After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BVOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:

Wed $12$ Dec $202010$:$00$:$03$ Unknown sources is now enabled on this device.

Which of the following is the MOST likely reason for the successful attack?

A$.$ Lack of MDM controls

B$.$ Auto$-$join hotspots enabled

C$.$ Sideloading

D$.$ Lack of application segmentation