It’s important that companies realize that without Multi-Factor Authentication (MFA), they are wide open to attacks if their employees fall for phishing scams or share passwords, which happens all the time.
There is no doubt that compromised credentials constitute one of the biggest security threats today. The challenge with compromised credentials is that the attacker is in possession of valid and legitimate corporate details. This means that it is very difficult to detect because all of the security tools you might have in place consider that the person who is logging in is precisely who they say they are.