How attackers infiltrate the supply chain & what to do about it

Attackers today are getting increasingly creative with how they target organizations, often utilizing the supply chain as a point of ingress — exactly the kind of thing that keep security pros up at night. Rather than attack their targets directly, attackers today are perfectly happy to compromise one of their third-party providers and accomplish their end goal that way.

Whether it’s a hardware provider further down the supply chain, a software provider that the organization outsourced some added features to, or a service provider, all can represent a potential point of entry. This dramatically changes the attack surface for the typical enterprise and, with recent highly publicized breaches such as ASUS and Docker, is negatively impacting once-inherent trust in the supply chain.

Recent attacks have even targeted patching processes and software updates, leveraging the very means by which organizations protect themselves against potential threats.

Read entire post How Attackers Infiltrate the Supply Chain & What to Do About It | Shay Nahari | DarkReadings
Advertisements

The importance of Business Continuity in developing a more resilient Supply Chain

There is an increased understanding that it is a necessity to fully involve the entire Supply Chain in the Business Continuity Management System of an organization.

Fully including the Supply Chain in the company’s Business Continuity Management System helps safeguard the ability to meet those expectations

Customers expect products and services to be delivered as agreed upon. Fully including the Supply Chain in the company’s Business Continuity Management System helps safeguard the ability to meet those expectations.

The Supply Chain Continuity training helps you do just that!

This two-day training will allow participants to explore and understand the ways Supply Chain Management and Business Continuity Management need to work together to create a more resilient organization.

This training is fully compatible with Business Continuity Management best practices and internationally recognized standards ISO 22301 (Societal security – Business Continuity Management Systems – Requirements), ISO 28000 (Specification for Security Management Systems for the Supply Chain) and ISO 31000 (Risk Management – Guidelines, provides principles, framework).

Audience

This course is designed for all involved in Supply Chain Management who wish to better understand the concepts related to Business Continuity Management and Risk Management. This course is also for those seeking a more in-depth understanding of Supply Chain Continuity planning:

  • All those involved in Supply Chain Management wishing to better understand Business Continuity Management and Risk Management concepts
  • Business Continuity managers and team members
  • Project managers and consultants involved in the implementation of a complete BCMS
  • Risk managers
  • Auditors and compliance managers
  • Anyone seeking a more in-depth understanding of Supply Chain Continuity planning

Objectives

  • Explore the shared interests of Business Continuity and Supply Chain Management
  • Understand the importance of Business Continuity in developing a more resilient Supply Chain
  • Understand the importance of full inclusion of the Supply Chain in Business Continuity planning
  • Identify ways to avoid risky suppliers, vendors, and outsourcing companies

BCM Supply Chain Continuity training schedule

Click the table below to see our complete training schedule

supply chain continuity training schedule

Three steps to managing bonded inventory through Brexit disruptions

The prospect of future disruptions in the supply chain brings diverse risks to the operation of businesses, especially to inventory management. The approaching Brexit deadline raises the imminent question how businesses can effectively continue to finance and distribute their inventory within the European continent.

While the renegotiation of the U.K.-EU relationship will most likely take several years, European distributors have to assess their current inventory management to mitigate future disruptions.

European distributors have to assess their current inventory management to mitigate future disruptions

There is no doubt that the political landscape will continue to change, and this goes hand-in-hand with a growing trade volume due to the growing e-commerce market. In order to serve the European Market effectively, managing the availability and allocation of inventory becomes vital to reduce overall costs, improve cash flows, and bring more agility to supply chain operations.

Read entire post Three steps to managing bonded inventory through Brexit disruptions | Kjell Bornkamp | SupplyChainBrain

Ships and Maritime technology (TC 8)

Over the past few years, the tides of the maritime industry have been changing. There’s a push for safer, smarter, more environment-friendly and energy-efficient sea transport. Discover how ISO standards are redefining how the industry works.

Extreme cold weather continues to impact UP Express, GO Transit, TTC service

Service disruptions persist on the Union Pearson Express, GO Transit and the TTC’s Line 3 due to the extreme cold weather.

A number of UP Express trains were cancelled early Thursday morning as a result of equipment issues. The entire line had to be closed for several hours before it reopened with limited service at noon.

The same problem occurred Wednesday evening which caused trains from Union Station to Toronto Pearson Airport to shut down.

Read entire post Extreme cold weather continues to impact UP Express, GO Transit, TTC service | David Shum | Global News

Amazon knocked off top of UK consumer poll once ethics considered

Amazon has slipped down a list of companies ranked by customer satisfaction after consumers were asked to consider ethics when rating brands.

The online retailer, which became the world’s most valuable listed company earlier this month, had taken the top spot in the last six published biannual UK Customer Satisfaction Indexes (UKSCI). But it slipped to fifth place, with a score of 85.4 out of 100, after the Institute of Customer Service (ICS) added new categories, including an ethical dimension to the poll of 10,000 consumers.

Amazon has previously faced high-profile criticism over the working conditions experienced by its employees and its relatively meagre tax contribution in the UK.

Read entire article Amazon knocked off top of UK consumer poll once ethics considered | Rob Davies | The Guardian

MSC Zoe: Islands hit as 270 containers fall off ship

As the extent of pollution became clear on five islands including Terschelling, coastguards searched the North Sea for missing containers.

The cargo fell off the MSC Zoe near the German island of Borkum, but the tide carried many of them to the south-west. Initial images showed children’s toys and TVs on Dutch beaches.


Explore the shared interests of Business Continuity and
Supply Chain Management with ContinuityLink’s
Supply Chain Continuity training >

But officials said three containers carried toxic substances, and Dutch and German coastguards warned local people to steer clear of them. One of those containers had a cargo of peroxide powder, and a 25kg bag of the chemical was found on the island of Schiermonnikoog on Thursday, along with several containers and their contents.

Read entire post MSC Zoe: Islands hit as 270 containers fall off ship | BBC News

A Supply Chain Christmas Wishlist for 2018

From Amazon not taking over the world to more practical supply chain research by academics, Dan Gilmore offers Santa his list.

For the past many years, for my last First Thoughts column of the year I have generally been oscillating between my versions of “A Supply Chain Christmas Carol” and “Twas the Night Before a Supply Chain Christmas,” updated as appropriate from year to year.

Occasionally I also throw in a supply chain Christmas list that I hope Santa might deliver in the coming year. So I decided to offer that list again here in 2018, with a couple of holdovers from the 2016 list, because frankly Santa still hasn’t come through (maybe I am on the naughty list?). It is a short list, but think would have a major impact if Santa could somehow fill up my supply chain stocking.

Would love to hear an item or two on your Supply Chain wish list as well. So here we go.

Read entire article A Supply Chain Christmas Wishlist for 2018 | Dan Gilmore | Supply Chain Digest

To protect your Supply Chain… Purchase your suppliers or create supply partnerships?

For companies that rely on suppliers for critical raw materials, components, or services, there is tremendous dependence on those suppliers to meet the requirements and expectations of the company’s customers and other stakeholders.

One viable strategy that can be used for eliminating this reliance is a supplier buyout, the company buys its supplier. While this may be viewed as extreme, today we are seeing this approach used across a spectrum of businesses and industries.

Lower costs and greater margins

In the case of some companies and some of their most critical and/or risky suppliers, it may be in the company’s best interest. Potential benefits can include lower costs and greater margins, increased quality control, improved logistics and transport, and timely and accurate information flow. Combined, these benefits create a competitive advantage. Acquiring a supplier also results in diversification as the company branches out into new products or services.

A significant added value is the resulting improvement in business continuity management and resilience

A significant added value is the resulting improvement in business continuity management and resilience. Vertical integration eliminates some risks and provides greater control of managing those that remain. The purchasing company now controls the business continuity management system of the former supplier and can set continuity requirements for tier suppliers. The risk of being second, third, or fourth in line when there is a shortage of a critical raw material or component is eliminated. This approach is an even greater benefit when there is no alternate supplier.

Some interesting and informative examples of this strategic supply chain management approach are described in “Luxury Brands Buy Supply Chains to Ensure Meeting Demand” by Mark Ellwood (New York Times, November 15, 2018) and reprinted in The Resilience Post, November 19, 2018.

Two sides of the coin

Yet, as with almost everything in business – as in life – there are two sides of the coin to be considered. Does the company want to take on the risks that will come with an acquisition? Is the company prepared for diversification? Will the result be a less agile organization? A deep dive into the costs vs. the benefits of any acquisition is a must. Acquiring a company requires a significant investment, and financial benefits are not often realized in the short term.

Avoid the old view of a them against us approach. How about working together instead?

The reality is that for many companies purchasing even their most critical suppliers and other supply chain links is not a viable option, and not every supplier is interested in being purchased. In those instances, there are many other effective ways to protect a company’s supply chain, and the most effective of these is partnering with suppliers and developing collaborative, mutually beneficial relationships. In these partnerships, supply chain continuity challenges cannot only be resolved by cooperative planning and response, they can often be prevented with collaborative mitigation. Avoid the old view of a them against us approach.  How about working together instead?

Avoid the old view of a them against us approach. How about working together instead?

A win-win for all concerned

Take a more strategic, not a reactive, approach to supplier management. Provide your suppliers with knowledge about your company, its products and services, how it functions, its business continuity management system, your expectations of them, ethical and sustainability standards, and future plans. At the same time, seek to learn the same information about your suppliers. Build a mutual understanding of upstream, internal, and downstream risks that threaten the supply chain. While this approach does require an investment of resources, the return is long-lasting, trusting relationships that, over time, will lead to a more effective supply chain, a win-win for all concerned.

In most cases, while the customer is at risk from its supply chain, the suppliers are equally at risk from their customers

If purchasing suppliers is not in your company’s future, strive to establish and create improved working partnerships with suppliers and all other links in your supply chain to better understand each other’s risk management challenges and capabilities and to collaborate on business continuity strategies and plans. Customer-supplier relationships are interdependent. In most cases, while the customer is at risk from its supply chain, the suppliers are equally at risk from their customers. In ideal supply chain relationships, both customers and suppliers seek to build a connection and communication channels that allow the open exchange of information. This includes collaborative efforts to lower costs, improve quality, mitigate supply chain risks, and provide mutual assistance at the time of an actual disruption or disaster.

In ideal supply chain relationships, both customers and suppliers seek to build a connection and communication channels that allow the open exchange of information.

Strategic approach to Supply Chain Continuity

Begin by ensuring that suppliers know and understand your business continuity goals and requirements. Take a collaborative strategic approach to supply chain continuity. Host or attend a supply chain continuity training where suppliers’ continuity and supply representatives join their counterparts from your organization to learn, brainstorm, and begin the process to build mutually beneficial supply chain continuity strategies to better manage risks that pose a threat to the supply chain. Don’t overlook other supply chain links such as logistics, transport providers, outsourcing companies, and contractors.

Don’t overlook other supply chain links such as logistics, outsourcing companies, and contractors.

Participate in one another’s business continuity exercises. Strive to mutually design resilient supply chain strategies. Everyone wants to operate profitably in today’s supply chain environment, and every link in the chain has a vested interest in improved business continuity capabilities that reduce unnecessary and potentially lengthy business interruptions. When there is a stronger, more resilient supply chain, everyone benefits.

Although any move to a partnering approach to building relationships and working with suppliers and other supply partners, compared with the more traditional dictatorial and adversarial tactics, may well require a significant shift in mindset for some, it will benefit the customers and the suppliers and their stakeholders – and create more resilient organizations.

Luxury Brands Buy Supply Chains to Ensure Meeting Demand

In the last six years, David Duncan has been on a buying spree. This Napa Valley-based winemaker and owner of Silver Oak Cellars hasn’t been splurging on fast cars or vacation homes, though.

He’s been buying up vines — close to 500 acres in Northern California and Oregon. It’s been a tough process, at times: He almost lost one site to a wealthy Chinese bidder. It was only when he raised his offer by $1 million that he clinched the sale at the last moment.

At the same time, Mr. Duncan also took full control of A&K Cooperage, now the Oak Cooperage, the barrel maker in Higbee, Mo., in which his family had long held a stake. These hefty acquisitions are central to his 50-year plan to future-proof the family business against a changing luxury marketplace.

As Mr. Duncan realized, this market faces what might seem an enviable problem: a surfeit of demand for its limited supply. The challenge the winery will face over the next decade is not marketing, or finding customers, but finding enough high-quality raw materials to sate the looming boom in demand.

Read entire article Luxury Brands Buy Supply Chains to Ensure Meeting Demand | Mark Ellwood | The New York Times

The Halloween Supply Chain

Halloween is a mere one weeks away, and the shopping season is in full swing. And by “in full swing,” I mean that consumers are spending big bucks on all the Halloween essentials.

According to the National Retail Federation’s (NRF) annual survey conducted by Prosper Insights & Analytics, Halloween spending is expected to exceed $9 billion.

Understand the importance of Business Continuity in developing a more resilient Supply Chain >With more than 175 million people planning on celebrating the holiday this year, that equates to an average spend of $86.79 per person, which is up about 60 cents over last year. As consumers get ready to dish out money on costumes, candy, decorations, and greeting cards, the Halloween supply chain is busy.

The NRF is projecting total Halloween spending to reach $9 billion this year in the US. For the 175 million consumers that plan to celebrate the holiday, 95% will buy candy, 74% will buy decorations, 68% will buy costumes, and 35% will buy greeting cards.

> Read entire article The Halloween Supply Chain | Chris Cunnane | Logistic ViewPoint

 


How can businesses prepare their supply chains for Brexit?

As a member of the EU, trade between the UK and the continent has been relatively simple: free movement has enabled EU-based supply chains to operate without tariffs, bottlenecks or delays at the border to consider – but in six months that will change.

Preparing for Brexit without any concrete or specific guidance from the government is a significant challenge, and all firms who rely on imports and exports to and from the EU must prepare for a range of wildly varied scenarios.

From ‘no deal’ to a positive outcome for UK trade to the possibility of a People’s Vote that may or may not include the option of undoing the whole process, it is impossible to know what form a supply chain framework will take in six months’ time.

> Read entire article How can businesses prepare their supply chains for Brexit? | Supply Chain Digital