Many employees still use unauthorized services to get work done

Hands typing on a keyboard surrounded by security icons
(Image credit: Shutterstock)

The use of so-called "shadow IT" poses a real risk to organizations of all sizes, worldwide, a new report from KnowBe4 has claimed.

Having polled 435,000 employees across the world, the company found that half regularly use shadow IT services on their endpoints to get work done.

Shadow IT is usually described as software tools and services used by employees, that haven’t been vetted by the IT department. It usually includes popular chat messenger platforms (Facebook Messenger, WhatsApp, Viber, etc.), public file-sharing platforms, free-to-use online tools, and others. Cybercriminals and other threat actors often leverage these tools to phish out passwords, login credentials, and other sensitive information, as well as to distribute malware, ransomware, and other viruses.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window <<

 “Very concerning" findings 

KnowBe4’s report focuses on two areas: the use of unauthorized cloud services to store information and communicate in the workplace; and the use of unauthorized file-sharing networks on work computers, to download various content. 

Businesses located in Asia and Oceania were found to be among the worst performers. In these regions, for almost a third of enterprises (32%, on average), it’s common practice for employees to use Shadow IT. Organizations in Education (42.8%), Construction (35.5%), and Government (33.4%) were the worst performers.

On the other end of the spectrum are businesses in Latin America and Africa, where for just 20% of organizations, it’s common practice for employees to use Shadow cloud services. With just 17%, banking and bank-related organizations were performing best.

“The findings from this research are very concerning because employees are exhibiting insecure behaviors that are putting their organizations at significant risk,” said Kai Roer, chief research officer, KnowBe4. 

“The concept of shadow IT has a direct impact on the level of security culture exhibited at an organization. To combat shadow IT, organizations should focus on strengthening their security culture and increasing employees’ level of security awareness. It is especially important for employees to understand and take responsibility for how their insecure behaviors can ultimately affect the organization’s reputation and bottom line.”

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.