Netskope revealed new research showing the continued growth of malware delivered by cloud applications and also the potential for critical data exfiltration tied to employees departing their jobs, among a range of increasing cloud application security risks.
The findings are part of the July 2021 Netskope Cloud and Threat Report, the latest installment of Netskope Threat Labs’ biannual research analyzing critical trends in enterprise cloud service and app use, web and cloud-enabled threats, and cloud data migrations and transfers.
As pandemic restrictions change, enterprises and their workers confront decisions on whether to stay home, return to the office, or change jobs. The report found that some departing employees present disproportionately significant cloud security risks. In their last 30 days of employment, workers have been proven to be uploading three times more data than usual to personal cloud apps.
“Regardless of whether the so-called ‘Great Resignation’ is real or perceived, it’s a fact that employees leaving an organization pose an increasingly bigger insider security threat to organizations when they take company data with them,” said Ray Canzanese, Threat Research Director at Netskope. “That and other trends revealed in the research show that enterprises must rethink security based on the reality of cloud application use. They should favor a security architecture that provides context for apps, cloud services, and web user activity, and that applies zero trust controls to protect data wherever and however it’s accessed.”
Cloud threats affecting enterprises
Based on anonymized data collected from the Netskope Security Cloud platform across millions of users from January 1, 2021 through June 30, 2021, key findings of the report include:
Employees attempt to exfiltrate significant amounts of work data before they depart their jobs. Some departing employees upload three times more data to personal apps in the last 30 days of employment. Google Drive and Microsoft OneDrive personal instances are the most popular targets.
97% of cloud apps used in the enterprise are shadow IT, unmanaged and often freely adopted.
Third-party app plugins pose serious data risks. The report shows 97% of Google Workspace users have authorized at least one third-party app access to their corporate Google account potentially exposing data to third parties due to scopes like “View and manage the files in your Google Drive.”
Uptick in cloud environments that are exposed to the public creates opportunities for attackers. More than 35% of all workloads are exposed to the public internet within AWS, Azure, and GCP, with RDP servers – a popular infiltration vector for attackers – exposed in 8.3% of workloads.
Cloud-delivered malware is growing and reached an all time high. Cloud-delivered malware has increased to an all-time high of 68% with cloud storage apps accounting for nearly 67% of that cloud malware delivery and malicious Office docs now accounting for 43% of all malware downloads.
A return to the office hasn’t quite started yet. Research indicates that 70% of users continue to work remotely as of the end of June 2021. At the beginning of the COVID-19 pandemic in March 2020, we saw a sudden and dramatic shift to remote work, from 30% of users working remotely before the pandemic to 70% working remotely soon after COVID-19 restrictions began to take hold.