The Australian Cyber Security Centre (ACSC), has developed tailored advice to help organisations manage the increased cyber security risks, including when data is being migrated from one system to another.
Businesses undergoing major organisational change, whether it be through a merger, acquisition or Machinery of Government changes, are an attractive target for cyber criminals because of significant upheaval and disruption to the normal flow of business.
Cyber criminals know that major change brings disruption, making it easier to scam staff and compromise systems with social engineering attacks such as Ransomware, business email compromise, payroll fraud and phishing campaigns.
The reality is that organisations must be prepared, well before they announce they’re entering an acquisition or merger.
Our Mergers, Acquisitions and Machinery of Government Changes publication includes information on what you should tell your staff to be wary of, including scams and bogus requests for data, payment or access from people they don’t know.
Cyber security is a critical part of major organisational change and to manage the increased risk, organisations should focus on the following three areas:
- minimise the accumulation and compounding of your technical debt
- ensure your data and systems are well integrated and properly patched, supported and monitored, and
- understand the previous operating environment and security controls which protected your data and systems to ensure appropriate and ideally equivalent, or greater, protection is afforded in the new operating environment.