The top target for phishing campaigns

Despite organizations’ repeated attempts at security awareness training, with a particular emphasis on how employees can avoid being phished, in 2024 enterprise users clicked on phishing lures at a rate nearly three times higher than in 2023, according to Netskope.

More than eight out of every 1,000 users clicked on a phishing link each month – up 190% from last year when fewer than three per thousand enterprise users fell prey to phishing attempts.

Where attackers host their malicious payloads is also an element of social engineering. Attackers want to host malicious content on platforms where victims place some implicit trust, including popular cloud apps such as GitHub, Microsoft OneDrive, and Google Drive. In 2024, downloads of malicious content from popular cloud apps occurred in 88% of organizations at least once per month.

Microsoft tops phishing target list

The top target for phishing campaigns that users clicked on in 2024 were cloud applications, representing more than a quarter of all phishing clicks at 27%. Among the cloud apps, Microsoft was by far the most targeted brand at a rate of 42% where attackers targeted Microsoft Live and Microsoft 365 credentials.

The ubiquity of personal cloud apps in the enterprise has created an environment where employees are knowingly or unknowingly using these apps to process or store sensitive information, leading to loss of organizational control over data and potential data breaches. Among the top personal apps that users send data to are cloud storage, webmail, GenAI, social media, and personal calendar apps.

In 2024, 88% of all employees used personal cloud apps each month, with 26% uploading, posting, or otherwise sending data to personal apps. Sensitive data being leaked through personal apps is top of mind for most organizations, with the most common type of data policy violation being for regulated data (60%), which included personal, financial, or healthcare data being uploaded to personal apps.

The other types of data involved in policy violations include intellectual property (16%), source code (13%), passwords and keys (11%), and encrypted data (1%).

In 2023, GenAI came roaring into the workplace, and growing adoption of GenAI apps by both organizations and users—as well as the overall volume of GenAI apps in use— continued through 2024.

Organizational use grew from 81% of companies using GenAI apps in 2023 to 94% in 2024. ChatGPT continues to be the most popular GenAI app, being used in 84% of organizations. Employee use rate of GenAI apps tripled from 2.6% of all people in organizations to 7.8%. Retail and technology organizations lead all industries with an average of more than 13% of all employees using GenAI apps monthly.

Organizations now use an average of 9.6 GenAI apps, up from 7.6 a year ago. The top 25% of organizations now use at least 24 GenAI apps, whereas the bottom 25% are using 4 GenAI apps at most.

Phishing and GenAI drive new data security strategies

As GenAI apps continued to solidify their standing as an enterprise mainstay (94% of organizations now use them) in 2024, organizations have shown they are still in the early stages of putting controls in place for the safe enablement of GenAI and to help mitigate the data risks posed by GenAI apps.

45% of organizations use DLP to control the flow of data into GenAI apps. Industry adoption of DLP for GenAI varies widely with telecommunications the highest at 64%.

34% of organizations use real-time interactive user coaching to empower individuals to make appropriate and informed decisions. 73% of the time, when prompted with warnings of a potential company violation, users opt to not proceed based on coaching information provided.

73% of organizations block at least one GenAI app, with a steady rate of 2.4 GenAI apps blocked on average year over year.

The number of apps blocked by the top 25% of all organizations blocking GenAI apps has more than doubled from 6.3 apps to 14.6 over the past year.

“The common thread for organizations working to safely enable the use of apps in the enterprise, and mitigate the challenges across the threat landscape, is the need for modern data security,” said Ray Canzanese, Director of Netskope Threat Labs. “Gone are the days when data security was an afterthought. It must be seamlessly integrated into every aspect of an organization’s operations. From defending against phishing to safeguarding personal apps and managing GenAI, data security is no longer just a perimeter defense.”