Shadow IT directly leads to cyber-attacks

Shadow IT has always been considered a huge risk to an enterprise's cyber-security efforts, but now we have a survey which supports the claim and shows the scope of the problem.

The report, recently released by Tenable Network Security, says that both German and UK-based companies acknowledged shadow IT as a problem, but Germany reported more cyber-attacks.

That being said, 88 per cent of IT decision makers in UK and German companies believe shadow IT makes them more vulnerable, with 65 per cent of German respondents saying the use of shadow IT directly lead to a cyber-attack in the past 12 months.

In the UK, the number is at 45 per cent.

“The presence of unknown or undiscovered assets makes it difficult for security teams to identify and manage the available attack surface,” said Gavin Millard, EMEA technical director, Tenable Network Security. “If organizations want to stay ahead of the curve they need security solutions that provide the continuous visibility required to stop shadow IT from becoming an attack vector.”

Engineering, design, research and development, and finance, have been identified as the ‘most egregious offenders’. Despite the grim numbers, businesses in both countries expect the use of shadow IT to grow in the next year.

“The fact that many respondents are feeling the pain of shadow IT isn’t a surprise to the industry, but the numbers were much higher than we expected,” said Millard. “The foundation of security is having insight into what’s in use on the network and it's important that security and operations embrace the needs of the business or they will continue to remain vulnerable to cyber threats.”

Photo credit: Tashatuvango/Shutterstock