enterprise security

SecurityTrails Blog · May 05 · by Sara Jelen

Cybersecurity: The Key to Your Divestment Process

Reading time: 5 minutes
Listen to this article

Divestitures occur when an organization sells a division or portion of their business and assets to another company. This process can be set in motion for various reasons, including the want of financial gain in difficult times (wherein an organization might sell off their least profitable assets), the desire to free up resources (to increase focus on a primary area of business), and to lower the risk of non-compliance with regulations.

The scale of a divestment can depend on the main goal and reason for the process. Organizations might sell off a single subsidiary or even a whole division, and the process can turn out much more challenging than many business owners might expect.

Just as with any M&A process, inheriting cyber risks is one of the biggest threats to a divestment. While organizations often use security as the final sign-off on a deal, cybersecurity throughout the divestment process is crucial for preventing security and operational risks and liabilities, as well as any legal risks heightened by more stringent data protection and regulatory compliance policies.

Divestitures and their cybersecurity challenges

While mergers and acquisitions can be lengthy processes, divestments are almost always associated with much stricter time constraints. This leads to organizations distancing themselves from security teams throughout the process for fear of slowing it down. Therefore, it’s important for security teams to engage in extensive planning for guarantee of a secure and speedy process.

Cybersecurity is a key driver in successful divestiture. During divestment, adversaries can leverage the situation to gain access to sensitive data, trade secrets and more. Divestitures increase the number of people, systems and assets involved, likewise increasing the probability of human error and negligence toward critical oversight. This is why a weak security posture can devalue the deal for the unit your organization is divesting.

Common focus areas for security teams during the divestment process should include:

  • Access to business-critical applications and systems during and after the divestiture
  • Compatibility of security policies for both the buying and selling organizations
  • Regulatory and corporate compliance compatibility

Some of the leading cybersecurity risks associated with the divestiture process involve the lack of visibility into an organization’s existing and changing infrastructure. Such visibility is crucial to better understand, migrate and integrate new workloads in support of the sale. Furthermore, the lack of visibility can produce gaps of unknown assets or even entire areas of an infrastructure that, while not visible to the organization, can be easily discovered by malicious actors.

How Attack Surface Intelligence (ASI) can help

Today, organizations have a myriad of IT assets that follow and serve each part of their business processes. And any process that, like divestment, involves a lot of moving assets and shifting infrastructures creates a good opportunity for adversaries.

The magnitude of risks associated with a divestment process differs depending on the conditions of the deal. These include the number of assets involved, their criticality, their location and applicable regulations.

To get all of the visibility and control over IT assets that an organization requires during a divestment, a solution such as Attack Surface Intelligence (ASI) can set the foundation and drive the process.

Asset inventory

Your organization can’t securely transfer assets that it doesn’t know exist. A proper start to any security engagement taking place during divestment establishes visibility into all of your internet-facing assets, as well as their location, ownership and any additional information on those assets that will provide complete visibility and understanding of your external infrastructure.

Attack Surface Intelligence starts with automated asset discovery and analysis of your external infrastructure, presenting you with a centralized view into all of the internet-facing assets your organization owns. This way, you’ll gain full visibility into old, forgotten and shadow IT assets.

You’ll also get further information on each asset—including their IPs, SSL certificates, open ports, services, and the technologies they have running.

Asset inventory

Persistent infrastructure monitoring

While asset discovery is crucial throughout the divestment process, maintaining a relevant, real-time asset inventory is even more important. During divestment, some assets will move around or change ownership or location, or some assets might get removed. This is why the persistent monitoring of your infrastructure is one of the key pieces in ensuring a secure process from start to finish.

With ASI, you’ll get a chronological representation of all of your assets. This allows for counting how many assets are discovered each day, as well as for continuously staying aware of your infrastructure. So you can discover whether there are any unknown or unmanaged assets.

Persistent infrastructure monitoring

Continuous risk discovery

As mentioned, malicious actors find the environment around divestitures alluring. This is due to shifting infrastructures and the increased likelihood of overlooking security risks, misconfigurations and vulnerabilities on IT assets. Additionally, while being on the sell side might mean that you’re not going to inherit any new risks, the selling of assets that are exploited by attackers (or will be after the sale can damage your organization’s reputation significantly), can give rise to legal and monetary issues.

Continuous risk discovery

To avoid such unfortunate situations, detecting all security risks on your external assets is crucial for mitigating those risks. The recently released ASI Risk Rules feature allows you to see exactly which assets in your infrastructure are burdened with security vulnerabilities CVEs and misconfigurations that can be exploited by adversaries.

The risk rules are visually broken out by severity: red for High, yellow for Moderate and gray for Informational risks, so you can identify how immediately any action should be taken. This is especially useful when combined with the Hosts tab, where you’ll be able to find all the affected hosts, along with the most critical issues in a table-like format:

Hosts tab


Divestitures can represent a high risk to any organization, whether on the buy side or the sell side. Our Attack Surface Intelligence platform can help you manage cyber risks through the divestment process, from continuous discovery and inventory of all IT assets to uncovering any security risks and misconfigurations in your infrastructure.

Sara Jelen Blog Author

Sara believes the human element is often at the core of all cybersecurity issues. It’s this perspective that brings a refreshing voice to the SecurityTrails team. Her ability to bridge cognitive/social motivators and how they impact the cybersecurity industry is always enlightening.