More than 1,000 IT professionals surveyed in Singapore said they suffered a “Pass the Hash” or PtH attack that have had a direct business impact on their organisations, mainly financial, according to One Identity.
Conducted by Dimensional Research, the survey reinforces the crucial need for organisations to deploy effective Active Directory (AD) management and privileged access management (PAM) solutions and practices, given that PtH attacks primarily result in unauthorised use of privileged credentials to compromise enterprise systems and data.
Findings show that IT security stakeholders recognise the damage PtH attacks can cause, however, many are still not implementing the most important measures available to fight them.
More than six in 10 (62%) respondents say a PtH incident has a direct financial impact, such as lost revenue and fines, 67% report a direct impact on operational costs, and 71% say these attacks distract staff from other projects.
Seven in 10 (69%) of respondents do not know for certain whether they’ve experienced a PtH attack, and 3% do not even know what a PtH attack is.
A large majority (89%) of respondents in Singapore say they are already taking steps to prevent PtH attacks, but some lack of attention to address the issue persists.
Close to two-thirds (64%) have implemented privileged password management, 40% have implemented better controls over AD/Azure AD administrator access, and 28% have implemented advanced PAM practices such as session audit and analytics.
“The recent SingHealth data breach is a high-profile example when unauthorised access to confidential data occurs, and this shows that a robust identity-centric strategy to secure privileged credentials needs to be a priority for organisations to prevent these details from falling into the wrong hands,” said Serkan Cetin, technical director for APJ at One Identity.