“A big lesson for us was about due diligence,” he says. “When companies do mergers and acquisitions, most of the due diligence is around financials, maybe legal risks, or intellectual property. But I don’t see companies focusing too much on cybersecurity in terms of digging deeper into whether the company has a breach. This certainly changed our process. If we had focused on it during due diligence I’m sure we would have been able to find at least some indication.”
“A good starting point is to make sure that you’re in line with the requirements of Cyber Essentials – a government scheme that includes a set of basic technical controls you can put in place relatively easily.”
|Tarah M. Wheeler (@tarah)|
The moment an organization begins thinking of itself as the greatest threat to its own customers’ security is the moment when they begin to take cybersecurity seriously–and when we as a society should begin to trust that they’re serious about protecting us.