Unfortunately, some of the last people to know about a merger and acquisition are IT and security teams.
Many times these teams find themselves coming in at the last minute to discuss technical implications on how companies will merge or break apart only to find strategic implications were overlooked.
In this video, Ashley Ferguson, Global Director of Executive Advisory Services covers how SecureWorks Merger & Acquisition Advisement was designed by former CISOs and Business Leaders to help organisations assess business and technical risks to the acquiring or acquired organisation from a holistic merger and acquisition perspective. The goal is to help organisations under accelerated timeframes properly assess vulnerabilities and their potential risks to the business impact of the organisation.
Usually the last people to know about a merger and acquisition is your IT and security teams. We’re really trying to encourage people to bring them in sooner. Recognizing, though, that doesn’t always happen, we use the experience that we have to really try to help you to kick start that process a lot faster.
Normally, the teams on your IT and security groups are coming in at the last minute at the point of asking, ‘How do we put these two companies together? Or, ‘How do we break these companies apart?’ You usually have very distinct departments. We really try to get with you to discover what are the questions you need to ask about each company. How do you even assess whether or not you can put those companies together? What’s going to be the process? What’s the timeline? What security vulnerabilities exist within a company? You really need to look at the exposures that you have when you’re looking at a merger, an acquisition. Whatever their issues were, their targets also becomes your target.
And a lot of times the adversary will target a company that is being acquired or divested, believing that there is so much commotion that they can find a weaker link in, and a way to find that break because each company has that separate security and they’re having to open a portal to connect the two together. We’ve had several clients, which I think is great and it’s really showing improvements in the industry, where they’re considering an acquisition, and so they want us to help them assess whether or not that’s a good investment, or how they should be looking at that client. I think that’s really where you get into the process of what does their security really looks like. Recognizing that, when they fill out the questionnaires, that those questionnaires, they want to look good, they want to look like they are doing their engagement so they it may have the truth, but it may also have pieces they’re not comfortable sharing. And so really getting in, performing assessments, giving them the right tools and the right questions to ask, is critical when you’re looking and a merger or acquisition.