Managed Services / Security Awareness
Awareness that
actually changes behaviour.
Annual security training doesn't work. Behaviour changes when awareness is continuous, relevant, and reinforced with realistic testing. Cliffside's Awareness as a Service programme uses the KnowBe4 platform to run an ongoing cycle of phishing simulations, targeted training, and measurable culture improvement — month after month.
Why continuous beats annual
One training session is forgotten within weeks.
Research consistently shows that phishing susceptibility returns to baseline within 4–6 months of a one-off training session. Annual compliance training produces compliance certificates, not behaviour change. The organisations that materially reduce their human attack surface run awareness as an ongoing programme — not an annual event.
Awareness as a Service means your people are regularly exposed to realistic simulations, receive targeted training matched to what they fell for, and see their susceptibility rates trend down over time. That's what makes the difference when a real attack arrives.
What's included
The full programme, delivered continuously.
Regular, realistic phishing campaigns calibrated to current attacker techniques. Scenarios updated monthly to reflect active campaigns targeting Australian organisations — supplier impersonation, IT requests, ATO and myGov spoofs, and executive pretexting.
Automated training assignments triggered by simulation failure — so training is delivered to the people who need it, on the topic they failed on, immediately after the event. Not a generic curriculum pushed to the whole organisation.
Starting phish-prone percentage, monthly tracking, department-by-department breakdown, and benchmarking against organisations of similar size and industry. Evidence of improvement your board and auditors can rely on.
Security culture assessment using KnowBe4's Security Culture Survey — measuring attitudes, behaviours, and norms across your organisation. Identifies teams or roles with cultural risk factors that training alone won't address.
Cliffside manages the platform, designs campaign scenarios, reviews results, and provides monthly programme reports. No internal resource required beyond initial onboarding and periodic review calls.
Programme documentation and reporting aligned to ISO 27001 Annex A.6.3 (Information Security Awareness), APRA CPS 234 paragraph 18, and Essential Eight training requirements. Audit-ready evidence on demand.
Cliffside is a KnowBe4 partner — the world's largest security awareness training platform with over 65,000 organisations and 70,000+ training modules including Australian-specific content. As a partner, we manage the platform on your behalf, giving you access to enterprise-grade awareness tooling without the procurement and management overhead.
Programme cadence
What a typical month looks like.
New campaign launched using a scenario relevant to current threats and your organisation's profile. Staff who click or submit credentials are automatically enrolled in targeted training.
Assigned training modules completed by staff who failed the simulation. Completion rate tracked and non-completers escalated via manager notification if configured.
Organisation-wide training module assigned if a topical subject warrants it — a current threat campaign, a regulatory update, or a seasonal risk (tax time, end of financial year).
Cliffside delivers a monthly report covering phish-prone percentage, training completion rates, department breakdown, trend since programme start, and recommendations for next month.
Build awareness that
actually sticks.
Discuss the programme with us. We'll establish a baseline phish-prone percentage, benchmark it against your industry, and design a 12-month programme calibrated to your organisation's risk profile.