Are Enterprises Ready for the Surge in Phishing and AI Risks?

January 8, 2025
Are Enterprises Ready for the Surge in Phishing and AI Risks?

In a time when digital transformation is accelerating across industries, one of the most pressing concerns is the escalating threat of phishing and AI-related risks to enterprises. Netskope Inc.’s annual Cloud & Threat Report for 2024 paints a concerning picture of the cyber landscape, revealing a significant spike in phishing incidents within enterprises. The data shows that phishing clicks nearly tripled this year, with eight out of every 1,000 users in enterprises clicking on phishing links each month. This represents a 190% increase from 2023, signaling an urgent need for organizations to revisit their cybersecurity strategies.

Phishing campaigns are primarily targeting cloud applications, catching enterprises off-guard. Microsoft Corp. stands out as the most targeted brand in these attacks, pointing to a trend of cybercriminals focusing on popular and widely-used platforms. This increase in phishing attempts indicates that current preventive measures may be insufficient, highlighting the ever-evolving tactics employed by cybercriminals. Enterprises are therefore faced with the dual challenge of enhancing their security frameworks while maintaining the flexibility and usability of their cloud applications.

Cloud Applications and Data Leakage Risks

The Netskope report also reveals a troubling trend—enterprise employees’ growing reliance on personal cloud applications. In 2024, 88% of enterprise employees actively used personal cloud apps monthly, introducing significant risks of sensitive data leakage. This personal use of cloud applications often blurs the boundary between personal and professional data, making it easier for regulated data (such as personal, financial, and healthcare information) to inadvertently or maliciously be leaked. Regulated data comprised 60% of data policy violations, shedding light on the security lapses that accompany the increased reliance on personal cloud services.

The implications of these data policy violations are far-reaching. Within organizations, concerns over compliance with data protection regulations run high. Fines for violations and the potential for substantial reputational damage are real threats, driving enterprises to reconsider their monitoring and control mechanisms. Moreover, the human factor remains a significant weakness in organizations’ security defenses, as employees may not always be thorough in distinguishing between secure and insecure practices. Addressing these issues requires a multi-faceted approach, combining robust policy enforcement, regular training sessions, and continuous monitoring of cloud activity.

The Impact of Generative AI on Organizational Risk

Another major finding from the report is the dramatic rise in the usage of generative AI within corporate environments. By 2024, a remarkable 94% of organizations had adopted generative AI tools, up from 81% in the previous year. ChatGPT has emerged as the most popular generative AI application, reflecting the growing interest and reliance on AI-driven solutions. However, the broader adoption of generative AI tools presents a paradox: while potential benefits are extensive, so are the risks associated with insufficient control mechanisms. Surprisingly, only a small proportion of employees are using these AI tools extensively, with active usage climbing from 2.6% in 2023 to 7.8% in 2024.

Retail and technology sectors reported even higher engagement, with 13% of their workforces actively leveraging generative AI solutions. This shift signals the potential for a significant productivity boost, but it also underscores the pressing need for effective risk management strategies. Despite the widespread adoption of AI, enterprises appear to lag in implementing adequate controls. Only 45% of the organizations use data loss protection tools, and a mere 34% deploy real-time interactive user coaching. This gap in security measures leaves organizations vulnerable to a myriad of risks, from data breaches and IP theft to inadvertent misuse of AI tools.

Integrating Security into Organizational Practices

In an era where digital transformation is rapidly progressing, escalating threats from phishing and AI present major risks to enterprises. Netskope Inc.’s 2024 Cloud & Threat Report highlights a troubling trend in the cybersecurity landscape, revealing a dramatic rise in phishing incidents within organizations. Data indicates that phishing clicks have nearly tripled this year, with eight out of every 1,000 enterprise users clicking on malicious links monthly. This marks a 190% rise from 2023, underscoring an urgent need for companies to reassess their cybersecurity strategies.

Phishing efforts are largely targeting cloud applications, often catching enterprises unprepared. Notably, Microsoft Corp. is the most targeted brand in these attacks, reflecting a trend wherein cybercriminals focus on widely-used popular platforms. The surge in phishing attempts reveals that current defenses might be lacking, demonstrating the adaptive strategies employed by cybercriminals. Consequently, enterprises face the twofold challenge of strengthening their security measures while keeping the flexibility and usability of their cloud applications intact.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later