A recent report reveals that approximately 89 percent of Indian companies experienced cyber incidents in the past two years, with 20 percent of these incidents attributed to the utilization of shadow IT.
According to a study conducted by cybersecurity firm Kaspersky, the increasing adoption of a distributed workforce puts companies at a heightened risk of becoming targets for cyber incidents, particularly due to the prevalence of shadow IT used by their employees.
Over the past two years, 11 percent of global companies experienced cyber incidents attributable to employees utilizing shadow IT. Shadow IT comprises elements of a company’s IT infrastructure, such as applications, devices, public cloud services, etc., that operate outside the oversight of the IT and Information Security departments and are not aligned with information security policies.
“Employees who use applications, devices or cloud services that are not approved by the IT department, believe that if those IT products come from trusted providers, they should be protected and safe,” said Alexey Vovk, Head of Information Security at Kaspersky.
However, in the ‘terms and conditions’, third-party providers use the so- called ‘shared responsibility model’.
“It states that, by choosing ‘I agree’ users confirm that they will perform regular updates of this software and that they take responsibility for incidents related to the use of this software (including corporate data leakages),” Vovk said.
