Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

M&A Tracker

Did You Know: Browsing the Internet is a Risk to the M&A Process?

While mergers and acquisitions (M&A) are generally known for bringing economic growth and opportunity, people are beginning to realize that the process also brings serious cybersecurity risks.

While mergers and acquisitions (M&A) are generally known for bringing economic growth and opportunity, people are beginning to realize that the process also brings serious cybersecurity risks. For example, along with the acquired company’s valuable assets, buyers also inherit all previous and current vulnerabilities and breach history. But there are also risks that exist for buyers before they sign on the dotted line or take action to merge technologies, processes and resources – during the M&A process, an organization is vulnerable from the moment they set out to do online research.

If done without caution, just the act of online fact-finding and information gathering on target companies poses risks to potential buyers. Aside from the potential security risks that may be introduced, the acquiring company faces the risk of tipping its hat or showing its hand. If the target or the acquisition learns of the buyer’s intent and desires, it may help their negotiating position. The target could open up parallel discussions, initiate their own research and monitoring activities, and take other steps that may result in a higher cost of acquisition or even derail the opportunity. The acquisition process requires substantial time and energy that could end up being wasted if the process of preliminary due diligence is not protected. I began working on internet anonymity tools in 1992, and since then I have gained a unique and detailed understanding of the different approaches organizations can utilize to protect their anonymity while searching and investigating in the open internet. When taking the first exploratory steps of the M&A process, these web searches could very well expose M&A intentions.

M&A Cyber RisksM&A research leaves a very clear fingerprint. Visits to the target come from unusual sources like senior management, the company’s law firm, specialist consultants, and investment banks. The visits do not follow typical customer patterns, focusing on the management, public financials, and technical details. A company can easily detect this research through monitoring their own web logs. By obfuscating where searches are coming from and breaking the inquiries up across multiple companies, intentions will not look like a coordinated effort of due diligence. Rather, it will appear that 100 companies or individuals are each grabbing different tidbits of information from the acquisition target’s website. The activity will mimic normal web visits versus a coordinated due diligence effort.

Obfuscating the origin and identity of a search is not easy, there are several different ways to be tracked or identified online. As I discussed in a previous SecurityWeek article, the moment a search is initiated on the public internet, all interested parties can recognize and react to actions, behaviors and patterns. They can discern who initiated the search, from where it is being launched, and even the source of employment. This can tip them to promote false information or simply discover and react to intentions and likely next steps. Each browser has a unique fingerprint made up of all the software and plugin versions, configurations, fonts, and characteristics of the source computer. Together, this data is usually unique for each visitor to a given website. Even when obfuscating the IP address and all supercookies, interested parties can still learn the identify using the browser fingerprint.

A counter to this tactic would be to use a browser fingerprint that is shared by many. The most common browser fingerprint is a freshly installed operating system. From there, they diverge quickly. And by using a VM, the source system will always appear as operating a newly installed operating system. Managing these identifiers online will help investigative queries blend in with general internet users and will enable research to be conducted without drawing undo attention or tipping the hat of M&A intentions or interests.

RelatedManaging Security and Network Implications of Mergers and Acquisitions

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...