Employees of enterprise are more than ever clicking on phishing lures, according to a cyber firm. Security risks around the persistent use of personal cloud apps and continued adoption of genAI tools in the workplace are part of Netskopeโs annual Cloud and Threat Report.
Employees are, knowingly or unknowingly, using personal apps to process or store sensitive information, leading to loss of organizational control over data and potential data breaches, according to the report. Among the apps that users send data to are cloud storage, webmail, genAI, social media, and personal calendar apps.
In 2024, 88 per cent of all employees used personal cloud apps each month; about one out of every four users (26pc) were uploading, posting, or otherwise sending data to personal apps. Sensitive data being leaked through personal apps is top of mind for most businesses, with the most common type of data policy violation being for regulated data (60pc), which included personal, financial, or healthcare data being uploaded to personal apps. The other types of data involved in policy violations include intellectual property (16pc), source code (13pc), passwords and keys (11pc), and encrypted data (1pc).
The cyber firm notes that IT users are being bombarded with phishing links from all directions: email, social media, ads in search engine results, and all over the web. For cyber attackers, genAI is making it easier to craft convincing phishes. While genAI apps have already become a mainstay (most, 94pc of enterprise now use them) for enterprises, businesses are still in the early stages of putting controls in place for their safe enablement.
The cyber firm advises that employees will continue to accidentally (or intentionally) share files via their personal accounts, include proprietary information in their personal backups, and use personal app instances to take data when leaving. Regardless of intent, businesses ought to limit access to only those apps that serve a legitimate business purpose, create a review and approval process for new apps and implement continuous monitoring. As genAI becomes more entrenched in the workplace, and the number of genAI apps will continue to grow, controls will be necessary to ensure that only approved apps are used, and only for approved use cases, the firm adds.
Comment
Ray Canzanese, Director of Netskope Threat Labs, said: โThe common thread for organizations working to safely enable the use of apps in the enterprise, and mitigate the challenges across the threat landscape, is the need for modern data security. Gone are the days when data security was an afterthought. It must be seamlessly integrated into every aspect of an organizationโs operations. From defending against phishing to safeguarding personal apps and managing genAI, data security is no longer just a perimeter defence. It is a dynamic, proactive framework with real-time user coaching, DLP, and app-specific controls to stay ahead of an ever-changing threat landscape.”
