This action, however, creates a direct path into the organization’s IT environment. The employee has unknowingly introduced malware, enabled data theft, or provided attackers with a foothold. This represents the dangerous side of “shadow IT,” where unsanctioned software becomes a major security vulnerability. A 2023 security report observed an from the previous year, with construction and professional services being primary targets.