M&A Cybersecurity Risk… It’s Much Bigger Than You Think

When Their Attack Surface Becomes Your Attack Surface

I formerly ran M&A for public company, and serial acquirer, Compuware. I can tell you from vast experience accrued from managing many transactions, when it comes to cybersecurity, mergers and acquisitions are like a marriage. When two companies walk down the aisle together, one’s cybersecurity problems become the other’s baggage — whether they disclose it or not.

The first half of 2018 saw $2.5 trillion in mergers in the US. Companies are grappling to understand what this boom means for their online presence.

Today’s brands are no longer responsible for just their network. They’re also responsible for what falls outside their firewall, as well as the firewall of any companies they acquire. All of the company assets that extend from within the corporate perimeter all the way out to the entire internet are known as an attack surface. They are a collection of far-flung client-facing assets that hackers can discover in research for their threat campaigns.

Many of these assets are valuable to hackers purely because they’re valuable to customers. Digital channels are the predominant method of customer engagement for many organizations, bringing an explosion of publicly facing web sites…