I want to say that the sort of place that had GDrive as their "approved cloud solution" is unlikely to also be the sort of place that has the sort of data the required firing-offence rules for exfiltration to non company systems, but I know that's not the world we actually live in...
I'm reminded that Lastpass got popped via an employee running a well out of date version of Plex with known RCE exploits and getting a keylogger installed:
“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass officials wrote. “The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.”
The hacked DevOps engineer was one of only four LastPass employees with access to the corporate vault.
I mean, I know exactly why. But why the fuck was the corporate Lasspass vault available to a staff member's home machine running Plex? Is the expense of a corporate vpn-locked laptop and a pair of Yubi keys too much for a fucking _Password Vault_ senior developer??? "Should we spend a couple of grand buying a work laptop for this guy who literally has the keys to our kingdom? Or do we save a few bucks and get him to work on the machine he already owns, the same one he runs outdated media server software and probably bittorrents all his porn with? What could possibly go wrong?"
