DON’T LET
CYBERSECURITY
BE THE DEATH OF
YOUR DIVESTMENT
According to research, there has been a significant
increase in major divestment activity in the UK –
despite the uncertainty of factors such as Brexit. Justin
Coker, Vice President EMEA, Skybox, identifies the key
questions that CISOs should be asking themselves to
ensure their organisations are secure and compliant
throughout a divestiture.
A
gainst the
backdrop of
Brexit, the UK is
being affected by
market uncertainty
– a nightmare for
any organisation
planning to break away significant parts
of their operations in the coming months.
Nevertheless, according to Deloitte’s
global M&A index, there has recently
been a significant increase in major
divestment activity.
However, economic volatility shouldn’t
be the only concern. Cybersecurity
throughout the divestment process is
something that tends to be ignored, yet
this type of deal presents significant
security and operational risks and
liabilities, especially with stricter rules
on data protection and regulatory
72
compliance. Spinning off a division of
a business does not mean suddenly
cutting off all ties – sometimes shared
services need sustainability for a period
of time, often for several years.
So, it is imperative that the CFO of both
the parent company as well as the newly
created entity develops a comprehensive
plan which includes details of how
their integrated IT and networks will
be separated. Part of this plan must
include how this unravelling will create
new cybervulnerabilities, security
weaknesses and potential regulatory
non-compliance as the companies move
to finalise the divestment process.
The CFO’s priority is to save money
and deliver quality returns to investors;
they must recognise that cybersecurity
is critical in order to reach this goal.
So to enable an efficient and smooth
Justin Coker, Vice President EMEA, Skybox
divestment process, what are the
strategic security questions that CFOs,
CISOs and the broader executive team
should be asking themselves?
How do we have visibility over
who owns which assets?
During divestment, it is important to
understand which assets need to be
separated and which should remain
shared to limit operational disruption.
It is not just the ownership of the
asset that matters but ownership of
the liability of the risk of that asset. If
there is any ambiguity around who is
providing and maintaining the security
of a particular part of the network,
then the risk of a security breach is
dramatically increased. Being able
Issue 07
|
www.intelligentciso.com