home.aspx
 
. https://icecybersecurity.com/2019/01/16/the-acquired-breach-how-to-spot-cyber-risk-in-your-acquisition/
blog article
THE ACQUIRED BREACH: HOW TO SPOT CYBER RISK IN YOUR ACQUISITION
Your company just acquired another business and things are great. Your market cap is growing, shareholders are happy, and teams are working hard. Then, you get a call that makes your stomach turn. Your team has uncovered an ongoing breach in the company you just acquired. Your world changes immediately. Think the acquired breach can’t happen? Marriott’s executive team experienced just this in September 2018 when their teams uncovered an ongoing breach in a Starwood guest database . Marriott uncovered the breach after 4 years when an alarm was triggered as the attackers tried to exfiltrate data. The roots of the breach may date back to an incident in 2014 where a restaurant Point-of-Sale system was infected, spreading through the company network. Understandably, there is limited evidence after 4 years to trace the source of the attack, however, the current breach was ongoing before Marriott acquired Starwood in 2016. Often in acquisition diligent companies have said “we had a breach, but we fixed it”. We used to take that statement at face value and move on because the cost of breach was low relative to the cost of prevention. In this case, two years later in a world with heightened sensitivity to cybersecurity, that decision came back to bite Marriott READ MORE