Investigations & security

The Blackpeak team has been conducting complex investigations and security projects in Asia since 1995. We provide thought leadership in the sector, and conduct regular investigation techniques training to our clients and industry associations. Our clients include Fortune 500 companies, government-backed funds, law firms and Asian conglomerates. We operate across all industry sectors. Our expertise includes, but is not limited to:

  • Intellectual property protection programs, including factory security audits
  • Intellectual property and trade secret theft investigations
  • Fraud investigations
  • Whistleblowing investigations
  • Conflict-of-interest investigations
  • Asset tracing
  • Litigation support and dispute intelligence
  • Computer forensics

Cyber security services

Corporate executives and boards of directors are increasingly realizing what criminals and hostile actors have long known: intellectual property and digital assets are the crown jewels of many modern companies. In this environment, cyber threats represent an existential business risk. To help our clients navigate these risks, through its strategic partnerships, Blackpeak provides its clients with best-in-class cyber security solutions and services.

Blackpeak’s cyber security solutions are catered to meet each client’s needs, drawing from a broad range of battle-tested technologies and capabilities. These include:

  • Vulnerability assessments using advanced, proprietary cyber attack software simulators
  • Penetration testing and ethical hacking by teams of trusted experts
  • Full cyber security audits and gap analyses aimed at finding security gaps and diagnosing existing issues in established systems
  • Quantification of cyber assets at risk
  • Assigning a specific, risk-weighted dollar value on a client’s cyber assets
  • Determine how much cyber security insurance coverage is appropriate
  • Ensure that mitigation steps accurately reflect a company’s risk tolerance and real asset value
  • Personalized in-house cyber security awareness and training, including modules designed for various audiences (employees, executives, boards, etc.) and personal data protection seminars
  • Simulated phishing campaigns to train and test staff awareness of e-mail vulnerabilities, which remain the most common threat vector
  • Mergers and acquisitions IT systems integration consulting to maintain and enhance security as companies come together and IT systems are merged

Pre-transactional cyber risk due diligence

Cyber risk is a business metric associated with financial loss, disruption, or damage caused by unauthorized or wrongful use of, or denial of service to, an organization’s information technology systems.

Pre-transactional cyber risk due diligence is a vital component of the modern mergers and acquisitions due diligence process. By understanding the extent of an acquisition target’s cyber risk, an acquirer can make informed decisions during the transaction regarding operations, risk, and ultimately valuation.

Without pre-transactional cyber risk due diligence, undisclosed cyber risk can manifest itself in many forms, including decreased business efficiency, loss of valuable intellectual property, exposure to legal risk, reputational damage, fraud, and even catastrophic business failure.

Blackpeak’s cyber risk due diligence is an individualized solution that can addresses cyber risk by understanding pre-existing problems, establishing whether intellectual property has been previously compromised, estimating post-acquisition security mitigation costs, and analyzing security related barriers between systems.

Blackpeak offers three cyber due diligence solutions that can be undertaken separately or together, depending on the acquirer’s desired level of due diligence and the particulars of the deal:

Vulnerability assessment

  • Simulating thousands of known attacks on the server and systems to assess system-wide vulnerabilities

Quantification of cyber assets at risk

  • Mapping the information landscape of the company
  • Locating the company’s valuable data and assessing the specific vulnerability of each of the company’s platforms.
  • Calculating the volume of data at risk assigning dollar-value estimates to the components of data at risk
  • Creating a data-driven plan to mitigate cyber risk and its implications for the client’s existing operations
  • Quantifying the appropriate level of cyber insurance to mitigate exiting risks

Full cyber security audit

  • Deploying an onsite team of cyber risk experts who catalog and analyze the company’s software and hardware
  • Reviewing existing policies and procedures, and augmenting them as necessary
  • Comprehensively diagnosing existing problems and weak spots in the IT system
  • Creating an individual response and mitigation plan to address problems identified