Abstract
The growing number of employee-introduced IT solutions creates new attack vectors and challenges for cybersecurity management and IT administrators. These unauthorised hardware, software, or services are called shadow IT. In higher education, the diversity of the shadow IT landscape is even more prominent due to the flexible needs of researchers, educators, and students. We studied shadow IT and related cyber threats in higher education via interviews with 11 IT and security experts. Our results provide a comprehensive overview of observed shadow IT types and related cyber threats. The findings revealed prevalent cloud and self-acquired software use as common shadow IT, with cybersecurity risks resulting from outdated software and visibility gaps. Our findings led to advice for practitioners: manage shadow IT responsibly with cybersecurity best practices, consider stakeholder needs, support educators and researchers, and offer usable IT solutions.
Original language | English |
---|---|
Title of host publication | CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security |
Publisher | Association for Computing Machinery |
Pages | 3633-3635 |
Number of pages | 3 |
ISBN (Print) | 979-8-4007-0050-7 |
DOIs | |
Publication status | Published - 21 Nov 2023 |
Event | 30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023 - Copenhagen, Denmark Duration: 26 Nov 2023 → 30 Nov 2023 |
Conference
Conference | 30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023 |
---|---|
Country/Territory | Denmark |
City | Copenhagen |
Period | 26/11/23 → 30/11/23 |
Keywords
- Cyber Risk Management
- Cyber Threats
- Higher Education Institutes
- Qualitative Study
- Shadow IT