Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/8/2018
10:30 AM
Alon Arvatz
Alon Arvatz
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybersecurity Gets Added to the M&A Lexicon

Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.

At the start of 2018, the technology industry kicked off with two well-publicized acquisitions: Cisco bought Skyport Systems and Amazon got Sqrrl. It doesn't matter if the industry is in technology, financial services, telecommunications, or any other vertical market, the merger and acquisition process is well-defined: the acquirer's goal is to uncover as much information about the acquisition target as possible in order to determine if the transaction will have a positive outcome.

Historically, through the due diligence process one would seek intel on financial stability, growth expectations, market saturation, talent, and partnerships. While all of these still influence a transaction, there is a relatively new variable to the equation: cybersecurity. From the banks involved to the legal departments drafting the deal, the importance of an acquisition target's security posture cannot be denied.

Threat intelligence is emerging as an important factor in the due diligence process, as a means to better understand the ultimate security risk associated with any M&A activity. To have the ability to listen to the Dark Web and hacker chatter forums gives the acquiring company insight into historical accounts of attacks, potential data breaches or leakage, insider threat activity, and ongoing security exploits focused on the target and its customers by a known adversary.

Cybersecurity and threat intelligence is now entering much earlier in the vetting process. As companies look to benchmark potential acquisition targets against each other, they are pulling threat intelligence data and reports to assess which company is better suited for acquisition and still has control over their intellectual property and data.

Everyone involved knows that companies are going to do their best to look as good as possible and seek the best price for its contents during the due diligence process. The only way to really validate a target's cybersecurity posture is to delve into the threat intelligence data, and thereby find out what the target omitted on purpose or doesn't know. Having this kind of validation and intelligence on the status of a target's intellectual property, customer data, credentials, and threat landscape will enable the acquiring company to make a more informed decision about the transaction.

Ask These Questions
So, what are the right questions to ask? There are many, but to start you need to get in front of the CISO or IT security manager to assess the following:

  • What's in your security infrastructure?
  • What types of security processes do you have in place?
  • Have you experienced any attacks or breaches in the past few years?
  • Have you identified any issues with insider threats?
  • Do you have any known adversaries?
  • Do you have security requirements for your third or fourth party vendors? 

Unfortunately, the security challenges associated with M&A activity do not stop at attacks and breaches but continue through the act of marrying two disparate security systems together in an effort to join the two companies or entities. From merging mail domains to joining the networks, the risks associated with merging IT infrastructure are not only dangerous, they're costly. Should the target have an unknown threat or vulnerability in its environment, that issue is now being introduced into the acquirer's network, giving attackers much more access than they bargained for in the original attack.

With any security issues, the acquiring company is taking on financial and growth risk, but brand and reputation are also key factors. For example: A very common attack vector involves creating a fake look-alike mobile application, similar to an organization's real application, and installing it on victim's phones. This can lead to data leakage from the affected phone or to abuse of the phone resources for cryptocurency mining. The intelligence about this type of app is crucial for security but can also reflect a threat to the brand and reputation of the acquired  company, as this app might be used to attack the company's customers.

There is no guarantee with any merger, but if you can dig into the threat intelligence data about an acquisition target and its partners, as well as assessing internal cybersecurity processes and potential issues, you will have a much clearer picture of the overall viability of the company and its intellectual property.

Related Content:

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Alon Arvatz served in an elite intelligence unit in the Israel Defense Forces. While serving for three years in the most innovative and operational setting, Alon led and coordinated large operations in the cyber intelligence world. Alon established Cyber School, a center ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1448
PUBLISHED: 2020-07-14
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.
CVE-2020-1449
PUBLISHED: 2020-07-14
A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.
CVE-2020-1450
PUBLISHED: 2020-07-14
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1451, CVE-2020-1456.
CVE-2020-1451
PUBLISHED: 2020-07-14
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1450, CVE-2020-1456.
CVE-2020-1454
PUBLISHED: 2020-07-14
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Re...