A company’s security infrastructure is more vulnerable during the Mergers and Acquisition (M&A) process, according to new research from Digital Shadows.
In its report ‘Cyber Threats Targeting Mergers and Acquisitions’, the firm investigate the cyber risks or possible degradation to a company’s security that can occur as a result of M&As. The research outlines the various stages that make up the M&A procedure, and more interestingly, how security threats develop and change as these steps progress.
Whilst it is quick to point out that M&As can be exciting, often bringing about the expansion and improvement of businesses, Digital Shadows highlights the fact that as periods of significant change, adjustment and stress, failure to secure sensitive information constitutes an added threat to the organization and an opportunity for threat actors.
According to Rick Holland, vice-president of strategy at Digital Shadows, cyber-criminals appear to view the M&A period as an ideal time to attack a company, doubling down their efforts to capitalize on this window of opportunity.
“There is demonstrable evidence to suggest that companies going through the M&A process have been targeted by malicious actors,” he told Infosecurity.
“Failure to secure sensitive information during an M&A process opens the door to threat actors looking to profit by exploiting financial markets and proprietary intellectual property and it’s imperative that organizations are aware of this threat.”
Holland suggests that internal threats play a significant role in the increased risks companies face during M&As, citing factors such as employees’ attitudes to possible redundancies or undesirable change as potential breading grounds for data leaks.
“Certainly, employees are a demonstrable risk when disenfranchised. Additionally, as M&A reaches its final stages and due diligence is in full flow, the amount of data that is shared increases dramatically and so does the risk of a data breach. As such, organizations may well experience an increase in spear-phishing attempts as attackers strive to take advantage of a surge in valuable data that exchanges hands during this process.”