Don’t Buy A Breach: Ten Cybersecurity Red Flags To Look For During M&A Due Diligence

GettyGetty

We’ve heard the pundits’ criticism: Marriott should have known better. The hospitality company’s recent and well-publicized security breach occurred when hackers exploited network-security vulnerabilities in its Starwood division, a subsidiary that Marriott purchased only three years ago. And actually, it’s the news of the breach that’s recent. The breaching itself began in 2014.

With the benefit of 20/20 hindsight, it’s easy to cast the first stones: In 2016, Marriott purchased a company with compromised infrastructure, and then unknowingly integrated that compromised network into its own infrastructure. The Marriott story doesn’t paint a pretty picture of traditional castle-and-moat security. (“Ignore that extra drawbridge.”)

Instead of piling on further, let’s instead learn from Marriott’s experience. (We in the cybersecurity industry should never let a breach go to waste.) This is a mergers and acquisitions (MA) object lesson and highlights the crucial role cybersecurity validation

... read more at: https://www.forbes.com/sites/forbestechcouncil/2019/02/12/dont-buy-a-breach-ten-cybersecurity-red-flags-to-look-for-during-ma-due-diligence/

by