Virtualstock integrates integrates Orpheus Cyber Risk Rating score onto retail platform
Virtualstock is extending its partnership with Orpheus Cyber, a cyber-threat intelligence and cyber risk management company offering a Cyber Risk Rating, to its retail sector solutions following a successful collaboration across its health platform.
Orpheus’ Cyber Risk Rating platform collects data and information about the threats and vulnerabilities that companies face to provide an accurate Cyber Risk Rating of 1-999, with 999 indicating the highest level of cyber risk. The platform looks at the supplier’s online presence to determine how vulnerable this is to cyber attack.
The technology has already been made available to the 140 NHS Trusts using Virtualstock’s health platform, The Edge4Health™, to ensure the security and integrity of suppliers serving NHS trusts. Because cyber security is a key issue for suppliers and increasingly a factor in purchasing decisions, Virtualstock has extended its partnership to cover its retail supply chain platform, The Edge™.
Orpheus’ technology gives all suppliers a cyber security rating, which can be viewed by their retail customers. Suppliers are able to access reports that provide them with a detailed explanation of their specific threats and live attack surface vulnerabilities. The report also shows suppliers how to reduce their issues, improve their security and prevent them from being the weak link in the supply chain.
Vendors using Virtualstock’s platform have visibility over these ratings in real time and can ultimately choose not to trade with suppliers with poor ratings until they take steps to enhance their security. The integration of this technology means companies can make risk based-sourcing decisions, alongside the time and cost saving benefits already received.
Have you considered risks facing your business?
You might ask what this has to do with you as a marketplace merchant and the answer is that if you are trading on Edge4Health then it’s critical as NHS Trusts looking to secure PPE supplies won’t want to source from you if your score is low. In the wider context it’s useful to look at the metrics that businesses are scored on and consider how robust your own business is.
And it’s not just your business to be concerned about, you should also consider the Cyber Risk Rating of your suppliers and partners. What would you do if one of your supply chain vendors was compromised or perhaps even worse if there was an attack on one of the software vendors your business relies on?
Cyber Risk Rating assessment factors
Factors in the vulnerability component of the Cyber Risk Rating assessment include:
- If they have known software vulnerabilities (CVEs) on their estate, including critical severities that are most frequently targeted by adversaries
- Any evidence of prior compromise of the organisation
- Whether email domains are properly secured
- If the email addresses or credentials of their employees are available on the deep and dark webs
- If they have sensitive technologies or services accessible to the internet, which are often targeted by cybercriminals
- If they have other cyber hygiene failings that are indicative of a weak security posture
- If cybercriminals or hacktivists on the deep and dark webs have expressed an interest in targeting the organisation
Orpheus’ Cyber Risk Rating also looks at the specific threats a company faces, based upon:
- What they do – their industry sector and sub-sector
- Where they do it – the geography and jurisdiction in which they operate
- How they do it – the technology they use
- If adversaries are exploiting their vulnerabilities in live campaigns
“The key to reducing your cyber risk rating is by adopting a threat-led approach, and looking at your organisation from an attacker’s perspective.
Understanding how your organisation looks from the outside has been doubly important since the changes forced upon organisations since the pandemic. For example the rise in flexible working has increased the potential attack surface due to an increase in the use of remote working technologies, such as VPNs.”
– Oliver Fairbank, Head of Analysis, Orpheus Cyber