How and when does Shadow IT expand your attack surface?

How to prevent an enumeration attack computer screen

RiskXchange uses a monitoring technique that scans for shadow IT on your company network.

In today’s digital age, IT departments and external cybersecurity firms are crucial to the operation of any medium to large business. Not only do they spend a lot of time aiding and distributing security information amongst staff, but they also manage and maintain internal security processes. However, a relatively unknown threat dubbed “shadow IT” is now causing widespread damage to networks around the world. “Shadow IT” refers to IT applications, external technologies, cloud software and devices (smartphones, tablets, laptops, etc.) that are connected to an organisation’s network without the IT department’s knowledge. These non-approved entities are often devoid of IT vendor onboarding processes, which means they will not meet company security standards and could leave entire businesses open to attack. With an ever-increasing number of hackers taking advantage of “shadow IT” connected to networks, the need to bolster security has never been so important. Let’s take a closer look at what you need to look out for when ensuring your network is secure and your attack surface is protected at all times.

Tips on how to improve the vendor onboarding process

According to Forbes, more than 1 in 5 organisations have experienced a cyber event due to “shadow IT”. Executives say they are having a hard time keeping up with the explosion of unsanctioned devices, applications and software. Most organisations run more than 100 different applications, some as many as 1,000. Improving and streamlining your vendor onboarding process will not only strengthen security but empower your business at the same time. Let’s take a look at examples of “shadow IT” that could be connected to your network:
1. Physical devices 
Physical devices that are not monitored by IT departments but are still connected to company networks:

  • Smartphones and tablets.
  • Laptops and devices connected to home networks.
  • Flash drives.

2. Messaging apps
Messaging apps like WhatsApp, Snapchat, Slack, Signal, Skype or Facebook Messenger are all part of “shadow IT”.

3. Cloud storage

Cloud storage like AWS, Dropbox and Google Drive can also be a part of the problem.

4. Workplace efficiency apps 

Workplace efficiency apps like Trello, Wrike, Airtable,, etc. are also part of “shadow IT”.

Take note of the threats

Major data breaches, like the infamous SolarWinds breach, are affecting companies all around the world because IT departments aren’t familiar with the applications, devices or software downloaded by employees onto “shadow IT,” which then goes on to damage entire company networks. As employees are now working from home more and more, “shadow IT” is becoming an ever-increasing threat. Switching to a remote office environment means employees are using their internet connection to attach themselves to a company’s network. This not only expands the organisation’s attack surface, but increases the chances of becoming a victim of cybercrime.

Educate employees on the importance of protecting “Shadow IT”

By using “shadow IT,” workers are not deliberately giving access to bad actors to target your network, but they manage to infiltrate it all the same. Team leaders are often not familiar with what needs to be declared and protected, or even with what could be a threat – even small integrations need to be run through IT departments. In other cases, employees could very well be conscious of the cybersecurity decisions they’re making on the company network, but don’t know that using a personal device or remote internet connection could affect the entire company. Educating staff on what “shadow IT” is, and the damage it can cause, not only informs your entire workforce about the danger of their decisions but will help bolster security at the same time.

How to locate “shadow IT” on your network

Using a continuous monitoring technique that scans for “shadow IT” on your company network will help pinpoint potential culprits and counter the threat. Internal IT departments often lack the knowledge and expertise to pinpoint “shadow IT’ technologies, therefore bringing on a cybersecurity firm, like RiskXchange, to help makes perfect sense in the current climate.

How RiskXchange can help

RiskXchange is one of the firms leading the fight against cybercrime, coming up with novel solutions to everyday problems experienced at the hands of hackers. We are a respected provider of cybersecurity ratings and can fully assess potential threats to ensure your business is protected inside and out. With full visibility over your ecosystem’s entire attack surface in near real-time, you can regularly monitor and mitigate risks to prevent unnecessary exposures. Our passive data collection methods are effective and have no impact on your network performance. Using data-driven insights to prevent breaches is the best way to reduce an attack surface and prevent cyberattacks. 

About RiskXchange

RiskXchange provides a powerful AI-assisted, yet simple, automated and centralised 360-degree cybersecurity risk rating management approach. We generate objective and quantitative reporting on a company’s cyber security risk and performance, which enables organisations with evolving business requirements to conduct business securely in today’s open and collaborative digital world.  RiskXchange is an information security technology company, which helps companies of all sizes fight the threat of cyber threats by providing instant risk ratings for any company across the globe. RiskXchange was founded and is led by recognised experts within the security industry, who have held leading roles within companies such as IBM Security.