This article will take you through employee risk scoring functionality. This functionality is enabled by default on the Reporting page and is updated every 24 hours (or through a manual refresh).
1. What is Employee Risk Scoring?
CanIPhish extract unique email addresses listed in target lists and campaign statistics, we then attribute these email addresses to unique employees and investigate their performance in historic campaigns to understand the overall phish risk they pose to your business.
Phish risk scores are graded out of 100 with 0 representing the lowest risk and 100 representing the highest risk.
2. How are scores calculated?
CanIPhish consider employee performance over the past 20 campaigns an employee has participated in. More recent campaigns are weighted more heavily and we consider both if a user clicked on a payload and whether they were compromised by that payload.
2.1 What are the risk score thresholds?
We bucket users into three risk thresholds depending on their risk score:
- 70-100 Risk Score = High Risk
- 40-69 Risk Score = Medium Risk
- 0-39 Risk Score = Low Risk
2.2 How does the risk scoring algorithm work?
Every simulated phishing campaign an employee is involved in introduces opportunities to calculate risk.
Each campaign consists of a possible 250 risk points. If an employee responds to an email, then they receive 50 risk points. If an employee interacts with a payload, then they receive 100 risk points. If an employee gets compromised by a payload, they receive all possible risk points - totaling a maximum of 250 for a campaign. If the employee doesn't respond to the email, interact with the payload, or get compromised, then they receive 0 risk points.
Recent campaigns are weighted more heavily than historical campaigns, and this is reflected in the way risk points are scored. Risk points attributed to previous campaigns are weighted 20% lower than the campaign before it.
Example Scenario: An employee has participated in 5 phishing campaigns and has varied success with detecting phishing content.
- Most recent campaign: Clicked payload but wasn't compromised: 100/250 risk points
- 2nd most recent: Didn't click payload and wasn't compromised: 0/250 * 0.8 = 0/200 risk points
- 3rd most recent: Responded to email, clicked payload, and was compromised: 200/200 * 0.8 = 160/160 risk points
- 4th most recent: Clicked payload and wasn't compromised: 64/160 * 0.8 = 51.2/128 risk points
- 5th most recent: Clicked payload and was compromised: 128/128 * 0.8 = 102.4/102.4 risk points
Example Risk Score: Risk Points / Possible Risk Points = 413.6/840.4 = 0.492 * 100 = 49/100 (Medium Risk)
Comments
0 comments
Please sign in to leave a comment.