Nearly three-quarters (73%) of cybersecurity professionals have used unsanctioned apps together with AI prior to now 12 months, based on a brand new ballot from Subsequent DLP.
The safety vendor interviewed 250 safety professionals on the current Infosecurity Europe and RSA Convention trade occasions, within the UK and US respectively.
Its findings revealed {that a} majority of trade professionals don’t follow what they preach in relation to shadow IT.
Most acknowledged information loss (65%), lack of visibility and management (62%) and information breaches (52%) as the highest dangers of utilizing unauthorized instruments. An additional one in 10 admitted that use of shadow SaaS and AI instruments led to a knowledge breach, based on the research.
AI use has been singled out by many IT safety groups as a possible safety threat, with half of respondents claiming it has been restricted to particular roles within the group, and almost a fifth (16%) have banned it fully. An additional 46% mentioned they’ve rolled out instruments and insurance policies to regulate worker use of generative AI.
But normally, Subsequent DLP discovered that IT groups aren’t being proactive sufficient about managing worker use of probably dangerous apps. Particularly:
- Solely 37% of safety professionals mentioned that they had developed insurance policies for utilizing these instruments
- Simply half acquired steering and up to date insurance policies on Shadow SaaS and AI prior to now six months
- A fifth claimed they’d by no means acquired insurance policies/steering on shadow SaaS and AI
- A fifth of respondents had been unaware of company insurance policies or coaching to mitigate shadow IT threat
Time for a Shadow IT Plan
“Clearly, there’s a disparity between worker confidence in utilizing these unauthorized instruments and the group’s potential to defend towards the dangers,” argued Subsequent DLP CSO, Chris Denbigh-White.
“Safety groups ought to consider the extent of shadow SaaS and AI utilization, establish regularly used instruments, and supply authorized alternate options. This can restrict potential dangers and guarantee confidence is deserved, not misplaced.”
The problem of shadow IT has grown to the purpose the place the UK’s Nationwide Cyber Safety Centre (NCSC) released guidance in 2023 on the right way to handle it.
Some 11% of organizations experiencing cybersecurity incidents between 2021 and 2023 linked their expertise to make use of of shadow IT, according to Kaspersky.
