Articles about Shadow IT

Workers are increasingly using shadow AI to draft emails, analyze data, or summarize meetings, but are pretending they haven’t.

New data from marketing agency OutreachX finds 52 percent of US workers are worried about how AI will be used in their workplace in the future and that 48 percent of desk workers say they would be uncomfortable telling a manager they used AI for common tasks.

Continue reading →

A new report reveals that nearly 80 percent of IT leaders say their organization has experienced negative outcomes from employee use of generative AI, including false or inaccurate results from queries (46 percent) and leaking of sensitive data into AI (44 percent).

Notably the survey of 200 US IT directors and executives from Komprise shows that 13 percent say that these poor outcomes have also resulted in financial, customer or reputational damage.

Continue reading →

New research shows that 71.7 percent of workplace AI tools are high or critical risk, with 39.5 percent inadvertently exposing user interaction/training data and 34.4 percent exposing user data.

The analysis from Cyberhaven draws on the actual AI usage patterns of seven million workers, providing an unprecedented view into the adoption patterns and security implications of AI in the corporate environment.

Continue reading →

As with other forms of 'off the books' shadow tech, used by employees without company approval, shadow AI is a double-edged sword.

Cyberhaven Labs recently reported a sharp 485 percent increase in corporate data flowing to AI systems, with much of it going to risky shadow AI apps.

Continue reading →

A new survey finds 73 percent of security professionals admit to using SaaS applications that have not been provided by their company's IT team in the past year.

This is despite the fact that they are acutely aware of the risks, with respondents naming data loss (65 percent), lack of visibility and control (62 percent) and data breaches (52 percent) as the top risks of using unauthorized tools.

Continue reading →

There's an abundance of apps and SaaS solutions readily available these days to make the lives of employees easier and perform many work-related tasks. And the list keeps growing, with the likes of ChatGPT and Gemini paving the way for more AI-driven virtual assistants.

This is all well and good, unless your organization doesn't sanction the use of the software in question, turning something seemingly innocuous into shadow SaaS -- and a security risk. We spoke to John Stringer, head of product at data loss prevention specialist Next DLP, to learn more.

Continue reading →

Although the goals and challenges of IT and security professionals overlap, 72 percent of respondents to a new survey report that security data and IT data are siloed in their organization, contributing to elevated security risk.

The survey of over 7,000 executive leaders, IT and cybersecurity professionals‌ and office workers, from Ivanti finds 63 percent report that siloed data slows down security response times.

Continue reading →

The AI era is here -- and businesses are starting to capitalize. Britain’s AI market alone is already worth over £21 billion and expected to add £1 trillion of value to the UK economy by 2035. However, the threat of “shadow AI” -- unauthorized AI initiatives within a company -- looms large.

Its predecessor -- “shadow IT” -- has been well understood (albeit not always well managed) for a while now. Employees using personal devices and tools like Dropbox, without the supervision of IT teams, can increase an organization’s attack surface -- without execs or the C-suite ever knowing. Examples of shadow AI include customer service teams deploying chatbots without informing the IT department, unauthorized data analysis, and unsanctioned workflow automation tools (for tasks like document processing or email filtering).

Continue reading →

Half of security professionals say it's almost impossible to find the right balance between security and employee productivity, and 79 percent don't think their security protections are adequate.

A new study from 1Password, based on a survey of 1,500 North American workers, including 500 IT security professionals, finds 69 percent of security pros admit they're at least partly reactive when it comes to security. While 61 percent believe they're being pulled in too many conflicting directions.

Continue reading →

The risks from shadow and unauthorized apps have been known for years, but new research from Armis finds employees of 67 percent of UK organizations are introducing risk to the business by downloading applications and software onto assets without the knowledge or management of IT or security teams.

In addition the study, carried out by Vanson Bourne, finds 39 percent of enterprises admit to feeling challenged by increasingly complicated regulations and governance requirements.

Continue reading →

Application Programming Interfaces (APIs), which act as the glue connecting systems and applications together, are now the number one attack target for cyber criminals. Attack methods have changed over recent years, however, prompting the OWASP API Security Project to revise its API Security Top 10 of attack types for 2023.

But do the tactics, techniques and procedures (TTPs) it covers still serve as a blueprint for defense? We spoke to Jason Kent, hacker in residence at Cequence Security, to find out if the top 10 is liable to see defenders take too narrow an approach.

Continue reading →

The past few years have seen some major changes in the IT world. Accelerated by the pandemic we've seen a significant shift to the cloud and hybrid working models.

But this brings with it additional risks. We spoke to Matt Spitz, head of engineering at Vanta, to discuss the security challenges posed and how enterprises can adapt to cope with them.

Continue reading →

Shadow IT has long posed ongoing security threats for IT teams and network administrators, such as the good old days when employees brought in unapproved external software on USB sticks. Back then, IT teams would use policies to lock down endpoints across a dedicated network perimeter.

Today, the problem of shadow IT is more fluid, with employees directly accessing software-as-a-service (SaaS) applications to do their jobs without first getting approval from the IT department. With more SaaS applications being delivered via the browser to a remote workforce, IT teams now struggle to get clear visibility into their levels of risk.

Continue reading →

Analysis of around a trillion API transactions spanning a range industries over the second half of 2022 by Cequence Security seeks to highlight the latest API threat trends plaguing organizations.

In the second half of 2022, approximately 45 billion search attempts were made for shadow APIs, marking a 900 percent increase from the five billion attempts made in the first half of the year.

Continue reading →

Shadow data is named as the number one concern around protecting cloud data by 68 percent of data security professionals.

A new study from Laminar reveals that the number of respondents expressing concern over shadow data has increased to 93 percent compared to 82 percent the year before.

Continue reading →