Cyber Threats Targeting Mergers and Acquisitions
10sG0c
10sG0c
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Cyber</strong> <strong>Threats</strong> <strong>Targeting</strong><br />
<strong>Mergers</strong> <strong>and</strong> <strong>Acquisitions</strong><br />
1
Table of Contents<br />
Executive Summary ............................................................................................................. ..3<br />
1. Introduction ..................................................................................................................... ..4<br />
2. Associated threat actors................................................................................................. ..5<br />
FIN4...................................................................................................................................... ..5<br />
DarkHotel............................................................................................................................. ..5<br />
Other historical cases <strong>and</strong> risks.......................................................................................... ..6<br />
3. Steps of the Merger/Acquisition Process...................................................................... ..7<br />
Preparation for acquisition <strong>and</strong>/or valuation....................................................................... ..7<br />
Marketing.............................................................................................................................. ..9<br />
Due Diligence....................................................................................................................... ..9<br />
Negotiations, signing (<strong>and</strong> announcements)....................................................................... 10<br />
Waiting period <strong>and</strong> final merge............................................................................................ 10<br />
5. Conclusion........................................................................................................................ 11<br />
End notes.............................................................................................................................. 12<br />
Appendix 1: 10 Risk Considerations for <strong>Mergers</strong> <strong>and</strong> <strong>Acquisitions</strong>................................... 13<br />
2<br />
© All Rights Reserved
Executive Summary<br />
Global merger <strong>and</strong> acquisition (M&A) activity reached record-breaking deal values in 2015 at<br />
over $4 trillion, with the resulting deals expected to add $1.5 to $1.9 trillion in value to these<br />
companies. 1 In 2016, high levels of activity are expected to continue.<br />
While mergers <strong>and</strong> acquisitions propel companies forward, the M&A process also fuels<br />
significant opportunities for cyber criminals. Failure to secure sensitive information during<br />
this time opens the door to threat actors looking to profit by exploiting financial markets <strong>and</strong><br />
proprietary intellectual property (IP). Given the value to be gained once the companies are<br />
combined, it’s safe to say that ensuring successful integrations will be a priority on boardroom<br />
agendas. Security, both during the M&A process <strong>and</strong> after the deal is closed, will play a central<br />
role in positive outcomes.<br />
In this report, Digital Shadows examines cyber risks or possible degradation to a company’s<br />
security posture as a result of the M&A process. The report takes historical cases of threat<br />
actors <strong>and</strong> applies other likely threats across the five-stages that companies typically go<br />
through during a merger or acquisition. Along each stage new risks emerge <strong>and</strong> advanced<br />
attackers, well-versed in corporate espionage techniques, st<strong>and</strong> to profit. Individuals’ behaviors,<br />
unintentional clues <strong>and</strong> vulnerabilities in inherited network infrastructure <strong>and</strong> software can all<br />
present risk. However, organizations armed with these insights can better underst<strong>and</strong> the threats<br />
they face <strong>and</strong> mitigate accordingly.<br />
3
1. Introduction<br />
<strong>Mergers</strong> <strong>and</strong> acquisitions can be exciting, but they are also marked by hectic, stressful <strong>and</strong><br />
frustrating periods. Vigilance is required at all stages throughout the M&A process, as a failure to<br />
secure sensitive information constitutes both a threat to the organization <strong>and</strong> an opportunity for<br />
threat actors. Over the past several years, there have been notable examples of organizations facing<br />
cyber threats as a result of vulnerabilities that have emerged while going through a merger or<br />
acquisition. But what can organizations do about this? By underst<strong>and</strong>ing both how <strong>and</strong> at what stage<br />
of the M&A process these threats occur organizations can mitigate them.<br />
4 Any additional information can go here as a part of the footer<br />
(Edit the C-Master to update this text)
2. Associated threat actors<br />
While corporate espionage is nothing new, its impact on the financial market <strong>and</strong> proprietary IP<br />
by exploiting corporations involved in st<strong>and</strong>ard business practice has become more prevalent in<br />
recent years. Following are a few examples of methods used by cybercriminal groups to profit from<br />
companies going through the M&A process.<br />
FIN4<br />
First reported in December 2014, a threat actor group identified as FIN4 attempted to access<br />
the email accounts of senior leadership across 100 publicly traded companies or advisory firms<br />
that provide M&A services such as investor relations, legal counsel <strong>and</strong> investment banking. The<br />
group used common financial investor <strong>and</strong> shareholder-themed social engineering lures to gain<br />
information likely intended for use in insider trading.<br />
In December 2015, the FBI disseminated an advisory to private industry warning that criminal actors<br />
are targeting privileged information about companies to facilitate securities fraud. The advisory<br />
noted that traders might seek this kind of information from hackers-for-hire on the criminal<br />
underground <strong>and</strong> referenced FIN4 as a group engaged in this kind of behavior. Tactics include the<br />
use of phishing emails to distribute Trojans armed with keylogging capabilities <strong>and</strong> injection of<br />
malicious code into the macros of email attachments designed to dupe victims to enter their e-mail<br />
credentials. This data is then sent to the attackers. Specific information about the extent of such<br />
malicious activity was not provided, but it is likely that the advisory was prompted by a rise in this<br />
type of activity.<br />
DarkHotel<br />
As early as 2007, a group named DarkHotel waited for their specific victims, comprised of corporate<br />
executives <strong>and</strong> high-tech entrepreneurs travelling to various international hotels, to connect to<br />
the hotel Internet. At which point DarkHotel would infect them with a rare APT Trojan. They relied<br />
heavily on the very strong likelihood that their targets would connect over a hotel’s wired or wireless<br />
network. The attackers also compiled extremely precise targeting information about the victim’s<br />
visit, much like they would for a a spear-phishing attack. In preparation for the attack, DarkHotel<br />
members gathered the target’s expected arrival <strong>and</strong> departure times, room number <strong>and</strong> full name,<br />
among other information. This data enabled the attacker to present the malicious content precisely<br />
to the individual target with minimal risk of raising suspicion.<br />
5
Other historical cases <strong>and</strong> risks<br />
Further evidence of a company experiencing increased cyber risks during the M&A process was<br />
demonstrated during the Marriott Corporation acquisition of Starwood Group in 2015. On November<br />
16, 2015, the Marriott Corporation announced that it was to acquire the Starwood Hotels Group<br />
(including Sheraton, Westin, W, <strong>and</strong> Sheraton Four Points). On November 20, 2016, Starwood<br />
released a statement that it had been the victim of a point-of-sale malware breach. Third-party<br />
assessment of this acquisition questioned whether the Marriott Corporation had sufficiently probed<br />
this as a potential threat vector, as well as what impact the disclosure of this breach would have to<br />
Marriott.<br />
A note by Ernst & Young (EY) on the changes to IT infrastructure <strong>and</strong> processes resulting from<br />
mergers <strong>and</strong> acquisitions further highlights this type of risk. The note states that a proposed<br />
acquisition by a foreign organization had to be postponed indefinitely when it came under<br />
government scrutiny due to concerns that some of the software used by the acquiring company<br />
could expose the target company to “unacceptable cyber risks.” 2 This reinforces the concern that<br />
inherited infrastructure <strong>and</strong> software can represent a threat.<br />
Internal threats are another serious consideration for companies going through an M&A process.<br />
Reports have cited challenges to information security during M&A due to the perception by<br />
employees of an increased likelihood of redundancies or undesirable change. Employees are a<br />
demonstrable risk when disenfranchised. For example, on February 24, 2015 it was reported that<br />
an IT manager had used their access to an ex-employer’s servers to erase data (some of which was<br />
intellectual property). 3 Furthermore, a former employee of Gucci was charged for erasing data from<br />
<strong>and</strong> shutting down the servers of Gucci after having been fired.<br />
6
3. Steps of the Merger/Acquisition Process<br />
While evidence shows that corporate espionage is alive <strong>and</strong> well, <strong>and</strong> that actors have been<br />
successful in infiltrating many organizations with novel <strong>and</strong> indirect approaches, it’s important to<br />
underst<strong>and</strong> where in the st<strong>and</strong>ard M&A process attacks can occur, <strong>and</strong> why.<br />
Figure 1 - The merger <strong>and</strong> acquisition process.<br />
While each merger or acquisition process will have its own nuances, all tend to follow the five broad<br />
stages illustrated in Figure 1. The following sections provide an overview of the cyber threats an<br />
organization is likely to face at each of these five stages.<br />
Preparation for acquisition <strong>and</strong>/or valuation<br />
The first identifiable stage of the process is the preparation for the acquisition or valuation of<br />
an organization. At this point, even though an official announcement has not been made, an<br />
organization is already vulnerable to threats. The potential buyer <strong>and</strong> the seller are both potential<br />
threat vectors. Organizations may take steps to make themselves more appealing to deal makers<br />
– perhaps through activity such as a second round of funding or other business decisions. Keen<br />
financial analysts may draw conclusions for themselves based on this activity, examples of which<br />
can be seen in public news posts such as Fortunes’ Term sheet blog, or as a result of inadvertent<br />
data leakage on social media or blogs.<br />
Sensitive information need not be explicit, however. As Figure 2 demonstrates, company-published<br />
job postings to sites such as LinkedIn looking to hire someone with M&A experience, or a person<br />
that would typically lead or be involved in the process such as a corporate development executive,<br />
can be a clue that M&A activity is in the offing.<br />
7
Figure 2 - The ease of access to information about individuals likely involved in M&A processes.<br />
Further information may be garnered from executives <strong>and</strong> employees within areas of<br />
business such as finance or corporate development, who may be subjected to unsolicited<br />
<strong>and</strong> even targeted emails with malicious payloads masquerading as company documents.<br />
There is no shortage of ways in which sensitive information may be exposed. For example,<br />
while the cloud is used more frequently throughout the enterprise, USB flash drive reuse is<br />
still rampant <strong>and</strong> a way to spread malware. Man-in-the-Middle malware attacks through an<br />
Internet browser can steal information the unsuspecting target innocently enters. And as<br />
evidenced in the reports of DarkHotel, there is also the added issue of traveling executives<br />
who may use unsecured wireless Internet connections while in transit or at a hotel. Such<br />
behavior can lead to system compromise <strong>and</strong> theft of personally identifiable information<br />
(PII), intellectual property, or proprietary <strong>and</strong> sensitive customer data that may be used in<br />
furthering access or attacks.<br />
All of these factors can lead to information about the deal being exposed earlier than<br />
the organization intended – information that is highly valuable to those with nefarious<br />
motivations.<br />
8
Marketing<br />
Marketing plays an important role in the M&A process, but it can also provide clues that threat<br />
actors may act upon. These clues are not always easily visible <strong>and</strong> spelled out. In fact, to the public<br />
these marketing activities may appear as business as usual, but to a trained analyst an identifiable<br />
pattern <strong>and</strong> opportunity can emerge. Some signals might appear in the form of a company visibly<br />
slowing down its cycle of new feature releases or showing a strength in profitability but meanwhile<br />
quietly reducing staff. Such activities can leave organizations open to threats. For example, based<br />
on such clues an attacker may target someone in corporate development with a one-page company<br />
summary designed to look like an M&A document, but in reality is part of a spear-phishing<br />
campaign. Or, in cases where a reduction in staff is occurring <strong>and</strong> speculation of M&A activity<br />
begins to spread, employees who are feeling overworked <strong>and</strong> at risk of losing their jobs may seek to<br />
intentionally leak data at the expense of the organization.<br />
Due Diligence<br />
Due diligence is one of the most important stages of the M&A process; it is an opportunity for<br />
the acquiring company to carefully review the target company with a fine-toothed comb to better<br />
underst<strong>and</strong> their strengths, weaknesses <strong>and</strong> risks. That said, it’s important to ask the right<br />
questions as they relate to security <strong>and</strong> integrity of the organization. For example, the company in<br />
question may have previously experienced a data breach that was either never detected or never<br />
fixed. Similar issues may include the acquisition of insecure network infrastructure <strong>and</strong> software. A<br />
failure to detect these issues at this stage could have significant long-term effects for the acquiring<br />
company. To this end, Appendix 1 provides guidelines <strong>and</strong> recommendations for organizations to<br />
underst<strong>and</strong> how they can mitigate such risks as part of the due diligence process, prior to finalizing<br />
the deal.<br />
It is also important to note that, at this stage of the process, the amount of data that is shared<br />
increases dramatically <strong>and</strong> so does the risk of a data breach. As such, organizations may well<br />
experience an increase in spear-phishing attempts as attackers strive to take advantage of a surge<br />
in valuable data that exchanges h<strong>and</strong>s during due diligence.<br />
9
Negotiations, signing (<strong>and</strong> announcements)<br />
Towards the end of the M&A process, unknown <strong>and</strong> unnecessary data leakage can occur from<br />
employees across social media <strong>and</strong> blog platforms. Organizations that lack policies, mobile device<br />
management (MDM) <strong>and</strong> endpoint protection will be particularly vulnerable. Corporations should<br />
also be mindful of personal devices used on corporate networks or Internet of Things (IoT) devices<br />
that may be insecure <strong>and</strong> also contribute to data leakage.<br />
While all employees should be vigilant at this stage, it is executives who are particularly susceptible<br />
to leaking data. Poorly secured (or compromised) personal devices, as well as the use of such<br />
devices in the workplace, can inadvertently expose sensitive documents. The real-world element<br />
also cannot be ignored. For example, threat actors may watch physical behavior <strong>and</strong> travel of<br />
executives or staff where meetings <strong>and</strong> document reviews may occur. This demonstrates the<br />
lengths to which bad actors will go in order to acquire extremely valuable information.<br />
Once an announcement is made <strong>and</strong> the typical chaos <strong>and</strong> confusion ensues as IT systems <strong>and</strong><br />
organizations merge, the floodgates will open. Lesser actors will jump into the fray, launching<br />
phishing <strong>and</strong> spam campaigns as well as possibly hacktivist attacks <strong>and</strong> disruptions, against both<br />
organizations.<br />
Waiting period <strong>and</strong> final merge<br />
The final stage of the process – when the majority of the hard work is already done –¬ is the waiting<br />
period before the final merge. The main risk at this stage comes from employees who fear a job<br />
loss or change. Staff may draw their own conclusions, recognizing redundancies or anticipating<br />
undesirable changes to their role or responsibilities. This can lead to disenfranchised behavior,<br />
which in turn may lead to negative social media <strong>and</strong> public outcry or protest, theft of intellectual<br />
property, or worse.<br />
In addition, if an attacker has established a foothold in a merging network, this is an optimal time to<br />
observe behavior <strong>and</strong> communication between the two organizations <strong>and</strong> patiently wait for access,<br />
or utilize that knowledge for social engineering.<br />
10
Conclusion<br />
There is demonstrable evidence to suggest that companies going through the M&A process have<br />
been targeted by malicious actors. Although specific information on threat actors targeting M&A<br />
processes is limited, clearly there is ample opportunity. A number of factors both prior to <strong>and</strong> after<br />
a successful bid by the acquiring company have the potential to degrade the acquiring company’s<br />
security posture. These include the inheritance of vulnerable network infrastructure <strong>and</strong> software<br />
<strong>and</strong> disenfranchised of employees who perceive threats to their job security or satisfaction.<br />
Further risks can be presented during the M&A process through the sharing of documents <strong>and</strong><br />
the location of meetings if they are based in public locations. Data leakage, data loss <strong>and</strong> the use<br />
of insecure public networks are all factors that may degrade a company’s security posture. Finally,<br />
the awareness of malicious actors to the on-going bid <strong>and</strong> M&A process increases the targeting of<br />
the companies involved as malicious actors attempt to capitalize on opportunities presented by the<br />
changes happening within each company.<br />
By underst<strong>and</strong>ing threats that tend to occur at these various stages, organizations can be better<br />
prepared for the process. To reap the benefits of a merger or acquisition, security must be a<br />
forethought, not an afterthought. The due diligence stage allows organizations to gain a deeper<br />
underst<strong>and</strong>ing of what they are getting before signing on the dotted line. But regardless of where an<br />
organization is in the M&A process, it is important to remember that operational security practice<br />
can dramatically impact profitability. Throughout the discussions, <strong>and</strong> before plugging in the<br />
network cable or allowing the two networks to connect, organizations must be sure to underst<strong>and</strong><br />
what’s on the other side, <strong>and</strong> the risks present.<br />
End notes<br />
1. http://www2.deloitte.com/uk/en/pages/financial-advisory/articles/deloitte-m-<strong>and</strong>-aindex.html<br />
2. http://www.ey.com/GL/en/Services/Advisory/EY-cybersecurity-cyber-threat-flash-pointsmergers-<strong>and</strong>-acquisitions<br />
3. http://www.theregister.co.uk/2016/02/24/it_manager_goes_to_jail/<br />
11
10 Risk Considerations for <strong>Mergers</strong> <strong>and</strong> <strong>Acquisitions</strong><br />
1. Infrastructure<br />
• Provide logical <strong>and</strong> physical diagrams of the networks <strong>and</strong><br />
locations<br />
• List all network hardware in place<br />
• List of routers including locations, manufacturer, model<br />
<strong>and</strong> rules<br />
• List of access control policies, mechanisms <strong>and</strong> network<br />
segmentation<br />
• List of domain names used with any hardware of software<br />
(e.g. email domains <strong>and</strong> aliased domains)<br />
• List of tag holders, domain name servers <strong>and</strong> expiry dates<br />
for the above domain names<br />
• List of databases, including locations, versions <strong>and</strong><br />
accesses<br />
• List of Cloud <strong>and</strong> Software as a Service providers:<br />
• List of what services are used, content hosted <strong>and</strong><br />
geographic locations<br />
• List of agreements <strong>and</strong> contracts including dates <strong>and</strong> details<br />
of all parties<br />
• List of any other services, applications, protocols, ports <strong>and</strong><br />
other software installed on the network <strong>and</strong> hardware not<br />
included above<br />
• Cloud based file storage<br />
• OS providers, versions <strong>and</strong> licenses<br />
• Schedule <strong>and</strong> project plan of all ongoing or planned<br />
infrastructure updates or upgrades, including location, models<br />
<strong>and</strong> versions.<br />
• Expected timeline of completion<br />
2. Operations<br />
Security,<br />
Testing, <strong>and</strong><br />
Mitigations<br />
• List all network security systems including location,<br />
manufacturer, model <strong>and</strong> rules<br />
• Firewalls<br />
• Intrusion detection <strong>and</strong> prevention systems, including<br />
network <strong>and</strong> host based detectors<br />
• List <strong>and</strong> description of certificates (e.g. SSL <strong>and</strong> PKI) used,<br />
including integrity report (Qualys)<br />
•List all email security <strong>and</strong> protection services (such as<br />
anti-malware, anti-spam, anti-phishing) including licenses,<br />
manufacturer, models, rules, incident reports <strong>and</strong> activity<br />
logs<br />
• List of logging systems <strong>and</strong> storage locations<br />
• List <strong>and</strong> description of access control, authentication <strong>and</strong><br />
session management mechanisms<br />
• List of remote access methods, protocols <strong>and</strong> use<br />
policies<br />
• List all patch management solutions including patching policy,<br />
schedule for the last 6 months <strong>and</strong> any exceptions<br />
• List of any relevant data loss prevention or endpoint protection<br />
capabilities, <strong>and</strong> associated policies, activity logs <strong>and</strong> updates<br />
• Schedule of vulnerability assessments, penetration tests, code<br />
reviews <strong>and</strong> audits<br />
• Dates <strong>and</strong> scope<br />
• Results <strong>and</strong> exceptions<br />
• Risk mitigation undertaken<br />
• Schedule <strong>and</strong> documentation of actual known information<br />
security breaches, exposures <strong>and</strong> other incidents for the last 3<br />
years – identify countermeasures adopted<br />
• Copy of incident management procedure <strong>and</strong> details of any<br />
automated remediation capabilities<br />
3. Training <strong>and</strong><br />
Awareness<br />
• Description of security awareness training provided <strong>and</strong> • Description of methods employees use to report security issues<br />
evidence of delivery over the last 2 years such as IP protection, including phishing<br />
phishing, data loss prevention, etc.<br />
• Assessment of corporate digital practices <strong>and</strong> regulatory<br />
• Proof of staff training on the protection of corporate intellectual<br />
property related to corporate IT/cyber policies<br />
• Proof of reputational protection programs<br />
compliance<br />
management mechanisms<br />
4. Agreements,<br />
Policies <strong>and</strong><br />
Procedures<br />
• List of licensed or open source software, their authors<br />
(including if the author/creator was an employee, consultant<br />
or independent contractor at the time of development)<br />
• Monitor agreements <strong>and</strong> support contracts<br />
•Disaster recovery agreements<br />
• List of internal <strong>and</strong> external security policies<br />
• Software licenses, assignments, contracts, beta testing agreements,<br />
warranties <strong>and</strong> guarantees<br />
• Support <strong>and</strong>/or maintenance contracts<br />
• Product documentation <strong>and</strong> manuals<br />
• Third-party software<br />
• Other intellectual property<br />
5. Intellectual<br />
Property<br />
• List of U.S. <strong>and</strong> foreign trade names, br<strong>and</strong> names, service<br />
marks, trademarks, logos, strap lines <strong>and</strong> slogans<br />
•List of U.S. <strong>and</strong> foreign patents, patent rights, designs<br />
<strong>and</strong> innovations (wholly or jointly owned) – provide copies if<br />
applicable<br />
• List of any <strong>and</strong> all intellectual property copyrights or<br />
trademarks – provide information if applicable<br />
• Copies of terms of use, privacy statement, trademark usage<br />
guidelines, <strong>and</strong> any other policies such as content, abuse,<br />
acceptable use, security <strong>and</strong> privacy<br />
• Full details of people responsible for maintenance <strong>and</strong><br />
protection of intellectual property rights <strong>and</strong> copies of<br />
correspondence from third parties regarding potential<br />
infringement of intellectual property rights of others<br />
12
6. St<strong>and</strong>ards<br />
<strong>and</strong> Compliance<br />
• List any m<strong>and</strong>atory or optional compliance st<strong>and</strong>ards,<br />
codes of practice or accreditations<br />
• Evidence of compliance with all above items in this section<br />
• Copies of governmental licenses or permits to operate in<br />
business sector, if applicable (e.g. Financial Services Authority)<br />
7. Risk,<br />
Insurance <strong>and</strong><br />
Continuity<br />
• List <strong>and</strong> provide copies of all company insurance policies<br />
covering property, liabilities <strong>and</strong> operations<br />
• List of any special conditions imposed by insurers<br />
• List of indemnification policies, business interruption,<br />
cyber insurance or product liability policies<br />
• List of any insurance claims for past 3 years<br />
• Copy of the business continuity plan <strong>and</strong> schedule of tests<br />
undertaken<br />
• Copy of data backup <strong>and</strong> verification policies, procedures <strong>and</strong><br />
storage providers <strong>and</strong>/or locations<br />
8. Staff <strong>and</strong><br />
Resources<br />
• List of key employees, contractors <strong>and</strong> vendors who work<br />
on development, testing, operations or security <strong>and</strong> an<br />
organization chart showing line management <strong>and</strong> functional<br />
relationships<br />
• Number of employees <strong>and</strong> other staff (temporary,<br />
voluntary, support, etc.) by department <strong>and</strong> by functional<br />
area associated with developing, operating <strong>and</strong> securing the<br />
network, services, or applications including an indication of<br />
the percentage of their work that this involves<br />
• Contracts including information on confidentiality or<br />
non-competition agreements to which employees are<br />
subject<br />
• List of specific agreements with employees, independent<br />
contractors – provide copies if applicable<br />
• Copies of consulting <strong>and</strong> confidentiality agreements <strong>and</strong> for any<br />
current or former consultants<br />
• List any “Arm’s length” back office support (HR, accounting, IT,<br />
etc.) services, or shared IT infrastructure capabilities<br />
• List of user groups, roles, geographical locations <strong>and</strong><br />
permissions<br />
• List of anyone with remote access<br />
9. Third Party<br />
• List of other companies, partnerships, individuals or other<br />
entities who are stakeholders or contributors or suppliers<br />
• List of agreements with other companies for provision of or<br />
consumption of products <strong>and</strong> services – provide copies of the<br />
agreements if applicable<br />
• List of confidentiality <strong>and</strong> non-disclosure agreements to<br />
which the company is bound or imposes on others – provide<br />
copies if applicable<br />
• List of data <strong>and</strong> formats provided to third parties including<br />
details of those third parties <strong>and</strong> the agreements<br />
• List of data sharing, marketing agreements, co-packaging,<br />
franchises <strong>and</strong> referral agreements<br />
• Lists of any resellers <strong>and</strong> distributors – if applicable provide<br />
copies of the written agreements<br />
• List of agreements or arrangements with company employees<br />
<strong>and</strong> shareholders or with any organization they have a<br />
relationship with – provide copies if applicable<br />
10. Customers<br />
• List all customer communication methods<br />
• List of all social media accounts, business need, use<br />
policies <strong>and</strong> authorized users/publishers<br />
• List of any claims, complaints, litigation arising out of<br />
social media use (including cyber harassment); online br<strong>and</strong><br />
<strong>and</strong> reputation assessment<br />
• List <strong>and</strong> explanation for any major customers lost over the last<br />
2 years<br />
• List of areas where customer supplied content is republished<br />
or recorded<br />
13
About Digital Shadows<br />
Digital Shadows is the only company to provide cyber<br />
situational awareness that helps organizations protect<br />
against cyber attacks, loss of intellectual property, <strong>and</strong><br />
loss of br<strong>and</strong> <strong>and</strong> reputational integrity.<br />
Its flagship solution, Digital Shadows SearchLight, is<br />
a scalable <strong>and</strong> easy-to-use data analysis platform that<br />
provides a complete view of an organization’s digital footprint<br />
<strong>and</strong> the profile of its attackers. It is complemented<br />
with support from a world-class intelligence operations<br />
team to ensure extensive coverage, tailored intelligence<br />
<strong>and</strong> frictionless deployment.<br />
digitalshadows.com<br />
London<br />
San Francisco<br />
Level 39, One Canada Square, London, E14 5AB 535 Mission St, Fl. 14, San Francisco, CA 94105<br />
+44 (0) 203 393 7001<br />
info@digitalshadows.com<br />
+1 (888) 889 4143<br />
14