Next Investors logo grey

WhiteHawk clinches major cyber-security contract with US Government

|

Published 02-NOV-2018 12:11 P.M.

|

5 minute read

Hey! Looks like you have stumbled on the section of our website where we have archived articles from our old business model.

In 2019 the original founding team returned to run Next Investors, we changed our business model to only write about stocks we carefully research and are invested in for the long term.

The below articles were written under our previous business model. We have kept these articles online here for your reference.

Our new mission is to build a high performing ASX micro cap investment portfolio and share our research, analysis and investment strategy with our readers.


Click Here to View Latest Articles

WA-based defence shipbuilder, Austal (ASX:ASB), has this week been the target of a cybersecurity breach and extortion attempt.

The company announced to the ASX last night that its Australian data management system had been targeted by an "unknown offender".

Austal, which builds patrol vessels and frigates for the Australian Navy, said that ship design drawings had been stolen, and that details of staff addresses and mobile telephone numbers were compromised.

The company said it referred the breach and extortion attempt to the Australian Cyber Security Centre (ACSC) and the Australian Federal Police.

While Austal maintained that there was "no evidence to date that information affecting national security has been stolen", this makes for yet another example of the potentially deleterious effects of cybercrime, which many businesses just aren’t equipped to handle.

Cybercrime and fraud pervade across all business sectors on a global level. Yet corporate boards aren’t prioritising cyber risk — just 36% have adequate cybersecurity protocols in place to provide effective oversight. This, in turn, leaves extensive segments of the economy vulnerable to serious threats.

British Airways has been another of the latest to come under significant cyber-attack. The personal and financial details of 38,000 customers were stolen from its website and mobile app.

This could lead to the airline being be fined up to €1 billion under new European Commission regulations where data breach penalties can be levied up to 4% of the companies' turnover.

There’s also significant risk of damage to customer relations and brand reputation, which alone is worth billions to British Airways.

The BA attack, moreover, is reported to be the result of supply chain risk — highlighting how vital is it for organisations to have adequate cybersecurity. As seen with the BA breach, the weakest link for large, complex companies is often their small or mid-size sub-contractors, vendors or supply chain companies.

Breaches of this kind — supply chain attacks — are an increasing problem for websites that embed code from third-party suppliers. Third parties may supply code to run payment authorisation, present ads, or allow users to log into external services.

ASX tech play, WhiteHawk (ASX:WHK), has developed a solution specifically designed to identify and mitigate these risks — its 360 Cyber Risk Framework, which provides major businesses with comprehensive analysis of the business and cyber risks associated with their suppliers and sub-contractors.

It engages with these risks via the integration of three cutting-edge platforms: one focused on business risks, one on cyber risks, and one focused on mitigation and prevention.

WHK itself is the first global online cybersecurity exchange enabling small and medium-sized enterprises (SMEs) to take smart action against cybercrime and fraud.

In May, WHK scored its first 360 Cyber Risk Framework contract with a US Top 10 financial institution, generating US$325,000 in revenue.

This morning, WHK revealed a major step forward, penning a pivotal new contract to provide a customised version of the 360 Cyber Risk Framework to US Government departments for real-time vendor cyber risk management, protecting against supply chain intrusions.

Under the new contract, WHK will provide sensitive risk analytics and mitigation, as well as protections to a breadth of office and mission functions within the Department of Defence, Homeland Security and Intelligence Community of the US Government.

The contract will kick off immediately, followed by customer evaluation and an option for expansion. According to WHK, the contract is being carried out in two phases — the first involving minimal engagement and valued at below US$100,000 (A$138,000). It will ramp up from there, with the second phase expanding the scope of the risk framework within the US Government software infrastructure to include all vendors being monitored and serviced by WHK’s Cybersecurity Exchange — so WHK will be able to derive additional revenues from the sale of other vendors’ products purchased across the Exchange.

This tailored version of the 360 Cyber Risk Framework provides BitSight cyber risk ratings, continuous monitoring, cyber risk alerts, risk mitigation analytics, and AI risk profiles, matching to vendor options in real-time to provide continuous insight across hundreds of vendors at once.

This US Government implementation has a deep focus on supply chain cyber risk analytics (where the WhiteHawk Scorecard will come into play), which can warn of and prevent the type of breach recently suffered by British Airways.

“With this contract, we continue to demonstrate that our Cyber Risk Frameworks are equally of impact and value across sectors,” said WHK executive chair and founder, Terry Roberts. “And now we are having these conversations and demonstrations with key US government departments and government owned utilities, who are highly targeted and in great need of an effective, affordable and scalable cyber risk framework.”

Roberts noted that traditionally, supply chain company or vendor risk management programs are focused primarily on financial and product/service risk checks by a large staff of personnel and business processes.

“I wanted an end-to-end approach that leverages best-of-breed open data sets and premier risk tradecraft, baked into AI driven algorithms and analytics – all displayed in an integrated dashboard,” she said.

“This way, we can scale our risk insights across hundreds and even thousands of vendors and supply chain companies. In addition, we have integrated our WhiteHawk Cybersecurity Exchanges’ ability to identify and mitigate all critical cyber related risks.”

WHK continues to promote tailored versions of this framework to US-based financial institutions, commercial and federal manufacturers, US utilities and government, and has a pipeline of potential contracts at varying stages of negotiation to supply the 360 Cyber Risk Review and Mitigation automated approach. This has enabled WHK to close an additional four sales of the framework in 2018 and the first quarter of 2019.

Some of the clients in WHK’s pipeline have supply chains exceeding 5,000 companies.

The latest customer channel focus is on the 3,200-plus power and water utilities across the US which are all looking to gain insights into their cyber-related risks.

On the back of this latest development, WHK's share price has surged 150%, currently at $0.10.



General Information Only

S3 Consortium Pty Ltd (S3, ‘we’, ‘us’, ‘our’) (CAR No. 433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information and is for informational purposes only. Any advice is general advice only. Any advice contained in this article does not constitute personal advice and S3 has not taken into consideration your personal objectives, financial situation or needs. Please seek your own independent professional advice before making any financial investment decision. Those persons acting upon information contained in this article do so entirely at their own risk.

Conflicts of Interest Notice

S3 and its associated entities may hold investments in companies featured in its articles, including through being paid in the securities of the companies we provide commentary on. We disclose the securities held in relation to a particular company that we provide commentary on. Refer to our Disclosure Policy for information on our self-imposed trading blackouts, hold conditions and de-risking (sell conditions) which seek to mitigate against any potential conflicts of interest.

Publication Notice and Disclaimer

The information contained in this article is current as at the publication date. At the time of publishing, the information contained in this article is based on sources which are available in the public domain that we consider to be reliable, and our own analysis of those sources. The views of the author may not reflect the views of the AFSL holder. Any decision by you to purchase securities in the companies featured in this article should be done so after you have sought your own independent professional advice regarding this information and made your own inquiries as to the validity of any information in this article.

Any forward-looking statements contained in this article are not guarantees or predictions of future performance, and involve known and unknown risks, uncertainties and other factors, many of which are beyond our control, and which may cause actual results or performance of companies featured to differ materially from those expressed in the statements contained in this article. S3 cannot and does not give any assurance that the results or performance expressed or implied by any forward-looking statements contained in this article will actually occur and readers are cautioned not to put undue reliance on forward-looking statements.

This article may include references to our past investing performance. Past performance is not a reliable indicator of our future investing performance.