Mary spent a lot of time on the phone speaking with her CEO, general counsel, CFO and other business leaders in her company and at those she was evaluating for purchase. “A good deal doesn’t get done on email” she was fond of telling her co-workers. And it was true. So as Mary was waiting on her delayed flight to board at Newark International Airport one day, she decided to squeeze in one more call to try and finalize the terms of a merger that was coming together between her company and a competitor. What Mary didn’t consider, as she was singularly focused on that conversation, was that she wasn’t alone in her conversation. Sitting near her, and listening to every word she said, was a financial reporter from a well-known business website. He put two and two together pretty easily. The pending merger would not be a secret for long.
You can use your imagination to guess what happened next. Story of the pending merger, which Mary had finalized on the call that day, broke online within 24 hours. Investors and speculators climbed all over the stocks of both companies and the fallout drastically changed the financial dynamics, effectively killing the deal. In the end, Mary’s company calculated that the failed merger attempt cost them $12 million, not to mention the lost market opportunity and value that the merger would have created. No one was ever able to tie the leak directly to Mary, but since there were so few people involved in the negotiations there were assumptions made. Mary’s career stalled after that.
(Via CSO Online)
I’ve talked before about my role in defending against outsiders learning about potential Mergers & Acquisition targets of a former employer. So much around this is old-school physical security and OpSec. It is challenging but fun work – very cloak and dagger.
The article is a nice reminder that all of your security budget going toward shiny boxes and cool services doesn’t protect against this very real risk scenario.