Enterprises Face Triple Phishing Threat as Cloud App Risks Grow

January 8, 2025

As enterprises increasingly rely on cloud applications to streamline their operations, they are also facing heightened cyberthreats, particularly from phishing attacks that have nearly tripled in frequency. According to the latest annual Cloud & Threat Report from cloud security startup Netskope Inc., phishing clicks surged dramatically in 2024 compared to the previous year, marking a significant escalation in the risks that organizations face from evolving cyberthreats. This rise in phishing attacks, which saw eight out of every 1,000 users clicking on malicious links each month, underscores the urgent need for enhanced cybersecurity measures.

The research paints a stark picture of the vulnerabilities that enterprises must address, with cloud applications being the primary targets of these phishing campaigns. Microsoft, in particular, has emerged as the most targeted brand, accounting for a staggering 42% of phishing clicks. This trend highlights the growing sophistication of cybercriminals who are adept at exploiting the widespread use of cloud-based productivity tools. As organizations continue to adopt cloud technologies, the onus is on them to fortify their defenses and safeguard sensitive data.

Rising Incidence of Phishing Attacks

Netskope’s report reveals a troubling trend: the frequency of phishing clicks among enterprise users has increased by 190% in 2024 compared to 2023. This alarming statistic translates to eight out of every 1,000 users being duped by phishing links every month, a sharp rise from fewer than three per 1,000 users the previous year. This surge in phishing success rates indicates that cybercriminals are refining their tactics and becoming more effective in circumventing traditional security measures. Cloud applications have become the primary battleground for these cyberattacks, with hackers leveraging the ubiquity and trust associated with these platforms.

A closer examination of the report shows that Microsoft remains a prime target for phishing campaigns, with the tech giant accounting for 42% of all cloud application phishing clicks. This preference for targeting Microsoft applications reflects the extensive use of its productivity and collaboration tools across various industries. The implication is clear: as more businesses integrate cloud services into their operations, the potential attack surface for cybercriminals expands, necessitating proactive measures to mitigate risks. With cyberthreats growing in complexity, enterprises must prioritize updating their security protocols to protect against sophisticated phishing schemes.

Risks of Personal Cloud App Usage

Another key finding from Netskope’s research is the increasing use of personal cloud applications by enterprise employees, which poses significant risks to data security. In 2024, 88% of employees utilized personal cloud apps monthly, and 26% of these users uploaded, posted, or sent data through these platforms. This behavior creates opportunities for sensitive information to be exposed and potentially compromised. Regulated data—encompassing personal, financial, and healthcare information—was the most common type of data involved in policy violations, accounting for 60% of incidents. Other types of exposed data included intellectual property (16%), source code (13%), passwords and keys (11%), and encrypted data (1%).

The widespread use of personal cloud apps is a double-edged sword for enterprises. While these applications can enhance productivity and collaboration, they also introduce vulnerabilities that cybercriminals can exploit. Employees may inadvertently upload sensitive company data to personal accounts, where it is more susceptible to unauthorized access and breaches. Addressing this issue requires a cultural shift within organizations, as well as the implementation of strict policies governing the use of personal cloud services. Enterprises must foster a security-conscious mindset among employees and provide the necessary tools and training to minimize data leakage risks.

Generative AI Adoption and Security Measures

The report also highlights the growing adoption of generative AI in the workplace, with 94% of organizations utilizing such technology in 2024, up from 81% in 2023. Despite the widespread use of generative AI tools like ChatGPT, which was employed by 84% of organizations, the actual usage by employees remains relatively low. Only 7.8% of all organizational employees—and 13% in the retail and technology sectors—actively engaged with these AI applications. This cautious adoption rate suggests that while enterprises recognize the potential of generative AI, they are also wary of the associated risks.

Implementing effective controls to manage these risks remains a challenge for many organizations. Netskope’s report indicates that only 45% of enterprises have deployed data loss protection (DLP) tools to monitor and control the flow of data into generative AI applications. Furthermore, just 34% of organizations use real-time interactive user coaching to guide employees in making informed decisions while using these AI tools. The limited implementation of such controls underscores the need for a more comprehensive approach to integrating generative AI into business processes. Enterprises must invest in robust security frameworks that can address the unique challenges posed by AI technologies while enabling innovation.

The Imperative for Proactive Data Security

As companies increasingly depend on cloud applications to optimize their operations, they are encountering a surge in cyberthreats, especially from phishing attacks that have nearly tripled in frequency. The latest Cloud & Threat Report from cloud security firm Netskope Inc. reveals a dramatic rise in phishing clicks in 2024 compared to the previous year. This trend signifies a considerable intensification in the risks posed by evolving cyberthreats. The report indicates that eight out of every 1,000 users click on malicious links each month, emphasizing the pressing need for improved cybersecurity strategies.

The study highlights the significant vulnerabilities enterprises face, with cloud applications being prime targets of phishing campaigns. Notably, Microsoft has become the most targeted brand, representing a staggering 42% of phishing clicks. This trend demonstrates the increasing sophistication of cybercriminals who skillfully exploit the extensive use of cloud-based productivity tools. As organizations persist in embracing cloud technologies, it is imperative they bolster their defenses to protect sensitive data and ensure robust cybersecurity.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later