Cybersecurity Strain: 161% Increase in Visits to High-Risk Apps

Research experts from Netskope Cloud warned security teams about the surge in the use of risky apps and websites by the remote workforce, globally. In its report “Cloud and Threat Report – August 2020” Netskope Cloud stated that the number of remote employees has more than doubled and changes in user behavior has been dramatic in the Q1 of 2020, with 161% increase in visits to high-risk apps and sites by a 64% remote workforce.

Research Highlights

• 80% increase in the use of collaboration apps as remote workers sought to remain connected with their colleagues, and a 2% increase in the total number of cloud apps being used in the average enterprise.
• 600% increase in visits to adult content.
• 97% increase for personal use of managed devices.
• Cloud-based malware delivery (vs web) increased to 63%.
• Personal use of devices increased by 97% and use of risky apps and websites increased by 161%.
• 7% of all users uploaded regulated data, source code, company confidential data, and other sensitive data to personal instances, exposing the data to potential misuse and theft.

  

The research also revealed that Cloud Storage, Webmail, and Social apps were among the most popular apps used for phishing, with 63% of malware delivered over cloud applications like Microsoft Office 365 OneDrive for Business, SharePoint, Google Drive, and Amazon S3. While, Microsoft Office 365 OneDrive for Business, Microsoft Live Outlook, Blogger, AOL Mail, and Facebook are the most popular apps used for phishing attacks.

“The percentage of phishing attempts being delivered through cloud applications held steady at 15% with a variety of apps being used to deliver the bait, including cloud storage, webmail, web hosting, and social media apps. This statistic, combined with those reported by the Anti-Phishing Working Group, indicates that phishers are both using the cloud to phish and phishing for cloud credentials,” the report said.

“Device sharing at home is validated by the traffic to websites and apps categorized as Education and Kids, where managed devices are used for remote education efforts within families. Even with an increase in personal use of managed devices and high-risk websites, the most popular apps remain the leading delivery method of cloud-enabled threats and malware. And finally, as expected, the use of collaboration apps increased greatly as remote teams aim to stay connected,” the report added.

Protective Measures

Netskope Cloud also recommended certain security measures to protect sensitive data from adversaries. These include:

• Use strong authentication and access controls like 2FA, MFA, etc.
• Adaptive access controls based on the user, app, device, location, data, and destination to selectively grant access to specific activities.

• Zero-trust network access to private apps in data centers and public cloud services to reduce exposure of apps and limit network lateral movement.

• Continuous security assessment of public cloud services to detect misconfigurations and publicly exposed data.

• Cloud inline analysis of managed and unmanaged cloud apps for data context to enable data and threat protection defenses.

• Selective and safe enablement of cloud applications based on a third-party risk assessment of applications with the ability to recommend safer alternatives.

• Granular policy controls for data movement to and from apps, instances, users, websites,devices, and locations.

• Cloud data protection (DLP) for sensitive data from internal and external threats
• Behavior analysis for anomalies, plus confidence index scores for users with event correlation timelines to visualize changes in behavior.
• Real-time coaching to users on activity and data movement with justification collection, proceed/cancel, or warning alerts to change user behavior.