Cyber awareness heightened by the US vs Iran face-off
“Acquiring a company without proper cybersecurity due diligence is like buying a used car and taking the seller’s word it is in good condition,” says Joe Cardamone, senior information security analyst and NA privacy officer, Haworth. “A company should not automatically trust the hygiene of IT assets. It’s critical to have full visibility into all connected devices and determine whether they are patched, configured properly, and free of malware.”
In this heightened era of cyberattacks and crackdowns, this is sage advice.
It comes as Forescout Technologies, Inc. (NASDAQ: FSCT), the leader in device visibility and control, announced the results of its global mergers and acquisitions (M&A) cybersecurity risk survey – The Role of Cybersecurity in M&A Diligence.
Forescourt surveyed more than 2,700 IT and business decision makers across the United States, France, United Kingdom, Germany, Australia, Singapore and India to examine the growing concern of cyber risks and the importance of cyber assessment during M&A and the subsequent integration process.
“M&A activity can be a game-changing moment in a company’s history, but recent breaches shine the spotlight on cybersecurity issues and make one thing abundantly clear: you don’t just acquire a company, but you also acquire its cybersecurity posture and a potential trojan horse,” said Julie Cullivan, chief technology and people officer, Forescout.
“Cybersecurity assessments need to play a greater role in M&A due diligence to avoid ‘buying a breach.’ It’s nearly impossible to assess every asset before signing a deal, but it’s important to perform cyber due diligence prior to the acquisition and continually throughout the integration process.”
One of the findings is that 81 per cent of IT decision makers (ITDMs) and business decision makers (BDMs) agree that they are putting more focus on an acquisition target’s cybersecurity posture than in the past, highlighting that cyber is a top priority.
That is a big leap forward for businesses, especially those with an M&A mindset, but of course, given macro events, cyber security is more and more front of mind.
US vs Iran
Macro events have been no more evident than in the current face-off between the US and Iran.
President Trump’s military action back down following the shooting down of a US RQ-4A Global Hawk surveillance drone, was backed up by a US Cyber Command retaliatory cyberattack on “an Iranian spy group that supported last week’s limpet mine attacks on commercial ships.
The attack on the Japanese oil tanker, could have ramifications for oil markets as Kokuka Courageous was hit around the same time as the Norwegian-owned Front Altair, which was hit by three explosions, according to the Norwegian Maritime Authority. The ships were in the strategic Gulf of Oman on their way toward the Indian Ocean.
The attack goes to a broader accusation against Iran for committing cyberattacks against oil and the oil and gas industry.
According to Yahoo News: “Analysts at stateside security firms FireEye, CrowdStrike Inc., and Dragos Inc. told the Wall Street Journal on Friday that ‘they had observed suspected Iranian state-sponsored hacking attempts—particularly through spear-phishing attempts’ on US government and private industry targets over the course of the past week, though none of the suspected attacks were successful.
“CrowdStrike said firms in the oil and gas industry were targeted, including with messages that purported to be from the Executive Office of the President. The Associated Press confirmed those reports on Saturday, though it also noted it was unclear if any of the attacks was successful and that if the attackers did gain access to any of the systems they may not immediately exploit it.”
The US has launched cyberattacks against Iranian infrastructure previously; the Stuxnet computer worm being the most infamous as the US looked to destroy centrifuges at Iran’s Natanz nuclear enrichment facility.
The latest US cyberattack saw the President sign off on an attack to knock out Iranian missile control systems.
Where this posturing by both countries leads us remains to be seen, but it does highlight the growing use of cyber tools as weapons at the highest levels.
There is no good that can come out of it, except a growing awareness of the crippling nature of a cyberattack.
Businesses take note.
S3 Consortium Pty Ltd (CAR No.433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information only. Any advice is general advice only. Neither your personal objectives, financial situation nor needs have been taken into consideration. Accordingly you should consider how appropriate the advice (if any) is to those objectives, financial situation and needs, before acting on the advice.
Conflict of Interest Notice
S3 Consortium Pty Ltd does and seeks to do business with companies featured in its articles. As a result, investors should be aware that the Firm may have a conflict of interest that could affect the objectivity of this article. Investors should consider this article as only a single factor in making any investment decision. The publishers of this article also wish to disclose that they may hold this stock in their portfolios and that any decision to purchase this stock should be done so after the purchaser has made their own inquires as to the validity of any information in this article.
The information contained in this article is current at the finalised date. The information contained in this article is based on sources reasonably considered to be reliable by S3 Consortium Pty Ltd, and available in the public domain. No “insider information” is ever sourced, disclosed or used by S3 Consortium.