Next Investors logo grey

British Airways data breach throws WhiteHawk’s US Government contract into light


Published 14-SEP-2018 10:31 A.M.


4 minute read

Hey! Looks like you have stumbled on the section of our website where we have archived articles from our old business model.

In 2019 the original founding team returned to run Next Investors, we changed our business model to only write about stocks we carefully research and are invested in for the long term.

The below articles were written under our previous business model. We have kept these articles online here for your reference.

Our new mission is to build a high performing ASX micro cap investment portfolio and share our research, analysis and investment strategy with our readers.

Click Here to View Latest Articles

Another week, another data breach. This time British Airways is the latest victim of a major cyberattack, with personal and financial details of 38,000 customers stolen from its website and mobile app.

The airline could be fined up to €1 billion under new European Commission regulations where data breach penalties can be levied up to 4% of the companies' turnover, plus there’s significant risk of damage to customer relations and brand reputation.

The attack is reported to be the result of supply chain risk and highlights just how important is it for organisations to have adequate cybersecurity.

The US Government is certainly aware of this.

It has recognised that key departments, including Department of Defense, Department of Homeland Security, the Intelligence Community, as well as Government Owned Utilities, are highly targeted and in great need of an effective, scalable cyber risk framework.

The US Government recently upped its focus on the systemic risks posed by IT and software supply chain vendors at Department of Defense and Department of Homeland Security specifically, and is taking proactive action to protect itself from cyber threats.

A contract with global online cyber security exchange provider, WhiteHawk Limited (ASX:WHK) and its 360 Cyber Risk Framework is currently being implemented across US Government supply chain companies.

This US Government implementation, specifically in relation to the departments mentioned, has a deep focus on supply chain risk analytics, which can prevent the type of breach recently suffered by British Airways.

The tailored version of the 360 Cyber Risk Framework provides BitSight cyber risk ratings, continuous monitoring, cyber risk alerts and WhiteHawk risk analytics, AI Risk Profile, and matching to vendor options in real-time to the US Government to provide continuous Insight across hundreds of vendors at once.

The contract is providing sensitive risk analytics and mitigation, providing much needed added protections to a breadth of office and mission functions.

The initial phase of the contract is due to commence immediately, followed by customer evaluation and planning for expansion. Due to the sensitive focus of this contract, the current scope and future expansion remains commercial in confidence.

It should be noted, however, that this is an early stage tech company and success is no guarantee. Investors should seek professional financial advice before making an investment.

A September 7 BBC article explains that breaches of the type suffered by British Airways, which are supply chain attacks, are an increasing problem for websites that embed code from third-party suppliers. Third parties may supply code to run payment authorisation, present ads or allow users to log into external services.

WhiteHawk’s 360 Risk Framework is designed to vet such software vendors and service providers in advance of a breach. WhiteHawk is promoting tailored versions of this Framework to US based financial institutions, commercial and federal manufacturers, US utilities and government.

It has a current pipeline of potential contracts at varying stages of negotiation to supply the 360 Cyber Risk Review and Mitigation automated approach. This has positioned the company to potentially close an additional four sales of the 360 Cyber Risk Framework in 2018 and first quarter 2019.

The latest customer channel focus is on the 3200+ power and water utilities across the United States, including regional power associations, regulators, and larger private utilities who are all searching for how to gain continuous insight into and to address their cyber related risks.

This process drives companies that are in a prime company’s supply chain to WhiteHawk's CyberSecurity Exchange, to mitigate key cyber risks in real-time. Some of the current pipeline companies have supply chains exceeding 5000 companies.

Supply chain company or vendor risk management programs are tend to be primarily focused on financial and product/service risk checks by a large staff of personnel and business processes. WhiteHawk saw an opportunity for an end-to-end approach that leverages best of breed open data sets and premier risk tradecraft, baked into AI driven algorithms and analytics displayed in an integrated dashboard.

This means that WhiteHawk's risk insights can be scaled across hundreds and even thousands of vendors and supply chain companies. Additionally, WhiteHawk’s Cybersecurity Exchanges’ ability has been integrated to mitigate all critical cyber related risks.

General Information Only

S3 Consortium Pty Ltd (S3, ‘we’, ‘us’, ‘our’) (CAR No. 433913) is a corporate authorised representative of LeMessurier Securities Pty Ltd (AFSL No. 296877). The information contained in this article is general information and is for informational purposes only. Any advice is general advice only. Any advice contained in this article does not constitute personal advice and S3 has not taken into consideration your personal objectives, financial situation or needs. Please seek your own independent professional advice before making any financial investment decision. Those persons acting upon information contained in this article do so entirely at their own risk.

Conflicts of Interest Notice

S3 and its associated entities may hold investments in companies featured in its articles, including through being paid in the securities of the companies we provide commentary on. We disclose the securities held in relation to a particular company that we provide commentary on. Refer to our Disclosure Policy for information on our self-imposed trading blackouts, hold conditions and de-risking (sell conditions) which seek to mitigate against any potential conflicts of interest.

Publication Notice and Disclaimer

The information contained in this article is current as at the publication date. At the time of publishing, the information contained in this article is based on sources which are available in the public domain that we consider to be reliable, and our own analysis of those sources. The views of the author may not reflect the views of the AFSL holder. Any decision by you to purchase securities in the companies featured in this article should be done so after you have sought your own independent professional advice regarding this information and made your own inquiries as to the validity of any information in this article.

Any forward-looking statements contained in this article are not guarantees or predictions of future performance, and involve known and unknown risks, uncertainties and other factors, many of which are beyond our control, and which may cause actual results or performance of companies featured to differ materially from those expressed in the statements contained in this article. S3 cannot and does not give any assurance that the results or performance expressed or implied by any forward-looking statements contained in this article will actually occur and readers are cautioned not to put undue reliance on forward-looking statements.

This article may include references to our past investing performance. Past performance is not a reliable indicator of our future investing performance.