X-Force Incident Response and Intelligence Services (IRIS) has responded to multiple security incidents where multifactor authentication (MFA) was not implemented—but where implementing MFA might have significantly reduced the impact of the incident. Such incidents have even included destructive malware attacks, resulting in millions of dollars in losses and the irreversible destruction of thousands of machines on the network. In fact, unauthorized use of credentials accounted for 29% of all attacks observed by X-Force IRIS in 2019.