After a breach incident, investigators narrowed the attack to a specific network administrator's credentials.

A periodic review of all privileged accounts actions could have best avoided the breach incident that involved a network administrator’s credentials. A privileged account is an account that has elevated permissions or access rights to a system or resource, such as a network administrator, a database administrator, or a root user. Privileged accounts pose a high risk to the security of an organization, as they can be exploited by malicious insiders or external attackers to compromise the system or resource. A periodic review of all privileged accounts actions is a good practice to monitor and audit the activities and behaviors of the privileged users, and to detect and prevent any unauthorized or suspicious actions. A periodic review of network access logs, active users on the network, and password strength of all users across the organization are also good practices to enhance the security of an organization, but they are not as effective as a periodic review of all privileged accounts actions, as they may not capture the specific actions of the privileged users or the source of the breach. References:

Privileged Account Management

Privileged Access Management Best Practices

Privileged Account Security: A Simple Overview