9 March 2020: CREST, the not-for-profit accreditation and certification body for the technical security industry, has received a grant of $1.4 million from the Bill & Melinda Gates Foundation to help increase cyber security capacity in Nigeria, Uganda, Tanzania, Kenya, Ethiopia, Pakistan, Bangladesh and Indonesia. Robust growth, adoption and usage of digital financial services by the poor can help provide the means to participate in the formal financial sector, capture income generating opportunities and smooth consumption through savings and other financial products. The growing reliance on digital infrastructure and increasing sophistication of threat actors requires significant attention and investment in managing cyber risk.
The funding will support threat-intelligence led system penetration testing through a trusted provider ecosystem, to improve cyber security resilience. CREST’s mission is to help the local industry professionalise and mature. It works proactively to raise standards, define measurement frameworks and build capability, capacity and consistency. It will also work with regulators in select countries to promote a more cyber-secure and cyber-resilient digital infrastructure for banking and financial services, by advising on local standards for testing critical infrastructures.
This initiative will build on the work done by CREST in the UK with the Bank of England and in other countries such as United States, Canada, Singapore and Malaysia, where it has developed frameworks and certifications to deliver bespoke, threat intelligence-led cyber security tests that replicate behaviours of real attackers.
The funding from the Gates Foundation will also be used to build the capacity of the private sector to deliver security services in accordance with globally accepted standards and processes in the eight designated countries noted above through training and accreditations.
The funding runs over two years with an initial research and market analysis phase to identify the current cybersecurity maturity in each market. The grant will help establish five or more CREST accredited member companies in each of the designated countries and deliver 100 fully funded CREST exams and 200 with 50% funding by the end of the funding period.
“Every country across the world is under increasing threats from cybercrime. This project will help build stronger cybersecurity capacity in eight fast-developing countries,” said Ian Glover, president of CREST. “The grant is recognition of the work CREST has already done in the UK and other countries such as Australia, Singapore, Malaysia, Hong Kong and North America. It will support a dedicated research capability within CREST and help to build a robust model that can also be applied to other regions.”
CREST is a not-for-profit accreditation and certification body that represents and supports the technical information security industry. CREST provides internationally recognised accreditations for organisations providing technical security services and professional level certifications for individuals providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and security operations centre (SOC) services. CREST Member companies undergo regular and stringent assessment, whilst CREST certified individuals undertake rigorous examinations to demonstrate the highest levels of knowledge, skill and competence. To ensure currency of knowledge in fast changing technical security environments the certification process is repeated every three years.
CREST is governed by an elected Executive of experienced security professionals who also promote and develop awareness, ethics and standards within the cyber security industry. CREST supports its members and the wider information security industry by creating collaborative research material. This provides a strong voice for the industry, opportunities to share knowledge and delivers good practice guidance to the wider community.