The adage “a team is only as strong as its weakest link” resonates profoundly within today’s complex supply chains. The rising frequency of cyberattacks in supply chains – a trend highlighted by Gartner’s prediction that by 2025, nearly half of all organiszations will experience attacks through their software supply chains – underscores this vulnerability.
A stark illustration of this emerged in June when the hacker group cl0p infiltrated the file transfer tool MOVEit, exposing the personal data of 40 million individuals from companies like the BBC, British Airways, and Boots. The aftermath of this breach revealed a significant gap in supply chain security. Despite a remedying software patch being made available the next day, the inability to easily identify whether your organisation was exposed left many companies open to attack for far longer than necessary.
In the era of cloud technologies, open-source software, and third-party APIs, hackers increasingly exploit the weakest links in supply chains to access high-value data. This evolving threat landscape necessitates a shift in how companies approach supply chain security.
Traditional methods, often limited to static data capture at the time of supplier onboarding, are no longer sufficient. Today’s Chief Information Security Officers (CISOs) demand more dynamic, proactive and interconnected cyber security solutions that ties into the evolving Continuous Threat Exposure Management (CTEM) program methodology. This is where Risk Ledger comes in.
Co-founded in London by Haydn Brooks and Daniel Saul, who brought their expertise in cyber risk consulting, Risk Ledger offers an innovative platform for supply chain security. It allows organiszations to conduct comprehensive security assessments across their entire supply chains, giving further insight into an organisation’s cyber resilience and attack surfaces. More interestingly, it offers an innovative social network approach to supply chain risk management, allowing organisations to use the platform as both clients and suppliers, able to share with connected organisations a single profile of their controls across 12 security domains, including ESG and financial risk. This reveals relationships in many directions and allows for a unique visualisation of the entire supply chain ecosystem, and the uncovering of critical interdependencies, concentration risks and single points of failure well beyond immediate third-party connections. It also results in more accurate and real-time data, giving organisations the ability to make better decisions to proactively protect their business from supply chain threats. This model streamlines information exchange among all network participants, significantly enhancing transparency and responsiveness to potential compromises.
Our decision to lead Risk Ledger’s recent £6.25 million funding round was driven by our belief in their vision and proven ability to execute on it. The investment will accelerate the next phase of their product development and facilitate expansion into the US and European markets.