Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/8/2018
10:30 AM
Alon Arvatz
Alon Arvatz
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybersecurity Gets Added to the M&A Lexicon

Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.

At the start of 2018, the technology industry kicked off with two well-publicized acquisitions: Cisco bought Skyport Systems and Amazon got Sqrrl. It doesn't matter if the industry is in technology, financial services, telecommunications, or any other vertical market, the merger and acquisition process is well-defined: the acquirer's goal is to uncover as much information about the acquisition target as possible in order to determine if the transaction will have a positive outcome.

Historically, through the due diligence process one would seek intel on financial stability, growth expectations, market saturation, talent, and partnerships. While all of these still influence a transaction, there is a relatively new variable to the equation: cybersecurity. From the banks involved to the legal departments drafting the deal, the importance of an acquisition target's security posture cannot be denied.

Threat intelligence is emerging as an important factor in the due diligence process, as a means to better understand the ultimate security risk associated with any M&A activity. To have the ability to listen to the Dark Web and hacker chatter forums gives the acquiring company insight into historical accounts of attacks, potential data breaches or leakage, insider threat activity, and ongoing security exploits focused on the target and its customers by a known adversary.

Cybersecurity and threat intelligence is now entering much earlier in the vetting process. As companies look to benchmark potential acquisition targets against each other, they are pulling threat intelligence data and reports to assess which company is better suited for acquisition and still has control over their intellectual property and data.

Everyone involved knows that companies are going to do their best to look as good as possible and seek the best price for its contents during the due diligence process. The only way to really validate a target's cybersecurity posture is to delve into the threat intelligence data, and thereby find out what the target omitted on purpose or doesn't know. Having this kind of validation and intelligence on the status of a target's intellectual property, customer data, credentials, and threat landscape will enable the acquiring company to make a more informed decision about the transaction.

Ask These Questions
So, what are the right questions to ask? There are many, but to start you need to get in front of the CISO or IT security manager to assess the following:

  • What's in your security infrastructure?
  • What types of security processes do you have in place?
  • Have you experienced any attacks or breaches in the past few years?
  • Have you identified any issues with insider threats?
  • Do you have any known adversaries?
  • Do you have security requirements for your third or fourth party vendors? 

Unfortunately, the security challenges associated with M&A activity do not stop at attacks and breaches but continue through the act of marrying two disparate security systems together in an effort to join the two companies or entities. From merging mail domains to joining the networks, the risks associated with merging IT infrastructure are not only dangerous, they're costly. Should the target have an unknown threat or vulnerability in its environment, that issue is now being introduced into the acquirer's network, giving attackers much more access than they bargained for in the original attack.

With any security issues, the acquiring company is taking on financial and growth risk, but brand and reputation are also key factors. For example: A very common attack vector involves creating a fake look-alike mobile application, similar to an organization's real application, and installing it on victim's phones. This can lead to data leakage from the affected phone or to abuse of the phone resources for cryptocurency mining. The intelligence about this type of app is crucial for security but can also reflect a threat to the brand and reputation of the acquired  company, as this app might be used to attack the company's customers.

There is no guarantee with any merger, but if you can dig into the threat intelligence data about an acquisition target and its partners, as well as assessing internal cybersecurity processes and potential issues, you will have a much clearer picture of the overall viability of the company and its intellectual property.

Related Content:

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Alon Arvatz served in an elite intelligence unit in the Israel Defense Forces. While serving for three years in the most innovative and operational setting, Alon led and coordinated large operations in the cyber intelligence world. Alon established Cyber School, a center ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14180
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are...
CVE-2020-14177
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from versio...
CVE-2020-14179
PUBLISHED: 2020-09-21
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from...
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...