WhiteHawk clinches major cyber-security contract with US Government
WA-based defence shipbuilder, Austal (ASX:ASB), has this week been the target of a cybersecurity breach and extortion attempt.
The company announced to the ASX last night that its Australian data management system had been targeted by an "unknown offender".
Austal, which builds patrol vessels and frigates for the Australian Navy, said that ship design drawings had been stolen, and that details of staff addresses and mobile telephone numbers were compromised.
The company said it referred the breach and extortion attempt to the Australian Cyber Security Centre (ACSC) and the Australian Federal Police.
While Austal maintained that there was "no evidence to date that information affecting national security has been stolen", this makes for yet another example of the potentially deleterious effects of cybercrime, which many businesses just aren’t equipped to handle.
Cybercrime and fraud pervade across all business sectors on a global level. Yet corporate boards aren’t prioritising cyber risk — just 36% have adequate cybersecurity protocols in place to provide effective oversight. This, in turn, leaves extensive segments of the economy vulnerable to serious threats.
British Airways has been another of the latest to come under significant cyber-attack. The personal and financial details of 38,000 customers were stolen from its website and mobile app.
This could lead to the airline being be fined up to €1 billion under new European Commission regulations where data breach penalties can be levied up to 4% of the companies' turnover.
There’s also significant risk of damage to customer relations and brand reputation, which alone is worth billions to British Airways.
The BA attack, moreover, is reported to be the result of supply chain risk — highlighting how vital is it for organisations to have adequate cybersecurity. As seen with the BA breach, the weakest link for large, complex companies is often their small or mid-size sub-contractors, vendors or supply chain companies.
Breaches of this kind — supply chain attacks — are an increasing problem for websites that embed code from third-party suppliers. Third parties may supply code to run payment authorisation, present ads, or allow users to log into external services.
ASX tech play, WhiteHawk (ASX:WHK), has developed a solution specifically designed to identify and mitigate these risks — its 360 Cyber Risk Framework, which provides major businesses with comprehensive analysis of the business and cyber risks associated with their suppliers and sub-contractors.
It engages with these risks via the integration of three cutting-edge platforms: one focused on business risks, one on cyber risks, and one focused on mitigation and prevention.
WHK itself is the first global online cybersecurity exchange enabling small and medium-sized enterprises (SMEs) to take smart action against cybercrime and fraud.
In May, WHK scored its first 360 Cyber Risk Framework contract with a US Top 10 financial institution, generating US$325,000 in revenue.
This morning, WHK revealed a major step forward, penning a pivotal new contract to provide a customised version of the 360 Cyber Risk Framework to US Government departments for real-time vendor cyber risk management, protecting against supply chain intrusions.
Under the new contract, WHK will provide sensitive risk analytics and mitigation, as well as protections to a breadth of office and mission functions within the Department of Defence, Homeland Security and Intelligence Community of the US Government.
The contract will kick off immediately, followed by customer evaluation and an option for expansion. According to WHK, the contract is being carried out in two phases — the first involving minimal engagement and valued at below US$100,000 (A$138,000). It will ramp up from there, with the second phase expanding the scope of the risk framework within the US Government software infrastructure to include all vendors being monitored and serviced by WHK’s Cybersecurity Exchange — so WHK will be able to derive additional revenues from the sale of other vendors’ products purchased across the Exchange.
This tailored version of the 360 Cyber Risk Framework provides BitSight cyber risk ratings, continuous monitoring, cyber risk alerts, risk mitigation analytics, and AI risk profiles, matching to vendor options in real-time to provide continuous insight across hundreds of vendors at once.
This US Government implementation has a deep focus on supply chain cyber risk analytics (where the WhiteHawk Scorecard will come into play), which can warn of and prevent the type of breach recently suffered by British Airways.
“With this contract, we continue to demonstrate that our Cyber Risk Frameworks are equally of impact and value across sectors,” said WHK executive chair and founder, Terry Roberts. “And now we are having these conversations and demonstrations with key US government departments and government owned utilities, who are highly targeted and in great need of an effective, affordable and scalable cyber risk framework.”
Roberts noted that traditionally, supply chain company or vendor risk management programs are focused primarily on financial and product/service risk checks by a large staff of personnel and business processes.
“I wanted an end-to-end approach that leverages best-of-breed open data sets and premier risk tradecraft, baked into AI driven algorithms and analytics – all displayed in an integrated dashboard,” she said.
“This way, we can scale our risk insights across hundreds and even thousands of vendors and supply chain companies. In addition, we have integrated our WhiteHawk Cybersecurity Exchanges’ ability to identify and mitigate all critical cyber related risks.”
WHK continues to promote tailored versions of this framework to US-based financial institutions, commercial and federal manufacturers, US utilities and government, and has a pipeline of potential contracts at varying stages of negotiation to supply the 360 Cyber Risk Review and Mitigation automated approach. This has enabled WHK to close an additional four sales of the framework in 2018 and the first quarter of 2019.
Some of the clients in WHK’s pipeline have supply chains exceeding 5,000 companies.
The latest customer channel focus is on the 3,200-plus power and water utilities across the US which are all looking to gain insights into their cyber-related risks.
On the back of this latest development, WHK's share price has surged 150%, currently at $0.10.