The prevalence of shadow IT and AI usage among cybersecurity professionals has become a significant issue, highlighting the need for more proactive approaches in managing unauthorized applications. Based on a poll by Next DLP conducted at industry events in the UK and US, a striking 73% of cybersecurity professionals admitted to using unsanctioned applications over the past year. This revelation underscores a critical vulnerability that many organizations face. Despite a majority recognizing significant risks like data loss (65%), lack of visibility and control (62%), and potential data breaches (52%), only 37% have developed concrete usage policies to mitigate these hazards. Furthermore, a concerning 10% reported that unauthorized tool usage had already led to data breaches, underlining the urgency for more stringent oversight and control mechanisms.
Bridging the Preparedness Gap
Generative AI, while innovative, has presented new challenges, prompting some organizations to restrict or ban its use. Still, 46% of surveyed professionals say their organizations have put specific controls in place for generative AI, addressing some concerns. Despite these efforts, there’s a noticeable gap between employee confidence in using these tools and their organizations’ readiness to manage related risks effectively. This gap indicates that awareness and training efforts are not keeping up with the rapid adoption of new technologies in the workplace.
To mitigate potential threats, security teams should thoroughly assess the extent of shadow SaaS and AI usage within their organizations. Identifying commonly used unsanctioned tools and offering approved, secure alternatives can significantly reduce reliance on shadow IT. The growing issue of shadow IT has led the UK’s National Cyber Security Centre (NCSC) to issue specific guidelines in 2023, emphasizing the need for robust policies and ongoing monitoring.
Additionally, data showed that 11% of organizations experiencing incidents between 2021 and 2023 attributed these breaches to shadow IT. This statistic should alert IT teams to bridge the gap between employees’ ease of using these tools and the organization’s defense capabilities. Developing clearer policies and consistent training programs are crucial steps in mitigating the risks associated with shadow IT. The overarching aim is for organizations to enhance their cybersecurity practices, aligning employee behavior with the organization’s defensive capabilities, effectively closing a critical security gap.