IT organizations must shift their enterprise security strategy to detect credential-based attacks before they become a problem.