Kaspersky Examines How to Eliminate the Cybersecurity Risks When Buying a Business

Posted on September 6, 2023 · 3 min read

Kaspersky Examines How to Eliminate the Cybersecurity Risks When Buying a Business - Featured Image | MEA Markets
Share this article
Cybersecurity Risks

With the global business landscape becoming increasingly interconnected, mergers and acquisitions (M&A) have been surging as companies look for growth, diversification, and strategic positioning. According to an E&Y report, in the Middle East region there was a 42% increase in the total value of merger and acquisition (M&A) deals in Q1 2023 compared to the same period in 2022. Overall, the first quarter of the year saw 165 deals amounting to US$25.8b. This emphasizes the region’s prominence in global business. However, Kaspersky experts warn that such an upswing in M&A also underscores the need for vigilant cybersecurity practices.

Acquiring or merging with another business invariably means integrating digital systems, networks, and data. This integration process can expose both parties to cyber threats if not managed correctly.

Alexey Vovk, Head of Information Security Department at Kaspersky, cautions: “Acquiring an already established business can be an attractive option for example for entrepreneurs, given its potential for quick profitability, or similarly for large corporations that want to acquire innovative assets or intelligence that can expand their business. But over and above traditional legal, financial and governance due diligence during such a process, cybersecurity must be a focal point too.”

Some of the cybersecurity assessments that should be considered at a minimum, before buying a new business, include:

  • Existing cybersecurity measures: Investigate any past cybersecurity audits the company may have undertaken, even if they are self-conducted.
  • Valuable assets: Identify the most valuable digital assets of the business. For an e-commerce platform, this might be the website, so a thorough vulnerability check is essential.
  • Hosting and data management: Inquire about the company’s Web hosting provider and their reputation. Past security incidents might necessitate a change in hosting.
  • Security standards: Depending on the nature of the business, there might be specific cybersecurity standards to adhere to. Even businesses without critical assets should have baseline security to thwart common threats like ransomware.
  • Company reputation and data breaches: Research past data breaches and the subsequent remediation steps. Data leaks can tarnish a company’s reputation and invite legal repercussions.

However, Vovk goes on to caution that even beyond all the aforementioned sound advice, employee errors are also a concern and that can lead to significant data breaches. This is demonstrated in recent Kaspersky research carried out among employees in the Middle East, Turkiye and Africa region. A test with a phishing simulator built into the Kaspersky Automated Security Awareness Platform (KASAP) showed that 20% of employees would click on a malicious link, falling for scam emails with claimed corporate announcements.

“When buying a business, the acquiring organisation must consider any previous cybersecurity training conducted for staff as well as non-disclosure agreements when it comes to employees and third parties handling sensitive data. Fundamentally, proper access controls for company resources must be implemented within the new entity to ensure data access is limited and revoked appropriately when employees depart,” says Vovk.

Additionally, it is also crucial to be familiar with laws pertaining to data protection and cybersecurity. This includes understanding the regional regulations and laws that outline the prescribed conditions for responsibly processing personal data.

“It must be stressed that when acquiring a company, you assume responsibility for its risks as well. Attaining and maintaining optimal business cyber resilience is an ongoing process. But, protecting yourself from new tricks by threat actors requires additional investments in digital business solutions, tools and skills, setting the rules that comply with the law, and reviewing cybersecurity policies and new protections. Checking your cybersecurity level from the very beginning will help you reduce the likelihood of incidents, set a clear path for development, and achieve new goals,” concludes Vovk.

You might also like

Looking for more? Gain deeper insights with these recommended articles, selected to provide further value.

March 8, 2022 The Vibrant Lifestyle Destination Is Driven By Some of the Region’s Greatest Female Entrepreneurs

With it being International Women’s Day today, Al Seef Village Abu Dhabi is honouring the achievements of the many brilliant women who have helped make the destination the vibrant, exciting and entertaining place it is today.

March 3, 2021 Women in Senior Leadership Positions Pass Critical 30% Mark Global Pandemic

The number of women holding senior leadership positions in mid-market businesses globally has hit 31% despite the COVID-19 pandemic affecting economies around the world, according to Grant Thornton’s annual Women in Business report.

February 9, 2021 MRO & Aircraft Interiors Middle East Exhibition Set for June 2021

The joint organisers of MRO Middle East & Aircraft Interiors Middle East (AIME), Aviation Week Network/Informa and Tarsus Group, today announced new dates for the region’s premier Interiors, Maintenance, Repair and Overhaul exhibition, that wi...

Join our newsletter.

Gain Access To Exclusive Content

Stay Updated With The Latest News

It's Free To Subscribe

By signing up, you agree to receive marketing emails.

Join our newsletter box - side image
Trusted by the best teams around the world