Governance & Risk Management , IT Risk Management , Video
Securing M&A Transactions With Cyber Due Diligence
Bradley Schaufenbuel of Paychex on Assessing Cyber Risks and ControlsAn M&A due diligence process must include a comprehensive cybersecurity risk assessment, including all assets, threats, vulnerabilities and control measures, said Bradley Schaufenbuel, vice president and CISO at payroll and HR solution firm company Paychex.
See Also: Cloud Security and Developers: Role of Zero Standing Privilege
The acquiring company should keep target networks separate from their own network until all major vulnerabilities are addressed, he said.
"One of the biggest issues with M&A transactions is the drive to connect networks to achieve synergies from the transaction," Schaufenbuel said. "The current tech stack availability, like zero trust network access solutions, can provide the acquired entity with access to just the assets they need without connecting networks until those environments are fully addressed."
In this video interview with Information Security Media Group, Schaufenbuel also discussed:
- Key aspects of a comprehensive cybersecurity due diligence process for M&A;
- The importance of collaborating with the target's security or IT team;
- The role of zero trust network access solutions in modern M&A transactions.
At Paychex, Schaufenbuel leads a team of information security professionals that focuses on cyber crisis management, security training and awareness, and application security. He has more than 25 years of experience in information security, risk management, penetration testing, and security and IT audits. He is a member of the CyberEdBoard.