Learning From A Year of Security Breaches

“This year’s incidents involving APT groups notably focused their attacks directly on employee’s personal emails and endpoints. Whether they show up at the office with their personal devices won’t matter if they’re sharing credentials or access tokens on personal accounts and devices, or accessing corporate accounts from home.

Understanding lateral movement from an employee’s home to corporate assets is incredibly hard. Manual follow up with employees was the primary area of investigative friction on numerous occasions. A common trend was shared passwords acquired from attacks on personal accounts and devices that were not used on a corporate network, but hosted credentials that were relevant.”

Source: Learning From A Year of Security Breaches – Starting Up Security – Medium

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.