Intelligent CISO Issue 07 | Page 72

DON’T LET CYBERSECURITY BE THE DEATH OF YOUR DIVESTMENT According to research, there has been a significant increase in major divestment activity in the UK – despite the uncertainty of factors such as Brexit. Justin Coker, Vice President EMEA, Skybox, identifies the key questions that CISOs should be asking themselves to ensure their organisations are secure and compliant throughout a divestiture. A gainst the backdrop of Brexit, the UK is being affected by market uncertainty – a nightmare for any organisation planning to break away significant parts of their operations in the coming months. Nevertheless, according to Deloitte’s global M&A index, there has recently been a significant increase in major divestment activity. However, economic volatility shouldn’t be the only concern. Cybersecurity throughout the divestment process is something that tends to be ignored, yet this type of deal presents significant security and operational risks and liabilities, especially with stricter rules on data protection and regulatory 72 compliance. Spinning off a division of a business does not mean suddenly cutting off all ties – sometimes shared services need sustainability for a period of time, often for several years. So, it is imperative that the CFO of both the parent company as well as the newly created entity develops a comprehensive plan which includes details of how their integrated IT and networks will be separated. Part of this plan must include how this unravelling will create new cybervulnerabilities, security weaknesses and potential regulatory non-compliance as the companies move to finalise the divestment process. The CFO’s priority is to save money and deliver quality returns to investors; they must recognise that cybersecurity is critical in order to reach this goal. So to enable an efficient and smooth Justin Coker, Vice President EMEA, Skybox divestment process, what are the strategic security questions that CFOs, CISOs and the broader executive team should be asking themselves? How do we have visibility over who owns which assets? During divestment, it is important to understand which assets need to be separated and which should remain shared to limit operational disruption. It is not just the ownership of the asset that matters but ownership of the liability of the risk of that asset. If there is any ambiguity around who is providing and maintaining the security of a particular part of the network, then the risk of a security breach is dramatically increased. Being able Issue 07 | www.intelligentciso.com