Netskope, a global leader in Secure Access Service Edge (SASE) solutions, released its 2024 Cloud & Threat Report, highlighting significant security risks that enterprises face due to phishing attacks, the use of personal cloud apps, and the growing adoption of generative AI (GenAI) tools. The report underscores the importance of modern data security strategies to protect organizations in an increasingly complex threat landscape.
Phishing Attacks: Triple the Threat
- Surge in Phishing Clicks: Enterprise employees clicked on phishing links nearly three times more in 2024 compared to the previous year, with over 8 out of every 1,000 users falling victim to phishing attempts each month.
- Targeting Popular Platforms: Attackers continue to exploit cloud apps like GitHub, Microsoft OneDrive, and Google Drive to host malicious content, affecting 88% of organizations.
- Microsoft 365 as a Primary Target: Phishing campaigns targeting Microsoft Live and Microsoft 365 credentials accounted for 42% of all phishing attempts in 2024.
Personal Cloud Apps: Data Leakage Risks
- Widespread Personal App Use: 88% of employees used personal cloud apps each month in 2024, with 26% uploading or sharing sensitive data through apps like webmail, cloud storage, and personal social media accounts.
- Regulated Data at Risk: The most common data policy violations involve regulated data, such as personal, financial, and healthcare information, being uploaded to personal apps (60% of violations).
GenAI: Rapid Adoption and Associated Risks
- Growth in GenAI Use: Organizational use of GenAI tools surged to 94% in 2024, with ChatGPT continuing to lead. Employee use also tripled, with 7.8% of employees utilizing GenAI apps each month.
- App Proliferation: Companies now use an average of 9.6 GenAI apps, with some leading organizations using up to 24 apps, increasing the need for robust data security controls.
- Data Control Measures: 45% of organizations implement Data Loss Prevention (DLP) to monitor and control data flow into GenAI apps, but many organizations are still in the early stages of establishing comprehensive safeguards.
Key Recommendations for Organizations:
- Enhance Phishing Defenses: Due to the rise in phishing attacks and sophisticated AI-driven tactics, traditional security training must be complemented with advanced data protection solutions.
- Limit Access to Personal Apps: Organizations must create stricter controls for using personal apps, limit data sharing, and continuously monitor app usage to prevent data leaks and policy violations.
- Control GenAI Data Risks: Organizations should implement modern security protocols, such as DLP and real-time user coaching, to mitigate the risks associated with the increasing use of GenAI tools.
As phishing attacks grow more sophisticated and personal app usage blurs the lines of corporate data management, the need for advanced, real-time data security measures has never been more urgent. With the continued rise of GenAI tools in the workplace, organizations must adopt modern data protection strategies to secure sensitive information and stay ahead of evolving threats.
