Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
New research reveals enterprise employees were tricked into clicking more phishing links last year despite security training.
Last year, more than eight out of every 1,000 enterprise employees clicked on a phishing link each month, a rise of 190 per cent compared to 2023.
The alarming figures come from Netskope’s Cloud and Threat Report: 2025, released last week.
Netskope found that the malicious links weren’t being spread via email, but rather on trusted cloud applications such as Google Drive, OneDrive, and GitHub. Twenty-seven per cent of all phishing links were hosted on such sites, with Microsoft being the most targeted brand – 42 per cent of attacks focused on Microsoft 365 and Microsoft Live.
“The common thread for organisations working to safely enable the use of apps in the enterprise, and mitigate the challenges across the threat landscape, is the need for modern data security,” Ray Canzanese, director of Netskope Threat Labs, said in a statement.
The rise in the effectiveness of phishing links comes in spite of training to improve employee awareness of data security.
Another issue is the use of personal cloud apps in the enterprise workplace. Eighty-eight per cent of employees used a personal app each month last year, with 26 per cent sending or uploading data to personal cloud apps. And it’s not just personal data being uploaded; regulated data such as financial or healthcare information accounted for 60 per cent of data policy violations in the last 12 months.
The continuing uptake of generative AI (GenAI) is another driver of data risk. Employee use of tools such as ChatGPT tripled from 2.6 per cent of employees in 2023 to 7.8 per cent in 2024. In general, 94 per cent of all enterprises now make use of GenAI, with data loss prevention (DLP) an increasing area of focus. Forty-five per cent of organisations now use DLP to manage the flow of data into such apps, and in 73 per cent of cases, it was found that when warned of a potential data security violation, users chose not to proceed.
The number of blocked apps also doubled in 2024, with the top 25 per cent of enterprises blocking 14.6 apps compared to 6.3 in 2023
“Gone are the days when data security was an afterthought. It must be seamlessly integrated into every aspect of an organisation’s operations,” Canzanese said.
“From defending against phishing to safeguarding personal apps and managing GenAI, data security is no longer just a perimeter defence. It is a dynamic, proactive framework with real-time user coaching, DLP, and app-specific controls to stay ahead of an ever-changing threat landscape.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
