sb-as logo
Story image

Fortinet asks: Planning a merger? It’s time for a cybersecurity upgrade

08 Mar 2017

M&A activity can offer CFOs a unique opportunity to ramp up cybersecurity levels with greater investment and integration. Cybersecurity may not be a core competency for most CFOs, but it has huge bearing on their responsibilities. A successful data breach can cost victims costs victims around $4 million on average, not including damage to reputation and future sales. 

M&A’s also offer particularly attractive targets for hackers, the vast majority of whom are in it for the money.

Not only does the process of systems integration between both firms often create incompatibilities between applications and processes that hackers can exploit, but sensitive financial and customer data is also moving around much more, and faster, than usual as employees scramble to complete the deal and merge operations.

In this often chaotic milieu, substandard cybersecurity on one or both sides of the merger can prove costly – or even scuttle the deal altogether.

Cybersecurity should, in fact, make up one of the CFO’s top priorities during a merger, precisely because of its large risk quotient. The best way to minimise those risks? Use the merger as an opportunity to refresh cybersecurity entirely.

Doing the groundwork

CFOs should put cybersecurity on their due diligence list from the earliest stages of a merger. Without a detailed audit of both organisations’ systems, networks, and devices, CFOs and their CIO counterparts won’t know the breadth or depth of risks that they face. Cybersecurity documentation from the target organisation can offer insight into how well their technologies and policies hold up under attack.

If that documentation doesn’t exist, CFOs can escalate the matter by bringing in third-party assessors to conduct independent reviews and tests. Given the financial, legal and confidentiality risks of a breach, the CFO should make cybersecurity audits a necessary precondition to any M&A activity going ahead.

Investing in a refresh

In every M&A, it’s the CFO’s job to eliminate inefficiency. The same principle applies to cybersecurity inferior systems can cost the business not just in operational expenditure, but also in greater potential for breaches and greater risk.

During a merger, most CFOs will find that the firms’ different networks, systems, and policies won’t easily work together unless they’ve been explicitly designed to. And the cost of adopting an entirely new platform, while significant, often pales in comparison to the ongoing expenses and time spent trying to merge two incompatible cybersecurity platforms with one another.

A single integrated platform also allows CFOs to improve efficiency even as they minimise cyber risks. Fully-integrated platforms can deliver far higher degrees of automation when it comes to analysing and responding to threats, whether posed by suspicious files or unusual network traffic.

These automated responses often prove more accurate and consistent than manual tracking, which can miss more complex threats or subtle correlations that foreshadow an attack. A refreshed cybersecurity platform may cost more upfront, but it’ll save the CFO from future costs like additional headcount, lengthy systems integration…and the spectre of a threat slipping through the gaps.

Take defences a step further

In performing a full refresh of their systems, CFOs and CIOs should consider taking their cybersecurity technology to the next level. New approaches and innovations can keep the merged organisation one step ahead of cybersecurity threats: internal network segmentation, for example, controls traffic going between different parts of the network, so that a breach to one doesn’t necessarily compromise the rest.

With hackers increasingly spending a longer time snooping around on networks before they launch an attack, such defences can significantly reduce the risks and costs of potential breaches.

CFOs should view M&A’s as a chance to reduce their cybersecurity risk levels now, and for the future. By setting cybersecurity as a due diligence priority, they can make sure that they invest the pooled resources of post-merger organisations into more robust and consistent security – and steer their fellow decision-makers away from M&A targets whose lack of cybersecurity may make them more of a liability than an asset.

Article by Jon McGettigan, senior director, Australia, New Zealand and the Pacific Islands at Fortinet.

Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Hybrid IAM solutions are the way of the future, study states
“As this first-of-its-kind research shows, while IT leaders are faced with unique criteria and conditions that shape their IT strategy, hybrid IAM has emerged as a necessity."More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
COVID-19-themed threats, Powershell malware continue surge
“The world—and enterprises—adjusted amidst pandemic restrictions and sustained remote work challenges, while security threats continued to evolve in complexity and increase in volume."More
Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More