This article explain how our risk scoring system works, the factors that contribute to your clients’ scores, and how you can use this information to improve their overall security posture.
What is a Risk Score?
A risk score is a numerical value between 0 and 1 that indicates the likelihood of a user falling victim to phishing attacks and other security threats. A lower score means lower risk, while a higher score indicates higher risk. This score is calculated based on user interactions with email campaigns and security training programs.
How Are Risk Scores Calculated?
Risk scores for each user are calculated using a combination of the following factors:
1 - Email Opened:
• Weight: 0.2
• Each time a user opens a phishing simulation email, a small amount of risk is added to their score.
2 - Email Clicked:
• Weight: 0.5
• Clicking on links in phishing simulation emails significantly increases the user’s risk score.
3 - Credentials Submitted:
• Weight: 0.7
• Submitting credentials on a phishing simulation page indicates a high level of risk.
4 - Interactive Training Completed:
• Weight: -0.4
• Completing interactive training modules reduces the user’s risk score, reflecting improved security awareness.
5 - Email Reported:
• Weight: -0.3
• Reporting phishing simulation emails demonstrates vigilance and reduces the user’s risk score.
Risk Decay
To ensure the risk score reflects the most recent behavior, we apply a decay factor to older events. This means that older actions have less impact on the current risk score. Our decay rate is set to 0.95, meaning each day’s influence of an event decreases by 5%.
Example Calculation
Suppose a user exhibits the following behaviour:
• Opened an email 10 days ago.
• Clicked a link 5 days ago.
• Completed a training module 2 days ago.
Here’s how we calculate the risk score:
1. Opened email: 0.2 × (0.95^10)
2. Clicked email: 0.5 × (0.95^5)
3. Completed training: -0.4 × (0.95^2)
Summing these values gives the risk score, which is then normalized between 0 and 1.
Tracking Risk Scores Over Time
We track risk scores over time to provide a historical view of each user’s security awareness progress. Each time we calculate a risk score, a new record is created. This allows you to see how risk scores change with each interaction and training completion.
How to Use Risk Scores
•Monitor Client Progress: Regularly review the risk scores of your clients’ users to monitor improvement over time.
•Identify High-Risk Users: Use risk scores to identify users who frequently engage in risky behaviors and may need additional training.
•Tailor Training Programs: Focus training efforts on areas where users are struggling, as indicated by their risk scores.
•Report and Act: Use aggregated risk score data to inform security policies and measures across your clients’ organizations.
Implementation Steps
1. Regular Reviews: Schedule regular reviews of risk scores to ensure timely identification of high-risk users within your clients’ organizations.
2. Targeted Training: Implement targeted training sessions for users with high risk scores to address specific vulnerabilities.
3. Reporting: Generate periodic reports on risk scores to share with your clients, helping them understand their security posture.
4. Continuous Improvement: Encourage continuous improvement in security practices by recognizing users who show significant reductions in their risk scores.