Thycotic, a provider of privileged account management (PAM) solutions for more than 7,500 organizations worldwide, along with Cybersecurity Ventures, a research and market intelligence firm focused on the cybersecurity industry, have released a joint report that evaluates the current and future state of password security. According to a news release, the report found that the total number of user and privileged accounts that will be at risk, including a combination of human and machine passwords, will surpass 300 billion passwords by 2020.

According to the report, more than 3 billion user credentials and passwords were stolen in 2016, with 8.2 million passwords being stolen every day and approximately 95 passwords stolen every second. Through data analysis, security experts at Thycotic, with U.S. headquarters in Washington, D.C., and Cybersecurity Ventures concluded the potential for up to $6 trillion in cybercrime damages by 2021. While there is clearly a margin of error based on several variables—most notably the number of Internet of Things (IoT) devices— Cybersecurity Ventures and Thycotic believe that the password attack surface will inevitably grow by an order of magnitude over the next four years.

“It is a very scary truth that everyone, especially those running businesses, should aware of.  Our passwords are not safe which is concerning as they are literally the key to some of the most important information that businesses hold,” said Joseph Carson, CISSP, CSPO, CSP, Thycotic. “Privileged account passwords especially are prime targets for hackers for good reasons. One privileged account password breach can allow a hacker to access and steal the credentials and passwords belonging to every employee in a company.”

As an example of the type of opportunities for passwords being compromised, the report shows that companies on the Fortune 500 list in 2015, employed a combined 27 million people – a number which has since grown. Thycotic experts estimate that these employees in 2020 will have an average of 90 accounts (combination of business and personal) requiring login IDs and passwords. That would put the total number of passwords belonging to Fortune 500 employees at 5.4 billion in 2020. While employees have their own login credentials — there’s a proportionately small number of privileged users (typically IT and system administrators) who each have access to hundreds, and sometimes thousands, of login IDs and passwords.

Approximately five percent of Fortune 500 employees are privileged users, putting the number of people with privileged account access at 1.35 million.

Leave a Reply

Your email address will not be published.