Merger risk assessment service launched by Mandiant
FireEye announced the launch of Mandiant Mergers and Acquisitions Risk Assessment, a service designed to help organisations in mergers and acquisitions process to understand the acquisition target’s cyber security posture and risk profile, and address the cyber security risks. The new service has been launched with FireEye law firm partner Pillsbury Winthrop Shaw Pittman and is available now.
The mergers and acquisitions risk assessment is a week long service, evaluating key security components to identify cyber security risks earlier in the mergers and acquisitions process, utilising sector-specific best practices and global control frameworks, FireEye’s nation-state grade intelligence, and Mandiant’s experience responding to security breaches. Mandiant consultants generate risk ratings of target security areas and develop recommendations that customers, their legal partners, and other mergers and acquisitions advisors can use for decision-making.
In recent years, the GCC has witnessed a series of cyber attacks targeting leading industries and critical infrastructure. Geopolitical and economic developments are being played out in cyber space and are indicative of the significant degree of evolution in the cyber risk landscape. In the event of a breach, the level of risk to a company’s intellectual property and finance is apparent.
As stated in the most recent Regional Advanced Threat Report for EMEA published by FireEye, the energy and financial sectors along with the governments across the GCC account for 65% of identified cyber attacks. According to a recent study by FireEye, an unfavourable view of a brand is a hidden cost of cyber attacks on organisations, where in 57% of respondents stated that they would stop purchasing from a compromised company.
Mandiant consultants have developed a distinctive methodology for mergers and acquisitions risk assessment that assesses four key security areas.
- Data safeguards to identify the existence of proper capabilities to determine, protect and monitor high-value organisational assets.
- Access controls to evaluate whether proactive controls have been established to prohibit unwanted access to corporate data.
- Threat detection and response to assess the efficiency and maturity of a target organisation’s response technologies and processes.
- Infrastructure security to ensure that effective controls are implemented from network to endpoints to avert compromise.
“Mergers and acquisitions activities are serving as a critical loophole for advanced cyber attacks. The inadequacy of cyber security and response technology has made mergers and acquisitions processes increasingly vulnerable to persistent cyber intrusions. Against this backdrop, it is imperative for companies to introduce an intelligence-led security approach to identify and assess risks harboured by target organisations. Our law firm partners support and recognise the need for cyber security due diligence, which is predominantly embedded in their legal process. Evaluation of companies for cyber risk during acquisitions and mergers cannot be deemed optional anymore. The inability to formulate a streamlined process to efficiently manage existing and potential cyber threats can lead to consequential legal and financial challenges in the long run,” said Stuart Davis, Director, Mandiant Services.