Even a zero trust architecture (ZTA) can still be compromised by an attacker with stolen credentials. Multi-Factor Authentication (MFA) can reduce the impact of stolen credentials by requiring the attacker to provide a second form of authentication such as one time password from a phone or hardware token. Security awareness training, MFA, and thoughtful policy add depth to your defense.
“Attackers may use phishing, social engineering, or a combination of attacks to obtain credentials of valuable accounts. “Valuable” may mean different things based on the attacker’s motivation. For instance, enterprise administrator accounts may be valuable, but attackers interested in financial gain may consider accounts that have access to financial or payment resources of equal value. Implementation of MFA for access requests may reduce the risk of information loss from a compromised account.” –NIST.SP.800-207