⚠️ SHADOW IT e SHADOW AI: cosa sono e perché evitarli

Sometimes, dangers come from where we least expect them. The culprit isn't always an external attacker; sometimes it's an overzealous employee who simply wants to work better and be more efficient. Let's see together what problems this can cause. _______________________________________________ 📢 If you haven't already, subscribe to the "Malware is a Harm" newsletter! Every week, the latest cybersecurity news, insights, and hands-on workshops to get your hands dirty. Here's the link to subscribe ⤵️ https://veronicapaolucci.substack.com... _______________________________________________ Is there anything in particular you'd like to hear about in an upcoming video? Let me know in this form: https://forms.gle/GB1QjxAAMcBRv1ZM9 _______________________________________________ 👍 Like if this was helpful 💬 Leave a comment if you have any questions or want more information 🎯 Subscribe to the channel so you don't miss future videos! _______________________________________________ 📚 KEY SOURCES and other useful/interesting links: Okta Security, the official analysis of the 2023 breach that originated from an employee's personal Google account, involving 134 customers and stolen session tokens: https://sec.okta.com/articles/2023/11... IBM, a clear definition of shadow IT with typical examples (personal cloud files, unauthorized apps, and chats): https://www.ibm.com/think/topics/shad... Proofpoint, the data showing that up to 97% of cloud apps used in companies are shadow IT and how this expands the attack surface: https://www.proofpoint.com/us/threat-... Have I Been Pwned, the service cited to verify whether Your credentials were exposed in a data breach: https://haveibeenpwned.com OpenAI, the enterprise privacy page explaining how company account data is not used for training (unlike free personal data) and the availability of a data processor agreement: https://openai.com/enterprise-privacy/ Regulation (EU) 2024/1689 (AI Act), which classifies AI systems used to filter and evaluate job applicants as high-risk: https://eur-lex.europa.eu/legal-conte... Regulation (EU) 2016/679 (GDPR), on controller responsibility and, in Article 22, on automated decisions: https://eur-lex.europa.eu/legal-conte...