Cyber specialist out to detect supply chains’ weakest links
When Kaseya, a Miami-based software supplier, was hit by a cyber attack in July last year, it was not just a problem for the company itself. The hackers also managed to gain access to Kaseya’s customers and, after that, those customers’ own clients. Around 1,000 companies were affected in all. One of them — a Swedish grocery chain — had to close hundreds of stores. This is not an isolated example. IT security breaches via corporate supply chains are a worry for all technology managers — and one that UK cyber security group Risk Ledger is trying to address. The company, founded in 2018, aims to show businesses exactly how secure their supply chains are. “The supply chain is a very complex environment,” says Haydn Brooks, co-founder and chief executive of Risk Ledger. “We need to solve companies’ problem of understanding the security of their immediate suppliers.”
Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email email@example.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
Risk Ledger’s core product is a “map” that gives companies an easy way to look at the cyber security status of all their suppliers. Those suppliers, often under the terms of their contracts with their clients agree to upload details of their security systems to Risk Ledger and to notify it of any changes. If Risk Ledger detects potential problems, action can be taken to fix them. The database is updated continuously, avoiding the need to reassess the supplier’s security every year, or every time the contract is renewed. As more companies sign up, Brooks is hoping for a network effect. “The very first basic concept was to have a social network,” he explains. “If we can have a social network that allows me, as a user, to understand your security and then allows you to do the same with other users, we can use that social network . . . to map out connections between companies. And we can use that in a way that protects the entirety of the network.” This could help suppliers as much as the customers that encouraged them to sign up in the first place, Brooks argues. Suppliers can connect with other companies that are already in the system, allowing Risk Ledger to help them cut down on the paperwork, as they will not have to tell all their clients separately about their security status every year. More than 2,500 organisations have shared their supplier profile, the company says, including 12 FTSE 100 companies.