Attackers don't hack in. They log in.
Attackers don’t have to “hack in” using zero days like the movies, often they can just “log in” using user id’s and passwords they’ve harvested elsewhere.
The reality is that most attackers don’t need to exploit a CVE or install malware to compromise your enterprise, they’re able to chain together harvested credentials, misconfigurations, and dangerous product defaults into an attack vector that compromises your data and disrupts your systems.
These “Credential Attacks” are very hard to detect, and in most cases, not a single security alert in your Security Operations Center will be triggered.