Manage Learn to apply best practices and optimize your operations.

Merger management: How to handle potential merger threats to security

During a merger, management of information security becomes even more crucial in order to mitigate threats, including the many new insiders and attentive attackers that want to take advantage of holes in the companies' infosec integration.

Are there particular threats that companies should look out for while going through a merger? Our company was just purchased, and it seems like this will be a particularly vulnerable time for us security-wise. What areas should I concentrate on?
While going through a merger, it's important to pay attention both to external and internal threats that could arise from new vectors. (This is assuming that, as a part of the merger and acquisition process, your company did its due diligence to ensure it understood the computing environment and risks that the other company could present.)

You may want to review our Corporate Mergers and Acquisitions Security Learning Guide or other tips on information...

security merger management.

Depending on the level of publicity around the merger, external threats of attack may increase. Criminals could assume -- perhaps rightly -- that you are distracted by the merger or too busy investigating the other company to monitor your systems for attacks. To mitigate merger threats, monitor for unexpected connections from the other company, and pay close attention to your systems and logs throughout the M&A process. When analyzing the logs, one possible indicator of malicious activity could be logins by accounts with high levels of access from more than one location in a short period of time.

Internal threats could arise from the other organization connecting to your internal network. Such connections might connect on the inside of your firewall and bypass all of the network protections you have in place. During a merger, the internal threat could come from users who are transferring roles or gaining additional access to systems, users who might then be able to manipulate their roles for malicious purposes. To prevent this, enable additional logging and analysis during this time to identify potential issues, and make sure the integration and provisioning of user roles are carefully monitored.

This was last published in October 2010

Dig Deeper on Security vendor mergers and acquisitions