This is a summary of the panel discussion at Security Symposium & Cyber Sentinel Award by Infocon global. The panel discussion was moderated by Jitendra Chauhan (Head of Engineering at FireCompass) along with Balaram (CISO, Manthan), Ananth Kumar Ms (Head-IT Assurance & Security, Janalaxmi Financial Services), Sumanth Naropanth and Ramakrishna Roy.

What is Shadow IT? How will you define it?

• What is the definition? Projection based on Gartner and Forester
  • Gartner Report Says Shadow IT Will Result in 1/3 of Security Breaches. They predict that “by 2020, one third of successful attacks experienced by enterprises will be on their shadow IT resources.”
  • When business unit IT digital services are invisible to the IT department that is not sanctioned by centralized IT it is termed as shadow IT.
• Different Types
  • External Digital Footprint
    • Apis
    • Share drives
    • Cloud services
    • 3rd party assets and data collection
    • Ability to share information
    • Open source libraries

  • Internal organisation

  • Grey area
    • Skype
    • Open source libraries
    • Design esponaige

>> Want to See Your Organization's Shadow IT

Why is Shadow IT is a problem from various perspectives such compliance, security, business operations etc.?

• Compliance such as GDPR, SOX, PCI
• Business Implications and implications to CXOs
• Organisational Security Perspective
• Skype traffic
• What are the few examples of breaches because of Shadow IT?
  • Amex Breach [Nov 2018] - Details on 700k customer data exposed
    • What was exposed?
      • 3M Records,
      • 700000 unencrypted PII such as Name, Emails, Phone Numbers etc.
    • How did it Happen?
      • Misconfigured MongoDB instance (managed by a Marketing Subcontractor), which was indexed by search engines like Shodan.
  • HSBC Breach [Nov 2018]
    • What was exposed?
      • 1M+ Customers exposed,
      • PII - DOB, Communication Details, Transactions, A/C Numbers & Balance
    • How did it Happen?
      • Credential Stuffing, Due to Password Reuse
  • British Airways [Sep 2018] - Click Here for more data on why the hack happened
    • What was exposed?
      • 380000 Transaction Records
      • Personal and Financial Data such as credit cards
    • How did it Happen?
      • 3rd Party System compromised, infected with malicious javascript that ultimately targeted BA end users.
  • Equifax Breach (Click Here for detailed breach settlement information - $700m)
  • Microsoft Subdomain Takeover
  • Dunkins Donut

Summary,

• None of the attack vectors involved 0 days, but mostly misconfigured assets, open buckets, leaked password reuse, 3rd Party related trust misuse
• Reward and reprimind

How is the Shadow IT really created?

• Key business drivers
• Getting things done as fast as possible
• Cloud it is easy
• Agility
• 3rd party vendors
• Lack of monitoring
• Examples of departments [Marketing, Engineering]

How to detect Shadow IT?

• Detection Cycle

  • Discovery visibility
  • Data flow monitoring and anomaly detection
  • Create Asset Inventory
  • Prioritise and Assign Risks
  • Validate Risks [Red Teaming]
  • Manage and Monitor
    • Continuous Monitoring of Attack Surface and Risks
    • Continuous Remediation of Risks

  Incidents response of shadow it?

How to prevent Shadow IT?

• Be more open on the policy perspective. Embrace Shadow IT Drivers by creating policies
• Awareness Drive ( cxo and employees)
• Continous Monitoring and threat intelligence
• How to deal with employees who do not listen to you and inform Security Team?

>> Want to See Your Organization's Shadow IT