Threats

Top Risks Posed By Shadow IT In 2023

What are the top risks posed by shadow IT in 2023?

To maintain a high degree of IT security assurance, IT departments require full transparency into what IT systems are in use.  "You can't protect what you can't see" is the common adage to describe this situation. 

A complete inventory of all devices and software applications allows IT security teams to conduct accurate attack surface mapping and develop policies such as accept-listing (AKA "whitelisting"), deny-listing (AKA "backlisting"), strict access controls, and regular cybersecurity activities to mitigate the likelihood of successful cyberattacks.

With all this being said, shadow IT has become a growing concern for IT leaders because a lack of transparency essentially equates to a lack of security. Shadow IT refers to technology such as devices, applications, or accounts that are used within an organization but are not known to the IT department.  In this article, we will examine the risks posed by Shadow IT, define the various forms of technology that could be defined as problematic as Shadow IT, and finally, we will outline how to mitigate the use of Shadow IT by keeping a tight grip on asset inventory and maintaining full transparency into what systems, services, and applications comprise an organization's IT infrastructure.

What is Shadow IT?

Shadow IT refers to the use of IT technology such as devices, applications, or other tools that fall outside the scope of knowledge of the IT department. 

The IT department themselves may even use shadow IT; it is generally leveraged by staff to fill the gap (perceived or real) in an organization's whitelisted technologies and presents a severe risk because when the IT security team doesn't have full knowledge of what systems and services exist within the organization's IT infrastructure, they cannot accurately assess or mitigate the cyber risks.

Examples of shadow IT include:

  • Unauthorized software installations

  • Use of unauthorized cloud software applications

  • Personal devices used for work purposes (BYOD)

  • Adoption of unapproved collaboration/productivity tools such as messaging apps

  • Independent procurement of IT solutions

  • Development of unsanctioned applications or scripts to improve productivity

  • Use of unsanctioned cloud file-sharing services or other off-network data storage solutions

  • Unmanaged IoT device integration

  • Shadow data analytics and reporting tools

Why Does Shadow IT Pose Risks?

Shadow IT poses risks ranging from data loss and privacy breaches to introducing critical security vulnerabilities that an IT team cannot mitigate. When employees use cloud storage solutions not approved by their IT department, proprietary company data is exposed to third parties and is subject to their privacy policies and license agreements,  compromising sensitive information.

Using unsanctioned applications within an organization may also introduce vulnerabilities that malicious actors could exploit to gain unauthorized access to the corporate network. These unauthorized applications may not receive regular security updates or follow the same rigorous security protocols as approved software, making them open doors for hackers to walk through.

In addition, developers relying on AI tools like Large Language Models (LLMs) for software code generation should exercise caution. While these AI tools can expedite the development process, they can also introduce vulnerabilities in the software if not properly scrutinized. Attackers can exploit these weaknesses to compromise software integrity, emphasizing the importance of proper policies and operating procedures for using AI technology.

Here are some statistics about shadow IT in the corporate workplace from recent studies:

  • Introduction of New Technology: 67% of survey participants revealed that they, or their team members, have actively introduced new technology solutions into their workplace environment

  • Hidden Technology Spend: 50% of an organization's technology budget goes towards software procurement without the IT department's awareness

  • Security Concerns: 79% of IT security managers identified increased risks to the company's data and information security when employees independently introduce or utilize new technologies without IT approval

  • Policy Pushback: 82% of respondents have encountered situations where end users or teams push back against or circumvent policies imposed by the IT department that dictate which software tools are allowed to be used. This resistance further exemplifies the complexity of managing technology adoption and compliance within organizations

How to Protect Against the Top Shadow IT Risks in 2023

  • Use Enterprise Endpoint Management Solutions: Endpoint management solutions like Mobile Device Management (MDM) and Unified Endpoint Management (UEM) can help prevent users from installing unsanctioned software. These solutions allow IT administrators to enforce policies and restrictions on endpoints, including preventing the installation of unauthorized software. Some specific examples of endpoint management solutions include Microsoft Intune, VMware Workspace ONE, Jamf Pro, IBM MaaS360, Cisco Meraki Systems Manager, and Ivanti Endpoint Manager

  • Use User Education To Promote Strong Security: Educating users about the risks associated with Shadow IT and the importance of adhering to organizational IT policies can significantly reduce its occurrence. By raising awareness, employees are less likely to engage in unsanctioned software and services

  • Use Network Security Best Practices:

    • Use Static IPs Instead of DHCP: Assigning static IP addresses to devices can provide better control over network access. By knowing the IP addresses of authorized devices, IT teams can easily detect and block devices that employees may try to connect to the network without authorization, such as IoT devices

    • Use MAC Filtering For Wireless Networks: MAC filtering allows organizations to control which devices can connect to their wireless networks based on their MAC address. By configuring MAC filtering, IT administrators can restrict network access to approved devices, making it more difficult for Shadow IT to connect

  • Create A Security Focused Mobile Device Policy:

    • Use Enterprise Wi-Fi Authentication Protocols: Implementing Enterprise Wi-Fi authentication protocols, such as 802.1X, that rely on certificate-based authentication can enhance network security. These protocols verify that only devices with valid certificates are allowed to connect to the Wi-Fi network, reducing the risk of unauthorized devices introducing shadow IT

    • Issue COBO Devices: Company-Owned, Business-Only (COBO) device policies enable organizations to issue and control mobile devices used for work purposes. By providing COBO devices to employees, organizations can prevent potential data loss by limiting the use of business apps on devices also used for personal functions

    • Enforce App Whitelisting When COPE devices are used: Corporate-Owned, Personally Enabled (COPE) device policies allow employees flexibility in using their work devices for personal purposes. However, IT administrators can still restrict the installation of apps to only sanctioned ones

  • Use Remote Attestation for All Endpoints: Remote attestation technology helps verify the integrity and security of endpoints. By implementing remote attestation for all devices within the organization, IT teams can ensure that only trusted and secure devices can access the network, reducing the risk of shadow IT infiltration

Conclusion

Lack of visibility into an organization's IT landscape equates to a lack of security and understanding of the risks posed by shadow IT. Adopting proactive measures to prevent infiltration can significantly enhance an organization's cybersecurity posture and protect critical data and systems from the lurking threat of unseen vulnerabilities. 

Statistics from a recent survey reveal many places for improvement when it comes to both creating and enforcing policies to limit the infiltration of shadow IT and educating staff about its risks, as well as using technical security controls such as network security best practices, endpoint management and remote attestation solutions, and mobile device management policies to prevent the bulk of the top risks posed by shadow IT in 2023.

Looking for more information on how to safeguard your organization's networks in 2023 and beyond? Download our Buyer's Guide today or reach out to our team for your free, zero-obligation quote.

Featured Posts

See All

October 24 - Blog

Packetlabs at SecTor 2024

Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.

September 27 - Blog

What is InfoStealer Malware and How Does It Work?

InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.

September 26 - Blog

Blackwood APT Uses AiTM Attacks to Target Software Updates

Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.