Phishing Threats Soar: 2024 Brings Tripling Click Rates on Cyber Attacks Amid Personal Cloud App Usage

The Rise of Cyber Threats in 2024: Phishing Clicks Nearly Tripled

Introduction

Cybersecurity threats continue to evolve, prompting organizations worldwide to adapt their security strategies. A significant research study from Netskope reveals that phishing clicks by enterprise employees saw an alarming increase in 2024. With the rise in the use of personal cloud applications and generative AI (genAI), new vulnerabilities have emerged, demanding modern security approaches.

Phishing Clicks on the Upswing

The statistics reported by Netskope indicate that enterprise employees clicked on phishing links nearly three times more often in 2024 compared to the previous year. Specifically, over eight out of every 1,000 users fell victim to phishing attempts each month, marking a dramatic 190% increase from 2023. Despite efforts to train employees on cybersecurity awareness, the scale of phishing attacks has seemingly outpaced preventative measures.

Organizations have historically attempted to instill a sense of wariness among employees about clicking unverified links. Yet, even with extensive training, the statistics show that malicious content hosted on trusted platforms, such as Microsoft OneDrive and Google Drive, is increasingly successful. Notably, 88% of organizations experienced downloads of malicious content from these platforms at least once per month in 2024.

Targeted Attacks and Growing Risks

The trend highlights a worrying pattern: attackers are leveraging popular cloud applications to enhance their phishing success rates. Notably, 27% of phishing clicks in 2024 were linked to cloud applications, with Microsoft being the prime target. A staggering 42% of phishing links involved attempts to compromise Microsoft Live and Microsoft 365 credentials.

This trend raises pressing concerns about data safety, especially as employees increasingly blur the lines between personal and professional applications. In 2024, 88% of all employees utilized personal cloud apps, and 26% uploaded or shared data, raising red flags regarding regulated data breaches involving personal, financial, or healthcare information.

The GenAI Factor

As generative AI technology takes root in corporate environments, the usage of such applications surged dramatically. In just one year, the percentage of organizations using genAI apps jumped from 81% to 94%. Notably, ChatGPT emerged as the most favored platform, being utilized by 84% of companies. The uptake of genAI tools poses additional considerations for businesses, as both organizational usage and individual employee engagement with these apps both saw a significant increase.

Despite the advantages of genAI, the corresponding data risks need careful management. A substantial portion of organizations is still working on implementing controls to effectively monitor the data flow into genAI applications. Currently, 45% apply Data Loss Prevention (DLP) strategies to manage data sent through these apps. However, the adoption of these security measures is inconsistent across industries.

Strategies to Combat Cybersecurity Challenges

The burgeoning risks linked to the rise of phishing and genAI usage have prompted Netskope to advocate for strategic changes within organizations. The research emphasizes the following key recommendations for bolstering cybersecurity frameworks:

1. Move Beyond Education: Relying solely on user education to detect phishing is insufficient in today's environment. Organizations should invest in modern data protection solutions alongside employee training.
2. Limit App Access: As employees increasingly use personal accounts for work purposes, businesses must restrict app access to only those necessary for legitimate business functions. Implementing a review and approval process for new applications can further reduce misuse risks.
3. Adopt Adaptive Security Measures: The evolution of genAI and the growth of cloud application use necessitate a proactive and dynamic security framework. Utilizing real-time coaching and monitoring can empower employees to make informed choices when employing genAI tools.
4. Control App Usage: Organizations should continuously assess the applications in use, blocking unauthorized genAI apps and establishing comprehensive monitoring protocols to detect and thwart potential data breaches.

Conclusion

In a rapidly shifting digital landscape, organizations need to remain vigilant and adaptable to combat cybersecurity threats. The rise in phishing clicks and the widespread adoption of genAI applications pose unique challenges that emphasize the necessity for modern, integrated security practices. As Ray Canzanese, Director of Netskope Threat Labs, aptly put it, integrating data security into every facet of operations is no longer optional; it is essential for navigating the complexities of today's threat landscape.

For further insights and detailed findings, refer to the full Cloud and Threat Report 2025 available from Netskope.