Netskope Research Shows Growing Risk of Company Data Exposure As Employees Depart Their Jobs

Along with insider threats related to a potential “Great Resignation,” Netskope report covers increased cloud application security risks, from malware delivery to third party plugins 

SANTA CLARA, Calif. – July 20, 2021 – Netskope, the SASE leader, today revealed new research showing the continued growth of malware delivered by cloud applications and also the potential for critical data exfiltration tied to employees departing their jobs, among a range of increasing cloud application security risks. 

The findings are part of the July 2021 Netskope Cloud and Threat Report, the latest installment of Netskope Threat Labs’ biannual research analyzing critical trends in enterprise cloud service and app use, web and cloud-enabled threats, and cloud data migrations and transfers. As pandemic restrictions change, enterprises and their workers confront decisions on whether to stay home, return to the office, or change jobs. The July report found that some departing employees present disproportionately significant cloud security risks. In their last 30 days of employment, workers have been proven to be uploading three times more data than usual to personal cloud apps. 

“Regardless of whether the so-called ‘Great Resignation’ is real or perceived, it’s a fact that employees leaving an organization pose an increasingly bigger insider security threat to organizations when they take company data with them,” said Ray Canzanese, Threat Research Director at Netskope. “That and other trends revealed in the research show that enterprises must rethink security based on the reality of cloud application use. They should favor a security architecture that provides context for apps, cloud services, and web user activity, and that applies zero trust controls to protect data wherever and however it’s accessed.” 

Key Findings 

Based on anonymized data collected from the Netskope Security Cloud platform across millions of users from January 1, 2021 through June 30, 2021, key findings of the report include: 

– Employees attempt to exfiltrate significant amounts of work data before they depart their jobs. Some departing employees upload three times more data to personal apps in the last 30 days of employment. Google Drive and Microsoft OneDrive personal instances are the most popular targets. 

– 97% of cloud apps used in the enterprise are shadow IT, unmanaged and often freely adopted.

– Third-party app plugins pose serious data risks. The report shows 97% of Google Workspace users have authorized at least one third-party app access to their corporate Google account potentially exposing data to third parties due to scopes like “View and manage the files in your Google Drive.” 

– Uptick in cloud environments that are exposed to the public creates opportunities for attackers. More than 35% of all workloads are exposed to the public internet within AWS, Azure, and GCP, with RDP servers – a popular infiltration vector for attackers – exposed in 8.3% of workloads. 

– Cloud-delivered malware is growing and reached an all time high. Cloud-delivered malware has increased to an all-time high of 68% with cloud storage apps accounting for nearly 67% of that cloud malware delivery and malicious Office docs now accounting for 43% of all malware downloads. 

– A return to the office hasn’t quite started yet. Research indicates that 70% of users continue to work remotely as of the end of June 2021. At the beginning of the COVID-19 pandemic in March 2020, we saw a sudden and dramatic shift to remote work, from 30% of users working remotely before the pandemic to 70% working remotely soon after COVID-19 restrictions began to take hold. 

The Netskope Cloud and Threat Report is produced by Netskope Threat Labs, a team composed of the industry’s foremost cloud threat and malware researchers who discover and analyze the latest cloud threats affecting enterprises. 

Get the full Netskope Cloud and Threat Report here. 

About Netskope 

Netskope, the SASE leader, safely and quickly connects users directly to the internet, any application, and their infrastructure from any device, on or off the network. With CASB, SWG, and ZTNA built natively in a single platform, the Netskope Security Cloud provides the most granular context, via patented technology, to enable conditional access and user awareness while enforcing zero trust principles across data protection and threat prevention everywhere. Unlike others who force tradeoffs between security and networking, Netskope’s global security private cloud provides full compute capabilities at the edge. 

Netskope is fast everywhere, data centric, and cloud smart, all while enabling good digital citizenship and providing a lower total-cost-of-ownership.