All news with #shadow it tag

Senate Finds Widespread Use of Non-Approved Messaging Apps

📱 The Senate Committee on Armed Services concluded that unsecured use of non‑approved messaging apps is a wider problem in the Department of Defense. It found that Secretary Pete Hegseth violated policy by sharing operational details on Signal from a personal device two hours before a strike and inadvertently added a journalist to the group. The reports cite broader “shadow communications,” limited audit evidence, and recommend approved alternatives, training, and tighter authority controls.

Shadow IT and Shadow AI: Risks Across Every Industry

🔍 Shadow IT — any software, hardware, or resource introduced without formal IT, procurement, or compliance approval — is now pervasive and evolving into Shadow AI, where unsanctioned generative AI tools expand the attack surface. The article outlines how these practices drive operational, security, and regulatory risk, citing IBM’s 2025 breach-cost data and industry examples in healthcare, finance, airlines, insurance, and utilities. It recommends shifting from elimination to smarter control by improving continuous visibility through real‑time network analysis and vendor integrations that turn hidden activity into actionable intelligence.

Cyber-risk in the Shadows: Shadow IT, AI Use and Risks

🛡️ In a short video for Cybersecurity Awareness Month, ESET Chief Security Evangelist Tony Anscombe explains how unsanctioned hardware and software — commonly called shadow IT — is creating security gaps in the remote and hybrid work era. He warns that growing employee use of generative AI further increases risk by exposing sensitive corporate data outside IT control. The video outlines practical steps IT teams can take to discover, govern and mitigate these hidden risks and points to related guidance on authentication, patching and ransomware resilience.

Rethinking AI Data Security: A Practical Buyer's Guide

🛡️ Generative AI is now central to enterprise work, but rapid adoption has exposed gaps in legacy security models that were not designed for last‑mile behaviors. The piece argues buyers must reframe evaluations around real-world AI use — inside browsers and across sanctioned and shadow tools — and prioritize solutions offering real-time monitoring, contextual enforcement, and low‑friction deployment. It warns against blunt blocking and promotes nuanced controls such as redaction, just‑in‑time warnings, and conditional approvals to protect data while preserving productivity.