Cybersecurity advisory firm WhiteHawk (ASX: WHK) has secured a high profile contract to provide a tailored version of its 360 Cyber Risk Framework to departments within the US Government, with the aim of “protecting against supply chain intrusions”.
The cybersecurity specialist is primarily focused on serving small and medium-sized businesses (SMEs) enabling them to take evasive action against cybercrime.
However, its new contract with the US Government seeks to expand its market coverage with supply chain intrusions being identified as a growing threat impacting both private and public sector systems.
One recent example of where its cybersecurity solution could have been implemented involved British Airways.
In early September this year, British Airways suffered a breach of its entire customer personal and financial data database affecting over 380,000 customers’ credit and debit cards – a breach that was attributed to poor supply chain risk management. The breach could still see the airline fined up to US$1 billion under new European Commission regulations.
The problem stemmed from websites “embedding code from third-party suppliers” and thereby becoming vulnerable to what’s known as a “supply chain attack” whereby third parties supply code to run payment authorisation, present ads or allow users to log into external services, but leaving the overall system compromised and vulnerable to nefarious intrusion.
WhiteHawk has said that its 360 Risk Framework is designed to vet such software vendors and service providers in order to reduce the likelihood of cyber attacks.
Securing US Government infrastructure
Under the terms of its new contract, WhiteHawk is being tasked with providing sensitive risk analytics and mitigation, providing needed added protections to a breadth of office and mission functions within the Department of Defence, Homeland Security and Intelligence Community of the US Government.
According to the company, the contract will commence immediately, followed by customer evaluation and an “option for expansion”. WhiteHawk said the contract is being carried out in two distinct phases with the first phase being “minimal” and valued at below US$100,000 (A$138,000).
Phase 2 will expand the scope of the risk framework within the US Government software infrastructure to include all vendors being monitored and serviced by WhiteHawk’s Cybersecurity Exchange, meaning the cybersecurity company will be able to derive additional revenues from the sale of other vendor’s products purchased across the Exchange.
“With this contract, we continue to demonstrate that our Cyber Risk Frameworks are equally of impact and value across sectors. And now we are having these conversations and demonstrations with key US government departments and government-owned utilities, who are highly targeted and in great need of an effective, affordable, and scalable cyber risk framework,” said Terry Roberts, executive chair of WhiteHawk.
Mr Roberts explained that traditionally, supply chain company or vendor risk management programs are focused primarily on financial and product/service risk checks by a large staff of personnel and business processes.
“I wanted an end to end approach that leverages best of breed open data sets and premier risk tradecraft, baked into AI-driven algorithms and analytics – all displayed in an integrated dashboard,” said Mr Roberts.
The contract announced today is expected to allow WhiteHawk to scale its risk insights across hundreds “and even thousands” of vendors and supply chain companies.
“In addition, we have integrated our WhiteHawk Cybersecurity Exchanges’ ability to identify and mitigate all critical cyber-related risks,” said Mr Roberts.
Today’s deal could potentially add further momentum to WhiteHawk’s improving revenue performance. Earlier this week, the cybersecurity company reported that it achieved a “substantial revenue increase” in Q3 2018 totalling US$191,000 (A$265,000), compared to the previous quarter’s total of US$59,000 (A$81,000).
Year-to-date WhiteHawk said its total cash collected was US$263,000 driven by newly commencing contracts.