Tag Archives: Crossword Cybersecurity

Cybersecurity, News

Crossword Cybersecurity’s Identiproof demonstrates early commitment to Open Badges V3 in the Jobs for the Future Plugfest

7 July 2022 – London, UK – Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the cybersecurity solutions company focused on cyber strategy and risk, is pleased to announce that its Identiproof verifiable credentials (VC) product has successfully achieved its first milestone at the recently held Jobs for the Future (JFF) Plugfest. The plugfest focused on making verified digital Learning and Employment Records (LERs) more widely and safely accessible to a larger number of employers via digital wallets. Twenty companies from the USA, Europe and Australasia participated in the first JFF Plugfest held on 6 June 2022.

Crossword is participating in the project through its involvement with the World Wide Web Consortium (W3C) Verifiable Credentials for Education Task Force (VC-EDU) initiative. Crossword participated in the technical discussions, and created a demo, using Identiproof’s iPhone wallet connected to its Issuer. As a result, Identiproof has successfully passed the first milestone requirement of displaying certificates in a user-friendly format as a verifiable credential as defined by the Open Badges V3 standard.

The JFF Plugfest plays an essential role in driving the growth of a skills-based marketplace, especially important at this time of labour shortages, by enabling employees to hold their LERs in their digital wallets. Digital LERs are digital resumés with secure, verifiable, and readily accessible records of people’s skills, educational experiences, and work histories.

The JFF Plugfest is being organised in the USA by JFF, the National LER Advisory Council, the National Governors Association and Brain Trust, in order to demonstrate interworking between W3C VC products, and is being funded by Walmart (amongst others).

According to the National Governors Association, governors and state leaders in the USA are concerned about the current labour shortage, occurring during a time when so many skilled workers are unemployed or underemployed. Skills-based approaches to hiring and recruiting can make pathways to good careers more broadly accessible to a wider segment of the workforce and reduce workforce inequities by focusing on what workers can do, not on the degrees or credentials they’ve earned.

Participation in the JFF Plugfest and working with the Open Badges V3 standard places Crossword and its Identiproof platform at the forefront of the market in the drive for interoperability in the education sector. With 10.8 million certificates issued for vocational and other qualifications in England in the 2020 to 2021 academic year, the education sector is one of the exciting sectors for Identiproof to support digitisation and improved security through VC.

Jake Holloway, Chief Product Officer at Crossword, commented: “Identiproof is at the forefront of the credentials verification sector, and we are delighted to be participating in this prestigious project with leading organisations in the USA. Credentials verification is a critical requirement in matching skills and jobs. This is particularly important in the fast-moving technology sector, where coding and programming skill sets are in high demand but hard to quickly and easily verify at present. The Covid-19 pandemic has accelerated the move towards the digitalisation of everything, and credentials verification is one of the key growth areas.”

David Chadwick, R&D Director at Crossword, added: “As Crossword’s leading Self Sovereign Identity (SSI) product, Identiproof is targeted at the professional qualification’s market, amongst others, demonstrating interoperability with other verifiable credentials products will increasingly become a “must-have” customer requirement. Playing a leading role in specifying the technical requirements for JFF will allow Crossword to ensure that Identiproof stays ahead of the crowd”.

The JFF Plugfest has more than sufficient funds to award every successful participant at least $10K per completed Plugfest milestone. Two further Plugfest milestones are envisaged, to demonstrate credential issuing interoperability and credential verification interoperability. The next Plugfest is scheduled for November 2022.

Identiproof’s VC technology has wide ranging applications including digital ticketing, certificates, licenses, memberships, passports, proof of ownerships and many others. It provides a central technology in applications for the issuing of digital certificates and documents that cannot be forged or transferred, and that respect the privacy of the holders of those certificates. It does this through selective disclosure, whereby the recipient requests the minimum of information in conformance with GDPR. Identiproof is one of the first systems built to the 2019 W3C recommendations: The Verifiable Credentials Data Model and Web Authentication (FIDO2) – two new global web security standards.

Verifiable Credentials Limited, the provider of Identiproof™, was acquired by Crossword in May 2021. Identiproof achieved its early adoption of the W3C verifiable credentials standard thanks to Emeritus Professor David Chadwick being one of the six co-authors and editors of the standard and a well-known expert in the field of digital identity and verifiable credentials.

Cybersecurity, News

Crossword Cybersecurity Plc announces new Supply Chain Cyber practice in response to increasing threat of supply chain cyber attacks

  • New integrated practice addresses 4x forecast growth in supply chain cyber attacks

28 June 2022 – London, UK – Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the cybersecurity solutions company focused on cyber strategy and risk, has today announced the creation of a new integrated Supply Chain Cyber practice.

In response to client demand and the substantial increase in supply chain cyber threat levels, the integrated practice provides a set of controls, processes and tools, along with a range of managed services, advice and training to massively reduce the risk of direct cyber-attacks as well as threats via third parties across a company’s supply chain.

The practice provides an end-to-end approach to supply chain cybersecurity and includes a standard operating model (SOM) and a substantially updated version of Rizikon Assurance, Crossword’s SaaS platform used by supplier management and cybersecurity teams and across an organisation to underpin the controls, tools and data needed to reduce supply chain risk.

Updated Rizikon features include automated assurance, flexible reporting and new dashboards that improve supply chain cyber assurance, risk and compliance strategy, policy and operations.

Experienced cybersecurity consultant, Ryan King, has been appointed as Practice Lead and is supported by a dedicated team of experts specialising in supply chain cyber risk.

Today’s cyber threat potential is huge and growing fast. The European Under Agency for Cybersecurity (ENISA) reported in 2021 that it expected supply chain attacks to quadruple over the following 12 months. As a result, industries including but not limited to banking, retail and manufacturing are under mounting financial, reputational and regulatory pressure to take control of cybersecurity risks.

For organisations of any size, the greatest threats to cybersecurity are suppliers, third parties and connected technologies because they are so hard to control. Recent research independently conducted for Crossword of over 200 Chief Information Security Officers (CISOs) found that 83 per cent of CISOs viewed “ensuring that the entire supply chain is water-tight in its ability to defend and recover against threat actors” as a challenge.

Today’s solutions are failing – Crossword’s end-to-end approach addresses the fundamentals

Many organisations are still using internally focused ideas and solutions to try and address cybersecurity risks in the supply chain, but by definition these are not sufficient since they fail to holistically integrate the cyber risks originating from external third parties. Furthermore, the longer and more diverse a supply chain becomes, the faster the risks multiply in tandem with an organisation’s inability to monitor and manage those risks.

Crossword’s Supply Chain Cyber approach is dedicated to meeting any organisation’s cybersecurity and supply chain resilience obligations by providing an end-to-end solution. Crossword’s Supply Chain Cyber offering provides:

  • A team of cybersecurity industry experts, dedicated to defining and delivering risk management best practice
  • A comprehensive and flexible supply chain cybersecurity Standard Operating Model that defines processes, techniques and structures needed to manage supply chain assurance, compliance, and risk in any industry
  • An updated version of Rizikon Assurance – an automated, SaaS-based platform for managing supply chain cyber assurance, compliance and risk strategy, policy, and operations
  • Cost-effective supplier cyber audits and security testing
  • Consulting services including supply chain cyber benchmarking, maturity assessments and advisory consulting, and training
  • Complete managed services for supply chain cyber assurance, compliance, and risk management.

Stuart Jubb, Group Managing Director at Crossword Cybersecurity Plc, commented: “A whole new operating model and mindset is required to properly address supply chain cyber risks and attacks. Looking only inwards and relying on internally focussed controls, systems and thinking is not enough to protect organisations today. Crossword’s Supply Chain Cyber practice addresses the severity and fast-growing nature of risks present in supply chains. It gives our customers the tools and processes to securely and cost effectively manage these risks, benefiting not only the customer, but all members of their supply chain. The objective is to minimise collective risk and ensure cost-effective governance and adherence to regulations across all industries.”

Rizikon – elevate your supplier risk management

The supply chain cyber standard operating model (SCC SOM) is supported by Rizikon Assurance, a SaaS platform used by supplier management and cybersecurity teams and across an organisation to underpin the controls, tools and data needed to reduce supply chain cyber risk.

Rizikon automates processes such as designing supply chain cyber policy, grouping suppliers, creating detailed assurance plans, applying appropriate assurance methods to each group, and reporting on risk, compliance, and assurance coverage across the whole supply chain. Rizikon also integrates with existing tools and data sources.

Learn more about Crossword’s Supply Chain Cyber practice and standard operating model by visiting: https://www.crosswordcybersecurity.com/supply-chain-cyber

Cybersecurity, News

Crossword Cybersecurity Plc research reveals 40 per cent of companies believe their cyber strategy will be outdated in under two years

A perfect storm of escalating cyber-attacks and global tech innovation, leaves 61 per cent of Chief Information Security Officers (CISO) only “fairly confident” of managing their current threat exposure

24 May 2022 – London, UK – Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the cybersecurity solutions company focused on cyber strategy and risk, has today released a new report based on the findings of a survey of over 200 CISOs and senior UK cyber security professionals. Called “Strategy and collaboration: a better way forward for effective cybersecurity”, the paper reveals companies are more concerned and exposed to cyber threats than ever before, with almost two thirds (61 per cent) describing themselves as at best only “fairly confident” at managing their current cybersecurity threat exposure, which should raise some eyebrows around the boardroom.

Respondents also feared their cyber strategy would not keep pace with the rate of tech innovation and changes in the threat landscape. 40 per cent believe their existing cyber strategy will be outdated in two years, and a further 37 per cent within three years. Additional investment is needed to address longer term planning, with 44 per cent saying they only have sufficient resources in their organisation to focus on the immediate and mid-term cyber threats and tech trends.

The daily firefight

CISOs and cyber professionals report struggling to manage today’s cybersecurity risks across the board. Asked about the day-to-day aspects of securing their businesses on a scale including “a little, somewhat, or very challenging”, the following areas were ranked highest as at least somewhat challenging by respondents: (total challenging figures in brackets)

  • Detecting or identifying the occurrence of a cybersecurity event or threat – 56 per cent (85 per cent)
  • Third parties disclosing breaches in good time – 55 per cent (85 per cent)
  • Understanding and anticipating new or potential future strategies used by threat actors – 55 per cent (84 per cent)
  • Ensuring that the entire supply chain is water-tight in its ability to defend and recover against threat actors – 52 per cent (83 per cent)

Juggling cybersecurity priorities

Not only do organisations feel they are chasing their next cyber strategy, but they are struggling to deliver on the one they have now. CISOs highlighted the following key priorities over the next 12 months:

  • The cyber skills gap within organisations is the highest strategic priority (31 per cent). This has a been a perpetual problem facing the IT industry and cybersecurity teams can become quickly overwhelmed if the right expertise is not in place to manage the load. The effects of this can be devastating, creating risk vectors that can be exploited and may lead to human error under pressure, or a missed threat. Rather than hunting new people, the gap could in part be addressed by putting more resources into training and upskilling, but this is difficult when team capacity is already stretched.
  • The next most important priority highlighted by CISOs is the challenge of gaining consistent and reliable ‘threat intelligence’ (28 per cent), with many reporting they rely on informal information sharing networks.
  • Securing digital identity (27 percent) was also identified as key given the risks posed by hackers gaining credentials and impersonating users to access data and systems.

Stuart Jubb, Group Managing Director at Crossword Cybersecurity plc, commented: “The picture painted by our research shows CISOs are in urgent need of a strategic rethink. CISOs need to balance their cybersecurity operation’s daily load with managing the organisation’s long-term requirements. Boards must make sure CISOs have the budget necessary to get short-term issues under control and then begin planning a long-term business wide strategy. Such a strategy should be supported by a standard operating model with robust processes and policies for the company’s entire supply chain. Every month of delay leaves businesses open to potentially crippling cyber-attacks.”

The tech trends that matter to cyber professionals

CISOs were also asked about the technology trends that they saw as being the most important and relevant over the next 12 months. Several technology categories stood out with cloud transition and cyber in the cloud leading the way (41 per cent), followed by Cyber Security Mesh Architecture (CSMA – 35 per cent), and AI/Machine Learning (31 per cent).

Deciding how each of these categories will fit into the short-term cyber goals and longer term strategy of UK organisations will take serious consideration. However, respondents did report having a clear view on the most important technology components they want to address in their cyber security plans in the short term, compared to the next three or five years. Three quarters (75 per cent) said software verification, which helps to ensure a program is secure, 69 percent said cloud transition and 69 per cent said dealing with ransomware escalation, will be a focus immediately or over the next 12 months. A similar number (65 per cent) identified CSMA, a method for making cybersecurity products interoperable, as a key technology. Other technologies of note included:

  • Zero trust and identity security (62 per cent)
  • Quantum data stores / computing (55 per cent)
  • AI / Machine learning (55 per cent)

Jubb concluded: “Cybersecurity today is in a more tightly squeezed iterative cycle than it was in the past. It demands that organisations take a more strategic and collaborative approach – we recommend appointing a head of cyber security strategy, while leaving the CISO to deliver on the immediate challenges. Managing the day to day risks is a tough balancing act, but one that can be achieved if CISOs have the right resources to upskill their teams and tools that leverage AI to bring efficiency and automation to help protect their organisation and its supply chain against today’s threats.”

Professor Tim Watson, Programme Director, Defence & Security, The Alan Turing Institute and Director, WMG Cyber Security Centre, University of Warwick, commented: “Collaboration is especially important when it comes to protecting critical national infrastructure because it’s rapidly becoming a whole new theatre of conflict between Nation States. It’s also not particularly easy because there are so many private and public stakeholders.”

Muttukrishnan Rajarajan (Raj), Professor of Security Engineering and Director, Institute for Cyber Security, City, University of London, commented: “Tackling ransomware is a huge area of focus in the world of research, so I’m not surprised this scored highly in the survey. We are often commissioned to work on projects that focus just on this – an attack on one SME can cause a complete supply chain to grind to a halt as we saw with vulnerabilities introduced via the Log4J code libraries recently.

Mergers & Acquisitions, News

Crossword Cybersecurity Plc acquires threat intelligence company, Threat Status Limited

14 March 2022 – London, UK – Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the technology commercialisation company focused on cyber security and risk, is pleased to announce its acquisition of the whole of the share capital of Threat Status Limited (“Threat Status”), the threat intelligence company and provider of Trillion™, the cloud based software as a service (SaaS) platform for enterprise-level credential breach intelligence has now completed. Additionally, Threat Status’s more recently released product, Arc, protects the users of customer-facing applications from the threat of Account Takeovers. The acquisition of Threat Status takes the Company’s portfolio to five cyber security offerings, alongside its cyber security consulting and managed services offerings. The transaction was first mentioned on 21 December 2021 in an RNS announcement.

Threat Status’s platform enables businesses and managed service providers to monitor data that has been stolen and shared on the dark web and criminal forums which could harm the security of their business or that of their customers. Threat Status has developed its subscription-based, enterprise-class services to be turnkey, highly scalable, very secure and ready to go. The platform is quick for onboarding new clients, with no complex integrations needed, allowing rapid delivery of customer value.

Crossword Cybersecurity has agreed to pay a total consideration of £1.529m for Threat Status. This price represents an annual recurring revenue multiple of 5.25. The payments are structured as follows;

  • An initial cash payment of £500,210;
  • On the first anniversary of the transaction, a cash payment of £281,758 and £171,942 in Company stock;
  • On the second anniversary of the transaction, a cash payment of £125,000 and £450,000 in Company stock; and
  • All shares will be issued at a price based on the average mid-market price for the three months prior to the date of issue.

Threat Status was founded in 2017 by Jon Inns, who is the CEO of the business. He was joined by Ian Nice, CTO, and was supported by a third-party fund. Jon, Ian and their team of developers and apprentices will join Crossword to drive the continued commercialisation and development of Threat Status products. For the 12 months ended 31 March 2021, Threat Status made a loss of £54,864 and had net assets of £75,586 at that date. Threat Status is reaching breakeven, with 90% recurring revenue. Cross sell opportunities are being explored with the acquisition, alongside operating synergies.

Tom Ilube, CEO of Crossword Cybersecurity plc, commented: “Crossword is pleased to incorporate Trillion and Arc into its product suite, completing our aim of having five products in the market by the end of 2022 and adding over twenty new recurring revenue clients. We welcome Jon, Ian and their team to Crossword and are excited about the opportunities Threat Status brings to Crossword and our clients, as we continue in our mission to reduce the cyber risks for our clients by providing a portfolio of innovative products and services. This is our third acquisition in less than a year and shows the extent of our ambition to provide a portfolio of subscription-based, enterprise-class products and services.”

 

Jon Inns, CEO of Threat Status Limited, commented: “Threat Status has developed one of the strongest and most advanced credential leak monitoring services in the market and we’re looking forward to leveraging the opportunities and synergies this acquisition by Crossword represents. With Crossword’s experienced sales team and growing client base, and our proven and trusted technology, we expect market penetration to accelerate, increasing revenue and client protection.”

Cybersecurity, News

Launch of Rizikon Pro to address demand for supplier assurance in SME organisations

Crossword Cybersecurity Plc (AIM:CCS, “Crossword”, the “Company” or the “Group”), the technology commercialisation company focused solely on cyber security and risk, is pleased to announced the launch of Rizikon Assurance Professional Edition (“Rizikon Pro”), a new edition of its supplier assurance and third party risk management platform aimed primarily at small and medium sized organisations.

Crossword has demonstrated Rizikon Assurance’s value within large and complex enterprises, with a client base in sectors as diverse as nuclear and professional services. It recognises that smaller organisations have the same third-party risk imperatives as larger enterprises, but with less complex needs, and often lack in-house risk management expertise. Rizikon Pro is an out-of-the-box, online SaaS solution, offered on a pay-as-you-go basis, giving smaller organisations access to a set of core easy-to-use supplier assurance platform features, at lower cost. Modules can be chosen according to need, meaning customers only pay for the features they use, and can be expanded as required. Crossword anticipates a rapid roll out to a wider client base over the coming year.

Rizikon Assurance is a secure, encrypted portal which puts organisations in control of managing risks in their supply chain. COVID-19, Brexit, and a host of Environmental, Social and Corporate Governance (ESG) matters, have highlighted weaknesses within supply chains, raising awareness of the financial, regulatory, and reputational risks organisations indirectly carry. Rizikon Assurance contains standard questionnaires on subjects such as cyber security, GDPR, supplier on-boarding, modern slavery, anti-bribery & corruption, and soon to be released diversity and equality assessments. Customers also can create their own question sets and scoring approaches, enabling a 360-degree view of supply chain risk in a single pane of glass. Rizikon Assurance improves the scalability, security and auditability of third-party assurance and due diligence through its automated, centralised and encrypted platform.

Sean Arrowsmith, Group Sales Director, of Crossword, commented; “Recent global events including COVID-19, Brexit, trade wars and ESG matters are drawing attention to the importance of supply chain management, and shining a torch on poor resilience, and the unknown risks organisations are carrying in their supply chains. The release of Rizikon Pro addresses the demand from smaller organisations to assess supply chain risk in a cost-effective way, helping them identify where to invest resources to reduce risk and build resilient supply chains, with the same success as our enterprise customers.”