You may want to review our corporate mergers and acquisitions security learning guide or other tips on information security merger management.
Depending on the level of publicity around the merger, external threats of attack may increase. Criminals could assume -- perhaps rightly -- that you are distracted by the merger or too busy investigating the other company to monitor your systems for attacks. To mitigate merger threats, monitor for unexpected connections from the other company, and pay close attention to your systems and logs throughout the M&A process. When analyzing the logs, one possible indicator of malicious activity could be logins by accounts with high levels of access from more than one location in a short period of time.
Internal threats could arise from the other organization connecting to your internal network. Such connections might connect on the inside of your firewall and bypass all of the network protections you have in place. During a merger, the internal threat could come from users who are transferring roles or gaining additional access to systems, users who might then be able to manipulate their roles for malicious purposes. To prevent this, enable additional logging and analysis during this time to identify potential issues, and make sure the integration and provisioning of user roles are carefully monitored.
This was first published in October 2010