- Autonomous businesses will be powered by AI agents
- AI transformation is a double-edged sword. Here's how to avoid the risks
- New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices
- How to protect yourself from phishing attacks in Chrome and Firefox
- El laberinto de la nube: un enfoque de cinco fases para optimizar la estrategia
Phishing Click Rates Triple in 2024
The rate at which enterprise users clicked on phishing lures nearly trebled in 2024, according to new research by Netskope.
More than eight out of every 1000 users clicked on a phishing link each month in 2024, up by 190% compared to 2023.
The researchers said that this rise has been caused by a combination of cognitive fatigue, with users being bombarded with increased phishing attempts, and attackers becoming more creative in delivering harder-to-detect phishing lures.
The top target for phishing campaigns by number of user clicks last year were cloud applications (27%). The purpose of targeting these applications is normally to compromise accounts and then sell the access on illicit marketplaces, where the buyer will use it for business email compromise, to steal data or to pivot to other more high-value victims.
Microsoft was the most targeted cloud app brand, making up 42% of phishing link clicks in this category.
The next highest targets for phishing campaigns were banking (17%) and telco (13%) providers.
Majority of Phishing Link Clicks on the Web
The report also highlighted a shift in the locations that users click on malicious phishing links, away from emails.
The majority came from various locations across the web. This includes search engines (19% of clicks), where attackers run malicious ads or use SEO poisoning techniques to get the phishing pages listed at the top of the search engine results for specific terms.
Other top sources for phishing links online include shopping (10%), technology (8.8%), business (7.4%) and entertainment (5.7%) sites.
“The variety of phishing sources illustrates some creative social engineering by attackers. They know their victims may be wary of inbound emails (where they are repeatedly taught not to click on links) but will much more freely click on links in search engine results,” the researchers commented.
GenAI Workplace Usage Surges, Data Risks Being Mitigated
The report found that 94% of companies used GenAI apps in the workplace in 2024, up from 81% in 2023.
Organizations now use an average of 9.6 GenAI apps, up from 7.6 in 2023.
ChatGPT was the most popular GenAI app, used in 84% of organizations.
Additionally, employee use of GenAI apps tripled from 2.6% of users in 2023 to 7.8% in 2024.
Most organizations have adopted controls to mitigate the security and privacy risks posed by GenAI. These include:
- 73% of organizations block at least one GenAI app, with a rate of 2.4 GenAI apps blocked on average year over year
- 34% use real-time, interactive user coaching, designed to empower individuals to make informed decisions about AI risk
- 45% use data loss prevention (DLP) solutions to control data flow into GenAI apps
