The use of so-called "shadow IT" poses a real risk to organizations of all sizes, worldwide, a new report from KnowBe4 has claimed.
Having polled 435,000 employees across the world, the company found that half regularly use shadow IT services on their endpoints (opens in new tab) to get work done.
Shadow IT is usually described as software tools and services used by employees, that haven’t been vetted by the IT department. It usually includes popular chat messenger platforms (Facebook Messenger, WhatsApp, Viber, etc.), public file-sharing platforms, free-to-use online tools, and others. Cybercriminals and other threat actors often leverage these tools to phish out passwords, login credentials, and other sensitive information, as well as to distribute malware (opens in new tab), ransomware, and other viruses (opens in new tab).
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
“Very concerning" findings
KnowBe4’s report focuses on two areas: the use of unauthorized cloud services to store information and communicate in the workplace; and the use of unauthorized file-sharing networks on work computers, to download various content.
Businesses located in Asia and Oceania were found to be among the worst performers. In these regions, for almost a third of enterprises (32%, on average), it’s common practice for employees to use Shadow IT. Organizations in Education (42.8%), Construction (35.5%), and Government (33.4%) were the worst performers.
On the other end of the spectrum are businesses in Latin America and Africa, where for just 20% of organizations, it’s common practice for employees to use Shadow cloud services. With just 17%, banking and bank-related organizations were performing best.
> Shadow IT - friend or foe? (opens in new tab)
> Making shadow IT work for businesses and employees (opens in new tab)
> Shadow IT: what it is, and how you should deal with it (opens in new tab)
“The findings from this research are very concerning because employees are exhibiting insecure behaviors that are putting their organizations at significant risk,” said Kai Roer, chief research officer, KnowBe4.
“The concept of shadow IT has a direct impact on the level of security culture exhibited at an organization. To combat shadow IT, organizations should focus on strengthening their security culture and increasing employees’ level of security awareness. It is especially important for employees to understand and take responsibility for how their insecure behaviors can ultimately affect the organization’s reputation and bottom line.”
- Check out the best firewalls right now