During a M&A process, the scope of the organization’s attack surface is stretched to new limits. Every company, from Fortune 500s to smaller enterprises, has digital baggage that can dramatically increase potential security risks, from multiple generations of technologies, various IT stacks, and new and unknown risks in their environments.
Threat group has a specific focus on corporate M&A that are in the works. This mass cyber espionage campaign has been going on since at least December 2019.
Among top considerations during the M&A process should be your technical controls. In specific, you need to pay close attention to the software bill of materials (SBOM), and several other vital areas of your technology-enabled business.
Executive order acknowledges both the inherent value of consumer data and the importance of data privacy compliance requirements during mergers and acquisitions. Compliance will now be even more burdensome.