Now Loading

Phishing Attacks Surge in 2024: Netskope Research Highlights Growing Security Challenges

Security Challenges

Netskope Threat Labs’ latest findings reveal a dramatic increase in phishing success rates in 2024, with enterprise employees clicking on phishing links nearly three times more often than in 2023. This alarming trend, detailed in Netskope’s annual Cloud & Threat Report, highlights the growing sophistication of phishing attacks and the vulnerabilities created by the widespread use of personal cloud applications and generative AI (GenAI) tools in workplaces worldwide.

The report shows that over eight out of every 1,000 enterprise users fell victim to phishing links each month in 2024, a 190% rise from the previous year. Attackers are increasingly exploiting trusted cloud platforms like Microsoft OneDrive, Google Drive, and GitHub to host malicious content, with 88% of organizations reporting at least one instance of malicious downloads monthly. Microsoft-branded credentials were the primary target, accounting for 42% of phishing campaigns, underscoring the need for robust defenses against these attacks.

Personal cloud apps have emerged as a major source of data risk, with 88% of employees using such apps monthly and 26% uploading sensitive data, knowingly or unknowingly. Regulated data, such as personal, financial, and healthcare information, was involved in 60% of policy violations, followed by intellectual property and credentials like passwords. The pervasive use of personal apps to handle corporate data has blurred boundaries and heightened the risk of data breaches, leaving organizations struggling to maintain control over sensitive information.

Generative AI tools have also seen a meteoric rise in adoption, with 94% of organizations using them in 2024, up from 81% in 2023. ChatGPT continues to dominate as the most popular GenAI tool, utilized by 84% of enterprises. Employee usage tripled over the year, with the retail and technology sectors leading adoption. However, despite the rapid integration of GenAI apps, organizations are still in the early stages of implementing data protection measures. Only 45% of enterprises have deployed data loss prevention (DLP) controls, and while 73% block at least one GenAI app, many lack comprehensive policies to manage this growing risk.

Netskope advises organizations to prioritize modern security strategies to address these emerging challenges. Key recommendations include investing in advanced data protection measures to combat phishing, limiting access to non-essential apps, implementing review processes for new tools, and continuously monitoring app usage for signs of misuse or compromise. To manage GenAI risks, organizations must enforce strict controls, ensuring only approved apps are used and for legitimate purposes, while empowering employees with real-time coaching to make informed decisions.

“Gone are the days when data security was an afterthought,” said Ray Canzanese, Director of Netskope Threat Labs. “Organizations need a dynamic, proactive framework that integrates real-time user coaching, DLP, and app-specific controls to stay ahead of an ever-changing threat landscape.”

As the digital workplace continues to evolve, the need for integrated, modern security measures has never been more urgent. Organizations must adapt quickly to protect sensitive data, mitigate risks, and foster safe use of emerging technologies like generative AI.

Upcoming Conferences