WHK Secures Top US Defense Client in its Campaign Against Cyber Risk

Cyber criminals and foreign intelligence services continue to target infrastructure providers, and military and defence contractors.

This is the view of Professor Craig Valli, director of the Security Research Institute at Edith Cowan University and member of the Interpol cybercrime experts group. Valli warned that “anyone that does any work with the military or defence is going to be a target and a heightened target. In response, they will need to change the way they currently do their cyber security”.

These warnings come in the aftermath of a cyber security breach and extortion attempt at Austal (ASX:ASB), Australia's biggest defence exporter and a major shipbuilder for the Australian and US Navy.

Along with infrastructure providers, and military and defence contractors, cyber risk, data and revenue losses are on the rise across all business and non-profit organisations. And whether public or private sector, the weakest link often is the ill-equipped SME company vendors and contractors, leading to supply chain cyber security gaps emerging as a major threat to large companies globally.

WhiteHawk Limited (ASX:WHK) is providing innovative solutions to counter these cyber threats. Its cloud-based cyber security exchange platform helps US companies connect to integrated content, solutions, and service providers by evolving its rich data and user experience and helping them identify, prioritise and mitigate their unique cyber security and business risks in real time.

Working in tandem with their SaaS Supply Chain Risk Frameworks for large Businesses and government organisations, their online platform enables SME customers to leverage their own Custom Security Story to find cyber tools, content, and relevant services to stay ahead of threats.

Since we last wrote about WHK on October 2 in the report, WHK’s Cybersecurity Solutions Set to Benefit Utility Sector & Fortune 1000s, the company has inked a number of new sector deals.

Most recently, WHK secured a $400,000 contract to provide its 360 Cyber Risk Framework to a US top 12 Defense Industrial Base company for supply chain risk management.

The US Defense Industrial Base is a top cyber target and its supply chain companies are often the target when not effectively and continuously monitored and notified of those risks, or provided enablement to address them in real-time.

The contract includes continuous monitoring, alerting and mitigation of business and cyber risks for up to an initial 40 supply chain companies. It will be provided in two phases starting before the end of this year.

In mid-November, WHK put in place a real time partnership with a top US Independent Insurance Agency that specialises in cyber liability insurance. The deal means that WHK can now connect its customers to affordable cyber liability quotes and policy options via an online portal.

Prior to news of that partnership, the company inked a deal with a key US government department, which sent the company’s share price up as much as 188%.

The deal will see WHK provide a tailored version of its 360 Cyber Risk Framework to US government departments to protect against supply chain intrusions. It will provide sensitive risk analytics and mitigation, along with added required protections across office and mission functions.

While the initial phase of the contract is minimal (~US$100,000), it will be followed by customer evaluation and an option for expansion. Phase 2 would expand the scope of the risk framework across the US Government department to monitor and service all vendors, where WHK can derive additional revenues from the sale of vendor's products purchased across the Exchange.

This comes after reports that the US Government has upped its focus on the systemic risks posed by IT and software supply chain vendors at Department of Defense and Department of Homeland Security specifically, and is taking proactive action to protect itself from cyber threats.

Additionally, WHK has signed contracts with major players within the US east coast utilities and US national healthcare sectors. Each contract is for up to 40 of the customers’ supply chain vendors to undertake an initial stage Cyber Risk Review. From there, potential second stages can involve over 1000 vendors being monitored and serviced by WHK’s Cybersecurity Exchange.

These deals follow a US$325,000 360 risk framework contract with a Top 10 US financial institution signed back in May. That contract has now been extended for six months, until July 2019, and is for an additional US$250,000 in revenue.

Deals like these, that continue to roll in, provide important proven performance across multiple sectors and customer types, broadening their sales reach going forward. Some of its current pipeline companies have supply chains exceeding 5000 companies — each of which would be evaluated to ensure they have appropriate cyber risk protections.

While it’s been busy signing contracts, WHK hasn’t forgotten to keep investing in its technology. Version 3.0 of its CyberPath artificial intelligence tool and website has been launched, including advanced risk profiles, product matching and tailorable product bundles.

Clearly there’s plenty going on, so let’s dig into the details of all the latest from,

WhiteHawk (ASX:WHK) has developed the first online self-service, cyber security exchange, simplifying how companies and organisations discover, decide, and purchase cyber security solutions that directly mitigate their key cyber business risks. It helps US companies connect to content, solutions, and service providers.

WhiteHawk’s 360 Cyber Risk Framework provides major businesses with comprehensive analysis of the business and cyber risks associated with their suppliers and sub-contractors.

It engages with these risks via the integration of three cutting-edge platforms: one focused on business risks, one on cyber risks, and one focused on mitigation and prevention.

Release 3.0 CyberPath AI tool and website

After a year of deep research and development, refinement and testing, WHK released version 3.0 of its CyberPath AI Tool and Website.

This is the first cybersecurity platform that can effectively service SME businesses at scale across the US. The company expect to follow this up with a global roll-out in the near future.

The release of 3.0 of CyberPath AI Tool includes advanced risk profile and product matching; tailorable product bundle options; cyber risk rating on demand; customers desired maturity state and timeline; an easy to understand action plan.

WHK’s release of version 3.0 of its website includes an updated look and feel to ease navigation and access to core WhiteHawk services.

Phase 1 of the Customer Journey will include a Cyber Profile Fitness Scale based on the CyberPath AI Questionnaire that shows how the customer’s company is at cyber risk based on industry trends.

It will also have a Risk Rating that summarises cyber strengths and weaknesses, as well as a maturity framework showing core areas that need to be addressed with an associated action plan to increase maturity.

This release is the direct result of the maturation of WHK’s development and data science team and the work that’s been put into transitioning the CIO Customer Journey vision into an enabling, intuitive, and impactful online experience WHK's business customers, such as its Defense partners.

New Partnership with US top 12 Defense company

WHK has entered into a new contract to provide its 360 Cyber Risk Framework to a US top 12 Defense industrial base company for supply chain risk management.

The contract includes continuous monitoring, alerting and mitigation of business and cyber risks for up to an initial 40 supply chain companies in real time. The roll-out will be undertaken in two phases starting in 2018 and will continue in 2019 for a total of US$400,000.

The top 12 Defense industrial base company, has an annual revenue of over $5 billion. The deal came about after the company, which is as of yet unnamed, contacted WhiteHawk directly to implement a comprehensive 360 Cyber Risk Framework.

The contract includes provisioning of SaaS subscription, online, and consulting services for supply chain business risk awareness, alerting, and continuous monitoring.

WhiteHawk will supply cybersecurity risk ratings, alerts, and continuous monitoring, cybersecurity risk profile and scorecards for an initial 50 supply chain companies in support of the customer’s current and future federal contracts.

You can read more about the arrangement in the following Finfeed.com article.

Upon completion of setup and configuration, this major US institution will have the ability to view and monitor the identified suppliers’ cybersecurity risk ratings and the comprehensive business ecosystem dashboard that includes business, technical, and security risks.

It is not just Defense getting in on the WHK action...

Top 10 US Financial Institution Contract extension

Along with news of its Cyber Risk Framework Contract with a US Top 12 Defense Industrial Base Company, on December 7, WHK announced a six month contract extension with a US Top 10 Financial Institution. The contract extension with the US Top 10 Financial Institution runs through July 2019, and is for an additional US$250,000 in revenue.

The initial 360 Cyber Risk Framework contract was announced back in May 2018 and was for US$325,000. The contract is focused on the continuous monitoring, alerting, and mitigation of the financial institution’s key supply chain companies’ business and cyber risks, across its 50 most critical sub-contractors.

WHK’s two new low cost sales channels, the 360 Cyber Risk Framework and the Cybercrime Support Network, feed into this journey and to service the likes of utility companies that require a holistic solution to cybersecurity problems.

New US Government contract

In early November, WHK penned a pivotal new contract to provide a customised version of the 360 Cyber Risk Framework to US Government departments for real-time vendor cyber risk management, protecting against supply chain intrusions.

WHK will provide sensitive risk analytics and mitigation, as well as protections to a breadth of office and mission functions within the Department of Defence, Homeland Security and Intelligence Community of the US Government.

This new government contract will commence soon in two distinct phases. The value of the first phase is considered minimal, worth up to US$100,000. That said, it proved to be a catalyst for a share price rise.

However, the second phase will expand the risk framework scope, catering not only to the US government software infrastructure which will enable all vendors to be monitored by the Cybersecurity Exchange. This could lead WHK to generate additional revenues via the sale of other vendors’ products that are bought on the exchange.

Here are some news reports on the announcement:

The stock was up as much 188% on the day of the announcement on significant volume, rising from $0.04 to hit a high of $0.115, before closing at $0.87 to finish the day with a 118% gain.

While only a relatively small initial contract of $100,000, it was the catalyst needed to reinvigorate investors following months of speculation around the pipeline government contracts.

What’s really encouraging about these contract signings is not only the contracts themselves, but anticipation of further contracts to come. With its number of partnerships and contracts growing, WHK’s ability to sign up government agencies and deliver much needed cybersecurity solutions will be cemented in the market...and amongst investors.

WHK has previously mentioned that large corporates and government organisations can have hundreds of individual vendors providing a variety of services. While much of the detail of the initial government deal has been undisclosed — understandably, being an issue of national security — there’s potentially a significant number of vendors involved with the US government department in question.

Private organisations are woefully underprepared

Like many government agencies, very few private businesses know their top cyber risks and are on a path to mitigate their impact to their revenue, reputation and customers. What they need is an accessible and effective point of departure to begin their customer journey to cyber resilience.

As mentioned, Austal, a major shipbuilder for both Australia and the US Navy, was hit by a cybersecurity data breach and extortion attempt in recent months. The company’s Australian data management system was targeted with ship design drawings stolen and staff details including addresses, and mobile telephone numbers were compromised. It’s believed the offender then offered certain materials for sale on the internet and engaged in extortion.

Austal referred the breach and extortion attempt to the Australian Cyber Security Centre (ACSC) and the Australian Federal Police, but maintained that there was “no evidence to date that information affecting national security has been stolen”.

However, the threat was significant enough for Prime Minister Scott Morrison to weigh in, warning that the cyber-attack and extortion attempt on the Department of Defence shipbuilder has escalated fears about hackers’ attempts to compromise national security.

The departments of Defence and Home Affairs issued a joint statement with the Australian Cyber Security Centre, saying “this incident reinforces the serious nature of the cyber security threat faced by defence industry, and the need for industry partners to put in place, and maintain, strong cyber defences,” but like Austal, didn't identify who was responsible.

Frankly, the problem is that corporate boards haven’t been prioritising cyber risk — just 36% have adequate cybersecurity protocols in place to provide effective oversight. This, in turn, leaves extensive segments of the economy vulnerable to serious threats.

Examples like the British Airways cyber-attack earlier this year further highlight this threat, when the personal and financial details of 38,000 customers were stolen from the airline’s website and mobile app.

The British Airways attack, moreover, is reported to be the result of supply chain risk — highlighting how vital is it for organisations to have adequate cybersecurity. As identified by WhiteHawk, the weakest link for large, complex companies is often their small or mid-size sub-contractors, vendors or supply chain companies.

The US Government has upped its focus on the systemic risks posed by IT and software supply chain vendors specifically at Department of Defense and Department of Homeland Security, and is taking proactive action to protect itself from cyber threats, including its recent contract signings with WHK.

Cyber liability insurance for SMEs

To protect against losses, many businesses are recognising the foundational need for cyber liability insurance, as an added requirement to protect businesses from digital risks to their revenue, reputation and operations.

With the average cybercrime or fraud event starting at $35,000 and ranging to over a $1 million for SMEs, it’s imperative for WHK customers to review their cyber liability options, obtain quotes and get connected to affordable options all online.

WHK has put in place a real time partnership with a top US Independent Insurance Agency — Clarke & Sampson — that specialises in cyber liability insurance.

Clarke & Sampson is an independent insurance agency located in Alexandria, VA that will assist WhiteHawk customers understand, and implement Cyber Liability coverage into their foundational cybersecurity programs.

Deals with US healthcare and a national utility

WhiteHawk isn’t simply reliant on government contracts and is actively partnering with private businesses to address and solve their cybersecurity issues.

It recently signed proof of value (POV) cybersecurity contracts with two US businesses that are large leading entities in their sector.

While the details of each customer and the commercial terms remain commercial in confidence, given the nature of the risk reviews, WHK has revealed that the contracts are with major players within the US east coast utilities and US national healthcare sectors.

Each POV contract is for up to 40 of the customers’ supply chain companies (vendors) to undertake an initial stage Cyber Risk Review. From there, potential second stages can involve over 1000 vendors — at an average potential revenue of $1500 to $5000 per vendor.

For each contract, WhiteHawk undertakes a risk rating and completes an analysis scorecard on each supply chain vendor company. This provides a risk snapshot for the prime customer and helps it to reprioritise and monitor their most critical vendor companies in their supply chain and streamline their third-party management program.

This process drives companies that are in a prime company’s supply chain to WhiteHawk's Cybersecurity Exchange, to mitigate key cyber risks in real-time.

The news was reported by Finfeed.com:

Healthcare and utilities each have critical infrastructure so are top cyberthreat targets, and with these two contracts locked in WHK is well placed to capture more contracts in these at-risk sectors.

In addition healthcare and utilities — along with the US Government department space — WHK also has a large pipeline of contracts financial sector, US Defense sector.

A final word

While the company’s list of customers continues to build, its shares are still only trading at 6.1 cents for a market cap of just $5.6 million.

With the signing of a Cyber Risk Framework Contract with a US top 12 Defense Industrial Base company and consecutive US government contracts, adding to its existing private utilities contracts, WHK is gaining momentum.

Supported by a growing awareness and need for continuously knowing and addressing your cyber risk, WHK has positioned its comprehensive technology online approach and frameworks, and of course, it’s impressive management team, to engage, sell and succeed for its shareholders.