Description: The term ‘Shadow IT’ refers to the use of information technology (IT) systems and solutions within an organization without the explicit approval of the IT department. This phenomenon can arise for various reasons, such as employees’ need to access tools that facilitate their work or the search for faster and more efficient solutions than those offered by the IT department. However, this practice can significantly increase the organization’s vulnerability to cyberattacks, especially Distributed Denial of Service (DDoS) attacks. DDoS attacks aim to saturate the resources of a network or server, making services inaccessible to legitimate users. When unapproved IT solutions are used, there is a risk that these tools lack adequate security measures, which can facilitate attackers’ entry. Additionally, the lack of visibility and control over these applications can hinder the detection and mitigation of DDoS attacks, exposing the organization to economic and reputational losses. Therefore, while ‘Shadow IT’ may offer immediate benefits in terms of agility and efficiency, it also poses serious challenges in managing cybersecurity.
