Bill Gates backs Crest fintech security scheme for Africa and Asia

Cyber security accreditation and certification non-profit Crest has been awarded a grant of $1.4m (£1m/€1.2m) by the Bill and Melinda Gates Foundation to help increase cyber security capacity in African and Asian markets and provide safe and secure access to digital financial services for the unbanked.

The UK-based organisation’s rigorous assessments are designed to provide reassurance that its member companies have a demonstrable level of assurance that they can provide their own clients with a robust assessment of their security posture.

This is particularly relevant to the financial services industry, which is digitising as rapidly in the global south as it is in the world’s most advanced economies. In many countries, organisations are skipping straight to mobile banking as 4G networks are often far more reliable and widespread than fixed ones.

The Bill and Melinda Gates Foundation has – as previously reported – been working extensively to improve access to financial services among some of the world’s most disadvantaged people.

Crest said that while robust growth, adoption and usage of digital financial services by people who were previously unbanked helped provide the means to participate in the formal financial sector, capture income generating opportunities and smooth consumption through access to savings and other financial products, this also introduced new cyber risks that must be managed.

“Every country across the world is under increasing threats from cyber crime. This project will help build stronger cyber security capacity in eight fast-developing countries,” said Crest president Ian Glover.

“The grant is recognition of the work Crest has already done in the UK and other countries such as Australia, Singapore, Malaysia, Hong Kong and North America. It will support a dedicated research capability within Crest and help to build a robust model that can also be applied to other regions,” he said.

Crest will use its funding in part to support threat intelligence-led system penetration testing through its ecosystem of trusted accredited providers, raising standards, defining measurement frameworks and improving security capability and consistency for financial services organisations.

It will also work with a number of local regulators to promote a more secure and resilient digital infrastructure for banking and financial services, advising on local standards for testing and securing critical national infrastructure, building on work already done in countries such as Canada, Singapore, the UK and US.

Finally, it will help to build the capacity of local private sector cyber security companies to deliver managed services in accordance with globally accepted standards and processes through Crest’s training and accreditation programmes.

The ultimate goal will be to help both the security industry and the financial industry professionalise and mature in the scheme’s target countries, which are Bangladesh, Ethiopia, Indonesia, Kenya, Nigeria, Pakistan, Tanzania and Uganda.

The funding will run for the next two years, beginning with a period of research and market analysis phase for each target country.

Crest said it hoped to establish five or more accredited member companies in each market, and deliver 100 fully funded exams for cyber security professionals, 200 more with 50% funding.