Today’s Growing Cyber Security Risk

As the total universe of passwords will likely grow from approximately 90 billion today to 300 billion by 2020, organizations across the world face a massively growing cyber security risk from hacked or compromised user and privileged accounts. Charged with defending enterprise customers, employees, Internet of Things (IoT) devices—and most importantly privileged account users—from compromise and identity theft, cyber security professionals must raise awareness about protecting passwords, and help change user behaviors by leveraging more effective, automated IT solutions.

In spite of the considerable efforts to replace passwords, they remain the dominant form of authentication on the web and are likely to remain so. Some researchers argue that “no other single technology matches their combination of cost, immediacy and convenience” and that passwords are themselves the best fit for many of the scenarios in which they are currently used.

According to the Microsoft Secure Blog, four billion people will be actively online by 2020. Chances are most, if not all, of those people will need several user names and passwords as credentials for accessing multiple online accounts. Numerous IT industry reports estimate that users can average as many as 36 passwords each. While there is no universal agreement about the number of passwords per user, this report considers 25 passwords per user as a conservative number. Based on this assumption, Thycotic research estimates that by 2020 there will be at least 100 billion human passwords requiring cyber protection.

Plenty of Opportunities to Compromise Passwords

Passwords are often the most vulnerable credentials targeted by hackers. That’s because passwords typically are easy to “crack” with software that automates the process of guessing passwords by exploring countless combinations in very short periods of time. In many cases, humans use the same password for many of their online accounts as an easy way to remember them. Once cracked, these passwords give hackers the “keys to the kingdom,” allowing them access to steal or manipulate proprietary information.

Companies on the Fortune 500 list in 2015, for example, employed a combined total of 27 million people. Thycotic experts estimate that these employees in 2020 will have an average of 90 accounts (combination of business and personal) requiring login IDs and passwords. That would put the total number of passwords belonging to Fortune 500 employees at 5.4 billion in 2020.

A report from the National Institute of Standards and Technology (NIST) revealed that most human account users are suffering from cyber security fatigue—defined as a weariness or reluctance to deal with computer security. The study notes that the average computer users felt overwhelmed and bombarded, and they feel tired of being on constant alert, adopting safe behavior, and trying to understand the nuances of online security issues. When asked to make more computer security decisions than they can manage, users experience decision fatigue, which leads to “security fatigue.”

Typical examples of security fatigue include being tired of remembering usernames, passwords, PIN numbers, navigating multiple security measures, and account lockouts due to incorrectly entered passwords. The study also found that users believe safeguarding data is someone else’s responsibility, and users questioned how they could effectively protect their data when large organizations frequently fall victim to cyber-attacks.

Social Media Extends the Risks

Social media platforms have introduced significant risks due to the extensive use of what are known as social logon or application passwords. To avoid users having to remember multiple passwords for social media accounts, new platforms allow for a single logon to be linked to these accounts. However, these platforms often share customer data without clear transparency to the user.

The sharing of information on social media can often lead to identity theft, virtual kidnapping, or spear phishing against one’s friends, colleagues, or relatives. On many social media platforms, it’s also easy to create fake accounts and/or impersonate others. Furthermore, some people steal others’ photos and present them as their own, or utilize them for nefarious purposes such as using someone else’s photo in an ad for an online hook-up site. On top of this, most social media users do not use multi-factor authentication for logging into social media sites, and many people use weak or reused passwords—putting their accounts at risk of being taken over by hackers.

Therefore, a breach at one site can easily lead to accounts being taken over at other sites. Because many people use Facebook or Twitter authentication and passwords for multiple sites, a takeover of one’s Facebook or Twitter account can, in fact, mean the compromise of many other accounts as well. And, when a hacker takes over a Facebook or Twitter account, the hacker can readily social engineer attacks on the victim’s colleagues, friends, and relatives. High-profile breaches alone add up to nearly 3 billion stolen credentials and passwords.

The Need for Privileged Identity Management (PIM) and Dynamic Security

In an ever-expanding threat landscape, properly protecting passwords often makes the difference between a simple hack and catastrophe. Many companies today still sacrifice security for ease of use, and tend to rely on passwords alone to protect access to credentials. Thycotic research highlights the need to balance productivity, ease of use and security in a dynamic environment. That means when the threat is high, the security fence increases. And when the threat is low, the security fence decreases automatically. To manage this dynamic however requires the efficient use of threat detection and intelligence to track activity.

By combining the digital identity, multi-factor authentication, biometrics, behavior analytics and privileged accounts, a company can build a dynamic security fence using a trust score for digital identities to alert and/or challenge access when behavior changes or becomes suspect. Companies can use internal trust definitions or external threat intelligence to determine when security controls should be more sensitive. For example, when a new variant of malware or ransomware emerges in the wild and exploits known vulnerabilities which have not yet been patched, the dynamic security measures can increase the security sensitivity so that when a human or system detects a privileged elevation request from an unknown source, it can be prevent access until additional security controls are cleared such as peer review or an alternative approval workflow. Thus, Privileged Identity Management (PIM) with Dynamic Security can continuously check trust levels, and when a user or systems makes too many unusual or anomalous changes, the PIM system will automatically challenge for additional identification of the human or system.


Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Kevin Mayer
20 Things You Didn’t Know About Kevin Mayer
10 Reasons to Add Peer to Peer Lending To Your Portfolio
Maryellis Bunn
20 Things You Didn’t Know About Maryellis Bunn
David Einhorn
20 Things You Didn’t Know About David Einhorn
Apple Card
10 Drawbacks About Owning The Apple Card
Do You Really Need to Save That Much for an Emergency Fund?
10 Recession Proof Dividend Stocks You can Lean On
York Water Stock
20 Reasons You Might Consider York Water Stock
20 Ways Technology is Watching You Without You Knowing
Blockchain
Five Companies Leading the Way in Blockchain Technology
airplane technologies
20 Technologies That Will Rule the World in 2020
Chatbots
The Growing Use of Chatbots in Customer Service
The 20 Best Hotels in Sedona, Arizona
The 20 Best Things to Do in San Antonio for First Timers
Oceanside Municipal Pier in San Diego
The 20 Best Seafood Restaurants in San Diego
10 Reasons Puerto Vallarta Beach Club is the Ultimate Romantic Getaway
Best Ford Taurus Models
The 10 Best Ford Taurus Models of All-Time
Best Cadillac SRX Models
The 10 Best Cadillac SRX Models of All-Time
2016 Mercedes-Benz GLC Class
The 10 Best Mercedes GLC Models of All-Time
Best Cadillac Escalade Models
The 10 Best Cadillac Escalade Models of All-Time
The 20 Best Gym Watches for 2020
Diesel Men's Master Chief Quartz Model DZ1206
The 20 Best Diesel Watches of All-Time
The 20 Best Skagen Watches of All-Time
Oris Martini Racing Limited Edition
The 20 Best Oris Watches of All Time