IT firms consolidate amid escalating cyberattacks

Mergers and acquisitions in the IT community reached an all-time high of $30.8 billion in the second half of 2017, according to a new report by Hampleton Partners, published March 26, 2018. The London-based research firm found heavy consolidation with high multiples for 30 consecutive months in the enterprise software market. Researchers cited Vantiv's $10.4 billion acquisition of Worldpay as a recent example. Organizations are combining assets and capabilities to compete globally and protect against cyberattacks, company representatives stated; they expect continued compression in the automotive, healthcare and payments sectors.

"Companies are dealing with very rapid change across multiple fronts," stated Miro Parizek, founder and principal partner at Hampleton Partners. "It's a case of digitally transform or die." He added that they are turning to mergers and acquisitions to quickly and effectively navigate the shifting landscape and satisfy the increasing service expectations of their customers.

Parizek pointed to increasingly sophisticated cyberattacks, which he said are fueling interest in advanced security solutions, data management and analytics tools that protect companies from malicious attacks and malware infections.

Be ready, all-in

BakerHostetler urges companies to be "compromise ready" by improving risk management practices and planning for worst-case scenarios and cyberattacks. The company's 2018 Data Security Incident Response Report found hackers compromised all types and sizes of businesses in 2017. "Size doesn't matter regarding the likelihood of being breached," they wrote. "In the incidents covered by the Report there was a fairly even number of incidents by entities with revenues between $10 million and $100 million, $100 million and $500 million, $500 million and $1 billion, and $1 billion and $5 billion – with mere percentage points separating those categories."

Theodore J. Kobus III, leader of BakerHostetler's privacy and data protection practice, said companies need to take an "all-in" approach, from boards to senior management, to reduce the risk of attacks and lessen their severity when they do occur. "The stakes are higher than ever, but some entities still are not executing on the basics," Kobus said. "Many have made great strides in their cybersecurity planning, but as threats evolve and entities change, they must also keep their security protocols current."

Be vigilant, diligent

Following are additional recommendations BakerHostetler researchers offered:

• Control access: Prevent unauthorized individuals from gaining access to cloud-based data by setting private permission levels, both internally and with cloud-based service providers.

• Regulatory compliance: Prioritize compliance, as regulators have become more aggressive in investigating breaches. This will be especially critical when General Data Protection Regulation (GDPR) guidelines become effective on May 25, 2018, for entities doing business in the European Union.

• Improve response time: Improve incident response times in four key areas: detection, containment, analysis, and notification. Understanding timing enables companies to provide useful information to forensic investigators. Research data showed overall incident response times for 2017 were 66 days from occurrence to discovery (an increase of five days from 2016); three days from discovery to containment (an improvement of five days from 2016); 36 days from engagement of forensics team to investigation complete (four days faster than the previous year); and 38 days from discovery to notification (three days better than 2016).

• Adopt multifactor authentication: Implement a robust risk management program that incorporates complete buy-in from all levels of an organization.

  Editor's Note:

  The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

  Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.