Bugcrowd, a provider of crowdsourced security services, this week launched an offering designed for organizations that need to assess the cybersecurity resiliency of a potential acquisition.
Company CEO Ashish Gupta said the Bugcrowd Mergers & Acquisition (M&A) Assessment service is designed to reduce a task that normally requires eight to 10 weeks to a set of reports that can be produced in three to five weeks, depending on the complexity of the project.
At the core of the M&A Assessment service is a set of penetration tests conducted by independent cybersecurity experts that have been vetted by Bugcrowd. Those tests can be conducted by a pay-per-results or pay-per-project testing basis.
Designed to be launched in as quickly as 72 hours, the service enables organizations to access test results as they are discovered. The service will also compile an inventory of IT assets including platforms and applications that might have been overlooked or simply unknown.
Audit reports that include expert analysis, risk scoring and recommendations are delivered when testing is completed.
In the wake of the economic downturn brought on by the COVID-19 pandemic, merger and acquisition activity has begun to increase. Many of these deals require a thorough cybersecurity review before they can proceed. In many cases, companies that have been struggling are not able to make the appropriate levels of investment in cybersecurity. As is often the case in a merger or acquisition, time is of the essence. Becoming aware of cybersecurity issues sooner than later can be critical.
Gupta said the penetration testing service provided by Bugcrowd goes way beyond checkbox analysis. Cybersecurity experts from around the world launch white-hat tests across the entire attack surface an organization should be defending.
Bugcrowd recently published a survey of 3,493 ethical hackers participating in its service that claims hackers working on the Bugcrowd platform prevented $8.9 billion of cybercrime in 2019. The report also notes those hackers also earned 38% more 2019 than they did in the previous period. More than half the hackers surveyed (53%) were under 24 years of age, according to the report.
It’s not clear to what degree organizations will be relying on services to contract ethical hackers to test their security defenses. There’s always some in trepidation when it comes to sharing cybersecurity information with a third party. However, penetration tests conducted by internal cybersecurity teams may not be as creative or resourceful as external hackers that regularly conduct such tests. In addition, the speed at which those tests can be conducted is often an issue whenever sensitive data might be compromised.
Relying on external penetration testers also shows regulatory bodies that due care was taken to secure assets, which can help mitigate potential fines in the event of a breach.
Regardless of the motivation, it’s apparent penetration testing should be conducted regularly. The issue when it comes to mergers and acquisitions is not everyone involved might be as inclined to rigorously conduct those tests when they have a vested interest in the outcome.