Many employees still use unauthorized services to get work done
Shadow IT rampant among government agencies and education firms, report finds
The use of so-called "shadow IT" poses a real risk to organizations of all sizes, worldwide, a new report from KnowBe4 has claimed.
Having polled 435,000 employees across the world, the company found that half regularly use shadow IT services on their endpoints to get work done.
Shadow IT is usually described as software tools and services used by employees, that haven’t been vetted by the IT department. It usually includes popular chat messenger platforms (Facebook Messenger, WhatsApp, Viber, etc.), public file-sharing platforms, free-to-use online tools, and others. Cybercriminals and other threat actors often leverage these tools to phish out passwords, login credentials, and other sensitive information, as well as to distribute malware, ransomware, and other viruses.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
“Very concerning" findings
KnowBe4’s report focuses on two areas: the use of unauthorized cloud services to store information and communicate in the workplace; and the use of unauthorized file-sharing networks on work computers, to download various content.
Businesses located in Asia and Oceania were found to be among the worst performers. In these regions, for almost a third of enterprises (32%, on average), it’s common practice for employees to use Shadow IT. Organizations in Education (42.8%), Construction (35.5%), and Government (33.4%) were the worst performers.
On the other end of the spectrum are businesses in Latin America and Africa, where for just 20% of organizations, it’s common practice for employees to use Shadow cloud services. With just 17%, banking and bank-related organizations were performing best.
“The findings from this research are very concerning because employees are exhibiting insecure behaviors that are putting their organizations at significant risk,” said Kai Roer, chief research officer, KnowBe4.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“The concept of shadow IT has a direct impact on the level of security culture exhibited at an organization. To combat shadow IT, organizations should focus on strengthening their security culture and increasing employees’ level of security awareness. It is especially important for employees to understand and take responsibility for how their insecure behaviors can ultimately affect the organization’s reputation and bottom line.”
- Check out the best firewalls right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.