CISOs 'don't understand the risks of shadow IT'

Research by Symantec has revealed that CISOs are still not aware of how big their business cloud is, despite the fact a large number of employees are using unsanctioned apps in the workplace.

The security firm revealed that although CISOs estimate one in five workers are using applications that haven't had the go-ahead from the IT department, Symantec's 2017 Internet Security Threat Report revealed employees are actually using up to 1000 applications in their workplace, less than 1% of which have been sanctioned.

This is making it impossible for CISOs to keep track of usage, meaning employees are putting the company's security at risk, often sharing confidential files and folders with applications that don't have the stringent security controls required by the organisation.

Symantec explained that this will cause major problems in the future as stricter controls come into force by regulators, including the EU with GDPR. However, 95% of CISOs said ensuring cloud apps comply with regulations is the most stressful aspect of their job.

“Upcoming regulation such as GDPR is heightening the need for data security, putting more pressure on CISOs and CIOs to control the data flow in their organisation, whether on premise or via cloud applications,” Darren Thomson, vice president and chief technology officer, Symantec said.

“Unless CIOs and CISOs get a tighter grip on all the cloud applications used by their employees, they will be exposing themselves to an increased level of threats and risk being uncompliant with regulations," added Thomson. "Educating employees also plays an important role in raising awareness of the security risks associated with using unsanctioned apps.”