If a company is hit with a major cyberattack, it may not be the only one that suffers. An organization's customers may also be vulnerable, and these attacks are hard to defend against.
They are called supply chain attacks, in which, by attacking one major supplier, the hackers can reach its customers through striking less secure elements in a supply chain. One example is the cyberattack against the Israeli company Voicenter last month, which was hit by a group of foreign hackers. The cloud-based call center service provider counts companies like MobileEye, eToro, Check Point and Similar Web among its clients.
One hacker posted online that he is offering to sell some 15 terabytes of information from the company’s servers, including recordings of calls with customers in various languages. Some experts believe that Iran may have been involved in the attack.
Voicenter is not the only firm that has faced this threat. Companies find it difficult to control its numerous suppliers and ensure that they maintain an appropriate level of security.
Enter Panorays, an Israeli cyber company that defends an organization's supply chain from threats. “When we ask organizations ‘how many suppliers do you have?’ the answer is generally ‘a lot,’” says Demi Ben-Ari, Panorays’ cofounder and chief technology officer. “They have no idea. But it can be thousands, and sometimes, more than 10,000 different suppliers.”
The system, as it stands now, is taxing and convoluted. If a large organization like a bank wants to add a new supplier, it sends the company a long, exhausting questionnaire about its information security arrangements. Panorays CEO and cofounder Matan Or-El explains that such forms are usually written in Excel or Word, and involve hundreds of questions. "I think the average number is 192 questions per questionnaire,” he says
Panorays automates this entire process. “First, a supplier who joins through us once doesn’t have to answer all the questions again," Or-El says. Second, during the process of joining, it provides us with its primary domain, and we check all the supplier’s assets and all its vulnerabilities using well-known tools or tools developed by the company. We put those findings together with the organization’s policy and the customer’s appetite for risk – what it’s willing to accept and what it isn’t.”
- Experts: Iran May Be Behind Cyberattack on Company Serving Israeli Tech
- In First Massive Cyberattack, China Targets Israel
- 'Iranian Attacker Impersonating Russians': Inside Recent Attacks on Israel
“We also shorten the process for the service recipient,” he added, “because instead of reading all the questionnaires and wasting time – and that’s a process that takes on average nine weeks – a supplier can be added quickly. Once it is added, there’s an ongoing process of monitoring the supplier, and if a vulnerability emerges, we inform them.”
The company’s business model is based on issuing licenses to use based on how many suppliers the customer has.
Panorays was founded in 2016 and anticipates rapid growth. “We have hundreds of customers, mainly in the U.S., but also in Britain, Switzerland and France,” Or-El said. Its customers include WalkMe, AppsFlyer and Sapiens. It recently raised $42 million in a financing round led by the growth fund Greenfield Partners.
“I can’t specify our exact revenues, but we’ve increased revenues by a factor of five compared to last year,” Or-El continued. “The same goes for employees. Right before the coronavirus started, we had 35. We’d just rented a new 1,000-square-meter office. Now we have 90 employees, and they don’t all have somewhere to sit.”
The company had previously raised $20 million, to which the new $42 million will be added. Aside from Greenfield Partners, participants in the current funding round included the Aleph venture capital fund, the Moneta VC fund, BlueRed Partners and others.