“This year’s incidents involving APT groups notably focused their attacks directly on employee’s personal emails and endpoints. Whether they show up at the office with their personal devices won’t matter if they’re sharing credentials or access tokens on personal accounts and devices, or accessing corporate accounts from home.
Understanding lateral movement from an employee’s home to corporate assets is incredibly hard. Manual follow up with employees was the primary area of investigative friction on numerous occasions. A common trend was shared passwords acquired from attacks on personal accounts and devices that were not used on a corporate network, but hosted credentials that were relevant.”
Source: Learning From A Year of Security Breaches – Starting Up Security – Medium