Kaspersky Examines How to Eliminate the Cybersecurity Risks When Buying a Business

Posted on September 6, 2023 · 3 min read

Kaspersky Examines How to Eliminate the Cybersecurity Risks When Buying a Business - Featured Image | MEA Markets
Share this article
Cybersecurity Risks

With the global business landscape becoming increasingly interconnected, mergers and acquisitions (M&A) have been surging as companies look for growth, diversification, and strategic positioning. According to an E&Y report, in the Middle East region there was a 42% increase in the total value of merger and acquisition (M&A) deals in Q1 2023 compared to the same period in 2022. Overall, the first quarter of the year saw 165 deals amounting to US$25.8b. This emphasizes the region’s prominence in global business. However, Kaspersky experts warn that such an upswing in M&A also underscores the need for vigilant cybersecurity practices.

Acquiring or merging with another business invariably means integrating digital systems, networks, and data. This integration process can expose both parties to cyber threats if not managed correctly.

Alexey Vovk, Head of Information Security Department at Kaspersky, cautions: “Acquiring an already established business can be an attractive option for example for entrepreneurs, given its potential for quick profitability, or similarly for large corporations that want to acquire innovative assets or intelligence that can expand their business. But over and above traditional legal, financial and governance due diligence during such a process, cybersecurity must be a focal point too.”

Some of the cybersecurity assessments that should be considered at a minimum, before buying a new business, include:

  • Existing cybersecurity measures: Investigate any past cybersecurity audits the company may have undertaken, even if they are self-conducted.
  • Valuable assets: Identify the most valuable digital assets of the business. For an e-commerce platform, this might be the website, so a thorough vulnerability check is essential.
  • Hosting and data management: Inquire about the company’s Web hosting provider and their reputation. Past security incidents might necessitate a change in hosting.
  • Security standards: Depending on the nature of the business, there might be specific cybersecurity standards to adhere to. Even businesses without critical assets should have baseline security to thwart common threats like ransomware.
  • Company reputation and data breaches: Research past data breaches and the subsequent remediation steps. Data leaks can tarnish a company’s reputation and invite legal repercussions.

However, Vovk goes on to caution that even beyond all the aforementioned sound advice, employee errors are also a concern and that can lead to significant data breaches. This is demonstrated in recent Kaspersky research carried out among employees in the Middle East, Turkiye and Africa region. A test with a phishing simulator built into the Kaspersky Automated Security Awareness Platform (KASAP) showed that 20% of employees would click on a malicious link, falling for scam emails with claimed corporate announcements.

“When buying a business, the acquiring organisation must consider any previous cybersecurity training conducted for staff as well as non-disclosure agreements when it comes to employees and third parties handling sensitive data. Fundamentally, proper access controls for company resources must be implemented within the new entity to ensure data access is limited and revoked appropriately when employees depart,” says Vovk.

Additionally, it is also crucial to be familiar with laws pertaining to data protection and cybersecurity. This includes understanding the regional regulations and laws that outline the prescribed conditions for responsibly processing personal data.

“It must be stressed that when acquiring a company, you assume responsibility for its risks as well. Attaining and maintaining optimal business cyber resilience is an ongoing process. But, protecting yourself from new tricks by threat actors requires additional investments in digital business solutions, tools and skills, setting the rules that comply with the law, and reviewing cybersecurity policies and new protections. Checking your cybersecurity level from the very beginning will help you reduce the likelihood of incidents, set a clear path for development, and achieve new goals,” concludes Vovk.

You might also like

Looking for more? Gain deeper insights with these recommended articles, selected to provide further value.

April 16, 2021 Designer Studio Recognized For Luxury Interior Design

In recent years the Qatar skyline has undertaken a transformation with ground-breaking projects taking their place alongside traditional architecture. From the modern landmarks such as The Torch Doha to the traditional styled Qatar National Librar...

February 12, 2021 Growth in Health and Med-tech Industry Set to Accelerate as Regional Demand for Service Provision Rises

A new Covid Response Report (CRR), produced by Oxford Business Group (OBG) in partnership with the digital health platform Altibbi, explores the rapid development and uptake of medical and health technology across four MENA markets in 2020, while ...

January 5, 2024 All-Stars Jury Announced for the Second Edition of the ABS Digital Art Prize, First Prize of its Kind to Celebrate NFT Art

After the successful launch of the world’s first Digital Art Prize recognizing NFT artists in January 2023, the private bank Arab Bank Switzerland, patron of the arts and pioneer in digital assets, continues to bridge traditional and digital worlds.

Join our newsletter.

Gain Access To Exclusive Content

Stay Updated With The Latest News

It's Free To Subscribe

By signing up, you agree to receive marketing emails.

Join our newsletter box - side image
Trusted by the best teams around the world