Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/8/2018
10:30 AM
Alon Arvatz
Alon Arvatz
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybersecurity Gets Added to the M&A Lexicon

Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.

At the start of 2018, the technology industry kicked off with two well-publicized acquisitions: Cisco bought Skyport Systems and Amazon got Sqrrl. It doesn't matter if the industry is in technology, financial services, telecommunications, or any other vertical market, the merger and acquisition process is well-defined: the acquirer's goal is to uncover as much information about the acquisition target as possible in order to determine if the transaction will have a positive outcome.

Historically, through the due diligence process one would seek intel on financial stability, growth expectations, market saturation, talent, and partnerships. While all of these still influence a transaction, there is a relatively new variable to the equation: cybersecurity. From the banks involved to the legal departments drafting the deal, the importance of an acquisition target's security posture cannot be denied.

Threat intelligence is emerging as an important factor in the due diligence process, as a means to better understand the ultimate security risk associated with any M&A activity. To have the ability to listen to the Dark Web and hacker chatter forums gives the acquiring company insight into historical accounts of attacks, potential data breaches or leakage, insider threat activity, and ongoing security exploits focused on the target and its customers by a known adversary.

Cybersecurity and threat intelligence is now entering much earlier in the vetting process. As companies look to benchmark potential acquisition targets against each other, they are pulling threat intelligence data and reports to assess which company is better suited for acquisition and still has control over their intellectual property and data.

Everyone involved knows that companies are going to do their best to look as good as possible and seek the best price for its contents during the due diligence process. The only way to really validate a target's cybersecurity posture is to delve into the threat intelligence data, and thereby find out what the target omitted on purpose or doesn't know. Having this kind of validation and intelligence on the status of a target's intellectual property, customer data, credentials, and threat landscape will enable the acquiring company to make a more informed decision about the transaction.

Ask These Questions
So, what are the right questions to ask? There are many, but to start you need to get in front of the CISO or IT security manager to assess the following:

  • What's in your security infrastructure?
  • What types of security processes do you have in place?
  • Have you experienced any attacks or breaches in the past few years?
  • Have you identified any issues with insider threats?
  • Do you have any known adversaries?
  • Do you have security requirements for your third or fourth party vendors? 

Unfortunately, the security challenges associated with M&A activity do not stop at attacks and breaches but continue through the act of marrying two disparate security systems together in an effort to join the two companies or entities. From merging mail domains to joining the networks, the risks associated with merging IT infrastructure are not only dangerous, they're costly. Should the target have an unknown threat or vulnerability in its environment, that issue is now being introduced into the acquirer's network, giving attackers much more access than they bargained for in the original attack.

With any security issues, the acquiring company is taking on financial and growth risk, but brand and reputation are also key factors. For example: A very common attack vector involves creating a fake look-alike mobile application, similar to an organization's real application, and installing it on victim's phones. This can lead to data leakage from the affected phone or to abuse of the phone resources for cryptocurency mining. The intelligence about this type of app is crucial for security but can also reflect a threat to the brand and reputation of the acquired  company, as this app might be used to attack the company's customers.

There is no guarantee with any merger, but if you can dig into the threat intelligence data about an acquisition target and its partners, as well as assessing internal cybersecurity processes and potential issues, you will have a much clearer picture of the overall viability of the company and its intellectual property.

Related Content:

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Alon Arvatz served in an elite intelligence unit in the Israel Defense Forces. While serving for three years in the most innovative and operational setting, Alon led and coordinated large operations in the cyber intelligence world. Alon established Cyber School, a center ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13991
PUBLISHED: 2020-09-24
vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.
CVE-2020-15160
PUBLISHED: 2020-09-24
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8
CVE-2020-15162
PUBLISHED: 2020-09-24
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.
CVE-2020-15843
PUBLISHED: 2020-09-24
ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full Control" t...
CVE-2020-17365
PUBLISHED: 2020-09-24
Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially craf...