Certified Information Privacy Technologist (CIPT) — Question 251

One year cybercriminals successfully infected the credit card payment systems and bypassed security controls of a United States-based retailer with malware that exfiltrated 40 million credit card numbers. Six months prior, the retailer had malware detection software installed to prevent such an attack.

Which of the following would best explain why the retailer’s consumer data was still exfiltrated?

Answer options

• A. The newly installed malware prevention system conflicted with the legacy malware prevention system.
• B. The detection software alerted the retailer’s security operations center as designed, but the information security personnel failed to act upon the alerts in a timely manner.
• C. The IT systems and security measures utilized by the retailer’s third-party vendors were in compliance with industry standards, but their credentials were stolen by advanced threat actors who then entered the retailer’s system.
• D. The retailer’s network that transferred personal data and customer payments was separate from the rest of the corporate network, but the malware code was disguised with the name of software that is supposed to protect this information.

Correct answer: B

Explanation

The correct answer is B because the detection software functioned properly by alerting the security team, but a failure to act on these alerts in a timely manner allowed the breach to occur. Options A, C, and D do not address the effectiveness of the detection software or the immediate response needed to prevent the data exfiltration.