Interviews

How to cut the cybersecurity risk of M&A

Published

1 year ago

May 30, 2022

admin

By Chad McDonald, CISO at Radiant Logic

In 2021, merger & acquisition (M&A) activity grew by almost a quarter, with a record-breaking 62,000 deals announced globally. Merging companies is a difficult and complex task, with figures showing that between 70% and 90% of all mergers fail.

When an organisation undergoes a M&A, they not only face economic risk. The external cybersecurity threat level ramps up dramatically, as well as the risk posed by insiders.

Many of the challenges experienced during M&A can be linked to the failure to manage identity. To understand the threat, Radiant Logic surveyed 300 tech executives and found that out of the 27% of respondents who experienced a merger & acquisition in the last year, 44% said it took between 7 and 12 months to enable application access across the integrating entities, and 35% took 13 and 18 months.

So, what can be done to secure identities during M&As?

Chad McDonald

What are the security risks organisations are exposed to when completing M&As?

The merging of two or more companies creates a serious cybersecurity challenge. When organisations undergo M&A, all parties involved must be blended into one new company with the minimum of disruption and downtime. In most cases, access to CRM systems, ERP systems, human resources and proprietary applications are necessary at a minimum to allow the newly merged organisation to achieve a reasonable level of productivity. At the foundation of all of this lies identity. Complexity is created at every stage of a M&A, creating gaps and holes for threat actors to exploit. Risk is inevitable.

The M&A process involves the incorporation of vast data estates and disparate policies, infrastructure and applications. Departments must be brought together and synergised so they can communicate with each other and ultimately work together effectively. It is a time of considerable upheaval, which creates risk.

When staff leave the company or switch departments, best practices dictate that their accounts and privileged access will be deleted from the central system of record or locked from use. Because most organisations suffer from some level of identity sprawl, those accounts may remain in periphery systems or within several different communication channels, from emails to other highly critical systems.

These stale and over-privileged accounts are a treasure trove for attackers. Duplicate identities pose a similar risk. When an organisation has large numbers of ghost accounts that have not been accounted for and shut down, it has effectively painted a target on its back.

The ghost identities are a threat to all organisations and often go unnoticed. During a M&A, they will remain undetected for longer, so will pose a greater risk. It has been reported that 47% of ex-employees still have access to business data months after leaving an organisation. When companies merge, the number of stale accounts grows exponentially. Threat actors can use these identity credentials to gain privileged access to restricted areas of the network – where they can cause severe damage.

Why has identity management proved to be a challenge during M&As?

The simple answer is that managing identities is difficult during calm times, particularly due to the challenge over stale and over-privileged accounts. It is time-consuming to find, modify or change user access data. Time-stretched security staff simply do not have the bandwidth to hunt down stale accounts, so the problem compounds over time. The lack of control over the provisioning and de-provisioning of user access also increases the potential risk of suffering a cyberattack.

Managing identities often relies on tedious, manual work. Our research found that 52% of all tech executives find the manual provisioning and de-provisioning of user access to be the most stressful challenge they face in identity and access management (IAM).

During times of normal business operation, it is easy to let small problems snowball into larger ones. During a M&A, the risk becomes even more pronounced and the means to tackle it often dwindle as hard-pressed security staff rush to deal with other problems. But failing to tackle identity can quickly lead to a crisis.

How can security leaders tackle this M&A identity crisis?

To manage the complexity of identities in M&A, CISOs and security admins need to develop a clear understanding of which accounts are genuine and belong to current staff members, and which outdated and must be deleted. This is not a straightforward process, which is one reason we have observed a gap of 12 months or more between the date of a merger and the day when the parties manage to integrate their systems.

The first step is removing ghost or duplicate identities and gaining visibility into all live users. Mapping the web of identities should then be carried out in collaboration with HR and department heads in order to produce a correct headcount. Security leaders must then focus on implementing an IAM framework capable of dealing with the complexity and data volume of M&As.

Radiant Logic’s research found that 67% of organisations have a modern access control and governance solution, but many apps and users are left out. The majority of the current IAM solutions work at the application layer, focusing on unifying applications and systems instead of bringing identity data together. This is particularly problematic when integrating cross-organisational systems because many applications have different data needs, and are often highly-tailored to the distinct requirements of an organisation or department.

How can a single source of identity data help organisations complete M&As?

The most effective solution to the problem of identity in M&A lies in building a unified single source for all identities using an Identity Data Fabric. This approach unifies all identity data across the organisational network, first collecting identities on-premise and in the cloud before mapping similar identities to an abstraction layer, and then blending them into a global user profile to ensure all identities are unique, complete and accurate.

The Identity Data Fabric operates at the data layer rather than an application layer, so will not interfere with the operations of existing applications, instead offering a more effective way of accessing, understanding and managing identity data across the organisations involved in M&A.

Implementing an Identity Data Fabric framework gives security teams total visibility over the entire network, enabling them to identify the access levels associated with each unique user across systems and applications both in the cloud or on-premise. Taking control of identity data will remove some of the turbulence from M&A. Identity Data Fabric can stop identity integration from becoming a crisis, and allow the newly-joined business to focus on what it does best.

Related Topics:Chad McDonald complete M&As?crisis Data Fabric framework Data Fabric operates managing identity data

Up Next

How to future proof the financial industry against cyberattacks

Don't Miss

Wealth Managers and the Future of Trust: Insights from CFA Institute’s 2022 Investor Trust Study

Interviews

Finance Derivative Talks to Tianjin Port Development Holdings Limited

Published

5 months ago

January 3, 2023

admin

1. How do you look back on 2022, being one of the 10 best largest container ports in the world?
In 2021, the container throughput of Tianjin Port exceeded 20 million twenty-foot equivalent units (TEUs) and ranked eighth on the list of world largest ports in terms of total container handling capacity, and growing the fastest among the world’s top 10 ports. Tianjin Port will strive to achieve 25 million TEUs by 2025 and continue to open a new chapter in the story of prosperity of Tianjin Port’s world-class port.
The market environment in 2022 was more difficult than that in 2021. Other than the conflict between Russia and Ukraine, and financial policies tightening in Europe and the United States, China’s economic growth was slower-than-expected due to the resurgence of the COVID 19 pandemic and related strict control measures. In this challenging market environment as at Q3 2022, Tianjin Port as a whole handled accumulatively cargo throughput of 363 million tonnes, 3.3% more year-on-year, and container throughput of 16.54 million TEUs, 4.7% more year-on-year, via enhancing efficiency and various flexible measures. Tianjin Port Co., Ltd., the major controlling subsidiary of Tianjin Port Development Holdings Limited (“Tianjin Port Development” or the “Company”) still managed to achieve profit growth of 11.9% in the first three quarters of 2022.
In mid-October 2021, Tianjin Port Group (the controlling shareholder of Tianjin Port Development, which holds 53.5% stake in the company) unveiled what it says is the world’s first zero carbon emissions smart terminal in Beigang area of Tianjin Port. This smart and ‘zero-carbon’ smart terminal can serve as an example of intelligent upgrading and low-carbon development of ports all over the world. As at Oct 13 2022, this zero-carbon smart terminal in Beijiang port area had handled 1 million TEUs since it started operation in October last year.

2. How are you able to manage and improve the sustainability strategies with the stakeholders? Tell us about your visions and key factors to success.
Tianjin Port Development has been investing resources in promoting its sustainable development and its sustainability strategies emphasize five principles, namely “Environmental Commitment”, “People Focus”, “Quality First”, “Customer Oriented” and “Community Care”, which are incorporated into its daily management and operations. The Company has kept strengthening communication and cooperation with various stakeholders so as to continuously improve sustainability management.
Building a smart port is a major undertaking of the Company. We aim high and strive to build a world-class smart port and a green port, to better serve the coordinated development of the Beijing-Tianjin-Hebei region and construct the “Belt and Road” initiative.
We continue to propel port automation with advanced smart, automatic and communication technologies, aiming to improve service efficiency while reducing service costs and offering customers with better experience. The Company continues to make use of artificial intelligence algorithms and big data to develop new smart projects, implement innovative business operation and analytics systems to enhance operating intelligence and customer service efficiency. In addition, we keep hastening automatic transformation of traditional terminals, and designing our own fully-automated facilities and equipment.
The Company has dedicated much effort to implementing sustainable development concepts and paying more attention to topics such as green development, smart and safe production. All these efforts have laid a solid foundation for the Company’s success.

3. How did the market change post covid-19 and where do you see it going?
Since the outbreak of COVID-19 pandemic in 2020, ports around the world, those in overseas countries in particular, have seen containers stacked up and even halt service. The pandemic has brought to the foreground the need to develop smart ports. In recent years, Tianjin Port Development has actively used innovative technologies to build smart ports. It currently owns more than a dozen world-first technologies that have helped it improve operational efficiency. For example, a single driver can take remote control of six automated facilities simultaneously. In the future, Tianjin Port Development will continue to pursue automation and intelligent reforms plus upgrade its facilities.
Furthermore, during the pandemic, sea freight was adversely affected by land transportation restrictions in mainland China. In light of that, Tianjin Port Development enhanced the function of its feeder network and optimized the linkage between main services and feeder services within the port in Tianjin-Hebei area, built a collaborative operation platform for feeder services covering the Bohai Rim, and promoted vigorous development of “daily shift” services. An alliance was forged and the “Maritime Expressway – FAST” service brand was created, enabling coordination and link up of all processes, from delivery from factories, loading and unloading at the ports and piers, sea transportation and on-shore storage and logistics to receipt of goods by end customers, thus forming a “door-to-door” standardized transportation system. We have been able to make better use of our marine channel advantage to improve overall freight efficiency and bring more business opportunities to Tianjin Port Development. At the same time, Tianjin Port Development is also starting to actively take part in multi-operational partnership covering road, rail and sea transportation, which will become a new business model serving the “Belt and Road Market”.

4. Do you see your company expanding its offerings in future? FY2023
In the future, Tianjin Port Development will hasten transforming its transportation mode. For inbound operations, under the “Maritime Expressway Express—FAST” service brand, it will speed up expanding coverage of its ports and land logistics network in the Tianjin-Hebei region. And, for supporting outbound logistics, it will extend the sea-rail shipping channel. Moreover, it will continue to upgrade automation of its piers, so as to achieve complete digital transformation. Furthermore, it will press on with using green energy, step up “zero-carbon port” construction, implement its “dual-carbon” goals, and take to greater depth the work of building an international shipping hub in northern China.

Interviews

Exclusive Interview With AsiaPay CEO -Joseph Chan

Published

5 months ago

January 3, 2023

admin

It’s a pleasure to have you. Tell me a bit about your journey and about heading AsiaPay.

As the founder and CEO of AsiaPay Group, Joseph started up the first high-quality third-party digital payment service and technology firm in 2000 in Hong Kong, spearheaded the company’s business strategies and product development together with his management team, and leads AsiaPay becoming one of the most successful world-class digital payment companies in Asia.
In regard to business growth and market recognition, Joseph presents his long-term vision which is to operate a successful and socially responsible company that continually provides individuals and corporate entities with the newest digital payment values, readily enhances one’s quality of life, and maximizes business opportunities, efficiency and productivity.

On that note of innovation, what are your views, on things like blockchain, Artificial intelligence, and robotics?

AsiaPay works closely with our partners in the AI, metaverse, crypto, and NFT-related businesses. With the capabilities of the web3 payment, we aim to strengthen the sales scene, use virtual social space as attraction, product display, and sales as a reality, and enhance the interest and purchase intention of potential buyers, coupled with cryptocurrency-led payment.

Decentralizing blockchain can guarantee the fidelity and security of transactions and digital payments. While combining digital record authenticity in blockchain technologies and the automation of artificial intelligence can enhance data security to prevent fraud in the fintech and digital commerce industries.

Along digital transformation, there has been successful applications of robotics in F&B n hotel industries in Asia and more digital payment solution adoption follows to provide more seamless and valued payment experience to customers.

AsiaPay continues to work closely with partners and startups in these technology areas and also web3 area like metaverse, crypto to well capitalise on these technologies to provide more advanced payment solution to address coming business and market needs

How do you manage the making in the area of diversity and inclusion in terms of gender and cultural background?

Joseph Chan

AsiaPay always aims to remain a balanced and fair working environment with diversity and inclusion over its 15 country operations in Asia. As we serve merchants covering wide range of industries and operating across borders with close interaction with our teams in Asia, we respect the unique background, needs, perspectives, and potential of all team members. We:

Identify diversity and inclusion as key strategic priorities
Recruit and hire openly across Asia
Establish snd enforce cross-country mentorship
Promote team work and foster relationship by overseas team training, yearly executive meeting…etc …
Acknowledge holidays of all cultures and celebrate
Be aware of any unconscious bias.
Ensure benefits and programs are inclusive

And, we set up a variety of staff performance and long-service awards to appreciate our team member’s contributions regardless of their genders, races, religion, nationalities, and sexual orientations. Every team member is equally involved in and supported in all areas of the workplace.

Even under this highly competitive Fintech market, we have enjoyed relatively high retention over the years.

AsiaPay continues its business expansion in Asia with 16 operation offices as of date. What are the strategies for the Indonesian market?

Indonesia is one of the key emerging markets in Asia, according to a YStats.com report points that Indonesia mostly used “online wallet” (69%) alternatively to traditional payments in 2020. “Online wallet” was commonly used as an alternative payment method after the onset of COVID-19;

BimoPay is a payment gateway platform service offered by AsiaPayto address the Indonesian digital payment needs, as Indonesia is one of the fastest-growing economies in the world. Our key strategies shall emcompass,

Sales strategies and programs targeting key merchant segments;
Bank and payment and channel partnership;
Digital marketing campaigns enhancing brand and service awareness;
Localised product and service innovation and development;

Do you see AsiaPay expanding its offering in the future? How do you see 2023 coming?

With digitalization and technological innovations taking over the economic sector of the world, AsiaPay will continually bring advanced, secured, integrated, and cost-effective digital payment processing solutions and services to banks and eBusiness globally.
We will continually embrace change and innovate capitalizing on the technological trends and strength especially addressing the coming evolution of digital commerce, smart retail, web 3.0 payment, payment data analytics, crypto/CBDC and blockchain technologies.

Apart from our existing 16-country operations in Asia, we will continue to expand our footprint in the world to expand our payment solution and service coverage, and further sca