With teleworking, employees have had to use their own devices that were not supervised by the company and in the absence of surveillance, they have been able to enter uncontrolled third-party applications. It should be noted that only 7% of free Saas applications on the internet meet minimum security standards, so the people who use them expose the organization without knowing it.
Banks and insurance companies are the organizations most at risk with shadow IT since they cannot send sensitive information through platforms such as WeTransfer. It is one of the most used applications for transferring files, but what many people overlook is that everything that is sent is published in the cloud. The information is fully accessible in the event of cyberattacks and users also face possible sanctions.
This circumstance can cause companies and in particular the CISO, which is the information security supervisor, a puzzle to find the origin of the information leak. Other consequences of Shadow IT are slow processes due to non-consensual tools. In addition to the increased risk in devices that do not share the company’s hardware to be cyber-attacked. According to studies, approximately 50% of IT budgets are used to solve problems that Shadow IT generates in companies.