44% of all web threats are in the cloud, says Netskope study

Mar 12, 2020 | 1293 views

Cybercriminals tend to migrate their intentions to where the user is. Nothing more efficient, of course. And according to a recent study by Netskope, the Netskope Cloud Report, 44% of malicious threats are activated in the cloud. Added to this is the fact that the majority (89%) of corporate users are in the cloud, actively running at least one application every day.

The survey looks at data migrations, trends in the use of enterprise applications and services, and threats on the web and in the cloud. To reach the conclusions, the study is based on anonymous data from millions of users of the Netskope Security platform.

"Threat techniques in the cloud are increasingly complex, from phishing and malware, to command and control and, finally, data exfiltration in this environment," says Ray Canzanese, director of Threat Research at Netskope. “Our research shows the sophistication and growth of the cyber kill chain, requiring specific approaches for this environment, capable of protecting thousands of applications, monitoring attacks and blocking threats. For these reasons, any company that uses the cloud needs to quickly modernize and extend its security architectures ”, completes the executive.

According to the report, storage, collaboration and webmail applications are among the most popular in use in the cloud. Companies also use a variety of applications in these categories - 142 on average - indicating that, although only a few are officially authorized according to each company's policies, users tend to include a much broader set of apps in their daily activities. Overall, on average each company uses more than 2400 different services and applications in the cloud.

The 10 most popular cloud apps, according to Netskope are:

- Google Drive

- YouTube

- Microsoft Office 365 for Business

- Facebook

- Google Gmail

- Microsoft Office 365 SharePoint

- Microsoft Office 365

- Twitter

- Amazon S3

- LinkedIn

Where vulnerabilities can live
More than 50% of data policy violations in the cloud occur in storage, collaboration and webmail applications, and the types of data detected are mainly Data Loss Prevention (DLP) rules and policies related to privacy, healthcare and finance . In assessing the Netskope study, this shows that users are moving sensitive data across multiple dimensions across a wide variety of services and apps in the cloud, including personal instances and unmanaged apps, in violation of corporate policies.

Another point of attention concerns the behavior in the manipulation of data, which, on a daily basis, can be something banal. According to the study, a fifth (20%) of users move data sideways between apps in the cloud, such as copying a document from OneDrive to Google Drive or sharing it via Slack.

According to the Netskope Confidence Levels index in the cloud, data goes beyond many limits, moving between app suites, managed and unmanaged apps, categories and between risk levels in the cloud. In addition, 37% of the data users move in cloud apps is sensitive. In total, Netskope followed the lateral movement of data between 2481 different services and apps, indicating the scale and variety of use of the cloud, where confidential information is being uploaded.

Rise of VPNs
One third (33%) of corporate users work remotely at least one day a week, on average at more than eight locations, accessing public and private applications in the cloud. This trend contributed to the inversion of the traditional network, with users, data and applications now outside the company.

"This model illustrates the growing demand for traditional VPNs and raises the question of the availability of tools capable of protecting remote corporate users," recommends the study.