SonicWall ransomware attacks offer an M&A lesson for CSOs>
CSO Online – Howard Solomon
The recent report from ReliaQuest highlights the connection between ransomware attacks and vulnerabilities in SonicWall SSL VPNs inherited from acquisitions
Many victim organizations had unmonitored SonicWall devices that they were unaware of, underscoring the need for cybersecurity leaders to be actively involved in mergers and acquisitions (M&A)
The report emphasizes that assessing cyber risks in M&A deals is crucial and that security teams must prioritize the evaluation of inherited technologies to prevent breaches
Important items to note:
– Vulnerable SonicWall devices often stem from legacy systems inherited during M&A.
– IT departments may lack visibility into these inherited systems, leading to security risks.
– Standard M&A practices do not adequately address cybersecurity concerns; a thorough assessment of IT assets is necessary.
– Cyber risks should be communicated as financial liabilities to corporate boards to ensure proper evaluation during M&A.
– Third-party experts should conduct security assessments to gain better insights into inherited IT assets and vulnerabilities.
– Segmentation of newly acquired networks is essential until risks are fully assessed.
– Cybersecurity assessments must include detailed inventory audits, operational policies, and historical security incidents of the target company.
– Consideration of IT integration plans between companies post-acquisition is crucial to maintain security integrity during the transition.
Link: https://www.csoonline.com/article/4097078/sonicwall-ransomware-attacks-offer-an-ma-lesson-for-csos.html