Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

The Cybersecurity Playbook You Need to Run To Mitigate Risk During M&A

Mergers and acquisitions are high-risk endeavors, sometimes with billions of dollars and corporate reputations at stake. But one way to help lessen the danger is by conducting a thorough cybersecurity review during the due diligence process.

The consulting and professional services team at Trustwave works closely with firms across the globe undertaking M&A deals of all sizes. Through our experience, we know that conducting a rigorous cybersecurity review early in the merger process can significantly reduce the possibility that the organizations coming together does not harbor or create a cyber threat that could come to light after the deal is sealed and the systems are merged. 

A decision to skip or gloss over this aspect of the due diligence process can prove dangerous and detrimental to reputation. Just ask the large hotel chain or Fortune 500 telecom provider who failed to detect cyber intrusions during the due diligence period of their deals, leading to high-profile public data breaches.

The C-Suite has not missed the importance of lessons, with many executives now rightly asking for visibility into the cybersecurity aspect of any deal being contemplated. 

The ramp-up in M&A activity due to COVID-19 has made this task even more difficult as threat surfaces have expanded exponentially as organizations moved to the cloud. At the same time, their staff shifted to home offices in response to the pandemic. So, it’s imperative that any company contemplating a merger or acquisition have a plan in place to include a cybersecurity review during the process.

The Ideal 3-Step M&A Cybersecurity Playbook at a Glance

In much the same way a company will conduct a thorough investigation to determine a proper valuation of the company it wishes to buy, it must also discover its cybersecurity level.

 

18366_ma-cybersecurity-playbook

 

  1. The first step in Trustwave’s process takes place before the deal is publicly announced, or pre-Day One.

    This activity involves creating a cybersecurity baseline for both companies involved to discover each firm’s cybersecurity maturity, pinpointing its most valuable assets, and identifying security gaps.

    A typical approach used to develop a baseline uses the National Institute of Technology (NIST) Cybersecurity Framework. The framework is designed to give businesses of all sizes a better understanding of managing and reducing their cybersecurity risk and protecting their networks and data. 

    At this time, a threat intelligence team is brought in to identify any potential risks and security gaps facing the two firms before the merger commences. Next, security workshops with both companies are conducted to identify the “as-is state” of their security and develop the required operations model for the new company, including a review of its SOC/MSSP status.

  1. The cybersecurity plan for the second stage of the merger process starts on Day One, or when the deal is announced.

    At this time, Trustwave will assess the operating models and identify synergies between the two companies and then create a strategic roadmap. A Trustwave SpiderLabs team is then brought in to conduct red and purple team testing.

  1. However, the work does not stop when the deal is closed. From post-Day One, the closing date, and for the next 90 days, it’s essential to review the new company and ensure there is no risk exposure. This task is accomplished by:

    • Conducting a security maturity diagnostic which re-examines the new firm’s security program maturity and current operating effectiveness.
    • Running a threat detection and response (TDR) diagnostic to examine the company’s current technology, its security people, and processes currently in place.
    • Transitioning and integrating the new company into the acquiring firm’s MDR/MSS solution.

As the two companies are about to combine, we conduct incident response planning to test the organizations' plans along with executive level tabletop exercises to test the operational effectiveness of the new teams.

Supply Chain

The cybersecurity due diligence process cannot ignore the acquisition target’s supply chain, and essentially another baseline has to be created for these vendors. Creating this baseline can be a very complex operation because some companies have thousands of vendors. Still, as we saw with SolarWinds and Kaseya, it’s imperative to know if a supplier is a security problem. 

Luckily there are many technologies and tools Trustwave has available to help discover such vulnerabilities and even rate vendors on their cybersecurity capabilities.

Once the security review identifies any problematical third-party vendors, the team can implement a plan to deal with the problem.

Trustwave believes our three-step approach that encompasses the periods before, during and after completion of the deal will help ensure security issues are mitigated to the greatest extent possible.

18339_securing-iot

 

Latest Trustwave Blogs

Phishing: The Grade A Threat to the Education Sector

Phishing is the most common method for an attacker to gain an initial foothold in an educational organization, according to the just released Trustwave SpiderLabs report 2024 Education Threat...

Read More

Unlocking Cyber Resilience: UK’s NCSC Drafts Code of Practice to Elevate Cybersecurity Governance in UK Businesses

In late January, the UK’s National Cyber Security Centre (NCSC) issued the draft of its Code of Practice on Cybersecurity Governance. The document's goal is to raise the profile of cyber issues with...

Read More

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More