In the rapidly shifting cybersecurity landscape, a new study by cloud security startup Netskope Inc. has brought alarming news for enterprises. The report reveals that phishing attacks have intensified significantly in 2024, nearly tripling since 2023. Companies now find themselves grappling with evolving cyber threats that exploit cloud platforms more vigorously. The annual Cloud & Threat Report by Netskope underscores a critical need for businesses to enhance their cybersecurity measures to combat these heightened risks.
Surge in Phishing Attempts via Cloud Platforms
Increased Phishing Success Rates
Phishing attempts have spiked alarmingly this year, with eight out of every 1,000 users being tricked into clicking deceptive links monthly. This represents a 190% increase from the previous year, where fewer than three out of every 1,000 users fell victim to phishing scams each month. This drastic rise highlights the increasingly sophisticated tactics employed by cybercriminals to exploit users’ trust. The report emphasizes the growing prevalence of phishing attempts launched via popular cloud platforms such as Microsoft OneDrive and Google Drive. These platforms have become prime targets due to their widespread use and the sensitive nature of data stored within them.
Microsoft Services as Prime Targets
Among the cloud applications targeted, Microsoft’s services have emerged as the most frequently attacked. These services, particularly Microsoft Live and Microsoft 365 credentials, accounted for a staggering 42% of phishing clicks. The report suggests that cyberattackers leverage the familiarity and trust users have in these services, thereby increasing the success rates of their phishing campaigns. This trend is in parallel with the broader adoption of personal cloud apps by employees, which stands at 88% in 2024. Moreover, 26% of these employees engaged in uploading or sharing data via personal apps, thereby exacerbating the risks of sensitive data breaches. Such behaviors make enterprises more vulnerable to cyber threats and data breaches.
Data Policy Violations and Breaches
Types of Data Policy Violations
The report highlights a significant surge in data policy violations within enterprises. These breaches include regulated data breaches, which represent 60% of the cases. Regulated data encompasses sensitive information such as personal, financial, and healthcare data. Intellectual property infringements constituted 16%, while breaches involving source code stood at 13%. Additionally, passwords and keys accounted for 11%, and encrypted data represented 1% of the total violations. These statistics underscore the diverse range of data that is at risk, which in turn amplifies the severity of potential repercussions for organizations.
Implications of Data Breaches
The report’s findings on data policy violations bring to the fore the critical need for robust data security measures within enterprises. With regulated data breaches being the most common, organizations are exposed to significant financial and reputational damages. Personal and financial data leaks can result in legal consequences and loss of customer trust. Intellectual property breaches can jeopardize a company’s competitive edge. Furthermore, compromised source codes pose a severe threat to the integrity and functionality of software products. These findings unequivocally call attention to the necessity of adapting to evolving cyber threats while enforcing stringent data security protocols across the organization.
Adoption and Risks of Generative AI
Growth in AI Adoption
Generative AI tools have seen accelerated adoption among enterprises, with 94% of organizations using these technologies in 2024, up from 81% in 2023. ChatGPT remains the leading AI application, employed by 84% of the surveyed companies. Despite its widespread implementation, the report notes that active usage of AI apps by employees is still relatively low. Only 7.8% of employees across these organizations actively use AI applications, marking a noticeable increase from 2.6% in 2023. The retail and technology sectors showed the highest usage rates at 13%, reflecting the sectors’ early adoption of innovative technologies for business operations.
Managing AI Risks
The rapid adoption of generative AI has brought into focus the nascent stage of managing associated risks. The report indicates that only 45% of enterprises currently deploy data loss protection tools specifically for generative AI applications. In addition, just 34% of organizations use real-time interactive user coaching to guide employees in making informed decisions while using AI tools. This gap in risk management signals a pressing need for organizations to develop and implement comprehensive security strategies that encompass generative AI applications. By embedding modern data security measures throughout their operations, enterprises can better mitigate the potential threats posed by the increasing use of AI technologies.
Insights and Recommendations
Integrating Data Security into Operations
In the swiftly changing cybersecurity environment, cloud security startup Netskope Inc. has released a new study that presents concerning news for businesses. The report indicates a significant surge in phishing attacks in 2024, with incidents nearly tripling compared to 2023. This uptick has left companies struggling with increasingly sophisticated cyber threats that exploit cloud platforms more aggressively than before. Netskope’s annual Cloud & Threat Report highlights the urgent need for enterprises to bolster their cybersecurity defenses to address these elevated risks.
As cybercriminals develop more advanced techniques, organizations must stay ahead by implementing more robust security protocols. The report emphasizes that traditional measures are no longer sufficient. Companies need to adopt comprehensive strategies that include advanced threat detection, employee training, and the integration of cutting-edge security technologies. Moreover, the report suggests that businesses should regularly update their security policies to stay in line with the latest threat landscapes. By prioritizing these actions, companies can better protect their sensitive data and critical infrastructure from the growing menace of cyber attacks.