Governance & Risk Management , IT Risk Management , Video

Securing M&A Transactions With Cyber Due Diligence

Bradley Schaufenbuel of Paychex on Assessing Cyber Risks and Controls
Bradley Schaufenbuel, vice president and CISO, Paychex, and CyberEdBoard member

An M&A due diligence process must include a comprehensive cybersecurity risk assessment, including all assets, threats, vulnerabilities and control measures, said Bradley Schaufenbuel, vice president and CISO at payroll and HR solution firm company Paychex.

See Also: Cloud Security and Developers: Role of Zero Standing Privilege

The acquiring company should keep target networks separate from their own network until all major vulnerabilities are addressed, he said.

"One of the biggest issues with M&A transactions is the drive to connect networks to achieve synergies from the transaction," Schaufenbuel said. "The current tech stack availability, like zero trust network access solutions, can provide the acquired entity with access to just the assets they need without connecting networks until those environments are fully addressed."

In this video interview with Information Security Media Group, Schaufenbuel also discussed:

  • Key aspects of a comprehensive cybersecurity due diligence process for M&A;
  • The importance of collaborating with the target's security or IT team;
  • The role of zero trust network access solutions in modern M&A transactions.

At Paychex, Schaufenbuel leads a team of information security professionals that focuses on cyber crisis management, security training and awareness, and application security. He has more than 25 years of experience in information security, risk management, penetration testing, and security and IT audits. He is a member of the CyberEdBoard.


About the Author

Suparna Goswami

Suparna Goswami

Associate Editor, ISMG

Goswami has more than 10 years of experience in the field of journalism. She has covered a variety of beats including global macro economy, fintech, startups and other business trends. Before joining ISMG, she contributed for Forbes Asia, where she wrote about the Indian startup ecosystem. She has also worked with UK-based International Finance Magazine and leading Indian newspapers, such as DNA and Times of India.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.