Instant messaging social networks are usually one of the most used in companies to keep work processes as efficient as possible; however, these tools can also become attack spaces that even have the possibility of affecting the entire company.
According to data from the study Infodemia and the impacts of digital life , prepared by the cybersecurity firm Kasperky and the consultancy CORPA, in Mexico two out of 10 people said they had downloaded a messaging application or program on their work teams.
Although it may seem exaggerated, this action represented a way of putting the company’s security at risk, since 44% agreed not to request prior authorization from their IT department, while 52% said they had not read the permissions of the applications or software to your installation.
This phenomenon is also known as Shadow IT and opens the door for other types of threats or attacks of greater relevance to an organization to enter, such as phishing or ransomware, through which information is lost and operations are hindered.
Rafael Escalante, a remote management and security specialist at Intel, mentions that through these vectors, hidden agents can even be integrated into a company’s equipment to do cryptojacking, which is to take advantage of computing power to carry out malicious cryptocurrency mining.
“External threats are advancing in complexity and precision,” says Brad Haczynski, vice president and general manager of global edge sales at Intel, noting that while digital transformation has advanced globally, so have ways to attack the organizations.
Shadow IT is important for cybersecurity experts, as the personal data of workers has become very popular for cybercriminals. An example of this is that last year, 41% of Latin American companies could not protect their employees’ information and faced incidents in this regard.
And it is that these software not only represent risks for the company’s computers, but also for the network environment in general, because it is not managed by the technology area and they are not usually updated satisfactorily or the downloaded version has flaws.
Teresa Patyhon, cybersecurity expert and the first female CIO of the White House, recommends that companies know the dynamics of employees with their teams, that is, know where they are, how they connect to the Internet and try to understand how they behave when they sail.
Jorge Rodríguez, specialist for client projects in government and education at Intel in Mexico and Latam, shares that companies, regardless of their size, should always look for corporate communication platforms, as they are developed and configured in a way that protects the user in case of the interference of some malicious actor.
Intel specialists also mention that companies must have protection resources inside the equipment, beyond antivirus, so that if an employee has already downloaded an application, it blocks threats if they were sent through this communication channel. communication.
Paython also adds that companies must maintain a constant evangelization approach within the company culture, in order to periodically remind themselves of cybersecurity rules and thus not expose their information to any type of malicious technological resource.
