FireEye to offer cybersecurity assessment for M&As

Intelligence-driven security assessment to identify risks in buyout target’s IT environment

Tags: FireEye ( and acquisitionsUnited Arab Emirates
  • E-Mail
FireEye to offer cybersecurity assessment for M&As Davis says mergers and acquisition serve as a critical loophole for cyber-attacks.
By  David Ndichu Published  August 17, 2016

FireEye has launched Mandiant Mergers & Acquisitions (M&A) Risk Assessment, a service designed to help organizations in an M&A process to understand the acquisition target’s cybersecurity posture and risk profile, and address the cybersecurity risks.

The new service has been launched with FireEye law firm partner Pillsbury Winthrop Shaw Pittman and is available now.

The M&A Risk Assessment is a week-long service, evaluating key security components to identify cybersecurity risks earlier in the M&A process. Mandiant consultants generate risk ratings of target security areas and develop recommendations that customers, their legal partners, and other M&A advisors can use for decision-making, the company says.

In recent years, the GCC has witnessed a series of cyberattacks targeting leading industries and critical infrastructure. Geopolitical and economic developments are being played out in cyberspace and are indicative of the significant degree of evolution in the cyber risk landscape. In the event of a breach, the level of risk to a company’s intellectual property and finance is apparent. As stated in the most recent Regional Advanced Threat Report for EMEA published by FireEye, the energy and financial sectors along with the governments across the GCC account for 65% of identified cyberattacks.

According to a recent study by FireEye, an unfavourable view of a brand is a hidden cost of cyberattacks on organizations, wherein 57% of respondents stated that they would stop purchasing from a compromised company.

Mandiant consultants have developed a methodology for M&A Risk Assessment that assesses four security areas:

- Data Safeguards to identify the existence of proper capabilities to determine, protect and monitor high-value organizational assets

- Access Controls to evaluate whether proactive controls have been established to prohibit unwanted access to corporate data

- Threat Detection & Response to assess the efficiency and maturity of a target organization’s response technologies and processes

- Infrastructure Security to ensure that effective controls are implemented from network to endpoints to avert compromise

Stuart Davis, director, Mandiant Services, said: “M&A activities are serving as a critical loophole for advanced cyberattacks. The inadequacy of cybersecurity and response technology has made M&A processes increasingly vulnerable to persistent cyber intrusions. Against this backdrop, it is imperative for companies to introduce an intelligence-led security approach to identify and assess risks harboured by target organizations.

“Our law firm partners support and recognize the need for cybersecurity due diligence, which is predominantly embedded in their legal process. Evaluation of companies for cyber risk during acquisitions and mergers cannot be deemed optional anymore.  The inability to formulate a streamlined process to efficiently manage existing and potential cyber threats can lead to consequential legal and financial challenges in the long run,” Davis added.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code