Skip to Content

Is Facebook Looking to Make a Big Cybersecurity Acquisition? There Are Many Reasons Why That Could Be a Good Idea

Facebook is looking to make a big acquisition in the cybersecurity space, according to a new report in The Information.

Citing four sources that named no names, the report stated that Facebook has approached “multiple” security firms regarding an acquisition, and that a deal could be announced by the end of the year.

It certainly seems that the social network could use a hand in the cybersecurity department, following its revelation of a hack that compromised the sensitive information of 30 million people.

According to a Wall Street Journal piece late last week, Facebook’s internal investigations have concluded that the hackers were spammers who fooled the company into thinking they were a legitimate digital marketing operation. They apparently exploited a bug in Facebook’s “view as” feature, which is intended for letting users see their profiles as they appear to other users.

This was a pretty straight-up security breach, involving a coding error. However, Facebook’s other notable mishaps in recent times—Russian disinformation campaigns and the Cambridge Analytica affair in particular—were more about the exploitation of Facebook’s mechanisms, as they were intended at the time to function. Fixing these issues, which revolve around the caution Facebook applies to the access it grants firms on its network and the things advertisers post there, is not a cybersecurity matter.

However, Facebook (FB) is also, like all companies operating in Europe, now subject to new EU rules that have a lot to say about data breaches. Under the General Data Protection Regulation (GDPR), a company can get into serious trouble if it does not disclose breaches soon after finding out about them, and if its security isn’t up to scratch. With the sheer scale of its user base—and therefore the scale of potential breaches—perhaps Facebook is taking a better-safe-than-sorry approach in its acquisition plans.

As the company itself said in July, when announcing the removal of multiple disinformation-spreading accounts: “…Security is not something that’s ever done. We face determined, well-funded adversaries who will never give up and are constantly changing tactics. It’s an arms race and we need to constantly improve too.”