Cybersecurity Merger and Acquisition Due Diligence presented at BSidesAtlanta 2020

by Jake Williams,


Summary : During a merger or acquisition, you get all the assets of the acquired organization, but you also take on all their liabilities. That's why due diligence has been so important for M&A. Cybersecurity posture is often not considered during M&A due diligence checks, but it absolutely should be. With minimal changes to standard threat hunting methodologies, M&A cybersecurity due diligence is relatively easy to perform. In this session, we will explain the principles of general threat hunting and then show what changes are required to maximize value for M&A due diligence assessments. In every case that the speaker's firm has taken on, the acquired organization's purchase price was decreased due to discovered risk, demonstrating the obvious business value of this activity. In other words, don't buy a breach.