SITUATION
A private equity firm was looking to purchase a company in the food and beverage industry. The firm engaged FTI Cybersecurity to conduct IT and cybersecurity due diligence on the target company prior to purchase, with the goal of identifying cybersecurity risks and maturity gaps pre-close.
OUR ROLE
FTI Cybersecurity established multiple workstreams to facilitate the assessment. During cybersecurity diligence, FTI Cybersecurity experts conducted a review of all available documentation, including policies, reports, and scanning results, and interviewed key security personnel. Based on the information provided, FTI Cybersecurity assessed the target organization’s maturity against cybersecurity best practices.
Throughout this process, FTI Cybersecurity identified that the managed security service provider (MSSP) used by the target company had not been conducting vulnerability scanning of the network in alignment with the MSSP’s attestations. Upon review of an up-to-date vulnerability scan, FTI Cybersecurity identified almost 1,000 critical and high priority open vulnerabilities, including highly concerning vulnerabilities that could indicate active compromise.
OUR IMPACT
After identifying the vulnerabilities within the target company’s network, FTI Cybersecurity provided remediation plans and estimated costs for mitigation of these risks. Throughout the process, FTI Cybersecurity regularly updated the private equity firm on the situation and provided the firm with recommendations for resources to support remediation.
FTI Cybersecurity’s assessment allowed the private equity firm to prioritize action and mitigate vulnerabilities prior to close. The findings of the assessment also allowed the private equity firm to fully understand the risks and mitigations needed for the cybersecurity program of the firm they planned to purchase.