Which term describes unauthorized devices or applications that disrupt an organization's IT security?

The term that describes unauthorized devices or applications that disrupt an organization's IT security is Shadow IT. This concept refers to the use of information technology systems, devices, software, applications, and services without explicit IT department approval. Shadow IT can pose significant risks to an organization because it operates outside of the organization's security protocols, leading to potential data breaches, compliance violations, and decreased visibility into network activities.

Organizations may not be aware of these unauthorized systems, which can introduce vulnerabilities and make it challenging to enforce security measures effectively. The proliferation of personal devices, software solutions, and cloud services used by employees further complicates this issue, often encouraging employees to bypass official channels in favor of convenience or enhanced functionality.

In contrast, other terms mentioned represent different security concerns. Malware refers specifically to malicious software designed to harm or exploit devices or networks. Phishing is a social engineering attack where users are tricked into revealing sensitive information. Insider threat involves employees or other individuals within the organization who may misuse their access to systems to compromise security. Each of these terms highlights a unique aspect of cybersecurity challenges, but Shadow IT specifically captures the essence of unmanaged devices and applications impacting IT security.