Security threats
Distinguishing ‘True’ Malicious Security Threats
One of the biggest challenges companies face with thousands of suspicious or unusual activities per month is determining which ones pose the biggest threats.
Suspicious Activities
These activities fall into three areas: abnormal behavior, log-in activity (such as log-in challenges, log-in failures and log-in circumvention) and admin actions that can affect domain-wide app installs, security setting changes and granting of admin privileges.
Tracking Activities
An organization experiences 5,732 suspicious activities monthly, on average.
Suspicious Actions
Of the 5,732 monthly suspicious behaviors, 58% are abnormal behaviors, 31% are related to log-in activity and 11% are admin actions.
Brute Force
8% of all user log-ins fail or get challenged. Of these, 1.3% originate from risky countries.
Cloud Risks
Top offenders download 227 times more documents from corporate clouds than average users.
High-Risk Behavior
Top offenders also trash 141 times more docs than the average user in a month, and fail to log in 113 times more often.
Log-in Attempts
While 99.6% of users typically log in to corporate cloud platforms from one or two countries
per week, 1 in 20,000 users logs in from six or more countries. Some users log in from as many as 68 countries in a week.
Suspicious and Abnormal Log-ins
While 1 in 5,000 (0.02%) user activities is suspicious, there are 1,286 monthly instances of abnormal log-ins across distances in suspiciously short timeframes per organization.
Risky IP Addresses
2,062 monthly instances of activity from unapproved IP addresses occurs per organization.