Hacked! Five things that happen when supply chains are breached

Sony, Target, Staples, Home Depot and JPMorgan Chase all know a thing or two about the negative fallout of a cyberattack. These companies were all hacked in 2015, leaving the intellectual property compromised and their customers’ sensitive information at risk.

Many of these companies were hacked through exposures within their supply chains. So what are the consequences to supply chain failure that can leave your company vulnerable to hackers looking to steal your vital information?

Financial exposure

If your provider’s supply chain is breached due to a lack of security, your customer data and sensitive product and corporate information can be stolen, leading to massive legal and financial expenses that could cost you millions of dollars. Your company can be sued by customers and employees for damages if their personal information was compromised. There are also fines that can be imposed for mishandling financial and health-care records.

Loss of intellectual property

Your suppliers have access to your intellectual property. A gap in security protocols could expose your competitive secrets to the world. Customer lists, business plans, financial records, marketing initiatives and email records are all mission-critical. Losing that data, having it corrupted or having it slip into the hands of a competitor could cripple your organization.

Brand and reputation corruption

A hacker who gets hold of your sensitive information can wreak havoc on your brand by taking down websites, posting false information and emailing your customer base with phishing scams, to name a few. Customer trust takes time to build and a breach can cause a major setback that results in lost costumers who never return, costing you long-term revenue losses and reduced market share.

Lost stakeholder confidence

Investors, partners and shareholders have all staked a claim in your success. A hack that leaves your business vulnerable or puts these high-level influencers at risk can cause these partners to pull up stakes if they don’t think you have a secure approach to your operations.

Interruption of business operations

A supply chain hack that leads to product tampering poses the risk that that product will fail to deliver the reliability expected. If the computers you ordered are tampered with, they can fail at any time, leaving your business without the systems it needs to perform work. Computers infected with Trojan horses, spyware or other malicious code can cause networks and mission-critical operations to go down, with business as usual being suspended until repairs can be made.

Supply chain risk management that protects you from hackers begins and ends with a strong and secure chain of custody. Learn more and discover how CyberCore delivers computers, workstations and laptops with a secure supply chain that protects your business from a risky purchase.


Strong supply chain security: Three top reasons you need it now

There’s no doubt about it—today’s globalized, Internet-driven supply chains are built for cost efficiency and optimized for speed. Yet while modern supply chain proficiencies improve product cost and quality, they also can put your IT purchase at risk if your provider has weak supply chain protocols.

So what are the three biggest supply chain threats that could put your IT purchase at risk?

  1. Physical security of warehouse and integration sites, transportation, internal personnel and third-party subcontractors
  2. Operational security, including procurement, system configuration, software loading, verification, transportation and delivery
  3. Logical security of hardware, software, network components and devices


Facility breaches threaten product quality

The physical security of supplier facilities can be an easy entry point for product tampering, theft or cyberattack. It’s also difficult to manage because the facilities are populated with personnel and contractors who are invited in. These individuals can easily gain access to your hardware and software components at the integration level. Your IT supplier should have a policy of physical security to safeguard facility entry and workspaces. This should include monitored building security, exterior cameras, interior cameras, motion sensors, alarmed doors, 24/7 security details, and zoned access with badge readers that limit access to sensitive integration areas based on roles.


Operational disruptions derail product confidence

Chances are many of your components are imported from overseas suppliers that may or may not have supply chain security. This expansive operational network opens the door to malicious corruption, counterfeit components, gray-market products and potential delivery disruption. Business continuity and secure operations must be established throughout this expanded operational framework and  accommodations must be made for region-specific risk. For confidence in your product purchase, choose a supplier that has a tightly integrated security approach that audits and documents the chain of custody from inception to disposal. Transportation disruptions can result in damaged, compromised or counterfeit product outcomes, but shipment tracking, tracing, event logs and time stamps from dock to door can mitigate risk along the way.


IT failures compromise product reliability

Logical security secures computers, software, networks and mobile devices that are used for supply chain collaboration, communication and production. Vulnerability points can include caching issues, data leakage, JavaScript vulnerabilities, and verifying the security of software applications that manage critical information, from product designs to price lists. Your supply chain partners should have strong logical security protocols to stop breaches and hacks from compromising your devices. This includes firewalls, intrusion detection and monitoring, along with scanning of all drives, software and media before they’re loaded into the system.

CyberCore has over 15 years of experience securing supply chains for quality, confidence and reliability, with an ISO 28000-certified framework that mitigates purchase risk for your organization.

Download the CyberCore Risk Infographic to learn how we mitigate more risk in more places.


Strong Supply Chain Security

Three top reasons you need strong Supply Chain Security now

There’s no doubt about it—today’s globalized, Internet-driven supply chains are built for cost efficiency and optimized for speed. Yet while modern supply chain proficiencies improve product cost and quality, they also can put your IT purchase at risk if your provider has weak supply chain protocols.

So what are the three biggest supply chain threats that could put your IT purchase at risk?

  1. Physical security of warehouse and integration sites, transportation, internal personnel and third-party subcontractors
  2. Operational security, including procurement, system configuration, software loading, verification, transportation and delivery
  3. Logical security of hardware, software, network components and devices

Facility breaches threaten product quality

The physical security of supplier facilities can be an easy entry point for product tampering, theft or cyberattack. It’s also difficult to manage because the facilities are populated with personnel and contractors who are invited in. These individuals can easily gain access to your hardware and software components at the integration level. Your IT supplier should have a policy of physical security to safeguard facility entry and workspaces. This should include monitored building security, exterior cameras, interior cameras, motion sensors, alarmed doors, 24/7 security details, and zoned access with badge readers that limit access to sensitive integration areas based on roles.

Operational disruptions derail product confidence

Chances are many of your components are imported from overseas suppliers that may or may not have supply chain security. This expansive operational network opens the door to malicious corruption, counterfeit components, gray-market products and potential delivery disruption. Business continuity and secure operations must be established throughout this expanded operational framework and  accommodations must be made for region-specific risk. For confidence in your product purchase, choose a supplier that has a tightly integrated security approach that audits and documents the chain of custody from inception to disposal. Transportation disruptions can result in damaged, compromised or counterfeit product outcomes, but shipment tracking, tracing, event logs and time stamps from dock to door can mitigate risk along the way.

IT failures compromise product reliability

Logical security secures computers, software, networks and mobile devices that are used for supply chain collaboration, communication and production. Vulnerability points can include caching issues, data leakage, JavaScript vulnerabilities, and verifying the security of software applications that manage critical information, from product designs to price lists. Your supply chain partners should have strong logical security protocols to stop breaches and hacks from compromising your devices. This includes firewalls, intrusion detection and monitoring, along with scanning of all drives, software and media before they’re loaded into the system.

CyberCore has 17 years of experience securing supply chains for quality, confidence and reliability, with an ISO 28000-compliant framework that mitigates purchase risk for your organization.

Download the CyberCore Risk Infographic to learn how we mitigate more risk in more places


What is cSCRM and Why Should I Care?

Welcome to CyberCore’s New Blog: Cyber, Before the 1s and 0s!

My name is Brett Bennett and I am the Director of Cyber Supply Chain Security at CyberCore Technologies (CyberCore). I’m a self-proclaimed process “geek” who has over 20+ years of experience leveraging technology to drive operational efficiencies. The primary goal is to deliver a product or service with the greatest efficiency, at the lowest possible cost, and ensuring standards compliance without compromise. Throughout my career I have had the opportunity to work in all stages within the supply chain, from procurement to delivery and currently manage CyberCore’s alliance partner network comprised of hundreds of suppliers and manufacturers.

So who is CyberCore and where does Cyber Supply Chain Risk Management (cSCRM) fit into the equation?

Founded in 2000, CyberCore Technologies is the leading provider of Secure Supply Chain Management and Cyber Solutions focused on protecting our customer’s environment from external and internal threats.  Leveraging ISO 28000 and ISO 20243 certified supply chain security processes, CyberCore provides Value Added, Managed, and Professional Services to ensure all end-user services are secure and trusted.

Throughout the product acquisition lifecycle, CyberCore provides value added services including asset tagging, testing, smart-boxing, secure packaging, and secure delivery of IT equipment and rack-based systems leveraging ISO certified processes and procedures to reduce the likelihood of delivering counterfeit or tainted products to a customer. CyberCore’s Managed Services optimizes your infrastructure, provides proactive device management, and optimizes business processes to save you money and reduce waste. CyberCore’s professional services is comprised of over 300 cleared personnel with concentrations in many technical disciplines including engineering and operations, networking, software engineering, and cyber security. CyberCore has delivered over $ 2 B of IT product and 700+ system builds for core mission IT infrastructure for government and commercial clients.

As the industry has evolved, CyberCore’s focus on security in the supply chain has evolved with it. Supply Chain Risk Management (SCRM), primarily referred to resiliency within your supply chain, ensures delivery of products and services at competitive cost without disruption or compromise. Over the last decade however, SCRM within the IT industry, has evolved dramatically. The rapid growth and adoption of technology has led to increasing amounts of product outsourcing and innovation to develop technology at increasingly competitive cost points.  While this diversity enables technology innovation at lower cost, it also increases vulnerability to malicious influence.  In today’s world, the Internet of Things (IoT) opens a potential pathway for attackers to touch all aspects of our life including personal data, financial & healthcare industries, and even national security. The risk is growing exponentially from an ever-increasing web of global suppliers and manufacturers. While statistics vary,  as many as 40% of cyber-attacks have originated through infiltration of the supply chain. As a result, system integrators, value added resellers, and equipment manufacturers must address Cyber Security throughout the supply chain. With over 17 years of experience in IT supply chain, ISO 28000 (Secure Supply Chain Risk Management) and ISO 20243 (Mitigating Maliciously Tainted and Counterfeit Products) certifications, CyberCore has a mature Cyber Supply Chain Security program to focus on this mounting risk.

Processes, standards, legislation, and opinions published since 2002 on supply chain risk management and security are broad and at times difficult to navigate. One of the goals of this blog is to bridge the gap between boring boiler plate content and something that is more engaging.

Depending on your role within the supply chain, priorities and your ability to control influences will vary greatly. Forming a common opinion or standard supply chain risk management program from all available data and viewpoints is a significant challenge. Using this blog as the vehicle, I look forward to sharing information I come across as it relates to the IT industry, supply chain risk management and cyber supply chain security. I will share what it takes to implement supply chain risk management standards, how will they affect your business’ ability to control cost and still meet Service Level Agreements (SLA), how it will make a difference, and discuss different implementation strategies.

Please don’t be shy to share ideas on topics you would like to see discussed on CyberCore’s social media platforms linked below!

All the best…Brett