Quantify the value of Netskope One SSE – Get the 2024 Forrester Total Economic Impact™ study

close
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,400 customers worldwide including more than 30 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

A Leader in SSE. Now a Leader in Single-Vendor SASE.

Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge

Get the report
Customer Visionary Spotlights

Read how innovative customers are successfully navigating today’s changing networking & security landscape through the Netskope One platform.

Get the eBook
Customer Visionary Spotlights
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Aerial view of a city
  • Security Service Edge chevron

    Protect against advanced and cloud-enabled threats and safeguard data across all vectors.

  • SD-WAN chevron

    Confidently provide secure, high-performance access to every remote user, device, site, and cloud.

  • Secure Access Service Edge chevron

    Netskope One SASE provides a cloud-native, fully-converged and single-vendor SASE solution.

The platform of the future is Netskope

Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
SASE Architecture For Dummies eBook
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through secure access service edge (SASE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

A Cyber & Physical Security Playbook
Emily Wearmouth and Ben Morris explore the challenges of protecting international sports events where cybersecurity meets physical security.

Play the podcast Browse all podcasts
A Cyber & Physical Security Playbook, with Ben Morris from World Rugby
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through secure access service edge (SASE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2024 On-Demand

Learn how to navigate the latest advancements in SASE and zero trust and explore how these frameworks are adapting to address cybersecurity and infrastructure challenges

Explore sessions
SASE Week 2024
What is SASE?

Learn about the future convergence of networking and security tools in today’s cloud dominant business model.

Learn about SASE
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Careers chevron

    Join Netskope's 3,000+ amazing team members building the industry’s leading cloud-native security platform.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Accreditations chevron

    Netskope training will help you become a cloud security expert.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Help shape the future of cloud security

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

Join the team
Careers at Netskope
Netskope dedicated service and support professionals will ensure you successful deploy and experience the full value of our platform.

Go to Customer Solutions
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working

Cloud and Threat Report:
January 2025

light blue plus
This report explores key trends in four areas of cybersecurity risks facing organizations worldwide– adversarial risk, social engineering risk, personal app risk, and genAI app risk–highlighting the strategies organizations use to manage these risks.
Dark cloud over the sunset
24 min read

In This Report link link

  • Social engineering risk – Phishing is on the rise globally, with 8.4 out of every 1,000 users clicking a phishing link per month, nearly triple last year’s average, with Microsoft 365 credentials being the top target.
  • Personal app risk – Personal app use is rampant in the enterprise, with more than one out of every four users (26%) uploading, posting, or otherwise sending data to personal apps every month, with personal use of cloud storage, webmail, and genAI apps posing the most significant risks to organizations worldwide.
  • Generative AI risk – GenAI adoption continues to increase, with the number of genAI users nearly tripling year-over-year and 94% of organizations now using genAI apps, increasing data risk to organizations worldwide.
  • Adversarial risk – Adversary activity in 2024 mirrored the broader geopolitical landscape, with Russian groups TA577 and UAC-0050 and the Chinese group Salt Typhoon among the most active worldwide.

 

test answer

Introduction link link

Amidst the growing complexity of cyber threats, one truth remains evident: People–including authorized users and external attackers–are at the center of cybersecurity risk. Although the human element of cybersecurity risk is widely known, the complexities of the modern workplace make it increasingly challenging for individuals to make informed decisions about sensitive data, digital risks, and security protocols:

  • For every message they receive, they must quickly assess whether it is legitimate, often relying on cues as subtle as tone, spelling, grammar, and formatting.
  • When handling sensitive data, they must balance the need to access and use information with the imperative to protect it from unauthorized parties.
  • When navigating the cloud, they must make high-stakes decisions about trust and risk in real time when they encounter authorization prompts.

The sheer volume of these decisions–often made under duress or with limited information–can lead to suboptimal decision-making. Furthermore, there are inherent cognitive biases that influence the human decision-making process, including:

  • Confirmation bias, the tendency to prioritize familiar patterns over suspicious anomalies.
  • Availability bias, the reliance on recent experiences rather than objective evidence.
  • Cognitive fatigue, the diminished ability to reason effectively after prolonged exposure to security alerts and warnings.

These factors create a perfect storm of uncertainty, where even the most well-intentioned individuals can inadvertently compromise organizational security. Furthermore, attackers constantly seek to exploit these vulnerabilities, often using sophisticated social engineering tactics that manipulate users into taking actions that might seem benign. This uncertainty has been intensified even further by recent advances in genAI, which attackers use to engage with their victims in a manner that is even more personalized and convincing.

This report examines some of the most significant risks facing organizations worldwide and explores the successful cybersecurity strategies those organizations have adopted to manage those risks. It centers on four types of cybersecurity risk:

  • Social engineering risk: Adversaries attempt to exploit human behavior and bypass security measures using phishing messages over various channels, malicious websites, Trojans, and other tactics.
  • Personal app risk: The ubiquity of personal cloud apps in the enterprise has created an environment where users knowingly or unknowingly use personal apps to process sensitive information, leading to the loss of organizational control over data and potential data breaches.
  • Generative AI risk: The promises of genAI have inspired a growing percentage of people and organizations to use a variety of genAI to improve their productivity or work quality, often resulting in sensitive information being disclosed to unauthorized third parties.
  • Adversarial risk: Highly motivated adversaries are generally well-resourced, sophisticated, and persistent in their attempts to infiltrate an organization.

The remainder of this report explores these four risks in more detail, focusing on trends observed throughout 2024 and into 2025.

 

Social engineering risk link link

Social engineering risk is ubiquitous, arising not just from the well-resourced and sophisticated geopolitical and criminal groups mentioned later in the Adversarial risk section but also from low-level ransomware affiliates, cybercrime gangs, and other attackers. Instead of searching for hard-to-find vulnerabilities to infiltrate a victim organization, the attacker targets those working in that organization, using phishing, pretexting, Trojans, deepfakes, and other tactics. Success ultimately hinges on gaining trust, scaring, or otherwise manipulating people into taking actions that compromise security. In the remainder of this section, we highlight two common types of social engineering risk: phishing and Trojans.

Phishing

Phishing generally takes the form of an attacker creating a fake login page for a website, using a tool to reverse proxy a login page, or making a fake application to trick the victim into authorizing access. Over the past year, the number of users clicking on phishing links has increased by nearly triple, from 2.9 in 2023 to 8.4 out of every 1,000 users in the average organization clicking on a phishing link each month. This increase comes despite most organizations requiring users to undergo security awareness training to avoid phishing attacks. The main factors leading to this increase are cognitive fatigue (with users constantly being bombarded with phishing attempts) and the creativity and adaptability of the attackers in delivering harder-to-detect baits.

The top target for phishing campaigns that users clicked on in 2024 were cloud applications, representing over one-quarter of the clicks. Attacker objectives vary depending on the target:

  • Cloud – Attackers aim to sell stolen account access on illicit marketplaces, where the buyer will use it for business email compromise, to steal data, or to pivot to other more high-value victims.
  • Banking – Banking institutions are targeted for financial fraud.
  • Telco – Telecommunication providers are targeted for fraud or to sell access to stolen accounts.
  • Social Media – Social media accounts can be used by low-level actors to propagate scams and spread malware or by sophisticated adversary groups to spread disinformation and misinformation.
  • Government – The most common government phishing target is the Internal Revenue Service in the United States, where financial information is requested to pay out a tax refund.

Top phishing targets by links clicked - Cloud and Threat Report - January 2025

The most targeted brand among cloud apps is Microsoft, where attackers target Microsoft Live and 365 credentials. Pages targeting Yahoo and AOL are similar, explicitly targeting login credentials for those apps. However, the fake Adobe and DocuSign pages are slightly different, as illustrated in the screenshots below the graph: The phishing pages use the Adobe and DocuSign brands to target credentials for other services. To ensure no one is left out, the attackers in both examples even include an “other” option where the victim can enter any email address and password. In both of these examples and most others, Microsoft 365 is among the target credentials. As a result, the percentage of users clicking on links targeting Microsoft credentials is closer to 75%. Microsoft’s popularity as a phishing target is unsurprising because Microsoft 365 is the most popular productivity suite by a large margin.

Top cloud phishing targets by links clicked - Cloud and Threat Report - January 2025

Phishing examples - Cloud and Threat Report - January 2025

Where the victims are encountering the phishing links provides clues as to why the number of users clicking on such links may have increased in the past year. The majority of the clicks did not come from email but rather from various other locations throughout the web. The top referrer was search engines, where attackers run malicious ads or use SEO poisoning techniques to get the phishing pages listed at the top of the search engine results for specific terms. Other top referrers included shopping, technology, business, and entertainment sites, where the referrals come from comments, malicious ads, and infected sites. The variety of phishing sources illustrates some creative social engineering by attackers. They know their victims may be wary of inbound emails (where they are repeatedly taught not to click on links) but will much more freely click on links in search engine results.

Top web and cloud categories referring phishing pages - Cloud and Threat Report - January 2025

 

Trojans

1.4 out of every 100 people encountered malicious content on the web or in the cloud each month during 2024. The most common types of content encountered were JavaScript-based Trojans. These malicious scripts aim to trick the victim into downloading malware, visiting another malicious scam or phishing site, or authorizing access to their accounts. Below is a list of the top 10 most commonly encountered malware families, all designed to trick their victims into downloading, opening, or clicking something to kick off a series of cascading events designed to compromise their systems. Blocking Trojans is crucial because they are often the initial vector for more sophisticated malicious activities, including espionage, ransomware, financial fraud, and sabotage.

Backdoor.Zusy (a.k.a. TinyBanker) is a banking Trojan based on Zeus’s source code that aims to steal personal information via code injection into websites.

Downloader.Nemucod is a JavaScript downloader that has previously delivered Teslacrypt.

Downloader.SLoad (a.k.a Starslord) is a downloader often used to deliver Ramnit.
Downloader.Upatre is a downloader that distributes other payloads, such as Locky and Dridex.

Infostealer.AgentTesla is a .NET-based remote access Trojan with many capabilities, including stealing passwords from the browser, logging keystrokes, and capturing clipboard contents.

Trojan.CobaltStrike is a powerful commercial penetration testing framework that enables various functionalities, including a highly customizable command and control framework to evade traditional network-based detection. Cracked versions of CobaltStrike are widely used by many adversary groups.

Trojan.FakeUpdater (a.k.a. SocGholish) is a JavaScript downloader that delivers various payloads, including Dridex and Azorult.