Experts agree that organizations need to conduct thorough research and risk assessments. The best defenses involve strict maintenance management, tracking the bill of software items, security awareness training, and limiting what can be installed.
“Understanding your attack environment and performing routine security mapping exercises is critical,” said Tim West, Director, Threat Intelligence at With Secure. “It is important to note that the answer is not only technical. There is a human factor behind the IT shadow and why it happens. Training and ensuring that existing processes serve the needs of your employees is also important. “
ImmuniWeb’s Kolochenko added: “Even experienced software developers may inadvertently deploy a container, with production data, to the cloud to test some new features, and end up forgetting about it, not to mention non-technical users with their home computers used for business or mobile devices.” .”
Source link