Poster: The Unknown Unknown: Cybersecurity Threats of Shadow IT in Higher Education

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

Abstract

The growing number of employee-introduced IT solutions creates new attack vectors and challenges for cybersecurity management and IT administrators. These unauthorised hardware, software, or services are called shadow IT. In higher education, the diversity of the shadow IT landscape is even more prominent due to the flexible needs of researchers, educators, and students. We studied shadow IT and related cyber threats in higher education via interviews with 11 IT and security experts. Our results provide a comprehensive overview of observed shadow IT types and related cyber threats. The findings revealed prevalent cloud and self-acquired software use as common shadow IT, with cybersecurity risks resulting from outdated software and visibility gaps. Our findings led to advice for practitioners: manage shadow IT responsibly with cybersecurity best practices, consider stakeholder needs, support educators and researchers, and offer usable IT solutions.

Original languageEnglish
Title of host publicationCCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages3633-3635
Number of pages3
ISBN (Print)979-8-4007-0050-7
DOIs
Publication statusPublished - 21 Nov 2023
Event30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023 - Copenhagen, Denmark
Duration: 26 Nov 202330 Nov 2023

Conference

Conference30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023
Country/TerritoryDenmark
CityCopenhagen
Period26/11/2330/11/23

Keywords

  • Cyber Risk Management
  • Cyber Threats
  • Higher Education Institutes
  • Qualitative Study
  • Shadow IT

Fingerprint

Dive into the research topics of 'Poster: The Unknown Unknown: Cybersecurity Threats of Shadow IT in Higher Education'. Together they form a unique fingerprint.

Cite this