Our new Biannual ICS Risk & Vulnerability Report is the most up-to-date look at CVEs disclosed in OT devices.
Check it out!
Ramping Up Industrial Cybersecurity for a Post-Pandemic M&A Boom
By The Claroty Team | June 24, 2021
Studies show that mergers and acquisition (M&A) activity will continue to lead economic recovery in a post-pandemic world for a variety of reasons, including to increase scale, innovate for growth, and restructure for a new environment. Megadeals of at least $5 billion in value started to rise again in the second half of 2020, and we can expect a stronger bounce in 2021 in critical infrastructure sectors.
During this same period, we’ve seen a rise in targeted attacks on critical infrastructure that also shows no signs of slowing down. But as the first major shutdown of critical infrastructure due to a cyberattack in the nation’s history, the ransomware attack on Colonial Pipeline was a tipping point. In the days that followed, the White House issued an Executive Order focused on protecting IT and operational technology (OT) networks. And the Transportation Security Administration (TSA) is mandating incident-reporting and hardened cybersecurity practices from pipeline owners and operators, many of whom operate privately within this critical infrastructure sector.
The confluence in deal making and U.S. government cybersecurity mandates make it more important than ever that CISOs ensure their industrial cybersecurity program can support their organization’s consolidation plans. Cybersecurity assessment is a critical component of the M&A checklist, alongside traditional items such as financial matters, contracts, legal and regulatory issues, intellectual property, sales, personnel, and the competitive landscape. CISOs need an industrial cybersecurity solution that can provide a faster, easier, and more flexible way to conduct M&A due diligence, such as a risk and vulnerability assessment, on target companies’ industrial networks.
Claroty Edge, the newest addition to The Claroty Platform, meets the needs of CISOs tasked with this challenge in three ways:
This means you can gain 100% visibility into industrial networks in less than 10 minutes without requiring network changes, sensors, or physical footprint. Functioning as a flexible edge-data collector, the solution leverages existing Windows systems to reveal industrial assets that you could otherwise only discover via methods that are difficult, if not impossible, to execute with a third-party. These assets include a complete inventory of the company’s managed and unmanaged OT, IoT and IIoT assets while identifying the vulnerabilities and risks affecting those assets. You can conduct due diligence quickly, easily, and gain insights into operational risk exposure while adhering to letter of intent specifications. As the deal progresses, you have data to help prioritize, strategize, and prepare to mitigate risk as soon as appropriate.
Providing an optimal entry point or accelerator, wherever an organization is on their industrial cybersecurity journey
The target company may be just getting started with industrial cybersecurity. Claroty Edge can be run anytime, anywhere—either on-premises or in the cloud—to capture the current state of the network. For target companies with a more established industrial cybersecurity program, Claroty Edge provides a quick, easy, and effective way to gain a holistic view of the industrial network, including air-gapped, physically remote, smaller, and/or previously deprioritized sites.
Supporting a range of M&A and compliance auditing use cases
Many industrial enterprises are inherently geographically dispersed in sectors such as energy, oil and gas, or food and beverage, to name a few. M&A activity exacerbates this sprawl and the challenge of managing cybersecurity risks in highly distributed environments. Claroty Edge enables you to easily identify and manage the risks and vulnerabilities—such as missing critical patches, end-of-life indicators, and CVEs—revealed during asset discovery. These capabilities allow you to better protect your growing industrial network by reducing its exposure to risk.
If your organization is among the many considering an M&A strategy to drive growth and expansion in the post-pandemic world, Claroty Edge is a valuable addition to your due diligence toolkit.
To speak 1:1 with a Claroty expert about how Claroty Edge can help your team understand and mitigate cyber risk associated with M&A activity and an increasingly distributed environment, request a demo.