Connect with us

BUSINESS

How to Handle Cyber Security during Mergers and Acquisitions

How to Handle Cyber Security during Mergers and Acquisitions

By: Jonathan Sander, VP of product strategy for Lieberman Software

Commencing a Mergers and Acquisitions (M&A) deal, is like buying a new home.  Due diligence dictates that the buyer understands all of the risks, where there are weak points, leaks or any other risks that will be inherited. To do this, the buyer will bring in an inspector, or in the case of a merger or acquisition, a third party to clue up the buyer to any potential sticking points.  But also akin to buying a home, the true faults don’t begin to show until you’ve lived with them – or done business with them – for a while.

When purchasing a new company, naturally cyber security is often not a top priority and any inspection pre-merger will consist of a casual examination of the results in IT systems, audits of data dumps and a walk-through transaction from the view of the end user.  When it comes down to it, both parties are more worried about keeping customers and shareholders happy and focusing strongly on the quickest route to profitability.  Therefore, post M&A consolidation of the two companies is likely to be rushed.  However, rue consolidation can take years to achieve post merger and this is because of the complexity that is realised when bringing two companies together.champers

And here’s the thing: complexity makes an excellent place for bad guys to hide, whether it’s external cyber criminals looking to take advantage of a chaotic time, or an internal employee feeling uncertain about their position in the new corporate environment. The number one real risk from mergers and acquisitions is that this complexity multiplies overnight when Company A amalgamates with Company B. Cyber criminals under any guise are opportunists and will take advantage while everyone else is distracted.

With that in mind, companies need to anticipate that insecure, privileged accounts are a prominent method used by cyber criminals to gain access into a network and think about how this problem is effectively multiplied when two or more IT environments merge. Privileged accounts provide the gateway for viewing and extracting critical data, altering system configuration settings, and running programs on almost every hardware and software asset in the company. And once one privileged account is breached, it is easy for hackers to move around the network almost undetected.

There are so many privileged accounts in large businesses that many can’t keep track of where all of their privileged accounts reside or who can access them.Unlike personal login credentials, privileged identities are not typically linked to any one individual and are often shared among multiple IT administrators with credentials which are seldom changed, making it even easier for the criminals to worm their way through the network.

So while Organisation A might have well defined processes to keep track of these important accounts, Organisation B could potentially be a mess of who has access to what or over-provisioning (where employees move internally but still have old access permissions).  When the two merge, there will also be cases of inherited rights if rules and policies are not well-defined and therefore even more risk is introduced.

Put simply, when two corporate IT environments come together, IT and systems administrators come face to face with one of the biggest IT challenges of a successful merger: privileged identity management.

The problem is that if organisations don’t know where their privileged accounts are on the network, they cannot safeguard them. Think of an ostrich; just because it buries its head and is unable to see the problem doesn’t mean that it won’t get attacked. So the idea is to detect and remediate.

Adaptive privilege management automatically locates privileged accounts throughout the network, brings those accounts under management while auditing access to them.  The uncomfortable truth is that in today’s cyber security landscape, cyber criminals can compromise a network no matter what security measures you have in place. Fortunately, with adaptive privilege management security threats can be remediated faster than hackers can exploit them.

For two companies coming together, proactively sorting out the issues surrounding privileged identity management with a view to minimising cyber related risk can build trust and remove arbitrary access to make sure the process is fair.

While mergers and acquisitions can be a thrilling and eventful time in the corporate world,it can also be a highly chaotic time, especially for IT teams and sys admins who need to keep track of employees and sensitive information. When thinking about the number of new staff, the leavers and the movers, it can boggle the mind of even the most astute IT professionals. By keeping a step ahead and taking actions to easily get insight and control over who is accessing what, it can decrease the complexity of bringing two different corporate IT environments together and help keep cyber criminals at bay.

www.liebsoft.com

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Recent Posts