Uses of generative artificial intelligence (AI) applications among employees have increased security concerns, revealed a new report by Netskope, an expert in Secure Access Service Edge (SASE).
More than 10% of employees now use these apps every month, up from 2% a year ago, according to Netskope's annual Cloud & Threat Report. The report also shows that ChatGPT is the top AI app, making up 7% of usage in 2023.
In the past year, cloud app usage has surged, with enterprises accessing 20 different apps on average, up from 14 in two years. This increase in AI and cloud app usage, however, comes with risks. Social engineering, like phishing attacks, has become the main way attackers get in. Netskope found that users are three times more likely to fall for phishing scams than downloading trojans.
Netskope warns that organisations should limit access to apps for a clear business purpose, establish a process for approving new apps, and keep an eye on app use for security issues. They emphasize the urgent need to ensure safe use of AI apps, identify allowed apps, and invest in reducing social engineering risks through training and technology.
In 2023, the adoption of generative AI apps experienced a significant surge, with over 10% of enterprise users participating monthly – a marked contrast to the 2% recorded a year earlier. Notably, ChatGPT led the way, constituting 7% of enterprise usage. Netskope anticipates a sustained, albeit moderate, upward trend in AI app users in 2024. A subgroup of power users is expected to substantially amplify their generative AI activities, presenting potential security challenges.
Ray Canzanese, Threat Research Director at Netskope Threat Labs, underscores the escalating risk: "With the increasing use of AI apps, employees are more likely to expose sensitive data like credentials, personal information, or intellectual property."
The overall adoption of cloud applications continued to ascend throughout the year, with users exploring new apps while intensifying their usage of popular ones. Enterprises observed a 19% annual increase in accessed cloud apps, with users engaging with 20 different apps, up from 14 in two years.
In 2023, social engineering emerged as the most prevalent method for initial access, with attackers exploiting the ease of penetrating systems that rapidly patch known vulnerabilities. Phishing schemes, accounting for three times more incidents than Trojan downloads, targeted cloud apps, shopping sites, and other platforms.
In November 2023, Google introduced its Google Cloud Cybersecurity Forecast for 2024. The findings revealed that generative AI and LLMs would be employed in diverse cyber attacks, including phishing, SMS, and other social engineering operations. The goal is to enhance the authenticity of content and materials, such as voice and video, to make them appear more legitimate.