The year 2021 has seen a surge in mergers and acquisitions around the world. An “epic” amount of deals were struck in the first half of 2021 around the world, followed by a “frenzied summer” of M&A activity. This ostensibly good economic news, however, comes with a technological sting in the tail. M&As can be particularly harmful in terms of cybersecurity because businesses that acquire other companies not only take on their business advantages. They also import their problems, vulnerabilities, and risk profile.
It’s almost certain that some of the organizations that participated in the post-pandemic M&A boom will be sitting on a ticking time bomb as a result of data security vulnerabilities with the businesses they recently acquired. This implies security teams and CISOs need to be proactive, acting now to resolve vulnerabilities before they become a problem.
Mergers and their data risks
When one firm buys another, the process nearly invariably entails system integration and data transfer. When two companies merge, many companies execute a “lift and shift,” where they simply take the data and move it onto their servers. Unfortunately, this data is not often thoroughly verified and is frequently unstructured, posing numerous risks. Insider threats could be increased if some of the data is exposed to employees and contractors who should not have access, for example. Due to the fact that mergers frequently result in redundancies, leaving sensitive data exposed, makes a business vulnerable to attacks, by hackers, cybercriminals or simply a disgruntled employee who has lost their job.
Permissions on data acquired through mergers and acquisitions can be broken. This means that certain IT administrators have too much access, or that the right individuals don’t have access to the information they need. It could be a very small risk, but that does not make it less of a productivity drain. Shadow admins, who have unauthorized privileged access acquired without the security team’s awareness, could also be a problem. These accounts have the ability to make admin-level modifications that can inflict widespread damage, making them a target for external attackers.
Even dormant user accounts can be a threat. When an organization undertakes a lift and shift, for example, several accounts belonging to former employees can be brought in, including some privileged profiles. Again, these are easy targets for hackers, who can acquire enhanced access to these accounts in a matter of minutes if they can compromise them.
A safe M&A playbook
Inability to manage the integration of cybersecurity measures comes with its own set of risks. Leaders in security and risk management should ensure that adequate due diligence is performed and that cybersecurity implications are considered throughout the process.
During a merger, a CISO’s first objective should be to create an M&A playbook that can be used repeatedly. This playbook should provide step-by-step instructions for reviewing and moving data, lowering the cost and risk of M&A transactions.
CISOs should ideally be involved in the early stages of due diligence to analyze whether the M&A would result in a security breach or to identify potential issues before they explode into big crises.
To identify accounts that a hacker could exploit to steal data, all accounts, particularly executive, service, and privileged accounts, should be recognized. Before deleting excessive permissions and pinpointing over-exposed data, the folder structure of data repositories should be scanned to assess permissions on each folder. Data should be locked down as much as feasible before the migration begins, utilizing an audit process outlined in the M&A playbook.
For more such updates follow us on Google News ITsecuritywire News