43.6% of organizations report the use of stolen credentials as an entry vector