Rogue Shopify Customer Records Accessed Staff, Says Ecommerce Platform The dangers of ‘dark’ information in M&A deals


It’s a reality maybe not so broadly recognized that 40% of buying corporations going by an M&A found a cybersecurity drawback throughout the post-acquisition integration.  What this is able to point out is that acquirers aren’t being given the appropriate details about the information safety within the firm they’re shopping for. That’s fairly surprising contemplating the extent of due diligence required within the M&A course of.

So why is that this taking place?

We all know from our expertise serving to corporations uncover their knowledge, that roughly 85% of it’s unstructured or ‘darkish’ knowledge comprised of paperwork, spreadsheets and data usually downloaded from structured databases and shared and saved in e-mail inboxes, Phrase paperwork, Excel spreadsheets and cloud storage drives in the middle of on a regular basis working.

We additionally know from our clients {that a} typical organisation’s unstructured info incorporates:

  • 42% confidential info
  • 1% delicate private info
  • 9% personally identifiable info

The safety risk in darkish knowledge

The foremost danger of darkish knowledge is the safety threats it poses. Darkish or unstructured knowledge is the purpose of weak point in any organisation leaving the enterprise weak and uncovered. As a result of it’s hidden, it could’t be secured.

It may well embody knowledge reminiscent of plaintext passwords saved in phrase paperwork, PKI certificates sitting in e-mail inboxes, and Personally Identifiable Info (PII) with out password safety and it’s this that the standard M&A course of is failing to seek out

Certainly, that is precisely the form of knowledge stolen in Marriott Motels’ catastrophic knowledge breach from 2018 which is again within the information as they face a category motion litigation from one buyer on behalf of the 30 million affected. What’s fascinating about this story is that in its acquisition of Starwood Motels in 2016 Marriott didn’t discover the 5 million passport numbers that have been unencrypted or the eight million encrypted bank card particulars that have been saved alongside the encryption keys on the identical server and that have been breached two years later. How may they’ve discovered these in the event that they didn’t have the instruments to take action throughout the due diligence course of?

The issue is that knowledge safety due diligence is commonly carried out by legal professionals or due diligence consultants who won’t have a deep stage of cybersecurity experience. However the greater drawback lies in the truth that it’s usually a handbook course of, utilizing a routine set of questions.  And what’s wanted is automated knowledge discovery at scale.

Information discovery – a brand new method to due diligence

Our current analysis exhibits that 77% of IT professionals are involved about personally identifiable info (PII) that’s hidden inside their organisation’s knowledge property and which they subsequently can’t discover or defend. So it’s maybe unsurprising that analysis from Deloitte exhibits 70% of organisations say that the safety of knowledge property in an organization they’re buying is extra of a priority now than it was a yr in the past.

Step one to attaining peace of thoughts in an M&A deal is to realize visibility of knowledge at scale.

Specialist knowledge discovery instruments can be found that may reveal precisely what sits in an information property at large scale throughout structured and unstructured databases, whether or not that knowledge is held on-premise or within the cloud and whether or not it’s recognized about or darkish. As soon as an organisation is aware of what knowledge they’re buying or merging with, they’ll not less than take motion to safe it. With out first understanding what exists inside the knowledge, or the way it’s protected, many organisations will solely discover out after it’s too late.

For instance, we’ve a buyer in monetary providers utilizing Exonar to find and index an information property of 160TB or extra. They purchase companies infrequently, however are beginning with figuring out what knowledge they’ve themselves and the place it’s, so the data might be secured in a regulatory and contractually compliant approach. An excellent begin for any deal.

The significance of knowledge in M&A offers should not be underestimated as a result of you possibly can’t safe what you can’t see – making knowledge discovery an important step for companies trying to purchase or merge with different organisations. Those who don’t uncover and perceive their darkish or unstructured knowledge, are probably lacking 85% of what they should defend when the deal is completed.

We should take a brand new method to due diligence if companies going by M&A wish to keep away from changing into the subsequent damaging information story as a result of they found a hidden knowledge safety drawback post-merger.

Contributed by Gareth Tranter, head of buyer satisfaction, Exonar

More Stories
SAP Patches Several Critical Vulnerabilities With November 2020 Security Updates