Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Ensure Cybersecurity Problems Don’t Lead to an M&A Flop

Multi-billionaire business magnate Warren Buffet knows a thing or two about the merger-and-acquisition (M&A) process – and his take is usually one of skepticism.

After all, it is Buffet who has famously said: “In the business world, the rear-view mirror is always clearer than the windshield.” Or, perhaps more apropos to M&As: A limping horse could be “peddled as Secretariat,” as he once wrote.

Aside from the obvious slop that has historically muddied the post-acquisition period – unrealistic vision, lack of execution, cultural snafus, unseen costs – a new screwball has emerged over recent years that has introduced the potentially most devastating scenario of all: that the business your company just paid a pretty penny for (and all of the intellectual property and other sensitive data that go along with it) may already have been compromised by digital adversaries.

The sky is the limit in terms of the security risk than a target company can present to its new parent, from questionable processes to unpatched vulnerabilities to active malware. And if an issue is discovered after the fact, you and your team are the ones the C-suite will come looking to for answers.

That said, one of the holdups you may experience as a security professional whose company is contemplating an acquisition is the level of indifference shown toward infosec during the due diligence process. Sometimes, even being aware of potential red flags won’t be enough to slow down impetuous business leaders and investment advisors eager to ink a deal.

But you’ll want to pump the brakes as best you can to ensure that if some security-related problem comes back to haunt your organization in the future – and it has for some 40 percent of acquiring companies – that you covered your bases before any checks were signed.

This is not only important so your business avoids a back-breaking breach and all the financial and reputational repercussions that come along with it, but also for the safety of your job.

So, what can you do to move beyond merely a surface-level vetting and come away with true operational visibility into the IT environment you are about to inherit? Here are three proactive approaches, which you can delegate to outside experts if your internal resource capabilities are lacking, to help assure you are procuring a superstar and not a dud.

1) Risk Assessments

The baseline of the IT security due diligence process involves evaluating the target company’s existing security policies and practices, helping you eye potential deficiencies and gaps.

2) Threat Hunts

Traditional and automated security monitoring tools can only take you so far. Threat hunting brings human-led curiosity, instinct and intelligence to the detection process and can uncover the presence of an attacker inside your environment, in addition to a multitude of other activities you don’t want happening across your databases, networks and applications.

3) Security Testing

Vulnerabilities ranging from poorly coded web applications to exploitable passwords to a user population with a propensity to click on things they shouldn’t can enable sophisticated adversaries to run amok across your organization. Enlisting a combination of automated scanning and deep-dive penetration testing for your infrastructure, which also must include “obscure or unknown assets,” can provide the most complete picture of the business you are planning to welcome into the family.


Once you sign off on the deal from a security perspective, your attentiveness will still be required during the transition and integration phases, where you’ll be called on to introduce a long-term strategy that will align with the security maturity goals of your company. This should include, among other things, continuous monitoring and sound incident readiness and response.

Latest Trustwave Blogs

The Two Sides of ChatGPT: Helping MDR Detect Blind Spots While Bolstering the Phishing Threat

ChatGPT is proving to be something of a double-edged sword when it comes to cybersecurity.

Read More

Trustwave MailMarshal Email Security Protects Against WinRAR Vulnerability CVE-2023-38831

The importance of email security cannot be understated. Proof of this can be seen in some recent research conducted by the Trustwave SpiderLabs team around our email security product MailMarshal.

Read More

Bah, Humbug! Grinchbots and Freebie Bots Attempt to Ruin Holiday Shopping for Consumers and Retailers

If the holiday classic “How the Grinch Stole Christmas” was remade in 2023, the mean green guy might be played by an Internet bot.

Read More