Following a data breach at a financial corporation, the cybersecurity team is conducting a review to determine the attacker's initial access method. Initial findings reveal the compromise of an internal email account two weeks before the unauthorized data extraction occurred. Further investigation highlights that the compromised account received a suspicious email, which preceded signs of abnormal access patterns. To enhance preventative strategies, what should be targeted as the MOST likely root cause enabling the subsequent breach?
The later identified abnormal access patterns linked to the event
The deficiency in the intrusion detection system that did not alert on the abnormal access patterns
The data extraction from the compromised system
The phishing attack that targeted the internal email system
|Incident Response and Management
|Reporting and Communication