Companies involved in mergers and acquisitions are increasingly targeted with cyberattacks that could potentially derail the deals, says Bryce Boland of FireEye (see: Inside An Elite APT Attack Group).
Too often, companies overlook breaches when they're focused on finishing the financial due diligence related to mergers and acquisitions, says Boland, who is FireEye's APAC CTO, in an interview with Information Security Media Group. Risks include loss of intellectual property and harm to reputation, which can hurt a company's valuation.
"We see a lot of targeting of organizations through their partners and their supply chain," he warns. "Quite often, organizations that you are acquiring may be targeted by criminals in order to gain access to your company. ... We are also increasingly seeing cases where companies being acquired are broken into and stripped of intellectual property, effectively devaluing that company." (see: The Changing Face of Cyber Espionage)
Boland recommends increased scrutiny and vigilance during the period of mergers and acquisitions, including due diligence that extends to include a security assessment of the company being acquired. Unfortunately, he says, due diligence teams rarely include anyone with cybersecurity expertise.
In this exclusive interview (see audio link below photo), Boland speaks about a range of risks organizations face during mergers and acquisitions, including:
- How to prepare a cyber defense during merger and acquisition activities;
- Attack techniques used during mergers and acquisitions;
- Advice for CISOs at organizations making acquisitions.
Boland, CTO for Asia Pacific at FireEye, has more than 16 years of information security experience. He previously was the security CTO for UBS, a technology risk management consultant at ABN AMRO and a member of the ABN AMRO GCIRT and Enterprise Network Steering Committee. He has lived and worked in New Zealand, Australia, U.K., Switzerland and now Singapore.