When you acquire a company, what risks or security concerns do you acquire along the way? What if this information is unknown or more importantly - what if you think there are no concerns but what you find after the fact isn't so?
Looking at a statistic from Attivo networks, "Notably, despite this due diligence, 40% of acquirers reported discovering a cybersecurity problem after a deal completed."
And also stated by the team at Attivo, "when an acquisition is announced, both organizations experience an increase in target profiles and public visibility."
This typically results in both organizations making themselves targets of increased cyber threats and attacks. In Testing the Defenses: Cybersecurity Due Diligence in M&A, West Monroe Partners reported that, In the realm of M&A, concerns about cyber security are becoming a critical issue when companies target acquisitions.
A company’s cyber security infrastructure—or lack thereof—can affect the deal price, and at times determine whether a potential acquirer goes through with a deal at all With the threat landscape that exists today, both organizations must assess the security integrity, maturity, and current state of the newly acquired entity’s network and infrastructure. This drives the need for technological approaches to rapidly establish visibility and the means to ascertain the risks and vulnerabilities that may exist related to:
- The state of current security controls and processes
- Identifying potentially active compromises and vulnerabilities that may exist.
- Gathering intelligence and understanding the current infrastructure across cloud, data center, end user networks, and even into operational networks like SCADA/ICS/IoT/ POS networks.
All of these discovery elements can be used as due diligence to develop a strategy to address and identified deficiencies, aid in reducing risks, and elevate the security posture of an environment. An effective assessment and the development of a remediation plan ensure that the technological integration doesn’t result in ‘poisoning the well’ and that the acquisition initiatives aren’t jeopardized or impeded."
Moving forward with a proactive mindset can save organizations time, money and brand deteriation.