There are many ways that user credentials get compromised. My favorite is when the user just hands them right over via e-mail or web page entry. After user credentials are compromised, the attacker can use the granted access to run rampant or leap frog from a lower end credential to a higher level credential.
One of the many exploits that hackers use can be purchased for $350 US, with annual maintenance of just $30. This code has been tested and bypasses 15 different Antivirus programs and 7 different firewalls. Keep in mind, this is just a base level package. Some packages run upwards of $4000 per month. I can only imagine what that would allow a hacker to do.
In order to raise our game here, a periodic audit of Active Directory complete with a permissions review to maintain a baseline is in order. This reduces but does not eliminate the risk.
A layered approach to security is still required. This helps you identify compromise rapidly so that your time to remediation can begin sooner, thus stemming the severity of the attack. There are several ways to address this depending on your environment. A Network Assessment can help provide a roadmap to improve your overall security posture.