Tips for Secure Aerospace and Defense M&A as COVID-19 Winds Down

COVID-19 has been a disaster for just about every industry. It’s proven especially challenging for the A&D sector, since cyber criminals are perennially eager to gain access to sensitive data and government contract information. Most deals are still happening remotely to at least some extent. This is an important security decision in its own right, since a COVID outbreak in your company could be devastating. But this opens you up to cyber attackers. Cybersecurity must top the list of your concerns, and you must be prepared to invest in cybersecurity well before the deal gets underway. A secure company is a more valuable one, so the investment can help drive deal value. Here are the most important strategies to deploy.

Attack Assessment

Automation is now a key part of most deals, including the assessment of company assets. After all, most businesses are too large for a human to reliably audit all aspects of the business. Before proceeding with automated audits, you must review any potential attack surfaces. Look to the company’s past. Has it ever been subject to an attack before? Did it fix the problem that led to the breach? Not only is this important in preparing for M&A; it’s also a key consideration buyers may weigh when assessing the risk of a specific acquisition. 

Threat Intelligence

You must also remain abreast of industry threats, and be especially knowledgeable about the hidden risks within your own network. The key here is to think like an attacker, rather than to think defensively and ignore risk. 

Intelligence from closed source and open source intelligence can help you better understand how your organization or an organization you’re interested in purchasing could have been a target in the past. This can help you assess the true nature of any and all risks. 

Remote Architecture Issues 

Remote work, in one capacity or another, is likely here to stay. Workers like it and it can reduce costs over time. But for it to be fully effective, you need a total overhaul of your security structure to implement a secure remove environment. Remember that it’s not enough to install the right security software; hard and fast rules for your team are just as important. 

Pre-M&A Steps

Before undertaking an M&A deal, it’s important to take the following steps: 

  • Include cybersecurity experts in the M&A team. 
  • Assess cybersecurity resilience, including by reviewing prior attacks. 
  • Assess regulatory compliance.
  • Undertake a detailed cybersecurity analysis. 

Post Merger Strategies

The emphasis on cybersecurity must continue after the merger, especially since mergers can attract the attention of cyber criminals. Do the following: 

  • Informed by input from cybersecurity experts, refresh and revise operating models with an eye toward security. 
  • Remain vigilant about both companies’ security. 
  • Assess how M&A may affect the workforce, and whether there could be any potential fallout to cybersecurity from these risks. 
  • Seize the opportunity to enhance cyber resilience.