The M&A process is difficult to manage and navigate. There are many moving parts for all parties involved, from financial terms to the integration of new personnel and the merging of corporate cultures.
However, there may be another important consideration during the M&A process that even finance and business experts overlook: intellectual property theft and network security.
Grady Summers of Mandiant, an information security company, recently authored a blog post for the company’s M-unition blog that discussed a rising trend of network compromises during the M&A process. The article highlights recent examples of intellectual property theft during M&A’s and provides information on how organizations can improve their chances of detecting compromise during the M&A process.
Here is an excerpt from the article:
“…organizations are buying and selling compromise during merger & acquisition activity. We observed a significant percentage of incidents we responded to last year were discovered either (1) after the acquiring organization had integrated a smaller organization into its network or were (2) discovered during the due diligence process, before the organizations’ networks were connected.
Since we published M-Trends: An Evolving Threat, I have received a lot of questions about how this early detection (prior to integration of networks) actually works. How is it that many companies do not know they themselves are breached, and yet the organization that is acquiring them can detect these advanced targeted threats when their networks are connected.
Although it is not fun, practice makes perfect. That is, the organizations who are finding compromise in acquisitions are those who have been at this the longest. That makes intuitive sense. However, there are a few things that every organization can do to improve its chances of detecting compromise during an M&A process…”
The rest of the article can be read here.
Although it may not be as top of mind as merging corporate cultures or negotiating financial terms, detecting and eliminating data breaches and the loss of intellectual property can be just as important of a consideration during the M&A process. If your company is considering a merger or acquisition, it may be a good idea to think about your security posture first.