Press ReleaseCyber SafetyThreat Detection & Defense

Netskope Threat Labs: Regulated Data Most Common Type of Sensitive Data Uploaded to GenAI Apps

The New Study Focused on the Critical Sector of Banking

Photo of CSA Editorial CSA Editorial Send an email November 12, 2024
2 minutes read
Netskope Threat Labs

Netskope Threat Labs recently published its latest research report focusing on the banking industry. It reveals that phishing is one of the most common cybersecurity threats in the banking industry, with financial fraud being the main reason for adversaries attacking the sector.

The Netskope Threat Labs report focuses on three types of threats in the banking industry—social engineering, malicious content delivery, and GenAI data security—and reveals the top adversary groups targeting the industry.

Key Findings of the New Netskope Threat Labs Report

Among the key findings of the Netskope Threat Labs report are:

Social Engineering

    • Phishing is the most significant social engineering tactic, used to steal bank account details and banking login credentials from sector staff. According to the NetSkope Threat Labs report, three out of every 1,000 individuals working in banking click on a phishing link each month.
    • Instead of targeting cloud apps, as is common in other sectors, adversaries create tailored phishing pages designed to mimic the target banking institutions’ websites and steal bank account information and login credentials to commit financial fraud.

GenAI Data Security

    • Being a highly regulated industry, the most common type of sensitive data uploaded to genAI apps by banking employees is regulated data (46%), followed by intellectual property (23%), passwords and keys (20%) and source code (11%).
    • However, the sector sees lower genAI usage than other industries, with genAI being used in 87% of banks compared to the cross-industry average of 97%.
    • This could be due to the fact that banks block employees from using genAI apps more than in other industries, with 93% of banks blocking at least one genAI app compared to the cross-industry of 77%.
    • Organisations in the banking sector also have stricter control measures for using genAI apps than other industries. Data loss prevention (DLP) is the most popular form of genAI control with over 50% of all organisations in the sector using it to restrict sensitive information from flowing into genAI apps.

Malicious Content Delivery

    • Malicious content can take the form of malicious websites delivering various threats or capturing sensitive information (keystrokes, passwords saved in browsers, etc.), or malicious documents hosted in cloud environments delivering malicious payloads if opened. This is a potential major threat vector for the industry, with one out of every 100 employees in banking accessing malicious content each month.
    • Russian criminal groups are the threat actors most likely to target the sector with malicious content, particularly the TA577 and Indrik Spider groups.
    • The top five malware families that were recently used to target the banking industry are Downloader.SLoad (a.k.a Starslord) Infostealer.AgentTesla; Trojan.FakeUpdater; Trojan.Parrottds; and Trojan.Valyria.

“The banking industry stands out as being one of the best at controlling the data risks associated with genAI apps. They are more aggressive at blocking apps without a legitimate business purpose and using DLP to control what can be sent to allowed apps,” said Ray Canzanese, Director of Threat Labs at Netskope, about the findings of the NetSkope Threat Labs report. “The result has been a more strategic and measured adoption of genAI technology, which results in more secure data. Organisations in other industries can look towards the banking industry as an example of how to successfully control genAI.”

He added about the Netskope Threat Labs report: “Adversaries targeting the banking industry are primarily criminals focused on financial fraud, using social engineering and infostealers to try to obtain bank account details and banking portal login credentials. We still see adversaries aiming to sabotage operations, steal sensitive data, and deploy ransomware, but in much smaller numbers than the financial fraudsters.”

Information presented in this Netskope Threat :Labs report is based on anonymised usage data collected by the Netskope One platform relating to a subset of Netskope customers with prior authorisation.

Tags
Photo of CSA Editorial CSA Editorial Send an email November 12, 2024
2 minutes read
Photo of CSA Editorial

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Financial Phishing

Financial Phishing Continues to Be Menace to SEA Companies—Kaspersky

November 28, 2024
Keeper Security

Williams Racing Chooses Keeper Security to Safeguard Data in Formula 1’s High-Stakes, Data-Driven World

November 28, 2024
resilient cybersecurity frameworks

Beyond Legislation: How Businesses Can Build Resilient Cybersecurity Frameworks

November 28, 2024
Tanium Automate

Sleepless Nights & Security Gaps: Why Automation Is Your Cybersecurity Ally

November 27, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

(c) Asia Online Publishing Group 2024 - Media and PR enquiries - editor@aopg.net