Peter Macdiarmid/Getty Images
show image

Sooraj Shah

Contributing Editor

Sooraj Shah is Contributing Editor of New Statesman Tech with a focus on C-level IT leader interviews. He is also a freelance technology journalist.

Why Berry Gardens opted for machine learning to secure its IT

Berry Gardens is the UK’s leading berry and stone fruit producer. It supplies the likes of Waitrose, M&S, Sainsbury’s and Aldi, with a market share of 30 per cent and sales of £346m in 2017. The organisation acts as a middle man between farmers and retailers, and it works with farmers from the South Coast, to Wales and all the way up to Aberdeenshire in Scotland.

But despite the company’s success, it is still a relatively small operation; it only has 150 employees, and James Judge, IT manager, controls all of the organisation’s IT, with help from two other members of staff. Together, they look after the systems, IT security, networking, as well as the R&D into artificial intelligence and forecasting for crop production.

For an organisation that is in operation 24-7, 364 days of the year – with only Christmas Day off – this is a big ask, particularly considering that the strawberries and bananas that a consumer picks from a retailer today were harvested only two days prior.

“The supply chain is very fast, we have to make sure we’re in control because when you’re working in the food supply business, there’s massive pressure and constraints around costs,” Judge tells NS Tech.

As a result of the importance of fresh produce, the organisation is an attractive target for cyber-criminals that want to make their mark on the retail sector, particularly during the summer season. With limited resources, Judge and his team do the best they can on endpoint protection and networking, as well as an aggressive patching and maintenance cycle.

“I’m not naïve to think that’s enough – the companies that are being compromised in most cases are not those that have a lack of resources or knowhow but it’s just as a result of criminals being smart, having a lot of resources and time to be able to carry out attacks,” he says.

As Berry Gardens does not have a dedicated team or individual for IT security, the company tries to incorporate security into everything it does.

“We do penetration testing with third parties for example, who come in and hack the network. However, that’s just a snapshot in time, and I believe it’s a matter of when we’ll be hacked rather than if we’ll be hacked,” he says.

As a result, the company has selected Darktrace to help to keep its IT secure.

“As well as being a compelling solution at the right price, Darktrace is almost an extra pair of hands. The machine learning application delivers because it inspects every single packet and lets me knows what’s happening on my network,” Judge explains.

“It’s the thing you want whispering in the back of your head if something looks weird and asks if you’re happy with it. The great thing is, if there’s any question about whether I’m happy with it or not, I can click a button and stop that traffic – it might not be fast enough to stop an immediate incursion but it’s fast enough to stop the propagation across the network and that’s what worries me the most,” he adds.

If an attack was to spread and caused business downtime, it could have a huge impact on Berry Gardens.

“Whether it’s our email, phone system, or core ERP, it would have a huge knock-on effect, which could mean we couldn’t service our suppliers or serve our customers,” he adds.

Unlike many businesses, it is downtime rather than data that Berry Gardens is worried about the most.

“We’re not a British Airways or Facebook, we’re not a commodity, so we don’t have terribly interesting data, and the market moves quickly so even if sales information was stolen this week, it doesn’t really give anyone a competitive advantage,” Judge says.

As well as some of the core IT elements, the business also trials robotics and automation technologies, and Judge believes Darktrace can also help here, as many of these new technologies, including IoT, are muddled with vulnerabilities. The implementation means that Judge and his team can feel more secure when it comes to new technologies, as well as ensuring that the existing IT infrastructure is not compromised.