Jake Holloway

Crossword Cybersecurity Plc, the technology commercialization company focused solely on cyber security and risk, has significantly strengthened its leadership team with the appointment of a Group Sales Director and a new Chair of its consulting subsidiary to assist in driving growth during 2020. Sean Arrowsmith joins as Crossword’s first Group Sales Director in January, responsible for both product and consulting sales activity. Sean will lead and grow the sales team. He inherits a strong pipeline for the Rizikon Assurance risk product, which stands in excess of £3m over 100 companies in a wide range of sectors. Revenue target achievement Sean comes with 20 years of sales experience in cyber/information security and technology. He was previously Group Sales Director at IRM Ltd, the World Class Centre in Cyber Security of Altran Technologies SA, the global innovation and engineering consulting firm, where he was accountable for revenue target achievement across all of IRM’s business streams including consulting, software and training. Dr Robert Coles has taken on the role as Non-Executive Chair of Crossword Consulting Ltd In addition, Dr Robert Coles has taken on the role as Non-Executive Chair of Crossword Consulting Ltd, the Group’s consulting subsidiary. Dr Coles knows Crossword well through his current role as Chair of its Advisory Board. He has extensive experience in building large scale consulting practices having been Lead Partner in KPMG’s Information Security Services for EMEA. He subsequently spent many years as a Chief Information Security Officer (CISO) in large corporates including GlaxoSmithKline (GSK), National Grid and Merrill Lynch. Developing Relationships With University Partners He is an Honorary Professor at University College London (UCL) and Visiting Professor at Royal Holloway, University of London. Jake Holloway, formerly Business Development Director, is now devoting himself full time to the role of Chief Product Officer, bringing a sharper focus to building out Crossword’s product portfolio (which currently comprises Rizikon Assurance and Nixer CyberML) and developing relationships with university partners. Rob Johnson leaves Crossword after two successful years as Chief Operating Officer to take up new challenges. The COO role will not be replaced. Tom Ilube, CEO of Crossword Cybersecurity Plc said “With Sean and Robert on board, alongside our current Executive team, we have the right people in place to scale up in 2020. Sean is a 20-year tech and cyber sales veteran with a proven track record. Robert will bring his consulting experience, as Lead Partner at KPMG, to our consulting business as Chair. I am delighted to have two such powerful leaders join our team.”

Crossword Cybersecurity Plc, the technology commercialization company focused solely on cyber security and risk, announces the launch of Nixer CyberML, a new family of machine-learning based security and anti-fraud software products, that help organizations easily and quickly build these capabilities into applications. Nixer CyberML is a new tool for businesses that want to solve advanced security and cybercrime problems, such as detecting and dealing with compromised accounts, fraud and in-application denial of service attacks. Machine learning based detection Many of today’s security and fraud problems occur within applications and are difficult Many of today’s security and fraud problems occur within applications and are difficult, if not impossible, to detect externally to the applications. For example, if a fraudster has obtained a user’s login details via a credential attack, their access to the site while logging in can appear normal – but once inside the site, can start to behave maliciously. Nixer CyberML allows development teams to rapidly add machine learning based detection to online applications (online banking, ecommerce systems, ticket sites, critical business apps, etc.) that can learn to accurately distinguish between good and bad user behavior. This initial release designed for developers, includes the Nixer CyberML architecture, code libraries for Spring framework based applications, and a local Nixer CyberML Engine designed to help with credential protection functionality. Processing anonymous application event data The Nixer CyberML Engine, stores and processes anonymous application event data, and contains the machine learning algorithms which determine whether events are normal or potentially malicious. Future versions of Nixer CyberML will give developers access to cloud-based machine learning algorithms. The benefits of using Nixer CyberML include: Detecting, mitigating and preventing fraud and other user-based attacks that Web Application Firewalls (WAFs) and Distributed Denial of Service (DDoS) tools cannot mitigate, by using advanced machine-learning integrated into business applications Quick and reliable deployment by using existing code and architecture, and, where needed, working with a specialist partner familiar with machine-learning, cyber security and cyber-crime prevention to provide support with data science and algorithm creation. Implementing effective solutions Jake Holloway, Crossword’s Chief Product Officer, said, “Machine Learning based approaches to cybersecurity are not uncommon in very advanced applications, but most development teams are maxed out and do not have the right data science skills and tools to implement effective solutions quickly.” “This is why Nixer CyberML has been designed – it allows organizations to build in security and anti-fraud capabilities easily and quickly, without needing to employ machine learning specialists.” Valuable context for algorithms and analytics Nixer CyberML helps to merge the gap between security analytics and software development" Tom Ilube, Crossword CEO also said, “The first product to come out of the Nixer CyberML family of products is part of Crossword’s CyberAI initiative. It will be followed up with further services to help Enterprises, SaaS Vendors and developers accelerate projects that add intelligence to their applications.” “As the UK’s leading cyber security commercialization company we work with universities regularly, as we have with Imperial College London on Nixer CyberML’s machine learning algorithm design and selection.” Jan Broniowski, Nixer CyberML Architect said, “By putting security closer to the application layer, we create rich, valuable context for algorithms and analytics. We offer Nixer CyberML as Java libraries through GitHub - a design decision that provides control, explainability and configurability to developers. Nixer CyberML helps to merge the gap between security analytics and software development.”

Crossword Cybersecurity Plc the technology commercialization company focused solely on cyber security and risk, is pleased to announce that it has signed a Memorandum of Understanding (MoU) with Leonardo MW Ltd, a global high-tech Aerospace Defense and Security company. Crossword is rapidly becoming a pioneer player in the provision of risk assurance systems. Rizikon Assurance allows organizations to assess, assure, visualize and, ultimately, control third party risk. Risk assessment and management practice The cooperation between Crossword and Leonardo will enable Leonardo’s National Cyber Security Centre’s certified cyber consultancy to use Rizikon Assurance to enhance its leading risk assessment and risk management practice for customers throughout the world. Leonardo targets its cyber security offerings at Government, Defense and Critical National Infrastructure both in the UK and internationally. Supporting that offering with industry-leading tooling such as Rizikon Assurance, will further improve outcomes for customers. Cyber and supply chain assurance capability MoU states an intention to collaborate across multiple workstreams, including an agreement to bidThe MoU states an intention to collaborate across multiple workstreams, including an agreement to bid for certain significant contracts across multiple industries throughout 2020, utilising Crossword’s flagship third party risk management solution Rizikon Assurance and Leonardo’s extensive expertise in integration, cyber and third-party assurance. A recent Ponemon Institute survey found that 56% of data breaches were caused by a third-party vendor and with this issue gaining in media and regulatory attention, it is critical that businesses understand their third-party risk and how to mitigate it. Crossword’s Rizikon Assurance and Leonardo’s cyber and supply chain assurance capability perfectly align to address this growing requirement. Deliver technology commercialization The MoU also explores opportunities to partner to deliver technology commercialization, focusing on cybersecurity research in UK universities and bringing cutting edge technology to market. Jake Holloway, Crossword’s Business Development Director, said: “Having Leonardo as a partner will allow us to respond to much larger opportunities for our products like Rizikon Assurance. This is a big step in our development as a business.”

Crossword Cybersecurity plc has announced the availability of Rizikon Assurance 2.0, an online solution to the problem of third-party risk. The new version allows organizations to visualize all risks for each third-party through fully customizable 360-degree supplier scorecards. The new Third-party Assurance Framework Dashboard – an industry first – gives Supplier Management teams, Chief Risk Officers and senior executives a complete understanding of third-party risks across their supply chain, helping identify problem areas and prioritize remedial action. Every day there is a new report of a third-party (often a supplier) causing financial, reputational or regulatory harm to a company – this could be a data breach, an issue with child labor, a missed delivery date, or a safety problem. Rizikon Assurance helps companies address the pressure from Regulators, Auditors, Compliance professionals and customers to improve third-party assurance & risk management. It supports the Rizikon Supplier Assurance Framework, an optional, technology independent, methodology for organizing, managing and measuring third-party risks. Controlling third-Party risk with assessments Rizikon Assurance 2.0 is now fully integrated with data sources from Companies House and credit ratings via CreditsafeRizikon Assurance helps organizations take control of third-party risk with secure online assessments in their own branded portal, automated assessment scoring and workflows. Both standard and customized assessments are securely sent to third parties; once submitted online they are automatically scored, and can be manually rescored by ‘Assessors’, who can flag answers and return them for more detail or improved responses. Procurement and Supplier managers and executives can then instantly use data to understand the risks associated with that supplier, a specific risk area, or across the whole business. Rizikon Assurance 2.0 is now fully integrated with data sources from Companies House and credit ratings via Creditsafe. This means that Suppliers can be verified against registered information, and limits financial exposure by giving finance and procurement teams instant access to the financial risk data for all suppliers in the Creditsafe database of over 320 million companies. Credit risk can now be viewed alongside all other areas of Supplier risk (Cyber, GDPR, Continuity, etc.) on a single scorecard. 360-Degree view of third-Party risk Scorecards give an at-a-glance 360-degree view of third-party risk in a context defined by the customerNew Rizikon Assurance Scorecards allow customers to see all risks for each third-party with combined risk information from the Assessments they have completed on multiple topics, as well as data from Companies House and credit-scoring from Creditsafe. Scorecards give an at-a-glance 360-degree view of third-party risk in a context defined by the customer, as each scorecard segment and weighted risk calculation is customizable. The industry-first Assurance Framework Dashboard gives executives and risk professionals a top-level view of all risks across all third parties, organized by ‘Impact levels’. It allows them to quickly focus on high ‘criticality’ third parties needing the most attention and drill-down into those risks. The dashboard also highlights where assurance information gaps exist, which may leave a company exposed. SaaS platform with two-Factor authentication Rizikon Assurance comes with a growing library of standard assessments that organizations can use to support third-party assurance covering areas including Cyber Security, Modern Slavery, Anti Bribery & Corruption, GDPR and Minimum Wage legislation. These can be combined with customized assessments based on a customer’s own tried and tested question sets. Security features include two-factor authentication and 256-bit end-to-end encryptionDelivered as a SaaS platform, the installation and hosting, maintenance, support and security of Rizikon Assurance is taken care of by the Crossword Cybersecurity team, reducing both risk and total cost of ownership. Security features include two-factor authentication and 256-bit end-to-end encryption. All data is hosted in the UK across multiple data centers. third-Party assurance and risk management Jake Holloway, Director responsible for Rizikon Assurance, commented: “Despite third-party risks being one of the top enterprise risks for any large company or organization, third-party risk assurance is often under resourced and simply not visible at board level in the same way as other areas, such as global trade policy or cyber security. “The Rizikon Supplier Assurance Framework and Rizikon Assurance 2.0 give companies a methodology and software platform that improves third-party assurance and risk management through efficiency, automation and better visibility of risk areas and individual suppliers. Finally, boardrooms can answer the question ‘How much third-party risk do we have and exactly where is it?’”

Crossword Cybersecurity plc, has announced that Stevenage Borough Council, Peterborough City Council and East Hertfordshire District Council (‘the Councils’), will use Rizikon Assurance to manage compliance with the GDPR (General Data Protection Regulation) with their suppliers and for wider information governance. GDPR compliance GDPR makes many requirements of organizations, including taking adequate steps to ensure data is both encrypted and anonymized, so that in the event of a breach, the data cannot be exploited. Infringements under GDPR can lead to fines of €20 million, or 4% of annual global turnover for an organization. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack With a combined residential population of over 430,000, the Councils have a duty to ensure that the personal information of all residents is adequately protected against the risk of data breach, either by the Councils themselves or the third-party suppliers and agencies with which they work. Data breaches can be accidental, through the loss of a laptop for example, or as a result of an intentional breach or cyber-attack.  GDPR risk exposure Using Rizikon Assurance, the Councils will improve the process and accuracy of securing third party assurance. This will support compliance with GDPR, and establish a way to manage on-going assurance checks when needed at regular intervals. Additionally, the Councils will be in a position to identify GDPR risk exposure across their supplier portfolio, so that remedial action can be taken to improve the protection of citizen data. Jake Holloway, Director responsible for Rizikon Assurance, commented, “The role of every public service organization is to serve its citizens, often holding personal information about them on many sensitive topics such as health, benefits and education. With that comes the responsibility of ensuring that information is protected, especially when it needs to be shared with partner organizations.” Rizikon Assurance Jake adds, “Rizikon Assurance will help any organization dramatically improve the speed and reliability of its third-party assurance processes, covering areas such as GDPR, health & safety, the Modern Slavery Act and any other requirements that they may have.  It moves third party assurance from a siloed and reactive activity, to a connected, proactive continuous process that delivers a complete view of third-party risk.”