High-profile cyberattacks, like the recently perpetrated ransomware attack on the Colonial Pipeline, are on the rise. Business leaders not only need to be aware of and prepare their businesses for the increased likelihood of similar attacks, but those who are acquisitive should understand how the threat of such an attack can introduce new risks into a transaction.
“The entire C-suite, and more importantly the board and investors, have to understand what the risk profile is for their companies as they're going into transactions, and as they're coming out of them — how does our risk profile change as I do a transaction?” says Jamil Jaffer, SVP for Strategy, Partnerships & Corporate Development, IronNet-Cybersecurity Inc. “So, cybersecurity is an important, critical area for decision makers to know and think about as they’re looking at these issues going forward.”
Maj Gen USAF (Ret) Brett Williams, co-founder, IronNet Cybersecurity Inc. says senior business leaders, regardless of what business they're in, no matter their size or sector, must consider the possibility that they could be the object of a nation-state level attack.
“The distance between the capabilities of a criminal group and the capabilities of a nation-state have narrowed significantly since I left (U.S.) Cyber Command,” Williams says. “So, frankly, you really don't care who's attacking you when you're first dealing with the attack. You're just trying to detect, mitigate, get your business moving as quickly as possible. But the bottom line is you can't continue to rely on legacy defenses. You have to consider that the advanced threat is now the threat.”
Jaffer says even if you don't think that you’re a likely target of an organized crime attack, you could still be collateral damage.
“You owe it to your shareholders, and your investors, and the people you serve — the communities, the individuals, the companies that you make a product for or provide the service to, to ensure you’re protected against those threats, because it may not even come at you. You may not even be the target,” Jaffer says.
Williams adds that when significant targets are hit with a cyberattack, other companies — the collateral damage — end up in a pool of potential targets that are likely released somewhere in the dark web.
“You can't rely on firewalls and antivirus anymore,” Williams says. “That's the bottom line.”
Jaffer and Williams spoke at the inaugural Baltimore Smart Business Dealmakers Conference about the threat cyberattacks pose to M&A. Hit play on the video above to catch the full conversation.