External Threat Management

CISOs – How are You Staying on Top of M&A?

Mergers and acquisitions can be a good way to put cash stockpiles to work. M&A can also help organizations respond to emerging business trends or shifts. Ahead of the formation of the Health Exchange as part of the ObamaCare legislation—a RiskIQ customer used M&A to advance its consumer side business.

As a health insurance provider it wanted a pole position in the emerging consumer-side market. Part of its strategy was to acquire businesses that had established themselves as innovators in B to C digital insurance services. At the same time the insurance company was eyeing expansion abroad into areas like the Far East and needed strategic partners with boots on the ground.

During this period of rapid expansion, the security team was faced with untangling the cascading ‘piles’ of new digital assets brought under the parent company’s control.

It was the need to detect, monitor and secure digital assets that led the CISO of the insurer to RiskIQ. The RiskIQ Enterprise Digital Footprint gave the security team the ability to rapidly discover, inventory, monitor and enforce (DIME) known, unknown and rogue digital assets—connecting to, but not necessarily under the control of the brand.

Insurer case study: https://www.riskiq.com/product/case-studies/mobile-security-in-health-insurance

Enterprise Digital Footprint pulls data from open online data sources. The data is collected from crawls performed by our proprietary crawling infrastructure, which captures packets sent via URLs to browsers and ingests source information. All the analysis and enrichment is done on the backend. The product doesn’t require access to hardware appliances installed on prem, nor software based endpoint sensors.

DocuSign VP and CISO Vanessa Pequeros leverages Enterprise Digital Footprint to evaluate prospective strategic partners. According to Pequeros, it’s important to understand the general health of the partner companies’ digital presence.

“Looking at how they [strategic partner targets] secure their web and mobile properties is an indicator for us of how they approach security in general,” says Pequeros. “We need to know if they aren’t as controlled as they should be.”

DocuSign case study: https://www.riskiq.com/product/case-studies/phishing-brand-abuse-ma-activity-docusign

Over the course of evaluating M&A targets financial, legal and environmental exposure is measured—so why not threat exposure? Wouldn’t it be better for organizations to factor in the potential exposure to security threats ahead of an acquisition? Could there be a future where an M&A target is deemed too risky because of it the cost of bringing it under security compliance?

The reality is that M&A activity is a part of business. CISOs and their teams to will always have to discover, inventory, monitor and engage new 'piles' of digital assets. Having visibility into the digital footprint of potential strategic M&A targets and pro-actively identifying red flags is an important capability for security.

Subscribe to Our Newsletter

Subscribe to the RiskIQ newsletter to stay up-to-date on our latest content, headlines, research, events, and more.

Base Editor