Insufficient logging and monitoring Exploitation is the bedrock of nearly every major events. An attackers rely on lack of constant monitoring and timely responses to achieve their goals without being recognized.
An attacker uses scanning tools for users with a common password. They can take over all accounts using this one password. For all the other users this scan only leaves one false login loggd. After some days this may repeat with a different passwords.
Most of the successful attacks start with a vulnerability probing. Allowing such kind of probes to continue can raise the possibility of a successful exploit to nearly 100%. most probably recognizeing a breach will take an average of 6 months that is a lot of time for damage to be deliverd.