Buyer beware: Do you know how much supply chain assurance is enough?

Supply chain security seemed like child’s play when it consisted of a small handful of companies that operated in a paper- and pen-based world. Then, we didn’t have to worry about supply chains that spanned date lines, time zones and networks.

In today’s global marketplace, supply chains can span dozens of countries and hundreds of suppliers. As a result, supply chain structures and the strategies needed to secure them have changed dramatically. Traditional cybersecurity that’s focused on protecting supply chains from outside attacks doesn’t address 100 percent of the vulnerability. To keep your company safe, you need an end-to-end supply chain solution to guarantee a secure product purchase.

What is supply chain assurance, you ask?

 Supply chain security ensures that the product you order is the one you receive. It provides transparency into supply chain operations and tracks a product through the lifecycle of its development, mitigating the risk of tampering, theft or delivery disruption. The result is a protected and secured environment that delivers a higher level of confidence in product quality. Consider what could happen if you connected a maliciously corrupted PC to your mission-critical enterprise systems. In the worst case, your main system could be hacked and business continuity could be interrupted. If this were to happen, your customers could be impacted and your business put at risk for lawsuits and costly fines.

So how exactly does it work?

Supply chain assurance involves discovering and mitigating vulnerabilities in hardware and software in order to uncover backdoors that can allow an attacker to change how your systems work. To limit these vulnerabilities, you and your suppliers need to discover potential threats as early in the supply chain as possible. Supply chain assurance programs are increasing the flexibility and automation of risk mitigation and helping to satisfy compliance mandates for some regulated industries. The National Institute of Standards and Technology (NIST), for example, has established risk management best practices for federal information supply chains. In addition, the International Organization for Standardization (ISO) has standardized specifications for secure management of supply chain systems.

How much is enough?

The question of supply chain assurance doesn’t necessarily relate as much to the amount of assurance but rather to how widely you are covering the risks associated with your supply chain. A multi-tiered approach that protects facilities, operations and systems is considered a best practice across the board. Protocols should be in place to identify, assess, respond and monitor supply chain risks and penetrations. Risk assessment and risk management processes throughout all phases of your supply chain can reduce the threat of an attacker tampering with devices or introducing counterfeit products.

CyberCore is an HP Platinum Partner that can provide supply chain assurance for your business by thoroughly inspecting each link in the supply chain. Our supply chain approach ensures every component maintains the highest levels of security to satisfy NIST and ISO requirements. Download the brochure to see how we can protect your IT purchase from risk.


Hacked! Five things that happen when supply chains are breached

Sony, Target, Staples, Home Depot and JPMorgan Chase all know a thing or two about the negative fallout of a cyberattack. These companies were all hacked in 2015, leaving the intellectual property compromised and their customers’ sensitive information at risk.

Many of these companies were hacked through exposures within their supply chains. So what are the consequences to supply chain failure that can leave your company vulnerable to hackers looking to steal your vital information?

Financial exposure

If your provider’s supply chain is breached due to a lack of security, your customer data and sensitive product and corporate information can be stolen, leading to massive legal and financial expenses that could cost you millions of dollars. Your company can be sued by customers and employees for damages if their personal information was compromised. There are also fines that can be imposed for mishandling financial and health-care records.

Loss of intellectual property

Your suppliers have access to your intellectual property. A gap in security protocols could expose your competitive secrets to the world. Customer lists, business plans, financial records, marketing initiatives and email records are all mission-critical. Losing that data, having it corrupted or having it slip into the hands of a competitor could cripple your organization.

Brand and reputation corruption

A hacker who gets hold of your sensitive information can wreak havoc on your brand by taking down websites, posting false information and emailing your customer base with phishing scams, to name a few. Customer trust takes time to build and a breach can cause a major setback that results in lost costumers who never return, costing you long-term revenue losses and reduced market share.

Lost stakeholder confidence

Investors, partners and shareholders have all staked a claim in your success. A hack that leaves your business vulnerable or puts these high-level influencers at risk can cause these partners to pull up stakes if they don’t think you have a secure approach to your operations.

Interruption of business operations

A supply chain hack that leads to product tampering poses the risk that that product will fail to deliver the reliability expected. If the computers you ordered are tampered with, they can fail at any time, leaving your business without the systems it needs to perform work. Computers infected with Trojan horses, spyware or other malicious code can cause networks and mission-critical operations to go down, with business as usual being suspended until repairs can be made.

Supply chain risk management that protects you from hackers begins and ends with a strong and secure chain of custody. Learn more and discover how CyberCore delivers computers, workstations and laptops with a secure supply chain that protects your business from a risky purchase.


Strong supply chain security: Three top reasons you need it now

There’s no doubt about it—today’s globalized, Internet-driven supply chains are built for cost efficiency and optimized for speed. Yet while modern supply chain proficiencies improve product cost and quality, they also can put your IT purchase at risk if your provider has weak supply chain protocols.

So what are the three biggest supply chain threats that could put your IT purchase at risk?

  1. Physical security of warehouse and integration sites, transportation, internal personnel and third-party subcontractors
  2. Operational security, including procurement, system configuration, software loading, verification, transportation and delivery
  3. Logical security of hardware, software, network components and devices


Facility breaches threaten product quality

The physical security of supplier facilities can be an easy entry point for product tampering, theft or cyberattack. It’s also difficult to manage because the facilities are populated with personnel and contractors who are invited in. These individuals can easily gain access to your hardware and software components at the integration level. Your IT supplier should have a policy of physical security to safeguard facility entry and workspaces. This should include monitored building security, exterior cameras, interior cameras, motion sensors, alarmed doors, 24/7 security details, and zoned access with badge readers that limit access to sensitive integration areas based on roles.


Operational disruptions derail product confidence

Chances are many of your components are imported from overseas suppliers that may or may not have supply chain security. This expansive operational network opens the door to malicious corruption, counterfeit components, gray-market products and potential delivery disruption. Business continuity and secure operations must be established throughout this expanded operational framework and  accommodations must be made for region-specific risk. For confidence in your product purchase, choose a supplier that has a tightly integrated security approach that audits and documents the chain of custody from inception to disposal. Transportation disruptions can result in damaged, compromised or counterfeit product outcomes, but shipment tracking, tracing, event logs and time stamps from dock to door can mitigate risk along the way.


IT failures compromise product reliability

Logical security secures computers, software, networks and mobile devices that are used for supply chain collaboration, communication and production. Vulnerability points can include caching issues, data leakage, JavaScript vulnerabilities, and verifying the security of software applications that manage critical information, from product designs to price lists. Your supply chain partners should have strong logical security protocols to stop breaches and hacks from compromising your devices. This includes firewalls, intrusion detection and monitoring, along with scanning of all drives, software and media before they’re loaded into the system.

CyberCore has over 15 years of experience securing supply chains for quality, confidence and reliability, with an ISO 28000-certified framework that mitigates purchase risk for your organization.

Download the CyberCore Risk Infographic to learn how we mitigate more risk in more places.


CyberCore Technologies Listed in Maryland Cyber Security Buyer’s Guide

Elkridge, MD, May 4, 2018 CyberCore Technologies has been listed in the 2018 edition of the Maryland Cyber Security Buyer’s Guide. The buyer’s guide is published jointly by the Baltimore Business Journal (BBJ) and the Cyber Security Association of Maryland(CAMI). Maryland is home to many companies with the expertise, team and technologies to assess, identify, and provide the right solutions to protect any business, government entity, nonprofit organization or academic institution in Maryland and beyond. The Maryland Cyber Security Buyer’s Guide (www.MDcyber.com) helps customers identify the best-fit companies to meet direct or indirect cybersecurity needs.

The Maryland Cybersecurity Buyer’s Guide includes a directory of Maryland cybersecurity technology and service providers and an additional directory of companies and organizations providing services to support Maryland’s cybersecurity industry. The 24-page Buyer’s Guide was included in the March 24th issue of the BBJ and will be distributed throughout the year at (CAMI) events and trade shows in which CAMI will be participating.

About CyberCore Technologies
CyberCore Technologies is the leading provider of Secure Supply Chain Management and Cyber Solutions focused on protecting our customer’s environment from external and internal threats. With 17 years of experience, ISO 28000:2007 certified risk management processes, and ISO 20243:2015 certified counterfeit mitigation procedures, CyberCore provides Value Added Services, Professional Services, and Managed Services for government and commercial customers. The company’s success is founded on strong relationships – both with customers and with teammates. CyberCore seeks to first understand, ensuring that solutions not only meet current challenges, but stand the test of time. For further information on CyberCore Technologies, visit http://www.cybercoretech.com.

CyberCore Technologies, LLC. CCT is a registered trademark of CyberCore Technologies, LLC. All rights reserved.


CyberCore Technologies Named One of 2018 Tech Elite Solution Providers by CRN

Elkridge, MD, May 4, 2018CyberCore Technologies announced today that CRN®, a brand of The Channel Company, has named CyberCore Technologies to its 2018 Tech Elite 250 list. This annual list honors an exclusive group of North American IT solution providers that have earned the highest number of advanced technical certifications from leading technology suppliers, scaled to their company size.

To compile the annual list, The Channel Company’s research group and CRN editors work together to identify the most customer-beneficial technical certifications in the North American IT channel. Companies who have obtained these elite designations— which enable solution providers to deliver premium products, services and customer support—are then selected from a pool of online applicants.

CyberCore Technologies espouses a great commitment to viewing their employees as investments and has made many allowances to encourage their appreciation in value. CyberCore sets aside a $5,000 education fund for each employee that can be withdrawn from to pay for any program, class, or conference that would serve to build broaden or deepen their expertise in their unique set of skills. Over 50% of CyberCore staff hold valuable industry recognized certifications that empower them to deliver the excellent services and products that CyberCore is being recognized for.

“Being named to CRN’s Tech Elite 250 list is no small feat,” said Bob Skelley, CEO of The Channel Company. “These companies have distinguished themselves with multiple, top-level IT certifications, specializations and partner program designations from the industry’s most prestigious technology providers. Their pursuit of deep expertise and broader skill sets in a wide range of technologies and IT practices demonstrates an impressive commitment to elevating their businesses—and to providing the best possible customer experience.”

“We are very honored to be named for this award. Over the last five years, CyberCore has focused on employee improvement and cultivation of advanced technical skills and high-level certifications. We put aside $5,000 in a yearly education fund for each employee to pursue valuable technical training and certification opportunities. As a result of this investment, CyberCore is being recognized as the elite technical service provider that we strive to be every day.” says Dr. William Von Hagel, Jr., Sales Operations Director at CyberCore Technologies.

Coverage of the Tech Elite 250 will be featured in the April issue of CRN, and online at www.crn.com/techelite250.

About CyberCore Technologies
CyberCore Technologies is the leading provider of Secure Supply Chain Management and Cyber Solutions focused on protecting our customer’s environment from external and internal threats. With 17 years of experience, ISO 28000:2007 certified risk management processes, and ISO 20243:2015 certified counterfeit mitigation procedures, CyberCore provides Value Added Services, Professional Services, and Managed Services for government and commercial customers. The company’s success is founded on strong relationships – both with customers and with teammates. CyberCore seeks to first understand, ensuring that solutions not only meet current challenges, but stand the test of time. For further information on CyberCore Technologies, visit http://www.cybercoretech.com.

CyberCore Technologies, LLC. CCT is a registered trademark of CyberCore Technologies, LLC. All rights reserved.

About the Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

The Channel Company, LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

The Channel Company Contact:

Kim Sparks

The Channel Company

(508) 416-1193

ksparks@thechannelco.com