Skip to content

Shadow IT and AI Platforms

Shadow IT has long been a significant risk to organisations as Shadow IT can leads to security and compliance issues and used to facilitate data breaches.

Traditionally efforts have been placed to block and audit hardware and software that has not been sanctioned by the IT department. The advent of cloud-based services and applications have exponentially increased the risk of shadow IT within the organisation. It is now possible to sign up for a service within minutes and start using these services. The fundamental issue is that the average worker does not understand the risk – they are simply trying to perform their duties as effectively as possible.

Workers are using open AI platforms to assist with reviewing and proofreading reports, assisting with calculations and debugging or even writing code.  These platforms have opened another avenue for the exfiltration of company secrets such as company intellectual property, credentials and Personal identifiable information.

The issue is compounded by the myriad of third-party API’s that are integrating into the services meaning that it is not only the AI platform itself that has a copy of the data but also the third parties. The reality is that data provided to these platforms is stored for future use and terms and conditions clearly warn against posting confidential data – when was the last time anyone actually read the T’s and C’s?

Adopting AI to assist workers in performing job functions needs to happen in all organisations. Data loss prevention tool will become more focused to deal with these issues however as we have all realised dealing with the scourge of Phishing attacks user education is a critical component as technical controls do not address all the risk. It is time for security awareness training to include education on the dangers and correct usage of AI tools to perform job functions and reduce the risk of data being leaked.


Related Posts

Hackers don’t go on leave – even if the rest of the world does

While you’re decking the halls with holly and reveling in the long-awaited holidays, other folks are hard at work through their ‘busy time’. It’s not just the hospitality industry expecting a bumper Christmas either – hackers, scammers, and other online miscreants see December and January as one of the most potentially lucrative periods of the year.
The global cost of a data breach last year was USD $4.45 million. This is an increase of 15% over three years. As we step into 2024, it’s crucial to be aware of emerging technology threats.
In the pulsating digital landscape, every click and keystroke echoes through cyberspace. The battle for data security rages on.