Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Ensure Cybersecurity Problems Don’t Lead to an M&A Flop

Multi-billionaire business magnate Warren Buffet knows a thing or two about the merger-and-acquisition (M&A) process – and his take is usually one of skepticism.

After all, it is Buffet who has famously said: “In the business world, the rear-view mirror is always clearer than the windshield.” Or, perhaps more apropos to M&As: A limping horse could be “peddled as Secretariat,” as he once wrote.

Aside from the obvious slop that has historically muddied the post-acquisition period – unrealistic vision, lack of execution, cultural snafus, unseen costs – a new screwball has emerged over recent years that has introduced the potentially most devastating scenario of all: that the business your company just paid a pretty penny for (and all of the intellectual property and other sensitive data that go along with it) may already have been compromised by digital adversaries.

The sky is the limit in terms of the security risk than a target company can present to its new parent, from questionable processes to unpatched vulnerabilities to active malware. And if an issue is discovered after the fact, you and your team are the ones the C-suite will come looking to for answers.

That said, one of the holdups you may experience as a security professional whose company is contemplating an acquisition is the level of indifference shown toward infosec during the due diligence process. Sometimes, even being aware of potential red flags won’t be enough to slow down impetuous business leaders and investment advisors eager to ink a deal.

But you’ll want to pump the brakes as best you can to ensure that if some security-related problem comes back to haunt your organization in the future – and it has for some 40 percent of acquiring companies – that you covered your bases before any checks were signed.

This is not only important so your business avoids a back-breaking breach and all the financial and reputational repercussions that come along with it, but also for the safety of your job.

So, what can you do to move beyond merely a surface-level vetting and come away with true operational visibility into the IT environment you are about to inherit? Here are three proactive approaches, which you can delegate to outside experts if your internal resource capabilities are lacking, to help assure you are procuring a superstar and not a dud.

1) Risk Assessments

The baseline of the IT security due diligence process involves evaluating the target company’s existing security policies and practices, helping you eye potential deficiencies and gaps.

2) Threat Hunts

Traditional and automated security monitoring tools can only take you so far. Threat hunting brings human-led curiosity, instinct and intelligence to the detection process and can uncover the presence of an attacker inside your environment, in addition to a multitude of other activities you don’t want happening across your databases, networks and applications.

3) Security Testing

Vulnerabilities ranging from poorly coded web applications to exploitable passwords to a user population with a propensity to click on things they shouldn’t can enable sophisticated adversaries to run amok across your organization. Enlisting a combination of automated scanning and deep-dive penetration testing for your infrastructure, which also must include “obscure or unknown assets,” can provide the most complete picture of the business you are planning to welcome into the family.

***

Once you sign off on the deal from a security perspective, your attentiveness will still be required during the transition and integration phases, where you’ll be called on to introduce a long-term strategy that will align with the security maturity goals of your company. This should include, among other things, continuous monitoring and sound incident readiness and response.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo