Netskope Report Reveals 43.7 Per Cent Of Cloud-Based Malware Delivers Ransomware

Quarterly report on enterprise cloud app usage also sees more than half of malware-infected files in cloud apps shared with others

London, UK. Netskope, the leader in cloud security, announced the release of the September 2016 Netskope Cloud Report™ on enterprise cloud app usage and trends. In response to the growing threat of ransomware across enterprises, the report took a closer look at the prevalence of ransomware and how it spreads through cloud apps within an organisation. According to the report, 43.7 per cent of malware found in enterprises cloud apps have delivered ransomware, and 55.9 per cent of malware-infected files found in cloud apps are shared publicly. The report also found that enterprises, on average, have 824 cloud apps in use, up from 777 last quarter.

Ransomware Emerges as One of the Most Prevalent Forms of Malware

For the third quarter running, Netskope Threat Research Labs examined the presence of malware in enterprises, finding that there are on average 26 pieces of malware found in cloud apps across a given organisation. 56 per cent of malware-infected files in cloud apps are shared with internal or external users, or shared publicly.

Of the malware types detected, 43.7 per cent are common ransomware delivery vehicles, including Javascript exploits and droppers, Microsoft Office macros and PDF exploits. These ransomware attacks are often initially delivered through phishing and email attacks, but within cloud environments, infected and encrypted files can quickly spread to other users through cloud app sync and share functionality in what is known as the fan-out effect.

Additional Findings

  • Microsoft Beats Out Google, Facebook as Most Popular Cloud App

Among the top 20 most used apps, Microsoft continues to lead Google, with Office 365 Outlook.com and OneDrive for Business beating out their counterparts from other vendors in session volume. Microsoft productivity apps are the number one and two most popular apps, unseating Facebook from its spot at No. 1 for the first time. This shows that Microsoft Office 365 adoption remains strong among enterprises.

  • Slack Cracks the Top 20 Amid Increasing Enterprise Popularity

Supporting the notion that enterprises are eagerly adopting new collaboration tools, Slack has entered the top 20 most popular apps for the first time. Security teams will need to prioritise this trend and pay close attention to sensitive information being shared within collaboration apps, and prioritise visibility into and control over the apps with which Slack is integrated and sharing data.

  • Cloud Storage Apps Responsible for Vast Majority of Cloud Data Loss Prevention (DLP) Violations

Cloud storage apps dominate cloud DLP violations accounting for 76.5 per cent of all violations, followed by webmail at 18.6 per cent. Within cloud storage apps, manufacturing-focussed enterprises had the largest percentage of DLP violating files, at 24 per cent of all files scanned, followed by Technology and IT Services at 15 per cent and Healthcare and Life Sciences at 11 per cent.

“Our priority has always been giving IT teams the tools they need to not only have visibility into employee app usage and activity, but also understand and take action against the ways sensitive information can be shared or make its way into the wrong hands,” said Sanjay Beri, founder and CEO, Netskope. “With the rise of ransomware, the cloud threat landscape is now increasingly complicated; IT teams need deeper intelligence, protection, and remediation that can help them stop malware and ransomware in their tracks and prevent them from spreading.”

Enterprise Cloud App Usage Continues to Rise: Breakdown of Cloud Apps By Industry

Netskope found that enterprises, on average, have 824 cloud apps in use — up from 777 last quarter. 94.7 per cent of those apps are not considered “enterprise-ready” according to the Netskope Cloud Confidence Index™ scoring system, meaning they lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation.

Technology and IT Services organisations had the highest number of cloud apps in use, averaging 855 per organisation. This was followed by Healthcare and Life Sciences, which had 836 cloud apps in use per organisation.

Industry Group

Number of Cloud Apps Per Enterprise

1

Technology and IT Services 855

2

Healthcare and Life Sciences

836

3

Retail, Restaurants, and Hospitality

787

4

Financial Services, Banking, and Insurance

714

5 Manufacturing

698

Average Cloud Apps Per Enterprise by App Category

Apps in the Marketing and Collaboration categories had the highest number of cloud apps per enterprise. Despite the growing popularity of productivity and collaboration apps like Slack, the vast majority are still not enterprise-ready. IT should be mindful of not only which apps its teams are using, but the types of activities and information being shared within those apps.

Category

Average # of Apps Per Enterprise Percentage of Apps Not Enterprise-Ready

Marketing

75

98%

Collaboration

66 91%

Productivity

63

99%

Finance/Accounting

57

96%

Human Resources

52

96%

CRM and SFA

37

94%

Social

29

92%

Software Development

28

96%

IT/Application Management

28

96%

Cloud Storage

27

77%

Netskope Resources

  • Downloadthe Netskope Cloud Report for more detailed analysis and to see the full list of the most widely used cloud apps by enterprises
  • Learn more about how to gain visibility into enterprise cloud apps and how to ensure they are secure and compliant
  • Visit the Netskope Hub for the latest commentary and insight on trends from the Netskope team

About the Netskope Cloud Report

Based on aggregated, anonymised data from the Netskope Active Platform, which provides discovery, surgical visibility and control over any cloud app, the report’s findings are based on millions of users in hundreds of accounts in the global Netskope Active Platform from April 1 through June 30, 2016.

[short_info id=’60853′]

Information Security Buzz