[MUSIC PLAYING] Mergers, acquisitions, divestitures-- for any IT executive, you know that these are drop everything types of projects. Because IT integration is all about the timelines. But in the rush to Legal Day 1 and consolidation, there are several IT security pitfalls to be aware of, so that the IT integration exercise doesn't become a resume updating exercise.
First, trusting too soon. All too often, we see people set up Active Directory trust before performing a cybersecurity analysis. And setting up an AD trust increases your attack surface. Second, moving content you don't need. That's the beginning of a breach. Migrating dirty data adds complexity, costs, and increases security risks.
Third, moving user accounts you don't need. Lack of communication between HR and IT means you could be migrating employees who may or may not be there after Legal Day 1. And that's the making of an insider threat.
Fourth, keeping the cruft. All of us have those crufty old applications that are critical and serve a business need, but are AD dependent and homegrown. So we leave up an old Active Directory that is left unpatched and unmonitored. Complexity breeds risk.
Five, keeping SID history. SID history is helpful during a migration. But afterwards, they are a real liability. Bad actors using a tool like Mimikatz can perform a SID history injection and impersonate users or elevate privileges. Number six, forgetting the backup. Things will go wrong in an M&A migration. And if you can't roll back changes or get things into a secure and proper order, you're out of luck.
Bad actors see a migration as a great time for entry, because there are a lot of moving parts. Check out Quest.com/mergers-and-acquisitions to dive in-depth into the IT security pitfalls commonly associated with an M&A, and see how to avoid them.
02:19