Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:00 PM
Connect Directly
E-Mail vvv

Overlooked Security Risks of the M&A Rebound

Successful technology integration, post-merger, is tricky in any market, and never more so than with today's remote work environments and distributed IT infrastructure.

When the ongoing pandemic took root in the US, businesses and entire industries were turned upside down. Unsurprisingly, there was a significant slowdown in the number of tech mergers during the first quarter of 2020. Companies inwardly focused on pressing issues tied to their very survival — understanding market demand changes, countering downward pressures, and right-sizing teams and expenses accordingly.

As we speculate about a new normal, Bain & Co. expects deals will rebound to historic levels in the coming months. Whether it's to improve business efficiencies or access technologies to adapt to the new realities of work, Bain anticipates an uptick in deals in remote IT support, automation, artificial intelligence, and work collaboration tools.

While this should bring new life to companies, mergers and acquisitions will present challenges, as always. Successful post-merger integration is tricky in all markets, and more so in today's remote working environments with increasingly distributed IT infrastructures. Merging companies need to think differently to be successful and maintain network security protocols.

Related Content:

Preventing and Mitigating DDoS Attacks: It's Elementary

The Changing Face of Threat Intelligence

New on The Edge: Bug Bounty Hunters' Pro Tips on Chasing Vulns & Money

Some of the biggest breaches of the last few years have occurred after large companies combined operations. Verizon's acquisition of Yahoo and Marriott's combination with Starwood come to mind, among many others. Often, it's subtle vulnerabilities, issues that have gone undiscovered in company IT environments for months or even years (e.g., unauthorized database access) that go on to create major headaches after the merger. When vulnerabilities go undetected during diligence and parties move quickly to consummate their transaction, serious security risks may be overlooked. In these cases, the number of customers whose private data could be exposed in a breach increases exponentially.

To balance speed and caution, M&A teams must take proactive steps to mitigate security risks throughout the transition phase.

When Companies Merge, Security Risks Multiply
Merging firms are often unaware of security issues or breaches in their networks until it's too late. The burden falls to both parties to perform a thorough cybersecurity assessment before, during, and after their networks are merged.

First, it's vital for all teams across both organizations to establish complete visibility throughout the expanding environment, including data centers, branch offices, cloud applications, and edge devices. This is crucial in order to gain a complete picture of both enterprises and help identify vulnerabilities. Establishing this shared source of information about everything happening on all networks enables businesses to break free from organizational silos that inhibit swift detection and resolution of IT security threats.

The next step is to detect and classify all assets across all environments. In particular, the proliferation of enterprise edge devices and the Internet of Things devices adds another layer of complexity to maintaining a secure infrastructure. Many of the billions of connected devices don't have built-in security measures, increasing their vulnerability to potential distributed denial-of-service or man-in-the-middle attacks.

Behavioral analytics can help mitigate this issue, as it allows security analysts to know when intruders are still present and identify what information has been compromised. Armed with timely information, security teams can detect threats in real time and provide contextualized data for rapid investigation and response.

It's also essential to close security gaps that emerge with cloud infrastructure. The cloud dramatically expands attack surfaces and exposes acquiring companies to myriad new security risks. While cloud service providers are responsible for some aspects of security — specifically, securitizing the cloud environment — customers are responsible for securing the workloads being transferred into and out of their cloud applications.

Misunderstanding this shared responsibility leads to critical security risks. In fact, some of the biggest cloud security threats are "in-house" — misconfigured services and portals, insecure APIs, and unauthorized access, to name a few. Businesses must take inventory of all these potential holes in the security infrastructure as systems are merged. Proactively uncovering and addressing cloud-specific security risks allows acquirers to expedite deals and emerge confident in the security of the integrated networks.

Integrate With Confidence
Cybersecurity attacks during M&A introduces risk and can compromise valuations. When sensitive data is leaked as a result of security lapses, it can damage the reputations of both organizations and cause firms to rethink or revalue transactions. To address these risks, businesses must develop a transition strategy with security top-of-mind. With a clear plan for maintaining security before, during, and after the merger, acquiring companies can uncover and address issues before the damaging effects are felt.

Bill Ruckelshaus is an experienced public company executive with a passion for technology-driven businesses – ranging from VC-backed pre-IPO firms, to profitable companies with $500M + in annual revenue. Bill is a hands-on executive with experience in strategy, ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...