At Fresh Security, we believe that people should be at the heart of security. Which is why people and their environment are the foundation of the Fresh Security risk score.
To calculate the risk score, we first calculate the risk each person faces. The personal risk score examines each email address that a person uses. When an email address is stolen, the algorithm looks at the other data stolen in the breach, because the kind of data taken changes the risk level. For example, a hacker knowing your favourite ice cream flavour is much less severe than if they knew the password to your bank account. Combining the risks from each email address, we calculate the base personal risk score.
The personal score is then adjusted to reflect the situation and recurring behaviour of each person. The adjustment is necessary because hackers rarely launch one-off and targetted attacks. It is much more common for a company to fall victim to an indiscriminate crime. This casual approach is like a criminal trying every door on a row of parked vehicles. When the criminal finds a car that is unlocked, it is easy to steal any valuables that are inside. But if it is locked, the criminal moves on down the row.
How often a vehicle is left unlocked is also very important. If a car was only left unlocked once, the risk is much smaller than if it was left open every night. Furthermore, it may not merely be the owner of the car that failed to lock it, so the influence of family members must also be considered.
A company's base risk score is the combination of all the personal risk scores of employees and contractors. This score is then adjusted to create the final risk score by analysing the visibility of a company compared to its peers. If it easy to find many contact addresses for employees, it is also easy for a hacker to target many people in the company. Comparing this to peers helps calculate the level of risk a company faces.
Fresh Security Risk Score ranges from 0 to 1000.