CrowdStrike Inc., a leader in cloud-delivered next-generation endpoint protection, threat intelligence and incident response services, announced today that it is offering a new cyber risk assessment program aimed at businesses that conduct mergers and acquisitions (M&A). The CrowdStrike Services’ “M&A Cyber Risk Assessment” program allows organisations to quantify risk in an area not traditionally considered in the M&A process – cyber risk. This program provides risk management, specifically geared to identifying and minimising exposure to cybersecurity threats before and during the company integration process.
CrowdStrike’s assessment methodology uncovers cyber risks associated with the following scenarios, among others, that are common during a merger or an acquisition:
“The premise behind the CrowdStrike Services M&A Cyber Risk Assessment program is simple: You would never purchase a house without an inspection, so why would you invest millions of dollars in a business without properly assessing its cyber security posture?” said Shawn Henry, president of CrowdStrike Services and chief security officer. “Any merger or acquisition scenario poses significant risks given the investment and brand implications, along with the future of both companies involved. Vetting the cybersecurity readiness of the involved parties – including third-party organisations like law firms and financial services – should be a standard element of M&A or investment activity, particularly when it involves the integration of networks.”
“If an acquirer does not conduct comprehensive due diligence, at best they may find themselves investing unexpected, unbudgeted, and significant money to improve the weak data security of an acquisition,” said David Zetoony, chair of Bryan Cave LLP’s Data Privacy and Security Practice. “At worst they may find that they have inherited a data security breach, or have exposed their own networks as part of integration to a data security breach. You can never be sure about the security of a target’s system, but quantitative independent and objective analysis of a potential target provides far more certainty than asking sellers to complete written questionnaires that only reflect their own knowledge and understanding.”
Before the M&A process begins, CrowdStrike evaluates the client and third-party environments for signs of current or past compromise by deploying Falcon Host to gain further visibility into endpoint activity in near real-time. Falcon Forensics Collector is also used to gather system metadata and artifacts for analysis, and network-based monitoring tools are applied to information egress points to gain visibility into potentially malicious traffic entering and exiting the networks. Finally, as part of the Cybersecurity Maturity Assessment framework, Crowdstrike is able to draw upon a rich data set to provide a unique perspective in the form of a zero to five scale that generates a more detailed picture of an organisation’s cybersecurity capabilities in comparison to organisations of a similar size and industry. Combined, CrowdStrike searches data from host systems for evidence of attacker activity and then collects, analyses and creates a report of findings focusing on indicators of compromise related to known attacker tools.
Click here to find more information about the new CrowdStrike Mergers and Acquisitions Cyber Risk Cyber Risk Assessment Program.
The CrowdStrike Elevate Partner Program offers businesses and organisations the ability to integrate various CrowdStrike products and services into their offerings, including the M&A Cyber Risk Assessment.