How M&A Activity Can Open the Door to Cyber Threats

  • … spear-phishing attempts as attackers strive to take advantage of a surge in data that exchanges hands during due diligence.
  • Negotiations, signing and announcements: Organizations that lack social media policies, mobile-device management and endpoint protection may find data leaked inadvertently as the end of the M&A process approaches. While all employees should be vigilant at this stage, executives are particularly susceptible to attack. Poorly secured personal devices and the use of public Wi-Fi to review documents while on the road or in meetings provide bad actors with ample opportunity to steal high-value data. Once the announcement is made, the doors will open even wider, and less sophisticated attackers will also try to profit or cause disruptions.
  • Waiting period and final merge: The main risk at this stage is from employees who fear a job loss or change and may leak or steal IP or other data. If an attacker has established a foothold in a merging network, this is also an optimal time to monitor communications and patiently wait for deeper access or utilize that information for social engineering.

Clearly, vigilance is required at all stages of the M&A process, as a failure to secure sensitive information constitutes both a threat to the organization and an opportunity for bad actors. Individuals’ behaviors, unintentional clues and vulnerabilities in inherited network infrastructure and software can all open the door to cyber risk. However, organizations armed with these insights can better understand the threats they face and mitigate accordingly.

Given the value to be gained once the companies are combined, it’s safe to say that ensuring successful integrations will be a priority on boardroom agendas. Security, both during the M&A process and after the deal is closed, will play a central role in positive outcomes.

Alastair Paterson has worked for over a decade advising secure government and FTSE 100 clients on large-scale data analytics for risk and intelligence. Before founding Digital Shadows in 2011, Alastair was International Propositions Manager at BAE Systems Detica working with clients in the Gulf, Europe and Australasia.

Pages: Previous 1 2

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 59817