We are happy to report that now Meterian supports pnpm, a new fast and more efficient alternative to npm. It’s comparably faster, especially when installing packages, compared to npm and it also saves a lot of disk space as it used symlinks to represent modules. Pnpm also supports very well monorepos using workspaces, and it has built-in support for multiple packages in a repository.
Yesterday, 28th January was an important day… The Council of Europe celebrated this year the 14th edition of Data Protection Day.
This practice was to raise awareness about good practices in this field, informing users about their rights and how to exercise them.
This date is aligned to the anniversary of the opening for signature of the Council of Europe’s Convention 108 for the Protection of individuals in relation to automatic processing of personal data. For the past 30 years this has been a cornerstone of data protection, in Europe and around the world.
Why is Data Protection so important?
Data protection issues are very present throughout everyone’s lives. Not to mention in the work environment, in public relations, in the health sector, when buying goods and services, in travel or merely whilst using the internet.
However, not all people are informed on their rights. For this reason, the 28th January has been allocated to inform more users on their rights and so that data protection professionals address data subjects. It is important our digitally advanced society understands what personal data is collected from them and why, as well as what their rights are when their data is processed. This in turn, will help users be aware of the risks which comes with illegal mishandling and unfair processing of personal data.
Meterian can help!
Here are a list of our blogs which can help users be more cyber resilient and diligent when it comes to managing sensitive data.
Cyber due diligence is increasingly taking the spotlight when considering M&A transactions. With the rise of cyber attacks across organizations, acquirers are now having to address the impact of a target company’s incidents to determine the deals they make. According to EY Global Information Security Survey 2018-19, 77% of organizations have limited cybersecurity. Cyber due diligence is important to avoid the devaluation of your organization.
What is cyber due diligence?
The official definition of cyber due diligence is ‘the review of governance, processes and controls that are used to secure information assets’. Essentially, cyber due diligence teams will gather a target’s risk profile and make recommendations to the purchaser.
Would you buy a home without having it inspected by a surveyor? Many people wouldn’t. In the past, the lack of inspection has proven to cause traumatic consequences. Take the Grenfell Tower fire of 2017. The lack of inspection in the build, design, and maintenance of this residential building (and many others discovered after the tragedy) has made building due diligence a crucial aspect to many organizations. The same can be said when applying cyber due diligence. Proper attention to issues within a target company will allow more informed decisions and safer outcomes.
The importance of cyber due diligence is seen through the example of Yahoo! In late 2004, senior offices and legal staff learned that unauthorized access to its computer network had been gained by what Yahoo! had identified as ‘state-sponsored actor’. However, the board had not received a report. In 2016, Yahoo! and Verizon Communications entered a stock purchase agreement. Yet, around the same time, a hacker claimed to have obtained Yahoo! user data. Shockingly, after doing checks they found that up to 500 million user accounts had been stolen from Yahoo!’s network in 2014. Not surprisingly, this meant Yahoo! had to modify their terms with Verizon.
This proves how cyber due diligence is essential when making M&A transactions as it strongly influences the decision of the acquirer in regards to their target company.
Financial, Legal and Technical Due Diligence
Although cyber due diligence does not provide an accurate picture, it still allows the acquirer to have a good approximation of the condition of a target’s digital assets. An acquirer will have a process in their assessment of a target company and will examine:
How much money does the company have, spend and earn?
What are the margins of the target’s competitors?
Is the company in any debt?
This is financial due diligence. Every investment has a level of risk. There needs to be in-depth research to understand the risk well, and to avoid any harm to either party in the transaction. Avoiding financial due diligence can result in misunderstandings from the investor and cause them to be responsible for financial loss after the deal is closed. If you’re a business owner, ask yourself:
Does your company own the software?
What is the IP ownership of the software your company has created?
Is your company in compliance with its legal obligations with respect to software licences, software updates, data protection and processing laws?
What are the risks if compliance fails?
Here we have legal due diligence. This helps both entities work together to push forward a deal by addressing any legal problems that might be obstructing a decision. So this is when an M&A document will be produced. Legal due diligence is very important: the general law does not, in the absence of fraud or misrepresentation, protect the acquirer if they later see the business is not what they understood it to be. So buyer beware! Understanding the target’s liabilities is crucial. Make sure your legal team knows what they are doing, as they have the important role of communicating to external advisers.
Evaluate the cybersecurity program protecting the high-value digital assets: is it appropriate?
Look at the target company’s previous breaches and how they responded to the incident?
Assess the target’s resilience and ability to resist cyber attacks on their digital assets in the future
Be a technical due diligence wiz and know what your technical assets are. Technical due diligence allows to identify any vulnerabilities within the software or network of the target company. Look at the product, the infrastructure and its processes. Many software applications rely on open-source software components. If left unsecured (or used at whim without due diligence assessing its risk to the business), this creates a potential weakness for organisations from two aspects. Firstly, vulnerable open source components are popular attack vectors for cyber attackers. Secondly, having components with a licence that’s not compatible with your company’s policy could harm your business. Companies should make sure their software is being used in compliance with its licence so they can avoid being sued for improper use of intellectual property.
As seen with the example of Yahoo!, the lack of technical due diligence allowed Verizon to make an uninformed decision. Although this was also a problem with Yahoo! not disclosing the issue, it shows how legally the deal had to be adapted and both companies suffered financial loss. This shows the integrated importance of financial, legal and technical due diligence, and the areas that need to be addressed by the acquirer during M&A transactions and considerations.
How can Meterian help with due diligence process?
With Meterian, you can automate the due diligence of identifying and patching open source risks in minutes. Immediately see if open source components used in your team’s project code bases are free of security, stability and licensing risks. So that you don’t run into any surprises down the line in your code’s software supply chain.
Although open source applications are built to a very high standard, open source software does not come with any guarantees of quality. It is the user of the open source software that is responsible for assuring its quality (and therefore data processing security). There are still licence agreements one must comply with. Since anyone can download and use open source software, without payment, it’s difficult for organisations to know what’s used in their code bases. Meterian helps companies ensure their software is audit ready and all open source licences are compliant and business friendly. Our software scanner runs and checks as developers build the software, so why not put your mind at rest and strengthen your business? See sample reports and analyse 1 free codebase by signing up on our website today.