One Identity Global Survey Reveals “Pass the Hash” Attack Prevalence, Impact and Uncertainty, Highlighting the Need for Privileged Access and Active Directory Management Best Practices


  • Survey of more than 1,000 IT security professionals reveals business impact of an attack method that uses stolen administrator credentials, also known as a “Pass the Hash” attack
  • Forty percent of respondents say “Pass the Hash” attacks have a direct financial impact on the business
  • Sixty-eight percent of respondents do not know for certain whether they have experienced this type of attack or not
  • More than one in four (26%) large companies report they have definitely or probably experienced the attack, compared to about one in 10 (12%) smaller companies

ALISO VIEJO, Calif., Oct. 09, 2019 (GLOBE NEWSWIRE) -- One Identity, a proven leader in identity-centered security, today released new global research revealing the significant prevalence and impact of cyberattacks that use stolen hashed administrator credentials, also referred to as Pass the Hash (PtH) attacks, within businesses today. Among the survey’s most noteworthy findings is that 95% of respondents say that PtH attacks have a direct business impact on their organizations. Conducted by Dimensional Research, the survey of more than 1,000 IT professionals reinforces the crucial need for organizations to deploy effective Active Directory (AD) management and privileged access management (PAM) solutions and practices, given that PtH attacks primarily result in unauthorized use of privileged credentials to compromise enterprise systems and data.

In a typical PtH attack, an attacker obtains privileged credentials by compromising an end user’s machine and simulates an IT problem so that a privileged account holder will log into an administrative system. Those login credentials are stored as a hash that the attacker extracts and uses to access additional IT resources across the organization. Without a holistic and strategic approach to protect privileged accounts and identify when privileged access is being abused, a cybercriminal leveraging a PtH technique can gain access to an entire network, rendering all other security safeguards ineffective.

According to One Identity’s survey, IT security stakeholders recognize the damage PtH attacks can cause, however, many are still not implementing the most important measures available to fight them. Additional top findings from the report include:

  • PtH incidents have a widespread, direct impact on businesses.
    • Two in five (40%) say a PtH incident has a direct financial impact, such as lost revenue and fines.
    • Seventy percent report a direct impact on operational costs.
    • Sixty-eight percent say these attacks distract staff from other projects.

  • Ignorance of PtH attacks is worryingly prevalent for the majority of organizations.  
    • Sixty-eight percent of IT security stakeholders do not know for certain whether they’ve experienced a PtH attack.
    • Four percent of IT security stakeholders do not even know what a PtH attack is.

  • A large majority (87%) of respondents say they are already taking steps to prevent PtH attacks, but some lack of attention to address the issue persists.
    • Fifty-five percent have implemented privileged password management (a password vault).
    • Fifty percent have implemented better controls over AD/Azure AD administrator access.
    • Thirty-two percent have implemented advanced PAM practices such as session audit and analytics.
    • Twenty-six percent have followed Microsoft’s guidance and implemented an Enhanced Security Administrative Environment (ESAE, also known as Red Forest).
    • Among the respondents that have not taken any steps to prevent PtH, 85% have no plans to do so.

  • Larger companies feel they are more likely to be targeted by PtH attacks and are most likely to take steps to address the issue.
    • More than one in four (26%) large companies (defined as organizations with more than 5,000 employees) report they have definitely or probably experienced this type of attack, compared to about one in 10 (12%) smaller companies.
    • Twice as many large companies (38%) have invested in advanced PAM practices such as session audit and analytics compared to smaller organizations (19%).
    • Fifty-nine percent of large companies are implementing privileged password management (a password vault) vs. only 44% of smaller companies.
    • Only 16% of small organizations are following Microsoft’s guidance to implement ESAE (Red Forest) compared to 31% of large companies.

“The results of our 2019 survey indicate that despite the fact that Pass the Hash attacks are having significant financial and operational impact on organizations, there is vast room for improvement in the steps organizations are taking to address them,” said Darrell Long, vice president of Product Management, One Identity. “Without a holistic and strategic approach to protect privileged accounts and identify privileged access abuse, organizations could very well leave their entire network exposed to cybercriminals leveraging the PtH technique, with detrimental repercussions to the business.”

Effective PAM and AD-focused identity and access management (IAM) are critical components in any organizations’ security strategy; but the 2019 State of Identity and Access Management study shows businesses are still struggling to implement best practices. One Identity helps organizations eliminate their biggest IAM and PAM challenges, including controlling and automating AD permissions to protect the directory by constantly evaluating administrator permissions and proxying changes on behalf of the administrator, enabling delegation of exactly the right permission at a much more granular level than native tools, with its Active Roles solution. The industry-leading One Identity Safeguard PAM solution combines a secured and hardened password safe, session management and monitoring, and threat detection and analytics to help organizations securely store, manage, record and analyze privileged access.

About the 2019 One Identity State of Identity and Access Management Study
Conducted by Dimensional Research, One Identity’s “2019 State of Identity and Access Management” study surveyed 1,005 IT security professionals from midsize to large enterprises on their current experiences, trends and approaches to Identity Governance and Administration (IGA), PAM and Identity SaaS. The study consisted of an online survey of IT professionals in midsize to large organizations with responsibility for security and who are very knowledgeable about IAM and privileged accounts. A total of 1,005 individuals from the U.S., Canada, U.K., Germany, France, Australia, Singapore and Hong Kong completed the survey.

One Identity offers a free online executive summary of the data as well as a Key Findings Report.

About One Identity
One Identity, a Quest Software business, lets organizations achieve an identity-centric security strategy with a uniquely broad and integrated portfolio of identity management offerings including account management, identity governance and administration and privileged access management.  One Identity empowers organizations to reach their full potential, unimpeded by security, yet safeguarded against threats.  One Identity and its approach is trusted by customers worldwide, where more than 7,500 organizations worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their systems and data – on-prem, cloud or hybrid. For more information, visit http://www.oneidentity.com.

Media contacts
Andrea Ipolyi
One Identity Global PR
+36 1 398 6700
andrea.ipolyi@oneidentity.com

Ali Mapplethorpe
Highwire PR
415-675-1457
oneidentity@highwirepr.com