Shadow IT is still a major security risk for organizations, despite apparent improvements in employees’ security awareness, according to new research.
Palo Alto Networks claimed that 61% of the 760+ business managers it spoke to in European firms with over 1000 employees said they’d check first with IT before bringing a new device onto the network.
However, that still leaves a significant 39% who would not, creating potential security issues for IT managers.
Of this group, one in eight apparently claimed they would tell no one in the organization about it.
Unsurprisingly, contractors emerged as the biggest risk, with 16% of respondents claiming they’d seen someone in this role bypass corporate security policies.
This is especially troubling given the potential explosion in BYOD driven by the Internet of Things (IoT) revolution.
Even as far back as 2014, a Trend Micro report claimed 69% of UK IT leaders had seen wearables in the workplace and 91% said they expect numbers to increase the following year.
Such devices can introduce potential malware to corporate networks, or else create data loss risks if they automatically sync once connected.
“Modern state-of-the-art security must be able to prevent any device communication becoming the point of a breach and minimize risk for an organization,” argued Palo Alto Networks EMEA CSO, Greg Day.
The research partially chimes with a report from Tenable Network Security out last week which revealed that 55% of UK and 57% of German IT decision makers had seen shadow IT introduced into their organizations.
Two-thirds (65%) of German respondents and 45% of UK IT leaders claimed that this had directly led to a cyber-attack in the past 12 months.
“The presence of unknown or undiscovered assets makes it difficult for security teams to identify and manage the available attack surface,” said Gavin Millard, Tenable’s EMEA technical director.
“If organizations want to stay ahead of the curve they need security solutions that provide the continuous visibility required to stop shadow IT from becoming an attack vector.”