Netskope Report Surfaces Raft of Cybersecurity Challenges – Source: securityboulevard.com

A report published by Netskope today revealed that, on average, 29 out of every 10,000 enterprise users clicked on a phishing link each month in 2023.

Based on anonymized usage data collected by the Netskope Security Cloud platform, the report also found users downloaded an average of 11 Trojans per month per 10,000 users. As a result, a typical organization of that size would have had an average of 132 Trojans downloaded by users on their network each year.

The top cloud applications where malware was detected were Microsoft OneDrive (24%), Microsoft SharePoint (11%), GitHub (10%), Weebly (6%) and Outlook.com (6%).

Overall, Russia far exceeded any other source of attacks at 70%, followed by China (7%), Middle East (6%), Ukraine (5%) and North Korea (5%).

In general, the report noted usage of cloud applications continues to steadily increase. The number of cloud applications accessed increased by an average of 19% per year, with users jumping from an average of 14 to 20 different apps in the past two years.

Half of all enterprise users interacted with between 11 and 33 cloud apps each month, with the top 1% using more than 96 apps per month. Interactions with these cloud apps are increasing at an even faster rate, from just over 1,000 activities per month two years ago to nearly 2,000 activities per month today.

Most enterprise users generated between 600 and 5,000 activities per month, while the top 1% of users generated more than 50,000 activities per month.

The report also notes that the usage of generative artificial intelligence (AI) applications in the enterprise has risen sharply. A total of 12% of the enterprise employees tracked accessed at least one generative AI application every month. In 2023, ChatGPT was the most popular generative AI application, accounting for 7% of enterprise usage.

Ray Canzanese, threat research director for Netskope Threat Labs, said from a security perspective, generative AI applications were problematic because many end users were sharing sensitive data that might one day be used to train the next iteration of publicly accessible large language models (LLMs). Cybercriminals are already creating fake generative AI sites designed to redirect traffic, he noted.

In addition to applying controls to what data can be exposed to a generative AI application, organizations should also invest in additional training so end users could better understand the potential risks, said Canzanese.

Regardless of the type of cloud application being accessed, it’s clear cybersecurity teams have their work cut out for them. Many cloud applications are regularly used to access sensitive data across insecure networks that cybercriminals have become more adept at breaching. In fact, in the wake of the COVID-19 pandemic, there are more end users accessing these applications from remote sites or home networks than ever.

One way or another, the overall attack surface that needs to be defended is only going to continue to expand as more SaaS applications are invoked. The issue is that even as that attack surface expands, the overall size of cybersecurity teams isn’t likely to increase, given the ongoing chronic shortage of talent. The challenge, of course, is not so much to limit access to those applications as much as it is to make sure critical data isn’t being stolen without anyone realizing it.