Threat Intelligence

3/8/2018
10:30 AM
Alon Arvatz
Alon Arvatz
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Cybersecurity Gets Added to the M&A Lexicon

Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.

At the start of 2018, the technology industry kicked off with two well-publicized acquisitions: Cisco bought Skyport Systems and Amazon got Sqrrl. It doesn't matter if the industry is in technology, financial services, telecommunications, or any other vertical market, the merger and acquisition process is well-defined: the acquirer's goal is to uncover as much information about the acquisition target as possible in order to determine if the transaction will have a positive outcome.

Historically, through the due diligence process one would seek intel on financial stability, growth expectations, market saturation, talent, and partnerships. While all of these still influence a transaction, there is a relatively new variable to the equation: cybersecurity. From the banks involved to the legal departments drafting the deal, the importance of an acquisition target's security posture cannot be denied.

Threat intelligence is emerging as an important factor in the due diligence process, as a means to better understand the ultimate security risk associated with any M&A activity. To have the ability to listen to the Dark Web and hacker chatter forums gives the acquiring company insight into historical accounts of attacks, potential data breaches or leakage, insider threat activity, and ongoing security exploits focused on the target and its customers by a known adversary.

Cybersecurity and threat intelligence is now entering much earlier in the vetting process. As companies look to benchmark potential acquisition targets against each other, they are pulling threat intelligence data and reports to assess which company is better suited for acquisition and still has control over their intellectual property and data.

Everyone involved knows that companies are going to do their best to look as good as possible and seek the best price for its contents during the due diligence process. The only way to really validate a target's cybersecurity posture is to delve into the threat intelligence data, and thereby find out what the target omitted on purpose or doesn't know. Having this kind of validation and intelligence on the status of a target's intellectual property, customer data, credentials, and threat landscape will enable the acquiring company to make a more informed decision about the transaction.

Ask These Questions
So, what are the right questions to ask? There are many, but to start you need to get in front of the CISO or IT security manager to assess the following:

  • What's in your security infrastructure?
  • What types of security processes do you have in place?
  • Have you experienced any attacks or breaches in the past few years?
  • Have you identified any issues with insider threats?
  • Do you have any known adversaries?
  • Do you have security requirements for your third or fourth party vendors? 

Unfortunately, the security challenges associated with M&A activity do not stop at attacks and breaches but continue through the act of marrying two disparate security systems together in an effort to join the two companies or entities. From merging mail domains to joining the networks, the risks associated with merging IT infrastructure are not only dangerous, they're costly. Should the target have an unknown threat or vulnerability in its environment, that issue is now being introduced into the acquirer's network, giving attackers much more access than they bargained for in the original attack.

With any security issues, the acquiring company is taking on financial and growth risk, but brand and reputation are also key factors. For example: A very common attack vector involves creating a fake look-alike mobile application, similar to an organization's real application, and installing it on victim's phones. This can lead to data leakage from the affected phone or to abuse of the phone resources for cryptocurency mining. The intelligence about this type of app is crucial for security but can also reflect a threat to the brand and reputation of the acquired  company, as this app might be used to attack the company's customers.

There is no guarantee with any merger, but if you can dig into the threat intelligence data about an acquisition target and its partners, as well as assessing internal cybersecurity processes and potential issues, you will have a much clearer picture of the overall viability of the company and its intellectual property.

Related Content:

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Alon Arvatz served in an elite intelligence unit in the Israel Defense Forces. While serving for three years in the most innovative and operational setting, Alon led and coordinated large operations in the cyber intelligence world. Alon established Cyber School, a center ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark Reading,  12/3/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19653
PUBLISHED: 2018-12-09
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
CVE-2018-19982
PUBLISHED: 2018-12-09
An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HU...
CVE-2018-19983
PUBLISHED: 2018-12-09
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending ...
CVE-2018-19980
PUBLISHED: 2018-12-08
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.
CVE-2018-19961
PUBLISHED: 2018-12-08
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.