From helpnetsecurity.com
Adversaries don’t need to use sophisticated methods to gain access to enterprise systems or to deploy ransomware – they can just buy or steal credentials and log in.
By burdening users with the near-impossible task of maintaining “secure passwords,” businesses ultimately give people a huge and unfair level of responsibility for security. As a result, many organizations are relying on what amounts to a roll of the dice to protect themselves and their customers from attackers.