Unfortunately, many organisations have inadequate IAM and lack effective control and visibility of who has access to their resources. This creates a vulnerability that is targeted and exploited.