There are several ways a company may be susceptible to hacking, and one of the ways is Shadow IT. A recent report said that a part of cybersecurity incidents that hit Indian businesses was due to the use of shadow IT by their employees. Here’s all you need to know about it.
What is Shadow IT?
Shadow IT is the part of the company’s IT infrastructure that is outside the purview of the IT and Information Security departments, that is, applications, devices, and public cloud services, among others that are not being used in accordance with a company’s information security policies.
Shadow IT is not limited to tech companies
Deployment and operating shadow IT can lead to serious negative outcomes for businesses in almost all spaces. As per a research by Kaspersky, in India, 89% of companies suffered cyber incidents in the last two years, and 20% of these were caused by the use of shadow IT.
The IT industry had been the hardest hit, suffering 16% of cyber incidents due to the unauthorised use of shadow IT in 2022 and 2023. It was followed by infrastructure, and transport & logistics organisations, which saw 13% cyber incidents due to unauthorised use of shadow IT.
Meanwhile, 11% of companies worldwide have suffered cyber incidents due to the use of shadow IT by employees in the last two years.
Examples of Shadow IT
Earlier this year, hackers compromised Okta’s customer support system and stole data from all of the cybersecurity firm’s customer support users. An employee using a personal Google account on a company-owned device unintentionally allowed threat actors to gain unauthorised access to Okta’s customer support system.
How to safeguard against Shadow IT-led hacking
The best way to plug Shadow IT-led hacking is to only use apps installed on employee devices and refrain from using unsolicited flash drives, mobile phones and laptops.
Abandoned hardware left over after the modernisation or reorganisation of the IT infrastructure can also be used ‘in the shadows’ by other employees, potentially exposing the company to hackers.
A regular check on the inventory of IT assets like abandoned devices and hardware can also help in eliminating the risks of hacking. Furthermore, making users aware of ways that poses cyber risks can also help in plugging loopholes.
What is Shadow IT?
Shadow IT is the part of the company’s IT infrastructure that is outside the purview of the IT and Information Security departments, that is, applications, devices, and public cloud services, among others that are not being used in accordance with a company’s information security policies.
Shadow IT is not limited to tech companies
Deployment and operating shadow IT can lead to serious negative outcomes for businesses in almost all spaces. As per a research by Kaspersky, in India, 89% of companies suffered cyber incidents in the last two years, and 20% of these were caused by the use of shadow IT.
The IT industry had been the hardest hit, suffering 16% of cyber incidents due to the unauthorised use of shadow IT in 2022 and 2023. It was followed by infrastructure, and transport & logistics organisations, which saw 13% cyber incidents due to unauthorised use of shadow IT.
Meanwhile, 11% of companies worldwide have suffered cyber incidents due to the use of shadow IT by employees in the last two years.
Examples of Shadow IT
Earlier this year, hackers compromised Okta’s customer support system and stole data from all of the cybersecurity firm’s customer support users. An employee using a personal Google account on a company-owned device unintentionally allowed threat actors to gain unauthorised access to Okta’s customer support system.
How to safeguard against Shadow IT-led hacking
The best way to plug Shadow IT-led hacking is to only use apps installed on employee devices and refrain from using unsolicited flash drives, mobile phones and laptops.
Abandoned hardware left over after the modernisation or reorganisation of the IT infrastructure can also be used ‘in the shadows’ by other employees, potentially exposing the company to hackers.
A regular check on the inventory of IT assets like abandoned devices and hardware can also help in eliminating the risks of hacking. Furthermore, making users aware of ways that poses cyber risks can also help in plugging loopholes.
Denial of responsibility! Swift Telecast is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – swifttelecast.com. The content will be deleted within 24 hours.