Justin Coker, Vice President, EMEA Skybox Security

As financial services players based in the UK consider their future in a post-Brexit landscape, they need to be mindful of the security issues that can emerge from cross border re-organisations and internal mergers, a cybersecurity and analytics expert has warned.
As the end of March approaches, some organisations have taken the opportunity to move their centre of operations out of the UK, so they can continue to benefit from EU trade laws and attempt to minimise disruption to their business, said Justin Coker, Vice President, EMEA Skybox Security, citing as an example Bank of America Merrill Lynch which completed the cross-border merger of its UK banking unit with its Ireland-based arm in December, making Dublin the hub for its main European banking entity.
“As companies such as this undertake cross-border mergers, CISOs and CIOs need to be aware of the security risks involved even when the business reorganisation is internal,” he said. “You’re not just merging systems, processes and people — you’re also bringing hundreds, possibly thousands, of new devices onto the network. New devices all have the potential to bring new cyber risks to your business, and that’s before you’ve looked into other aspects like legacy systems, servers, industry–specific technologies and drastically different IT policies over the years.”
He warned that mergers also change the dynamic of the attack surface, introducing new elements to the security environment that executives need to have visibility of: “It’s critical that businesses maintain holistic control over their attack surface during the transition phase so that they are able to manage their changing risk and compliance exposure,” he said. “Of course, these security concerns also present major issues for the board, as they can affect the bottom line and possibly the merger itself. You wouldn’t buy an organisation that leaves its doors unlocked. So why treat cybersecurity differently?”

by Guy Matthews