A new Netskope report shows that almost 90pc of enterprise users are in the cloud, while cybercriminals are increasingly using it to evade detection.
Almost half (44pc) of cybersecurity threats are happening in the cloud, where most enterprise users are active, according to new research from security software company Netskope.
The report, which used anonymised data from millions of global users to analyse enterprise cloud service trends, claims that cloud apps have become the new ‘watering hole’ for cybercriminals.
Ray Canzanese, threat research director at Netskope, said he and his team are seeing increasingly complex threat techniques being used across cloud applications. “Our research shows the sophistication and scale of the cloud-enabled kill chain increasing, requiring security defences that understand thousands of cloud apps to keep pace with attackers and block cloud threats.”
The report found that almost 90pc of enterprise users are in the cloud, actively using at least one cloud app every day. The most popular cloud apps included Google Drive, YouTube, Microsoft OneDrive, Facebook and LinkedIn.
Sensitive data
Cloud-enabled organisations usually have strong data policies when it comes to storing and sharing sensitive data. However, the report found that 20pc of users move data laterally between cloud apps, meaning the data is moving between managed and unmanaged apps with different security risk levels.
Additionally, the report found that 37pc of this data is sensitive and involved in data loss prevention violations. More than half of data policy violations come from cloud storage, collaboration and webmail apps, with the types of data being detected primarily related to privacy, healthcare and finance.
Another reason for the increased exposure to danger on the cloud is the increase in remote working. Digital transformation has allowed many employees the ability to work remotely and, according to the report, 33pc of enterprise users work remotely on any given day, across more than eight locations on average, accessing both public and private apps in the cloud.
This trend has contributed to the inversion of the traditional network, with users, data and apps now on the outside. It also suggests there is increasing demand on legacy VPNs and questions the availability of defences to protect remote workers.
While many cyberattacks are becoming increasingly complex, they’re also using familiar techniques, with the two most popular cloud threat techniques being phishing and malware delivery.
The report said that the five most targeted cloud apps were: Microsoft Office 365 for Business, Box, Google Drive, Microsoft Azure and GitHub. You can see some of the report’s key findings in the infographic below.