 2025 Phishing Simulation',
    'description': 'Simulación de phishing para evaluar concienciación',
    'template_id': 'TEMP-001',
    'target_audience': 'all_employees',
    'scheduling': 'immediate',
    'delivery_method': 'email',
    'randomization': True,
    'follow_up_training': True
})

# Lista de destinatarios
recipients = [
    {'recipient_id': 'EMP-001', 'email': 'john.doe@company.com', 'name': 'John Doe', 'department': 'HR', 'role': 'manager'},
    {'recipient_id': 'EMP-002', 'email': 'jane.smith@company.com', 'name': 'Jane Smith', 'department': 'IT', 'role': 'engineer'},
    {'recipient_id': 'EMP-003', 'email': 'bob.wilson@company.com', 'name': 'Bob Wilson', 'department': 'Finance', 'role': 'analyst'}
]

# Ejecutar simulación
phishing_sim.execute_simulation('CAMP-001', recipients)

# Simular eventos
phishing_sim.record_email_opened('SIM-1')
phishing_sim.record_link_clicked('SIM-1')
phishing_sim.record_phishing_report('SIM-2')

# Generar reporte
report = phishing_sim.generate_campaign_report('CAMP-001')
print(f"Reporte de simulación: {report['campaign_name']}")
print(f"Nivel de riesgo: {report['executive_summary']['risk_level']}")
print(f"Tasa de clics: {report['executive_summary']['key_metrics']['click_rate']:.1f}%")

Análisis de Comportamiento

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
class BehaviorAnalysis:
    def __init__(self):
        self.behavior_patterns = {}
        self.risk_profiles = {}
        self.training_recommendations = {}
    
    def analyze_user_behavior(self, user_id, simulation_history):
        """Analizar comportamiento de usuario específico"""
        if not simulation_history:
            return None
        
        # Calcular métricas de comportamiento
        total_simulations = len(simulation_history)
        clicked_count = len([s for s in simulation_history if s['link_clicked']])
        reported_count = len([s for s in simulation_history if s['reported_phishing']])
        data_entered_count = len([s for s in simulation_history if s['data_entered']])
        
        # Calcular tasas
        click_rate = (clicked_count / total_simulations * 100) if total_simulations > 0 else 0
        report_rate = (reported_count / total_simulations * 100) if total_simulations > 0 else 0
        data_entry_rate = (data_entered_count / total_simulations * 100) if total_simulations > 0 else 0
        
        # Calcular score de vulnerabilidad promedio
        vulnerability_scores = [s['vulnerability_score'] for s in simulation_history]
        avg_vulnerability = sum(vulnerability_scores) / len(vulnerability_scores) if vulnerability_scores else 0
        
        # Análisis de tendencias
        trend_analysis = self.analyze_behavior_trends(simulation_history)
        
        # Crear perfil de riesgo
        risk_profile = self.create_risk_profile(click_rate, report_rate, data_entry_rate, avg_vulnerability, trend_analysis)
        
        behavior_analysis = {
            'user_id': user_id,
            'total_simulations': total_simulations,
            'click_rate': click_rate,
            'report_rate': report_rate,
            'data_entry_rate': data_entry_rate,
            'avg_vulnerability': avg_vulnerability,
            'risk_profile': risk_profile,
            'trend_analysis': trend_analysis,
            'training_recommendations': self.generate_user_training_recommendations(risk_profile, trend_analysis)
        }
        
        return behavior_analysis
    
    def analyze_behavior_trends(self, simulation_history):
        """Analizar tendencias de comportamiento"""
        if len(simulation_history) < 3:
            return {'trend': 'insufficient_data'}
        
        # Ordenar por fecha
        sorted_simulations = sorted(simulation_history, key=lambda x: x['sent_date'])
        
        # Analizar tendencia de vulnerabilidad
        vulnerability_trend = [s['vulnerability_score'] for s in sorted_simulations]
        
        # Calcular tendencia usando regresión lineal
        x = np.arange(len(vulnerability_trend))
        y = np.array(vulnerability_trend)
        
        if len(x) > 1:
            slope = np.polyfit(x, y, 1)[0]
            if slope > 5:
                trend = 'increasing_risk'
            elif slope < -5:
                trend = 'decreasing_risk'
            else:
                trend = 'stable'
        else:
            trend = 'stable'
        
        # Analizar patrones de respuesta
        response_patterns = {
            'consistent_clicker': len([s for s in sorted_simulations if s['link_clicked']]) > len(sorted_simulations) * 0.7,
            'consistent_reporter': len([s for s in sorted_simulations if s['reported_phishing']]) > len(sorted_simulations) * 0.7,
            'improving': trend == 'decreasing_risk',
            'declining': trend == 'increasing_risk'
        }
        
        return {
            'vulnerability_trend': trend,
            'response_patterns': response_patterns,
            'data_points': len(sorted_simulations)
        }
    
    def create_risk_profile(self, click_rate, report_rate, data_entry_rate, avg_vulnerability, trend_analysis):
        """Crear perfil de riesgo del usuario"""
        risk_score = 0
        
        # Factores de riesgo
        if click_rate > 50:
            risk_score += 30
        elif click_rate > 30:
            risk_score += 20
        elif click_rate > 15:
            risk_score += 10
        
        if data_entry_rate > 20:
            risk_score += 40
        elif data_entry_rate > 10:
            risk_score += 25
        elif data_entry_rate > 5:
            risk_score += 15
        
        if report_rate < 10:
            risk_score += 20
        elif report_rate < 25:
            risk_score += 10
        
        if avg_vulnerability > 80:
            risk_score += 30
        elif avg_vulnerability > 60:
            risk_score += 20
        elif avg_vulnerability > 40:
            risk_score += 10
        
        # Ajustar por tendencias
        if trend_analysis['vulnerability_trend'] == 'increasing_risk':
            risk_score += 15
        elif trend_analysis['vulnerability_trend'] == 'decreasing_risk':
            risk_score -= 10
        
        # Determinar nivel de riesgo
        if risk_score >= 80:
            risk_level = 'critical'
        elif risk_score >= 60:
            risk_level = 'high'
        elif risk_score >= 40:
            risk_level = 'medium'
        else:
            risk_level = 'low'
        
        return {
            'risk_score': risk_score,
            'risk_level': risk_level,
            'risk_factors': {
                'high_click_rate': click_rate > 30,
                'high_data_entry': data_entry_rate > 15,
                'low_reporting': report_rate < 20,
                'high_vulnerability': avg_vulnerability > 70,
                'increasing_risk': trend_analysis['vulnerability_trend'] == 'increasing_risk'
            }
        }
    
    def generate_user_training_recommendations(self, risk_profile, trend_analysis):
        """Generar recomendaciones de entrenamiento para usuario"""
        recommendations = []
        
        risk_level = risk_profile['risk_level']
        risk_factors = risk_profile['risk_factors']
        
        if risk_level == 'critical':
            recommendations.append({
                'type': 'immediate_intervention',
                'priority': 'critical',
                'description': 'Usuario de riesgo crítico - intervención inmediata requerida',
                'actions': [
                    'One-on-one security training session',
                    'Additional phishing simulations',
                    'Regular follow-up assessments'
                ]
            })
        elif risk_level == 'high':
            recommendations.append({
                'type': 'intensive_training',
                'priority': 'high',
                'description': 'Usuario de alto riesgo - entrenamiento intensivo requerido',
                'actions': [
                    'Additional security awareness modules',
                    'Focused phishing training',
                    'Monthly assessments'
                ]
            })
        elif risk_level == 'medium':
            recommendations.append({
                'type': 'standard_training',
                'priority': 'medium',
                'description': 'Usuario de riesgo medio - entrenamiento estándar',
                'actions': [
                    'Regular security awareness training',
                    'Quarterly phishing simulations',
                    'Progress monitoring'
                ]
            })
        
        # Recomendaciones específicas basadas en factores de riesgo
        if risk_factors['high_click_rate']:
            recommendations.append({
                'type': 'click_prevention',
                'priority': 'high',
                'description': 'Entrenamiento específico en identificación de enlaces maliciosos',
                'actions': ['Link analysis training', 'URL verification techniques']
            })
        
        if risk_factors['high_data_entry']:
            recommendations.append({
                'type': 'data_protection',
                'priority': 'critical',
                'description': 'Entrenamiento crítico en protección de datos',
                'actions': ['Data handling training', 'Credential protection training']
            })
        
        if risk_factors['low_reporting']:
            recommendations.append({
                'type': 'reporting_improvement',
                'priority': 'medium',
                'description': 'Mejorar cultura de reporte de incidentes',
                'actions': ['Reporting process training', 'Incentive programs']
            })
        
        if risk_factors['increasing_risk']:
            recommendations.append({
                'type': 'trend_intervention',
                'priority': 'high',
                'description': 'Intervención para revertir tendencia de riesgo creciente',
                'actions': ['Intensive retraining', 'Behavioral coaching']
            })
        
        return recommendations

# Ejemplo de uso
behavior_analysis = BehaviorAnalysis()

# Simular historial de simulaciones para un usuario
user_simulation_history = [
    {
        'simulation_id': 'SIM-1',
        'sent_date': datetime.now() - timedelta(days=30),
        'link_clicked': True,
        'reported_phishing': False,
        'data_entered': True,
        'vulnerability_score': 85
    },
    {
        'simulation_id': 'SIM-2',
        'sent_date': datetime.now() - timedelta(days=20),
        'link_clicked': True,
        'reported_phishing': False,
        'data_entered': False,
        'vulnerability_score': 75
    },
    {
        'simulation_id': 'SIM-3',
        'sent_date': datetime.now() - timedelta(days=10),
        'link_clicked': False,
        'reported_phishing': True,
        'data_entered': False,
        'vulnerability_score': 45
    }
]

# Analizar comportamiento del usuario
user_analysis = behavior_analysis.analyze_user_behavior('USER-001', user_simulation_history)
print(f"Análisis de usuario: {user_analysis['risk_profile']['risk_level']}")
print(f"Tasa de clics: {user_analysis['click_rate']:.1f}%")
print(f"Recomendaciones: {len(user_analysis['training_recommendations'])}")

Mejores Prácticas

Diseño de Simulaciones

Realismo: Simulaciones que imiten ataques reales
Variedad: Diferentes tipos de ataques de phishing
Escalabilidad: Dificultad progresiva
Personalización: Contenido específico para la organización

Ejecución

Frecuencia: Simulaciones regulares pero no excesivas
Timing: Momento apropiado para envío
Seguimiento: Monitoreo en tiempo real
Feedback: Retroalimentación inmediata

Análisis

Métricas Relevantes: Enfocarse en métricas que importan
Tendencias: Análisis de patrones de comportamiento
Personalización: Análisis individual y por departamento
Accionabilidad: Recomendaciones específicas y accionables

Conceptos Relacionados

Programas de Concienciación - Marco que incluye simulaciones
Formación Especializada - Entrenamiento avanzado
Gobierno de la Seguridad de la Información - Marco que incluye simulaciones
Políticas y Procedimientos - Documentos que se enseñan
Evaluación de Riesgos - Proceso que incluye riesgos humanos
Tratamiento de Riesgos - Estrategia que incluye simulaciones
Monitoreo y Revisión - Proceso que monitorea simulaciones
CISO - Rol que lidera simulaciones
Ciberseguridad General - Disciplina que incluye simulaciones
Brechas de seguridad - Incidentes que las simulaciones previenen
Vectores de ataque - Amenazas que las simulaciones mitigan
Incident Response - Proceso que las simulaciones mejoran
SIEM - Herramienta que complementa simulaciones
SOAR - Automatización que gestiona simulaciones
EDR - Herramienta que complementa simulaciones
Firewall - Control que complementa simulaciones
VPN - Servicio que complementa simulaciones
Dashboards - Herramienta que visualiza simulaciones
Registros - Evidencia de simulaciones

¿Qué son las Simulaciones de Phishing?

Componentes del Sistema

Diseño de Simulaciones

Ejecución y Monitoreo

Análisis y Reportes

Sistema de Simulaciones

Gestión de Simulaciones

Análisis de Comportamiento

Mejores Prácticas

Diseño de Simulaciones

Ejecución

Análisis

Conceptos Relacionados

Referencias