This post is the final in a three-part series. In part one and part two, we discussed the importance of involving IT and security teams in the early stages of mergers and acquisitions, and then looked at the cybersecurity risks and the role of asset inventory.
In this third and final part of this series, we look at the risks involved in integrating assets for organizations and the role of cyber asset attack surface management (CAASM) in this last — and crucial — stage.
The contracts are signed. Negotiations and due diligence are complete. The deal’s closed.
Now comes the next stage: integrating each organization’s assets. (Or at least some of these assets.)
The challenges for this last stage of mergers and acquisitions only increase. As operations transition, critical data is more often at risk. IT and security professionals are now dealing with a larger attack threat surface, so there are additional security gaps to discover and remediate. And, with this, increased cybersecurity risks.
More than one in three executives that were involved with mergers and acquisitions have experienced security breaches during the integration stage, according to IBM’s Assessing Cyber Risk in M&A report.
Mergers and acquisitions: the importance of asset inventory at the integration stage
Inventorying, managing, and securing assets — workstations, cloud services, devices, and more — for each organization is one of the key steps in mergers and acquisitions.
At this point, IT and security professionals for each organization have already asked — and answered — some of these asset-related questions:
- How many assets (devices, cloud instances, SaaS apps, and user accounts) were acquired?
- What needs to be integrated?
- What vulnerabilities were present at the time?
- What IT and security tools did each organization have? Where’s the overlap?
Though they’ve got the answers for their respective organizations, IT and security professionals need to figure out how they’re going to combine these assets.
At this integration stage, they’ll likely have true clarity into the security posture and IT hygiene of another organization. But without accurate information on what assets are going to be integrated, it’s difficult to identify the problems and how to fix them.
What’s the best way to view the entire cybersecurity attack surface?
Mergers and acquisitions: the role of CAASM
Conducting a comprehensive asset inventory is difficult enough as it is. IT and security professionals always encounter this problem: “you can’t protect what you can’t see”.
When their organizations are involved in merger and acquisition activity, this only becomes more important — and complex. Now that the cybersecurity attack surface has expanded, there’s more data, assets, and cybersecurity risks.
Though these professionals have an asset inventory, there are questions about how comprehensive and up-to-date it is.
CAASM can help out in the following ways:
- Developing a comprehensive — and complete — asset inventory.
- Understanding the strength of the overall cybersecurity health and IT hygiene.
- Defining and automating actions to close security gaps, document any changes, and track progress.
“Think about what does the long term look like for both companies.”
— Lenny Zeltser, CISO at Axonius
Hear more from Zeltser in Help Net Security's video, "Minimizing risk: Key cybersecurity-related M&A considerations", to organizations to keep in mind when they're involved in mergers and acquisitions.
Cybersecurity asset management platforms provide full visibility into the internal and external attack surface. They track all devices, cloud services, software, and users — no matter where they’re located. This asset inventory also includes ephemeral devices, which typically show up intermittently or exist for a short time in the IT environment. As a result, IT and security professionals can map out all assets, including the ones that are newly integrated.
The best platforms, like Axonius, leverage an organization’s existing data — and that includes the newly formed entity. Teams are able to continually conduct a real-time, up-to-date asset inventory.
These platforms provide IT and security professionals with the capability to automatically discover security gaps, devices missing agents, and cloud misconfigurations. They can customize triggered actions when an asset or user deviates from policies. Executing remote commands, expanding vulnerability scans, and enabling or disabling compromised user accounts are just some of these actions.
And the top platforms initiate all these actions in the background, so teams can take on more proactive and preventative measures. This all helps IT and security professionals understand the timeframe and effort it takes to integrate both organizations.