Netskope Threat Labs publishes a quarterly summary blog post of the top threats we track on the Netskope platform. This post aims to provide strategic, actionable intelligence on active threats against enterprise users worldwide.

The National Institute of Standards and Technology’s widely used Cybersecurity Framework (NIST CSF) provides organizations with a common language that allows staff at all levels—and at all points in a supply chain—to develop a shared understanding of their cybersecurity capability.

Technological advances in how we create and consume media have repeatedly transformed how election campaigns are fought: social media, TV and radio were all revolutions in their times.There have always been concerns about the impact these new technologies would have on democracy: the Milwaukee Journal worried following the first televised presidential debate, in 1960, that “American Presidential campaigning will never be the same again.” Perhaps they were right…

Since the launch of ChatGPT in November 2022, generative AI (genAI) has seen rapid enterprise adoption. According to researchers in the Netskope Threat Labs, as of June 2024, an astonishing 96% of organizations are using various types of genAI apps. This widespread adoption is transforming how businesses operate, but with great power comes great responsibility—and risk.

A lot has happened since the 2008 financial crisis and credit crunch, including a significant increase in cloud app adoption in financial services and a rise in cyber attacks targeting those apps. To keep the financial sector safe and secure, the EU introduced new rules. Initially, these regulations focused on ensuring banks had enough capital to handle financial problems. However, as cyberattacks became a bigger threat, the EU recognised the need for additional measures.

In the ever-evolving landscape of AI, maintaining compliance standards and ensuring secure usage of generative AI applications remains an important priority for enterprises. Across the globe, regulatory frameworks like the European Union’s AI Act have been established to ensure that AI systems are developed and deployed in a manner that prioritizes safety, transparency, ethics, and fundamental rights.

This blog is part of the ongoing “I&O Perspectives” series, which features insights from industry experts about the impact of current threats, networking, and other cybersecurity trends.

As businesses increasingly rely on digital infrastructures, the threats that aim to exploit these technologies also evolve. It’s no longer just about safeguarding against unauthorized access; it’s about understanding and mitigating the complex risks introduced by AI and machine learning—topics I’ve often discussed, emphasizing the need for an advanced cybersecurity strategy that evolves as quickly as the technologies it aims to protect.

A recently discovered advanced persistent threat (APT) provides a particularly meaningful example of how multiple cloud services can be combined inside the same attack chain to add layers of sophistication and evasion. CloudSorcerer is the name that researchers at Kaspersky have coined to describe an advanced threat actor targeting Russian government entities.