In August 2021 Finfeed changed from a website that covered ASX listed news to a website
that covered a select range of ASX
listed small cap Biotech stocks that we are personally invested in: find out more.
The old Finfeed website, and all of the old articles are kept here for record keeping purposes.VISIT NEW SITE
Cyber awareness heightened by the US vs Iran face-off
4 minute read
“Acquiring a company without proper cybersecurity due diligence is like buying a used car and taking the seller’s word it is in good condition,” says Joe Cardamone, senior information security analyst and NA privacy officer, Haworth. “A company should not automatically trust the hygiene of IT assets. It’s critical to have full visibility into all connected devices and determine whether they are patched, configured properly, and free of malware.”
In this heightened era of cyberattacks and crackdowns, this is sage advice.
It comes as Forescout Technologies, Inc. (NASDAQ: FSCT), the leader in device visibility and control, announced the results of its global mergers and acquisitions (M&A) cybersecurity risk survey – The Role of Cybersecurity in M&A Diligence.
Forescourt surveyed more than 2,700 IT and business decision makers across the United States, France, United Kingdom, Germany, Australia, Singapore and India to examine the growing concern of cyber risks and the importance of cyber assessment during M&A and the subsequent integration process.
“M&A activity can be a game-changing moment in a company’s history, but recent breaches shine the spotlight on cybersecurity issues and make one thing abundantly clear: you don’t just acquire a company, but you also acquire its cybersecurity posture and a potential trojan horse,” said Julie Cullivan, chief technology and people officer, Forescout.
“Cybersecurity assessments need to play a greater role in M&A due diligence to avoid ‘buying a breach.’ It’s nearly impossible to assess every asset before signing a deal, but it’s important to perform cyber due diligence prior to the acquisition and continually throughout the integration process.”
One of the findings is that 81 per cent of IT decision makers (ITDMs) and business decision makers (BDMs) agree that they are putting more focus on an acquisition target’s cybersecurity posture than in the past, highlighting that cyber is a top priority.
That is a big leap forward for businesses, especially those with an M&A mindset, but of course, given macro events, cyber security is more and more front of mind.
US vs Iran
Macro events have been no more evident than in the current face-off between the US and Iran.
President Trump’s military action back down following the shooting down of a US RQ-4A Global Hawk surveillance drone, was backed up by a US Cyber Command retaliatory cyberattack on “an Iranian spy group that supported last week’s limpet mine attacks on commercial ships.
The attack on the Japanese oil tanker, could have ramifications for oil markets as Kokuka Courageous was hit around the same time as the Norwegian-owned Front Altair, which was hit by three explosions, according to the Norwegian Maritime Authority. The ships were in the strategic Gulf of Oman on their way toward the Indian Ocean.
The attack goes to a broader accusation against Iran for committing cyberattacks against oil and the oil and gas industry.
According to Yahoo News: “Analysts at stateside security firms FireEye, CrowdStrike Inc., and Dragos Inc. told the Wall Street Journal on Friday that ‘they had observed suspected Iranian state-sponsored hacking attempts—particularly through spear-phishing attempts’ on US government and private industry targets over the course of the past week, though none of the suspected attacks were successful.
“CrowdStrike said firms in the oil and gas industry were targeted, including with messages that purported to be from the Executive Office of the President. The Associated Press confirmed those reports on Saturday, though it also noted it was unclear if any of the attacks was successful and that if the attackers did gain access to any of the systems they may not immediately exploit it.”
The US has launched cyberattacks against Iranian infrastructure previously; the Stuxnet computer worm being the most infamous as the US looked to destroy centrifuges at Iran’s Natanz nuclear enrichment facility.
The latest US cyberattack saw the President sign off on an attack to knock out Iranian missile control systems.
Where this posturing by both countries leads us remains to be seen, but it does highlight the growing use of cyber tools as weapons at the highest levels.
There is no good that can come out of it, except a growing awareness of the crippling nature of a cyberattack.
Businesses take note.