By Mark McClain, Founder & CEO, SailPoint

During the past two years we witnessed monumental and record-breaking security incidents, unprecedented in their level of unpredictability, directed against critical organizations that erupted from focused attacks capitalizing on weak and exposed passwords. While I wish these were unusual events, unfortunately, this type of attack has become all too common, with bad actors successfully stealing personally identifiable information (PII) and infiltrating businesses’ networks with dire consequences. Without a stronger emphasis on cybersecurity strategy in the near term, companies are at risk of forfeiting their ability to confidently claim that they provide effective protection of their own employees’ digital identities.

A New Cybersecurity Reality for the Modern Enterprise

Why the caution of impending doom? First, during the pandemic, many companies rushed to set up their workforces with remote access to systems and applications to avoid interrupting essential day-to-day business activities. Consequently, many employees adopted new tools and applications to increase their productivity, often bypassing technology sanctioned by the IT team, and thereby inviting unknown risks into the business. Second, accelerated by digital transformation efforts, enterprises have increasingly moved the bulk of their day-to-day work to cloud environments, with their employees, contractors and business partners accessing most of their systems remotely. For a typical large enterprise, this implies that there are now thousands to millions of identities—human and nonhuman—accessing critical business information across hundreds to thousands of access points, often with very little oversight. And cybercriminals know it.

On top of that, we are witnessing more individuals than ever before sharing their personal and sensitive information with third-party platforms, which is especially risky today as many organizations have moved from BYOD (bring your own device) to BYOE (bring your own environment) for their employees and contractors. As a result, we have blurred the line between what enterprise users leverage for their work versus their personal use, providing additional access points for bad actors. Considering all the accounts one person has between their personal and work applications, it’s no shock that credentials are often duplicated across this border. But this means that once a bad actor gets access to a personal application—which is usually less secure than IT-sanctioned applications—they have a gateway to access enterprise data easily.

So, when we read the details behind the latest headline of a breach, it’s no huge surprise to find out it’s usually tied to compromised worker identities that have fallen into the hands of bad actors. And cybercriminals don’t stop at merely stealing our digital identities; instead, they use them to impersonate us, gaining further access. While attackers stealing credentials to breach a company is nothing new, the speed and volume at which organizations and individuals adopted new approaches to stay operational during the pandemic have made stealing identities significantly easier for bad actors. To combat this, companies must redouble their focus on identity security: making sure the right people have access to the right information at the right time.

Investing in Your Most Valuable Assets: Identities

For the modern enterprise, securely connecting the right people to the right technology is incredibly complex. In recent years, with the explosion of new software as a service applications, increased “churn” in workforces and the advent of “nonhuman” identities, the scale of this challenge has moved well beyond human capacity. The average enterprise today has over 1,000 applications in use, often supporting tens or hundreds of thousands of identities. Without a single view into all identities and their access rights, or the ability to manage them through automation, organizations are needlessly exposed to business, brand and financial risk brought on by the explosion of technology that underpins their business. However, this typical situation of companies using people-intensive manual tasks and processes as the primary means of securing corporate identity information does not have to be the case today. By harnessing the power of AI and machine learning with an identity security offering, businesses can ensure the right people are accessing the right technology and doing so in a way that matches the scale and dynamic nature of today’s enterprise.

After all, secure control over identity and access data is the red thread that connects people to technology safely and efficiently. When made foundational to enterprise security, it’s far more challenging for attackers to do their jobs. And at the end of the day, that should be the primary goal of every kind of cyber defense. If organizations give the appropriate focus to protecting their most vulnerable assets—their identities—I believe they can minimize risk as they confidently and securely enable their workforce to propel the business forward.

To learn more about SailPoint’s Identity Platform, visit SailPoint.com.

This article originally appeared on Forbes.