WHK Expands US Defence Contract as Cybersecurity Sector Heats Up

A ‘malicious cyber attack’ on a US federal subcontractor to the US Customs and Border Protection is the latest data breach to hit the headlines.

The hack involved sensitive traveller information that’s reportedly now being offered as a free download on the dark web and highlights the importance of having comprehensive cyber protections at every level of government and by its subcontractors.

Yet that’s just one of many cyber events reported on in recent weeks...

A group of sophisticated hackers, that were responsible for one of the “most reckless cyberattacks in history”, the 2017 malware attack on the safety systems at a Saudi Arabian oil refinery, have now been implicated in targeting US power grids. The hackers have been carrying out broad scans of dozens of US power grid targets looking for entry points into their networks.

Russia’s power grids are also said to be the target of potentially crippling malware attacks. But that threat stems not from an organised criminal group, but the US federal government, which is reported to be “aggressively targeting Russia’s electrical grid”.

This is said to follow years of warnings from the FBI and US Department of Homeland Security that Russia has inserted malware to sabotage US power plants, oil and gas pipelines, or water supplies in future conflicts.

While these cyber threats are no doubt concerning, there have been some big winners — namely the cybersecurity space which has seen a spike in investor interest along with merger and acquisition activity since the beginning of the year.

Large tech companies, such as IBM, Symantec, Palo Alto Networks and FireEye, have been targeting smaller cybersecurity businesses to acquire as they scramble to up their security capabilities.

Data breaches, like those above, have seen investors keen to get in on the action too.

Crowdstrike’s (NASDAQ:CRWD) IPO last week is the latest successful cybersecurity IPO over the past year or so, following that of Carbon Black, Tenable and Zscaler. Crowdstrike nearly doubled its already marked up price to end its first day on the NASDAQ with a market cap of more than US$12 billion.

Locally, ASX-listed cybersecurity junior, WhiteHawk (ASX:WHK), is beginning to see renewed interest and today announced that a it had expanded an existing contract with a US Defense Industrial Base (DIB ) company, a move that could have big implications for its other contracts.

Like the US Customs and Border Protection, the US Defense Industrial Base (DIB), which provides products and services that are essential to mobilise, deploy, and sustain US military operations, is a top cyber target.

And like federal Customs and Border Protection subcontractors, DIB supply chain companies are often the weak link when not effectively monitored or when risks are simply not addressed.

This is a sector in severe need of supply chain cyber risk mitigation services.

Recognising this need, this top 12 Defense Industrial Base company, with annual revenue of over US$5 billion, last year contracted with WhiteHawk to implement a comprehensive 360 Cyber Risk Framework that included continuous monitoring, alerting and mitigation of business and cyber risks for supply chain companies in realtime.

Following the success of the first phase of that contract, today’s signed contract expansion is the continuation of the initial two-phase contract started in December 2018, for a total of US$218,000 (A$317,000).

The contract expansion will see WHK provide further supply chain risk management and cyber risk analytics for up to another 30 supplier companies bringing the total to around 60 companies, although this is not the end of the proposed phases for this total contract.

The fact that this US Defense Industrial Base company has expanded its initial 360 Cyber Risk Framework contract speaks volumes about WhiteHawk’s performance in delivering over the contract to date.

Plus, today’s announcement could very well be a sign of things to come as the first of many contract re-signings for WHK on both existing US federal government, large US private enterprises (including its existing contracts with a top 10 US financial institution and major east coast US energy company), and their supply chain companies, as well as with small to mid-sized businesses (SMBs).

Here’s all the latest from:

Share price: A$0.11 (at 17 June)

Market Capitalisation: A$17.2 million

Here's why I like WhiteHawk:

WhiteHawk Limited (ASX:WHK) the first global online cybersecurity exchange and AI driven cyber risk mitigation company enabling small to mid-sized businesses (SMBs) to take smart action against cybercrime.

A lot of the recent investor interest in WhiteHawk has centred around its contract signings on major US federal department contracts. While I suspect that some of the (equally as important) developments on the small to mid-sized business (SMB) front may have been somewhat overlooked, including its integration with EZShield’s platform which puts WHK in reach tens of thousands of SMBs per year, with “with the potential to reach hundreds of thousands of SMBs”.

Here in Australia you might picture a ‘small business’ as the local fish and chip shop, but in the US — and what WHK are talking about when they refer to SMBs — is something else entirely.

Research and advisory firm, Gartner, define SMBs by the number of employees and annual revenue. While small businesses are defined as organisations with fewer than 100 employees; midsize enterprises can have up to 999 employees.

As for annual revenue, a small business is usually defined as organisations with less than $50 million in annual revenue, while midsize enterprises are those that earn up to $1 billion in annual revenue.

These are lucrative customers for WHK, and due to their size, SMBs have different IT requirements and challenges than large enterprises as IT resources (budget and staff) are often constrained.

This highlights the opportunity on offer for WHK in servicing SMBs and suggests its partnerships with the likes of EZShield with its SMB customers could be extremely lucrative over the long term — especially given the rapid rise of cyber threats and the realisation by businesses of all sizes for adequate protections.

Top 12 US Defense Industrial Based company contract expansion

WhiteHawk’s announcement today, of the extension of a contract to provide its 360 Cyber Risk Framework to a top 12 Defense Industrial Base (DIB) company for supply chain risk management, is a sign of its ability to expand existing contracts and generate recurring SaaS revenue from its technology.

This top 12 Defense Industrial Base company has contracted with WhiteHawk to implement a comprehensive 360 Cyber Risk Framework which includes provisioning of an online Software as a Service (SaaS) subscription augmented by consulting services.

Reporting quarterly, the customer will establish a Cyber Risk Rating baseline for key supplier companies to support federal contracts via continuous monitoring, alerts, and actionable mitigation recommendations.

This will provide the customer with much needed actionable intelligence, clear visibility and transparency into the cyber health and status of its suppliers.

The customer will receive quarterly Cyber Risk Scorecards for an additional 30 suppliers and Risk Portfolio Reports for the top five suppliers. These reports will provide further insights based on WhiteHawk Cyber Analysts performing cyber intelligence analytics on the raw data collected from the security rating providers.

Each supplier company receives quarterly reports from WhiteHawk that summarise findings and recommendations to act upon for increasing their cyber maturity.

From there, the supply chain companies (whose risks are identified and prioritised as part of this framework) will be referred to the WhiteHawk Online Cybersecurity Exchange for risk remediation.

Once the setup and configuration is complete, the customer will be able to view and monitor the identified suppliers’ cyber security risk ratings and the comprehensive business ecosystem dashboard — including business, technical, and security risks. The contract provides for cyber risk analytics for up to 30 companies, considered as “phase 2” of the original agreement.

Cyber news confirms WHK as Next Tech Stock’s tip of the year

Earlier this year we named WhiteHawk (ASX:WHK) as the Next Tech Stock’s tip of the year, and the rising number of cyberattacks in the news since then — along with WHK’s progress on a company level — only cements our view.

While being major news, the US Customs and Border Protection was far from the only major cyberattack reported on last week.

Possibly even more concerning are reports that a group of ‘notoriously aggressive’ hackers, that attacked and shut down a Saudi Arabian oil and natural gas facility in 2017, is now targeting electric utilities in the US and in Asia.

In fact, security experts call it “easily the most dangerous threat activity publicly known”.

These security experts, at the critical-infrastructure security firm Dragos, along with the Electric Information Sharing and Analysis Center (E-ISAC), have been tracking the sophisticated hacker group, known as Xenotime, that’s believed to be looking for entry points to the US electrical grid.

Xenotime has been probing utilities since late 2018, focusing mostly on electronic control systems that manage operations at industrial sites. While scan­s like these for weak points are common, what makes this so worrisome is that it’s being conducted by the group behind the nearly lethal oil refinery cyberattack in 2017. Dragos experts suspect that these scans represent initial baby steps toward bringing that same sort of destructive sabotage to American soil.

As reported by Wired.com, “On the scale of security threats, hackers scanning poten­tial targets for vulnerabilities might seem to rank rather low. But when it's the same hackers who previously executed one of the most reckless cyberattacks in history — one that could have easily turned destructive or even lethal — that recon­nais­sance has a more foreboding edge. Especially when the target of their scanning is the US power grid”.

That article and another from Bloomberg detail the threat:

This is particularly relevant to WhiteHawk which last year signed a contract with a major (unnamed and confidential) east-coast US utility company. This customer is managing a power grid that provides services to over 20% of all US electricity customers and has over US$30 billion in annual revenues.

The initial contract involves up to 40 vendors, and with the potential to move to a second stage involving over 1000 vendors in 2019 “at an average potential revenue of $1,500 to $5,000 per company”.

Australia too, a target of cyber attacks

But it’s not just the US that’s seeing cyber attacks in the headlines...

Recent news of a cyber attack revealing almost 100,000 Westpac customers’ details brought the reality of the threat closer to home:

Then there was news of major data breach at the Australian National University (ANU) in which a “significant” amount of staff and student information was accessed by a sophisticated operator.

Worryingly, the breach was only detected last month, despite taking place in late 2018 where the hacked gained unauthorised access to significant amounts of personal staff, student and visitor data extending back 19 years.

ANU estimate that 200,000 people have been affected by the hack, based on student numbers each year and staff turnover.

This is just another case of businesses and government organisations failing to take adequate preventative cybersecurity steps. But surely, as the dire consequences reveal themselves, organisations will increasingly take the risk of cyber threats seriously.

The space is beginning to gain appreciation from investors, at least, and it’s only going to gain further attention from here on out.

CrowdStrike IPO reflects the sector’s growing investor enthusiasm

One company that seems to have leveraged these headlines to perfectly time their NASDAQ listing is CrowdStrike Holdings (NASDAQ:CRWD) which completed its IPO last week.

The cybersecurity company listed on June 12 at $34 per share (up from an expected $28 to $30 per share), but the stock's price actually opened much higher, at $63.50, gaining as much as 97% and delivering a first day US$12 billion market cap.

That result came despite the company losing $140 million last year, although sales of its cloud-based technology which is designed to detect and prevent breaches are on the rise. The successful IPO delivered some handsome returns to early backers of the company —one such investor, Warburg Pincus, now owns a stake that's worth over $3 billion.

Cyber M&A activity heats up

While cyber attacks are becoming more and more frequent and investor interest in the sector is on the rise, so too is corporate activity.

In the first quarter of 2019, more than US$7 billion in cybersecurity deals were done and we’re not finished yet, says Cybersecurity Ventures.

A wave of acquisitions are making the headlines as cybersecurity companies are being snapped up. Large companies are sitting on lots of cash while pondering their security capabilities.

Hank Thomas, CEO at Strategic Cyber Ventures, suspects that based on all the cash companies are sitting on, that larger businesses that aren't pure-play security companies, such as IBM, Symantec, Palo Alto Networks, will continue to leverage their cash in cybersecurity-focused acquisitions.

Already in 2019 a wave of acquisitions have made headlines as deals rolled in almost daily during the first quarter. Here are just a few seen in recent months:

• Palo Alto Networks has made three acquisitions already this year: In March it announced plans to buy Demisto and its platform to automate and standardise incident response for US$560 million. It has since confirmed its intent to buy Twistlock, an Israeli startup focused on container security, for US$410 million, and another Israeli cloud security startup, PureSec for an undisclosed amount.
• Private equity firm Insight Partners plans to purchase a controlling interest in Recorded Future, a threat intelligence group, in a US$780 million cash deal.
• FireEye bought security instrumentation company Verodin for US$250 million in cash and stock in May.
• Carbonite is acquiring Webroot for US$618.5 million in cash, adding endpoint and network security to its cloud-based data protection services.
• Industrial cybersecurity firm Dragos in March bought NexDefense, an up-and-coming security vendor in the industrial space which has its roots in the US Department of Energy.

Experts are predicting that we'll see more of the same level of activity that 2019 has brought so far with smaller businesses being acquired by larger companies looking to continue building out their cybersecurity portfolios.

Whether this is the future for WhiteHawk remains to be seen, but I’ve no doubt the its value will be more widely recognised in some form or another. In any case, deals like today’s contract expansion certainly help.

A final word

WhiteHawk has logged a huge number of developments over the past six months and while the stock has begun to generate investor interest (its share price trading at around double of where it was this time last year), its market cap remains at just $17 million. A level, that to me, still looks like an attractive entry price given WhiteHawk’s management team, its contracts and partnerships accrued to date, plus not to forget the supportive macro environment driving the need for cybersecurity solutions.

For further background, I suggest a read of my previous articles on WhiteHawk and on why it has already been locked in as the Next Tech Stock’s tip of 2019: