As more and more companies move to hybrid (or even cloud) infrastructure, they need to be aware of security lacks. Many organizations have a workload in the public cloud, containing credentials, passwords or API-keys. Attackers there have a good chance finding a first point of entry to your company.
Even more critical is the fact, that 25% of the companies do not use multifactor authentication for their superadmin cloud-accounts. Nowadays it is very easy for hackers getting their credentials to cause a huge damage in the companies infrastructure.
Be aware that moving to cloud without any security components such as MFA or IAM-Tools could cause massive damages and costs by getting hacked or any other cyber attack. Just remember to have a good security environment around giving intruders no chance to have access to your data.