Recent research reveals alarming trends in enterprise security, particularly regarding phishing attacks and the growing use of personal cloud applications and generative AI (genAI) tools.

Netscope's annual Cloud & Threat Report reveals that phishing clicks among enterprise employees have nearly tripled in 2024 compared to the previous year, highlighting an urgent need for modern workplace security measures.
The data indicates that over eight out of every 1,000 employees clicked on phishing links each month in 2024, a staggering increase of 190% from 2023, when fewer than three in a thousand fell victim to such attacks.
Despite ongoing security awareness training, the report shows that attackers are increasingly hosting malicious content on trusted platforms like GitHub, Microsoft OneDrive, and Google Drive, with 88% of organisations downloading malicious content from these popular cloud apps at least once per month.

"Phishing remains a critical threat," said Ray Canzanese, director of Netskope Threat Labs. "The increase in successful phishing attempts underscores the need for organisations to enhance their data security strategies."
In 2024, cloud applications emerged as the primary target for phishing campaigns, accounting for 27% of all phishing clicks, with Microsoft apps being the most frequently targeted. The rising ubiquity of personal cloud apps in the workplace complicates matters, as employees often use these platforms to handle sensitive information.
The report highlights that 88% of employees engaged with personal cloud apps each month, with over a quarter (26%) actively sending data to these applications. This behaviour has led to significant data policy violations, particularly concerning regulated data such as personal, financial, or healthcare information.
The growth of genAI tools in workplaces has also been notable. The adoption of genAI applications surged from 81% of companies in 2023 to 94% in 2024, with ChatGPT being the most widely used app. Employee engagement with genAI tools tripled, increasing from 2.6% to 7.8% across organisations. However, as the use of these applications grows, the need for robust controls becomes imperative.
Canzanese noted that while 45% of organisations have implemented Data Loss Prevention (DLP) measures to control data flow into genAI apps, there is still considerable room for improvement. "Relying solely on education is insufficient. We must invest in modern data protection strategies," he remarked.
To mitigate these risks, Netskope recommends that organisations limit employee access to only those apps that serve legitimate business purposes and establish a continuous monitoring process to detect misuse. As genAI continues to permeate the workplace, the implementation of real-time user coaching and app-specific controls will be vital in navigating the evolving threat landscape.
"The common thread in addressing these challenges is the integration of modern data security into every facet of an organisation's operations," Canzanese concluded. As phishing attacks grow more sophisticated and the use of personal and genAI applications rises, organisations must adapt their security frameworks to protect sensitive data effectively.