A new report out today from cloud security startup Netskope Inc. has found that phishing clicks nearly tripled in 2024, underscoring the growing risks enterprises face from evolving cyberthreats.

The finding came from Netskope’s annual Cloud & Threat Report, which highlights how attackers are exploiting platforms such as Microsoft OneDrive and Google Drive to host malicious payloads while enterprise employees increasingly use personal cloud apps and generative artificial intelligence tools in ways that expose sensitive data.

The headline phishing clicks finding saw eight of every 1,000 users clicking on a phishing link each month through 2024, up 190% from 2023 when fewer than three per 1,000 enterprise users fell prey to phishing attempts each month.

The top target for phishing campaigns that users clicked on through 2024 were cloud applications, which represented 27% of all phishing clicks. Among cloud apps, Microsoft Corp. was by far the most targeted brand, accounting for 42% of cloud application clicks, with attackers targeting Microsoft Live and Microsoft 365 credentials.

While the success of phishing attempts continues to lure in enterprise employees, those same employees are also increasingly embracing personal cloud apps, with 88% of employees found to have done so each month through 2024. Of those users, 26% uploaded, posted or otherwise sent data to personal apps, increasing the risk of sensitive data being leaked.

The most common type of data policy violation last year was found to be regulated data, accounting for 60%, which included personal, financial and healthcare data being uploaded to personal apps. The other types of data involved in policy violations included intellectual property at 16%, source code at 13%, passwords and keys at 11%, and encrypted data at 1%.

2024 was also notable for the rise of generative AI in the workplace. Some 94% of organizations now use generative AI, up from 81% in 2023, with ChatGPT continuing to be the most popular generative AI app, being used by 84% of organizations. With that level of penetration, it’s little wonder that Google LLC Chief Executive Officer Sundar Pichai is worried that ChatGPT is becoming synonymous with AI in the way Google is to web search.

Those using generative AI within enterprise still have some way to go. Near-ubiquitous use at the enterprise level does not mean all employees are now using AI. Netskope found that the number of employees using generative AI apps tripled from 2.6% of all people in organizations in 2023 to 7.8% in 2024. The number increases to 13% of employees in retail and technology organizations.

The report found that while enterprises are adopting generative AI, many are still in the early stages of implementing controls to manage associated risks. Only 45% of organizations were found to be using data loss protection tools to control the flow of data into generative AI apps and 34% were using real-time interactive user coaching to empower individuals to make appropriate and informed decisions.

“The common thread for organizations working to safely enable the use of apps in the enterprise and mitigate the challenges across the threat landscape is the need for modern data security,” said Ray Canzanese, director of Netskope Threat Labs. “Gone are the days when data security was an afterthought. It must be seamlessly integrated into every aspect of an organization’s operations.”

Image: SiliconANGLE/Ideogram