1. Home
  2. All Categories
Brett N.
BN
Community Manager
Expand/Collapse Social Share Options

What do you think is the most overlooked risk in Cybersecurity?

With cyber threats seeming to grow more sophisticated every day, we hear a lot about the big, obvious risks: ransomware attacks, phishing, data breaches, etc. But with all of the attention given to these high-profile threats, are there any lesser-known risks that are flying under the radar?

I’m curious to hear the thoughts of all of our cybersecurity folks: what might be the most overlooked security risks in today's IT environment. These could be things that are misunderstood or simply not getting enough attention from organizations.

Looking forward to the discussion!

1 comment
Looks like you’re not logged in.
Users need to be logged in to answer questions
Log In
Bashir C.
BC
CISM | CRISC | CEH Cyber Security Professional
0

Hi Brett,

Another great topic.

I would say ‘Shadow IT’ where IT functions are carried out by individuals or departments without the approval of IT’s approval or recommendation.  In many cases, those users will derive immediate benefits in terms of convenience, increased productivity, and simplifying processes or working practices, but to the detriment of secure practices, which can easily lead to compromises and increased risks.

Those using ‘Shadow IT’ do it secretly, and the approach is usually, ‘I don’t need to bother IT, as they will create restrictions and make life more complicated.’ They are not usually concerned with the detrimental effects of their actions.

To counteract this, robust IT policies/standards (principle of least privilege, segregation of duty etc.) allied with greater Asset awareness and hands-on, clear Administration practices need to be implemented.

deleteedit
Looks like you’re not logged in.
Users need to be logged in to write comments
Log In
Reply
Brett N.
BN
Brett N.
Community Manager
Expand/Collapse Options
Report a Concern

I figured you would have thoughts on this one!

Wow, I did not know that this was called Shadow IT. Most place that I've worked really don't allow employees to download much of anything without permission, so I assumed that this was pretty much the norm everywhere. Apparently, it's not?

deleteedit
Bashir C.
BC
Bashir C.
CISM | CRISC | CEH Cyber Security Professional
Expand/Collapse Options
Report a Concern

Hi Brett,

If someone can find a way to make a job process easier they would do it. It's probably human nature - who wants complexity when simplicity will suffice? At the same time, if security controls are weak and flexible and there is little or no accountability/capability, people will take advantage and be encouraged to follow these behaviours. The expression 'give someone an inch, and they will take a mile' comes to mind.

I have observed 'Shadow IT' in a number of previous places where I have worked. If someone in HR or Production can use personal email accounts or personal cloud storage, they will have little consideration for security, unless it affects them directly. Another example is the bypassing of whitelisted software on company firewalls by using applications that are not approved by IT. In spite of fortified endpoint protection software, downloading noncompliant software is a major issue at many organisations.

deleteedit

Related Resources

G2 Icons: Community Forum
Most Popular Discussions
Welcome and introductions
Ethical use of ai, what's your opinion?
Icon member perk: give back to your favorite charity with g2 gives
December contribution challenge
Best use of ai (next 5 years and 10 years)