Use of generative AI has more than tripled in 12 months, but organizations still struggle to balance safe enablement with risk management
Santa Clara, California, July 17, 2024 /PRNewswire/ — Netscopethe leader in Secure Access Service Edge (SASE), today announced new research showing that regulated data – data that organizations are legally obligated to protect – accounts for more than one-third of sensitive data shared with generative AI (genAI) applications, posing a potential risk of costly data breaches for businesses.
New research from Netskope Threat Labs reveals that three-quarters of surveyed companies currently block at least one genAI app entirely, reflecting enterprise technology leaders' desire to limit the risk of sensitive data exfiltration. However, less than half of organizations have data-centric controls in place to prevent sensitive information from being shared in input queries, and most organizations are lagging behind in adopting the advanced data loss prevention (DLP) solutions required to safely enable genAI.
Using a global dataset, researchers found that 96% of enterprises currently use genAI, a figure that has tripled in the past 12 months. On average, enterprises are currently using nearly 10 genAI apps, up from 3 last year. And the top 1% of adopters are using an average of 80 apps, up from 14. Along with increased usage, enterprises have seen a surge in proprietary source code sharing within genAI apps, accounting for 46% of recorded data policy violations. These changing trends complicate how enterprises manage risk and require more robust DLP efforts.
The security and data loss control nuances that organizations are applying are positive signs of proactive risk management. For example, 65% of companies have now implemented real-time user coaching to guide users' interactions with genAI apps. Research shows that effective user coaching plays a key role in mitigating data risks, with 57% of users changing their behavior after receiving a coaching alert.
“Securing genAI requires more investment and attention. genAI is becoming more prevalent in the enterprise and shows no signs of slowing down anytime soon.” James Robinson“Companies need to be aware that genAI output can accidentally expose sensitive information, spread misinformation, or introduce malicious content. A robust risk management approach is needed to protect data, reputation, and business continuity,” said , chief information security officer at Netskope.
Netskope's Cloud & Threat Report: AI Apps in the Enterprise also found that:
- ChatGPT is the most popular app, used by over 80% of businesses.
- Microsoft Copilot has seen the most dramatic increase in usage since its launch in 2010. January 2024 57%
- 19% of organizations ban GitHub CoPilot entirely
Key takeaways for businesses
Netskope encourages companies to review, adapt, and customize their AI or genAI-specific risk frameworks using initiatives such as the NIST AI Risk Management Framework. Specific tactical steps to address risks from genAI include:
- Know the current status: First, assess your existing use of AI and machine learning, data pipelines, and genAI applications. Identify vulnerabilities and gaps in your security controls.
- Implement the core controls: Establish basic security measures such as access control, authentication mechanisms, and encryption.
- Advanced control plans: Go beyond the basics and create a roadmap for advanced security controls. Consider threat modeling, anomaly detection, continuous monitoring, and behavioral detection to identify suspicious data movement from your cloud environment to the genAI app that deviates from normal user patterns.
- Measure, Start, Fix, Repeat: Regularly evaluate the effectiveness of security measures. Adjust and improve security measures based on real-world experience and new threats.
Download the full Cloud and Threat Report: AI Apps in the Enterprise here, and learn more about cloud-enabled threats and the latest findings from Netskope Threat Labs here. Netskope Threat Research Hub.
About Netskope Netskope, a global leader in SASE, helps organizations apply Zero Trust principles and AI/ML innovation to secure data and defend against cyber threats. The fast and easy-to-use Netskope platform delivers optimized access and real-time security for people, devices, and data, wherever they are. Netskope helps customers reduce risk, accelerate performance, and gain unmatched visibility into cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network modifications, and new regulatory requirements. To learn how Netskope can help you navigate your SASE journey, visit netskope.com.
Media Contact:
[email protected]
Source Netskope
