In its recent report, Software M&A Frenzy: Searching for the Competitive Edge, West Monroe revealed that 35 percent of senior global executives said cybersecurity issues have caused them to nix a potential merger or acquisition deal with a software company. For many entrepreneurs planning on a successful exit, this finding may be cause for concern. It suggests that a powerful product, a carefully constructed business model and a robust customer roster may not be enough. All of the hard work put into the creation of a winning company could fall flat if that business is the victim of a devastating cyber attack.
And these days, it seems that cyber attacks are a dime a dozen. GoldenEye is just the latest in a string of attacks that have impacted businesses worldwide. WannaCry caused an estimated $1 billion in damage in just its first four days, and Cybersecurity Ventures predicts global ransomware costs to exceed $5 billion in 2017. By 2021, cyber crime damage costs could hit $6 trillion annually.
Related: The Worst Hacks of 2017 -- So Far
With cyber crime on the rise, it's imperative that businesses prepare a defensive strategy and make security a priority -- especially if their goal is a successful exit. Here are three best practices for enhancing security measures so that cyber attacks don’t stand between your company and a desirable merger or acquisition.
1. Create an army of internal security experts.
One of the hottest jobs on the market is chief security officer (CSO). This role is absolutely essential, but the CSO alone cannot be held accountable for defending a company against a cyber attack. All employees are vulnerable to vicious cyber attacks and therefore should all be trained to identify and prevent hacks.
Consider that one of the most popular hacking techniques is sending employees emails that appear to be password reset notices, when really they contain rogue messages. If employees open these messages and follow their instructions, they are giving the hackers all the confidential information they hoped for.
To prevent something like this from destroying your company's competitive edge or chance at an exit, organizations must take proactive measures to educate their teams on security. Web-based training courses cover important topics, such as configuration management, virtualization security and application security, in addition to teaching employees how to spot suspicious activity, like phishing emails.
2. Take advantage of email tools that identify smoke before it becomes fire.
Speaking of phishing emails, they are the source of 91 percent of cyber attacks. With this in mind, businesses should consider tools that can help them better manage what's happening in their employees' inboxes.
Solutions offering email analytics can alert companies to shared content that may pose security risks, including sensitive credit card information, Social Security numbers or other personally identifiable information. While a business may not be able to go back in time to prevent that data from ever passing through its email system, it can leverage analytics to catch the security breach much faster than it otherwise would have, and then take the proper steps to mitigate the issue before it escalates into a much larger problem.
3. Choose a cloud vendor that offers proven protection.
If your organization is part of the 95 percent of businesses using the cloud, it's extremely important to make sure your cloud vendor is able to protect the information you're storing in their platform. Reliable cloud vendors will have certifications including SOC2, PCI, HIPAA and FedRAMP, which signal that they have met key criteria related to factors such as structural organization, policy and procedural communications, risk management, control monitoring, systems operations and change maintenance.
Organizations should also look for cloud vendors that employ security specialists and architects who are able to design environments that ensure resiliency and privacy. Other "must haves" include security control offerings, best practice checklists, website “support” tabs, product manuals, security advisories and technical papers.
There are a lot of hurdles entrepreneurs need to jump over in order to achieve a successful exit. A cyber attack should not be one of them. By taking these three proactive steps, organizations will be able to dramatically decrease security breach risk and chances of losing out on a great business opportunity.