M&A Cybersecurity: who are the real disruptors?

By Madhvi Mavadiya | 21 December 2015

2015 has been a record year for M&A because of the highest-ever deal values in the US and in Asia being made, which resulted in deals worth more than $1 trillion in three consecutive quarters and this is set to continue in 2016. bobsguide spoke to Jay Abbott, chief technology officer at Falanx, about financial technology and cybersecurity, focusing on its importance when undergoing the merger and acquisition process.

Smaller companies at increased risk

Abbott explored that those companies that are present and active within the technology sector are at increased risk of being targeted. “An interesting thing that people don’t really know in this space is how companies in fintech are specifically targeted by a number of entities that will attack them pre-merger or pre-acquisition, when they look especially ripe for takeover and will remain dormant within the organisation until the takeover occurs.

Security needs to be taken more seriously in order to determine the success of the company and Abbott spoke about how certain hacker groups attempt to gain access to those organisations that are smaller and in turn, less secure because they have a smaller budget to spend on precautionary measures. The hackers can then infiltrate the larger corporation after the merger with or acquisition of the smaller company has taken place.

The smaller company waits patiently for the bigger company to purchase them but when their networks are connected, the massive investment in the organisation is completely undermined. In essence, the bad guys have been invited in and this is something that we’ve seen a lot of and will see more of. The “I won’t hack you, I’ll hack the person you buy or I’ll leverage the deal against you” approach is a far more viable attack strategy for the bad guys.”

Old techniques being used on new companies

Spear phishing uses subterfuge to target the people within a particular company through the use of email with the intention of accessing confidential data. Abbott explored how this is significantly increased during the takeover process. He predicted that the number of spear phishing attempts is likely to rise. “I can only see this increasing, especially in fintech because you have small financial technology companies looking to disrupt large organisations and are ultimately going to be acquired by very secure organisations.

Alongside this, it can be questioned whether fintech companies, in their mission to disrupt traditional players, have taken security into consideration and whether hackers are a bigger threat to the larger corporations than the new startups. Abbott highlights that both can disrupt for equal reasons and one cannot be labelled as more disruptive than the other.

Fintech is disruptive by virtue of what it is trying to do as a core business role. A hacker may not have disruption as a core goal and it would depend on what the motivation was for that individual or group of individuals. More often than not, the motivation is financial, so they might inadvertently disrupt a deal while searching for their own objective or leverage insider information that they’ve discovered about the deal in order to play the market.

The result of implementing new technology

Financial technology companies may be at threat but Abbott believes that when it comes to the larger traditional financial institutions, they have experience of dealing with these situations because they have invested heavily within the last ten years. As well as this, there are a lot of internal experts focused on resolving security issues and due to good governance and organisational structure, there are solid recuperation techniques.

However, Abbott warns that the larger organisations are more likely to miss something. “The major financial hacks that have happened in recent years have been because someone missed something and this has resulted in an exposure. From a bad guy’s perspective, banks are a big target which is why they are being continually attacked, but the different here between a large bank and a large corporation is that hackers would find it very difficult to find vulnerability in a bank as they are very good at keeping secure.

Abbott said that he doesn’t expect significant change in attack strategies to occur, although attacks do continue to evolve. On the other hand, Abbott suspects that the attacks are getting more efficient and they will continue to get more efficient and as a result, hacker success will be greater and security prevention will become more difficult.  On the other hand, Abbott suspects that the attacks are getting more efficient and they will continue to get more efficient and as a result, hacker success will be greater and security prevention will become more difficult.

Advice for the unprotected

The soundest advice I can give anyone of any shape of size is to open your eyes and it really is that simple. What I mean is monitoring everything that is going on inside your organisation on a technical level, but in more broad terms, that is really just opening your eyes to the possibility of this happening. Many organisations that I’ve worked with in the past have entered the process with the mindset that a hack would not occur, but the next conversation that you’re having with them is post-fraud and you are having to help them get their money back and advise how to avoid this happening again.

I’m sorry to say that I’ve had both of those conversations with the same client multiple times and we’ve seen enough examples of consequences so people should wake up and realise that doing something to make the company secure is key. Pre, during and post deal is when the organisation is most vulnerable as team members are not focused on their job but the constant change that is occurring at their workplace.”

Companies need to invest in this space and accept that hacks are inevitable, not optional.” 

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development