Distinguishing ‘True’ Malicious Security Threats

Security threats

1 - Distinguishing 'True' Malicious Security ThreatsDistinguishing ‘True’ Malicious Security Threats

One of the biggest challenges companies face with thousands of suspicious or unusual activities per month is determining which ones pose the biggest threats.

2 - Suspicious ActivitiesSuspicious Activities

These activities fall into three areas: abnormal behavior, log-in activity (such as log-in challenges, log-in failures and log-in circumvention) and admin actions that can affect domain-wide app installs, security setting changes and granting of admin privileges.

3 - Tracking ActivitiesTracking Activities

An organization experiences 5,732 suspicious activities monthly, on average.

4 - Suspicious ActionsSuspicious Actions

Of the 5,732 monthly suspicious behaviors, 58% are abnormal behaviors, 31% are related to log-in activity and 11% are admin actions.

5 - Brute ForceBrute Force

8% of all user log-ins fail or get challenged. Of these, 1.3% originate from risky countries.

6 - Cloud RisksCloud Risks

Top offenders download 227 times more documents from corporate clouds than average users.

7 - High-Risk BehaviorHigh-Risk Behavior

Top offenders also trash 141 times more docs than the average user in a month, and fail to log in 113 times more often.

8 - Log-in AttemptsLog-in Attempts

While 99.6% of users typically log in to corporate cloud platforms from one or two countries
per week, 1 in 20,000 users logs in from six or more countries. Some users log in from as many as 68 countries in a week.

9 - Suspicious and Abnormal Log-insSuspicious and Abnormal Log-ins

While 1 in 5,000 (0.02%) user activities is suspicious, there are 1,286 monthly instances of abnormal log-ins across distances in suspiciously short timeframes per organization.

10 - Risky IP AddressesRisky IP Addresses

2,062 monthly instances of activity from unapproved IP addresses occurs per organization.

RELATED ARTICLES

Must Read