A Sense of Security Blog

Yahoo! data breach highlights need for Cyber Situational Awareness during M&A activities

Posted by Sanjay Raja, CMO (January 27, 2017 – Somerset, NJ)

The growing complexity of today’s cybersecurity climate creates a situation where organizations must explore potential areas of risk as a key part of any merger and acquisitions activity. The recent Yahoo! data breach, which some reports say may have led to the compromise of a billion users’ information, puts the need for better cybersecurity planning during M&As under the microscope.

A sadly typical look at the actual breach

Many details of the data breach are still unclear. In part, this is because it looks like there may have been multiple data breaches spread over a few years, and they may or may not have been related. The data breach was discovered when a third-party security specialist noticed Yahoo! user data being sold on the deep web. According to TechTarget, the third-party group went to law enforcement, so that the public agency could work with Yahoo! to detail the various incidents.
This is where things get fuzzy. The details of how many breaches occurred and how many users were affected is still under investigation, but a report from The New York Times pointed out that the repeated nature of the breaches highlights a cultural and ideological problem of not prioritizing security. There is a surprising level of complacency in the belief that existing solutions provide a silver bullet to breach prevention. It’s one thing to have an expert hacker get into a system and cause a breach. It’s quite another to have multiple actors with successful attacks over the course of a few short years.



Cybersecurity and M&A activity

Bringing multiple companies together is always a complicated matter, but the modern cybersecurity climate makes it even more complex. Because data breaches often take weeks or months to uncover, the possibility of hackers residing on the network of firm that is the target of an acquisition gives acquiring companies plenty to consider before deciding pull a deal together.
For good reason, I have heard many security and network teams express fear and worry about “what they will find” when the switch is flipped and separate infrastructures become linked together, highlighting the need for real-time cyber situational awareness critical, both prior to and during M&A activities. It is critical for companies to gain cyber situational awareness and real-time network visibility. An effective cyber situational awareness implementation must monitor the entire enterprise, from endpoint, across physical infrastructure and to the cloud, including dynamic infrastructure changes, potential leak paths, unknown devices and even the darkest corners of the network. Unfortunately, many “continuous” monitoring solutions investigate periodically on a scan-by-scan basis. That is definitely not real time! Log-based tools, network capture and Netflow have been widely deployed with plenty of buzzwords around “analytics”, but still fail to find network compromises and threats in real time.
These tools are simply unable to empower security and network teams with:

  • Discovering unknown and rogue devices, endpoints and network segments that are often not well-documented.
  • Constantly watching for unauthorized changes to dynamic infrastructure, including endpoints, VPNs, and VMs.
  • Identifying potential leak paths where attackers are exploring the network for vulnerabilities to exploit and where sensitive data resides.
  • Finding misconfigurations or network segmentation problems that could create risk or become vulnerable to attack, particularly in parts of the configuration that includes critical assets.
  • Detecting any data exfiltration that may be occurring in which information is moving out of the network to malware servers.
  • Without the above information, attackers are easily able to bypass even the most advanced security teams by finding all sorts of gaps to hide their activity. Just a single compromised device can open a company to a breach.

Bottom line – Everyone needs Cyber Situational Awareness

Gaining complete visibility into every part of the network is vital both before and after a merger or acquisition, as Verizon is learning the hard way via its acquisition of Yahoo!. Based on what is being reported by The Times, due to the scope of the Yahoo! breach, Verizon is considering a renegotiation of the terms of the agreement based on the various damages that occurred as a result. After this debacle, I can see a lot of companies requiring a better assessment of network risk before a merger can occur or terms are negotiated. It would behoove companies looking to be acquired to also gain such visibility to lower risk and accelerate the cybersecurity due diligence process.

Want to learn more about how you can prevent breaches with cyber situational awareness and avoid the problems Yahoo! is running into? Lumeta can help. Check out more info on  Lumeta Spectre, the only solution that provides complete cyber situational awareness for your network.