Generative AI Adoption: Key Trends and Challenges in 2023
According to a recent study by Netskope, generative artificial intelligence (AI) has seen a significant increase in adoption within the enterprise. The research shows that over 10% of employees now access at least one generative AI application every month, compared to just 2% in the previous year. The most popular generative AI application, ChatGPT, accounted for 7% of enterprise usage in 2023. This rapid growth in generative AI adoption presents new security challenges for organizations.
The study also reveals that there is a group of power users who are steadily increasing their use of generative AI apps. With the use of these apps growing exponentially, the top 25% of users are expected to significantly increase their generative AI activity in 2024, finding new ways to integrate the technology into their daily work. However, this increased usage also raises concerns about the exposure of sensitive data, such as credentials, personal information, and intellectual property.
To ensure the safe enablement of AI apps, organizations are advised to implement reasonable controls and advanced data security capabilities. It is important to strike a balance between productivity and security, allowing employees to use AI apps effectively while safeguarding sensitive information.
Rising Cloud App Risks: Insights from Netskope’s Annual Report
Netskope’s annual Cloud & Threat Report highlights the rising adoption of cloud applications by enterprises. The report reveals that the number of cloud apps accessed by enterprises increased by an average of 19% per year. In just two years, users went from accessing 14 different apps to 20. The most active enterprise users interact with between 11 and 33 cloud apps each month, while the top 1% of users access more than 96 apps per month.
With the increasing usage of cloud apps, the number of activities involving these apps has also risen substantially. Most enterprise users generate between 600 and 5,000 activities per month, while the top 1% of users generate more than 50,000 activities per month. These statistics highlight the extensive use of cloud apps in day-to-day business operations.
However, this widespread adoption of cloud apps also comes with risks. Enterprises must be aware of the potential security vulnerabilities associated with these apps and take appropriate measures to mitigate them. Continuous monitoring and detection of misuse or compromised apps can help organizations stay on top of potential threats.
Top Threats Faced by Enterprises in 2023: A Detailed Analysis
The most common way attackers gained initial access to enterprise systems in 2023 was through social engineering. Social engineering is a technique that exploits human psychology to deceive individuals into divulging sensitive information or performing actions that benefit the attacker. Phishing attacks, where attackers trick victims into disclosing their credentials, were the most prevalent.
The study found that users fell for phishing scams three times more frequently than they downloaded trojans. On average, 29 out of every 10,000 enterprise users clicked on a phishing link each month. Cloud apps and shopping sites were among the top targets for phishing attacks. Trojans, on the other hand, were downloaded at a rate of 11 per month per 10,000 users, resulting in potential malware infections.
These findings highlight the need for organizations to invest in reducing the risk of social engineering attacks. Employee awareness training and the deployment of anti-phishing technologies can help organizations protect themselves from these common threats.
Adversaries in the Spotlight: Geopolitical and Criminal Activity
The majority of adversary activity observed by Netskope in 2023 was driven by criminal motives. Geopolitical adversaries were most active in regions like Asia and Latin America. Russian-based criminal adversary groups were found to be the most prevalent, while Chinese-based geopolitical threat groups primarily targeted victims in Asia, especially Singapore.
One tool commonly used by threat groups for maintaining persistence and deploying malware was Cobalt Strike. This tool allowed threat actors to extort victims through various means, including ransomware, infostealers, and wipers. Netskope’s Threat Research Labs provides detailed profiles on the top five adversaries observed, including specific campaigns and activities.
Based on these observations, Netskope predicts a continuation of social engineering tricks and attacks targeting cloud app adoption in the coming year.
Recommendations for Organizations: Enhancing Security Against Emerging Threats
To combat the top trends and threats identified in the report, Netskope recommends several key steps for organizations:
1. Limit access to apps that serve a legitimate business purpose and establish a review and approval process for new apps. Continuous monitoring processes can help identify misuse or compromised apps.
2. Ensure the safe enablement and adoption of AI apps by identifying permissible apps and implementing controls that empower users to use them effectively while mitigating risks.
3. Continue investing in reducing the risk of social engineering attacks through security awareness training and the use of anti-phishing technology.
By following these recommendations, organizations can enhance their security posture and better defend against emerging threats in the evolving landscape of cloud apps and AI technology.
Read more:
– Netskope’s annual Cloud & Threat Report
– Netskope’s Threat Research Hub
Analyst comment
Generative AI Adoption: Positive news with rapid growth in adoption. Market prediction: Increased usage and integration of generative AI apps, but concerns about data security will drive the implementation of advanced data security capabilities.
Rising Cloud App Risks: Negative news with increased adoption of cloud apps. Market prediction: Organizations need to mitigate security vulnerabilities associated with cloud apps through continuous monitoring and detection of misuse.
Top Threats Faced by Enterprises: Neutral news with focus on social engineering attacks. Market prediction: Organizations will invest in reducing social engineering risks through awareness training and anti-phishing technologies.
Adversaries in the Spotlight: Negative news with criminal activities observed. Market prediction: Continued social engineering attacks and cloud app targeting by threat groups.
Recommendations for Organizations: Positive news with security enhancement steps. Market prediction: Organizations will implement access limitations, establish review processes, invest in AI app security, and focus on reducing social engineering risks.
