Cloud Threats Memo: Keeping Distributed Workforces Secure

Thanks to the growing availability of vaccines and immunization campaigns in multiple countries, the world is starting to see a light at the end of the COVID-19 tunnel. We are eager to return to a new normal, being aware that some changes will be permanent, or if not permanent will strongly characterize the next years.

One of these changes is related to the widespread adoption of cloud applications, which have helped organizations cope with the effects of the pandemic: the sudden shift to a new distributed work environment has required connecting a dispersed workforce with collaborators, partners, and customers, and cloud apps have played a fundamental role in this process. We could say that the pandemic has accelerated digital transformation plans, and the effects will last well beyond this health crisis.

Unsurprisingly, cybercriminals have immediately monetized the rapid adoption of cloud services to launch more and more evasive campaigns that leverage the trust of users and organizations. To have an idea of this trend, in our latest Cloud and Threat Report, we highlighted that 53% of web traffic is now composed of cloud applications, 61% of malware is delivered from the cloud, 13% of phishing campaigns are hosted in the cloud, and 33% target cloud app credentials.

How Netskope mitigates this threat

The Netskope Cloud Access Security Broker can help organizations detect compromised corporate cloud accounts that are being abused to deliver malicious emails and to perform additional malicious activities.

The Netskope Next Generation Secure Web Gateway provides granular visibility for thousands of cloud applications including Microsoft and Google apps, allowing the inspection of traffic with granular access control, DLP, and threat protection policies with the further possibility to differentiate corporate and non-corporate instances. For example, it is possible to create a simple DLP policy that prevents the submission of corporate credentials inside a phishing page hosted into a rogue instance of a Microsoft or Google cloud service or prevent the download of a malicious payload with the multi-layer threat protection engine, regardless of the exploited services, and without considering it implicitly trusted simply because it’s Microsoft or Google.

Stay safe!