Protecting shared service accounts is always a hard task, especially when they have admin privileges. Here is a few things you can do to help you protect them using MFA.
If you're a large organization, hiring a Cyber security firm to audit your security posture is a no brainer. Everything is exploitable and thinking that you are 100% secure nowadays is naive. You can purchase the best of the best security stack but no matter what, there will always be a weak chain somewhere. This is why these services exist. So that they help identify the gaps and help re-mediate them before someone malicious exploits them.