The recent increase in M&A activity has begun to catch the attention of cybercriminals, according to a FireEye report. A record-setting $5 trillion was exchanged through M&A deals in 2015, driving the cyber-underworld to the activity for three primary reasons:
- Theft of non-public information prior to the deal’s announcement for financial gain
- Exploiting sensitive financial information throughout the M&A process
- Taking advantage of the “increased attack surface” after companies combine their operations
Not to mention, an organization may unknowingly be a victim of cybercrime prior to a merger or acquisition, meaning once forces are joined, the malware or compromised network may spread to all corners of an organization. Companies in the process of M&A deals are vulnerable for cybercrime for a variety of reasons, but it is crucial that businesses be aware of their vulnerabilities and conduct cybersecurity due diligence prior to the deal. Post-acquisition activities are equally important, the report explains. Integration of the two companies’ IT infrastructure is fairly common in order to reduce long-term costs. However, it can create a myriad of short-term problems following a deal. Communication and preparation are crucial when forming a two-way relationship between IT departments.