Cyber Threats Targeting Mergers and Acquisitions
10sG0c
10sG0c
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Conclusion<br />
There is demonstrable evidence to suggest that companies going through the M&A process have<br />
been targeted by malicious actors. Although specific information on threat actors targeting M&A<br />
processes is limited, clearly there is ample opportunity. A number of factors both prior to <strong>and</strong> after<br />
a successful bid by the acquiring company have the potential to degrade the acquiring company’s<br />
security posture. These include the inheritance of vulnerable network infrastructure <strong>and</strong> software<br />
<strong>and</strong> disenfranchised of employees who perceive threats to their job security or satisfaction.<br />
Further risks can be presented during the M&A process through the sharing of documents <strong>and</strong><br />
the location of meetings if they are based in public locations. Data leakage, data loss <strong>and</strong> the use<br />
of insecure public networks are all factors that may degrade a company’s security posture. Finally,<br />
the awareness of malicious actors to the on-going bid <strong>and</strong> M&A process increases the targeting of<br />
the companies involved as malicious actors attempt to capitalize on opportunities presented by the<br />
changes happening within each company.<br />
By underst<strong>and</strong>ing threats that tend to occur at these various stages, organizations can be better<br />
prepared for the process. To reap the benefits of a merger or acquisition, security must be a<br />
forethought, not an afterthought. The due diligence stage allows organizations to gain a deeper<br />
underst<strong>and</strong>ing of what they are getting before signing on the dotted line. But regardless of where an<br />
organization is in the M&A process, it is important to remember that operational security practice<br />
can dramatically impact profitability. Throughout the discussions, <strong>and</strong> before plugging in the<br />
network cable or allowing the two networks to connect, organizations must be sure to underst<strong>and</strong><br />
what’s on the other side, <strong>and</strong> the risks present.<br />
End notes<br />
1. http://www2.deloitte.com/uk/en/pages/financial-advisory/articles/deloitte-m-<strong>and</strong>-aindex.html<br />
2. http://www.ey.com/GL/en/Services/Advisory/EY-cybersecurity-cyber-threat-flash-pointsmergers-<strong>and</strong>-acquisitions<br />
3. http://www.theregister.co.uk/2016/02/24/it_manager_goes_to_jail/<br />
11