New Delhi : A recent study found that in the last two years, cyber incidents affected 89% of Indian companies, with 20% of those incidents being related to the use of shadow IT.
According to a study by cyber-security company Kaspersky, businesses are more vulnerable to cyber incidents as a result of employees using shadow IT in the context of the expanding trend of a distributed workforce.
Employee use of shadow IT has resulted in cyber incidents for 11% of businesses globally over the past two years.
Shadow IT is the part of the company’s IT infrastructure that is outside the purview of the IT and Information Security departments, i.e. applications, devices, public cloud services etc. but that is not being used in accordance with information security policies.
“Employees who use applications, devices or cloud services that are not approved by the IT department, believe that if those IT products come from trusted providers, they should be protected and safe,” said Alexey Vovk, Head of Information Security at Kaspersky.
However, in the ‘terms and conditions’, third-party providers use the so-called ‘shared responsibility model’.
“It states that, by choosing ‘I agree’ users confirm that they will perform regular updates of this software and that they take responsibility for incidents related to the use of this software (including corporate data leakages),” Vovk stated.
In the end, though, businesses require tools to manage employee use of the shadow IT.
Implementing and using shadow IT can have detrimental effects on companies. Numerous examples were discovered in the Kaspersky study, which showed that the IT sector had been most severely affected, accounting for 16% of cyber incidents in 2022 and 2023 as a result of unauthorized use of shadow IT.
Other sectors hit by the problem were critical infrastructure and transport and logistics organisations, which saw 13 per cent attacks, said the report.
Read More
BPSC teacher recruitment: Bihar cyber cafe issues fake appointment letter, sealed