One of the biggest challenges companies face with thousands of suspicious or unusual activities per month is determining which ones pose the biggest threats.
These activities fall into three areas: abnormal behavior, log-in activity (such as log-in challenges, log-in failures and log-in circumvention) and admin actions that can affect domain-wide app installs, security setting changes and granting of admin privileges.
An organization experiences 5,732 suspicious activities monthly, on average.
Of the 5,732 monthly suspicious behaviors, 58% are abnormal behaviors, 31% are related to log-in activity and 11% are admin actions.
8% of all user log-ins fail or get challenged. Of these, 1.3% originate from risky countries.
Top offenders download 227 times more documents from corporate clouds than average users.
Top offenders also trash 141 times more docs than the average user in a month, and fail to log in 113 times more often.
While 99.6% of users typically log in to corporate cloud platforms from one or two countries
per week, 1 in 20,000 users logs in from six or more countries. Some users log in from as many as 68 countries in a week.
While 1 in 5,000 (0.02%) user activities is suspicious, there are 1,286 monthly instances of abnormal log-ins across distances in suspiciously short timeframes per organization.
2,062 monthly instances of activity from unapproved IP addresses occurs per organization.