Shadow IT has long been a significant risk to organisations as Shadow IT can leads to security and compliance issues and used to facilitate data breaches.
Traditionally efforts have been placed to block and audit hardware and software that has not been sanctioned by the IT department. The advent of cloud-based services and applications have exponentially increased the risk of shadow IT within the organisation. It is now possible to sign up for a service within minutes and start using these services. The fundamental issue is that the average worker does not understand the risk – they are simply trying to perform their duties as effectively as possible.
Workers are using open AI platforms to assist with reviewing and proofreading reports, assisting with calculations and debugging or even writing code. These platforms have opened another avenue for the exfiltration of company secrets such as company intellectual property, credentials and Personal identifiable information.
The issue is compounded by the myriad of third-party API’s that are integrating into the services meaning that it is not only the AI platform itself that has a copy of the data but also the third parties. The reality is that data provided to these platforms is stored for future use and terms and conditions clearly warn against posting confidential data – when was the last time anyone actually read the T’s and C’s?
Adopting AI to assist workers in performing job functions needs to happen in all organisations. Data loss prevention tool will become more focused to deal with these issues however as we have all realised dealing with the scourge of Phishing attacks user education is a critical component as technical controls do not address all the risk. It is time for security awareness training to include education on the dangers and correct usage of AI tools to perform job functions and reduce the risk of data being leaked.
