KnowBe4 released a new report showing that half of shadow IT company employees use unauthorized file services to complete their work.
The security awareness training and phishing simulation platform adds that this is a serious risk for companies in the sector.
KnowBe4 says the research report examines the prevalence of two common insecure practices using survey responses from more than 435,000 participants across regions and industries around the world.
The first analysis covers the use of unauthorized cloud services to store information and communicate in the workplace. The second analysis examines the prevalence of downloading content through unauthorized file-sharing networks using work computers.
The company says an important issue to note is that regions in Asia and Oceania have relatively high rates of both of these practices.
In contrast, Africa consistently performs best in these areas.
Additionally, financial and technology industries are comparatively better than many other industries, while construction, manufacturing, education, and government organizations are the worst performers.
“The results of this research are very concerning as employees exhibit insecure behaviors that put their organization at risk,” said Kai Roer, research director at KnowBe4.
“The concept of shadow IT has a direct impact on the level of security culture displayed in an organization.
“To combat shadow IT, organizations must focus on strengthening their security culture and increasing the level of security awareness among employees.
“It’s especially important that employees understand and take responsibility for how their insecure behaviors can ultimately affect the organization’s reputation and bottom line.”
Founded by IT and data security specialist Stu Sjouwerman, KnowBe4’s services are used by more than 47,000 organizations worldwide.
The company says it helps these organizations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics.
This report comes after the company recently released research that found that 59% of office workers in APAC do not believe using their work email for personal purposes poses a security risk to their workplace. employer.
Additionally, less than four in ten (39%) say they consistently report suspicious emails and text messages to the IT team responsible for cybersecurity.
Additionally, 51% say they interact with suspicious emails and text messages.
Nearly half of APAC office workers (46%) say they are unsure about identifying legitimate and scam emails, and 48% feel the same about identifying text messages.
However, in testing, that number dropped even further, with only 3% able to correctly identify all genuine and fraudulent emails and text messages.
“The first obvious problem with this is that if APAC office workers are not able to identify fraudulent emails and SMS, they are at significant risk of becoming victims of phishing or smish, risking both their safety and that of their employer,” said safety awareness advocate KnowBe4. APAC Jacqueline Jayne says.
“Smishing” refers to malicious text messages, “phishing” to malicious emails, and “vishing” describes malicious phone calls (live or recorded).