The study, conducted by Netskope Threat Labs, showcases the explosive growth in generative AI adoption, shedding light on associated security risks and major cloud security trends throughout 2023.
Key Findings:
1. Generative AI Adoption Surges:
- Over 10% of enterprise employees now access at least one generative AI app per month, compared to a mere 2% a year ago.
- ChatGPT emerges as the most popular generative AI application, constituting 7% of enterprise usage.
2. Cloud App Usage on the Rise:
- Enterprise users experiment with an average of 20 different cloud apps, marking a 19% annual increase.
- The top 1% of users engage with over 96 apps monthly, showcasing a significant rise in cloud app interactions.
3. Social Engineering Takes Center Stage:
- Social engineering becomes the primary method for attackers to gain initial access, with phishing leading the way.
- Users click on phishing links three times more frequently than downloading trojans.
4. Threat Actors and Activity:
- Criminally motivated adversaries dominate, with Russian groups leading in criminal activity, and Chinese groups in geopolitical threats.
- Cobalt Strike remains a preferred tool for maintaining permanence and deploying ransomware.
Ray Canzanese , Threat Research Director at Netskope Threat Labs, commented: "With growing AI app usage, employees are more likely to expose sensitive data like credentials, personal information, or intellectual property. For safe enablement of AI apps, organizations must implement reasonable controls and advanced data security capabilities while focusing on how employees can use AI productively."
Recommendations for Organizations:
- Implement strict access controls, reviewing and approving new apps while continuously monitoring for misuse or compromise.
- Prioritize safe enablement and adoption of AI apps, identifying permissible apps and implementing controls for user empowerment and organizational safeguarding.
- Invest in reducing the risk of social engineering through security awareness training and anti-phishing technology.
About Netskope:
Netskope, a global SASE leader, empowers organizations with zero-trust principles and AI/ML innovations to protect against cyber threats. The Netskope platform, renowned for its ease of use, offers optimized access and real-time security for people, devices, and data across any environment. Learn more about how Netskope helps customers on their SASE journey at netskope.com
Source: Netskope
