subscribe: Posts | Comments | Email

Breaking: Home Depot Data Hackers Gained Access With Stolen Vendor Credentials

0 comments

This evening The Wall Street Journal Technology blog is reporting (paid subscription or free metered view) that the hackers behind the recent massive data and credit card breach at home improvement retailer Home Depot gained access from username and password information stolen from a services vendor. The WSJ cited informed sources as indicating that after two months of investigations, Home Depot was the victim to the same infiltration tactics hackers used in the Target stores data breach that occurred a year ago, namely hijacking the credentials of a contracted services supplier. Once inside Home Depot’s internal systems the hackers reportedly were able to jump the barriers between the peripheral vendor system and the retailer’s more secure retail network by exploiting security vulnerabilities.

It is now believed that 53 million email addresses were exposed in addition to the previously reported compromise of 56 million credit card accounts. The revelation comes after Home Depot recently declared to its customers that its retail systems were now safe.

The timing of this added information concerning Home Depot also comes at an in-opportune time, with the holiday fulfillment season right around the corner.

In our prior Supply Chain Matters commentary related to the Target incident, we noted important ramifications for B2C and B2B customer fulfillment or Omni-channel processes that involve third-party services or supplier vendors.  With this latest revelation that the Home Depot breach indeed succumbed to similar vulnerabilities, retail industry IT and supply chain teams will be under increased scrutiny as to system and information  security practices and vendor access credentials.

Business media continues to note that Target is still trying to bounce back from a loss of consumer confidence, recently announcing the closure of an additional 11 retail stores by February 2015. Today, Target announced the appointment of a Senior Vice President and Chief Risk Compliance Officer reporting directly to Target’s CEO and Chairmen. Jacqueline Hourigan will lead continued efforts to overhaul information security and compliance that umbrellas centralized leadership of enterprise risk management, including vendor management. That model may well be replicated by other large retailers.

Consumers must be assured that information security remains a top priority and strict standards are being adhered. That unfortunately will lead to further scrutiny of supply chain wide information security practices.

Bob Ferrari

 


Constellation Brands- An Example of Bold Supply Risk Management Strategy

1 comment

There are many ways to remediate a perceived supply risk management problem and Constellation Brands has just exercised its bold and approach.

The beer and spirits producer recently reported fiscal 2015 second-quarter results. While total revenues increased 10 percent, the company had to reverse approximately $37 million of net sales in the quarter as a result of a product recall at the height of the seasonal beer consumption period in August.  This recall was prompted by the discovery that some glass beer bottles contained tiny bits of glass. In what the company describes as an abundance of caution regarding these glass bottles, two million case shipments of Corona Extra branded beer were recalled from wholesalers and retailers during several weeks in August. Perhaps some of our readers experienced the effects of this recall, not being able to drink their favorite beer brand. According to Constellation, there have been no reported injuries due to the defective bottles.

The supplier of the subject beer bottles was Anheuser-Busch In-Bev, specifically a bottle producing plant located at its Mexican based subsidiary.  Beer drinkers may recall that the Corona brand was sold to Constellation in order for In-Bev to conform to regulatory restrictions for one of its product acquisitions.

To alleviate this type of problem in the future, Constellation additionally announced its intent to acquire from Anheuser-Bush InBev’s glass plant and associated warehouse facility that was associated with the prior recall. This bottle producing facility sits adjacent to the Corona brewery in Nava Mexico.. The company is investing the sum of $300 million in a vertical supply strategy to gain more control of quality conformance processes and to boost production. The deal further calls for a 50-50 joint venture ownership with Owens-Illinois to own and operate both the Mexican bottling facility and to source Owens-Illinois as a secondary glass bottle supplier.

According to the announcement, the glass plant currently has one operational glass furnace and plans are in-place to scale to four furnaces over the next four years at an additional cost of $300-$400 million, costs that are expected to be equally shared by Constellation and Owens-Illinois. When fully operational, the Nava Mexico bottle facility, operating under the leadership of Owens-Illinois is expected to supply more than 50 percent of the glass needs for Constellation’s U.S. beer business. Constellation also has a long-term bottle supply agreement with bottle supplier Vitro.

While we can all speculate that some of these plans were in the works leading up to the bottle recall, Constellation has indeed taken a bold step in assuring long-term bottle sourcing supply along with added assurance of quality conformance.


More Negative Visibility to Product Recalls and One Supplier in Automotive Supply Chains

1 comment

In a June 2014 Supply Chain Matters commentary, Automotive Component Supply Strategy Meets Sensitized Regulatory Environment, we called attention to a published Reuters report indicating that product recalls involving airbags supplied by Japan based Takata Corp. would  expand and involve millions of affected motor vehicles and ensnarl many global brands.

That situation has become ever more visible in a multitude of cascading product recalls and urgent consumer advisories involving many auto brands from entry-level to upscale luxury.

Today, the National Highway Traffic Safety Administration (NHTSA) issued a high visibility consumer advisory, urging owners of over 4.7 million recalled vehicles to act immediately on recall notices and replace defective Takata airbags due to suspected defective air bag inflators.  Brands involve BMW, General Motors, Honda, Mazda and Nissan and the vehicle models date back as far as 2000-2001. While this advisory notes specific urgency for certain U.S. states and regions featuring warm, humid climates that fact seems to be blurred by the blast of Monday news from general media. The other reality is that many vehicle owners may have ignored previous recall notices which could jeopardize the safety of occupants.

Aftermarket service and spare part networks are already stressed by a surge of product recalls issued from an abundance of caution to avoid punitive financial fines. This latest high profile consumer warning related to certain airbag deflator defects will add more stress to overly stressed networks that lack the tools to handle such volumes.

Automotive OEM’s have fostered component product innovation strategies among a key set of lower-tiered component system suppliers, and OEM’s leverage such innovation across multiple vehicle and brand platforms. These strategies were put in place to foster both faster product innovation cycles as well as to be able to leverage volume supply costs across multiple global platforms. The objective of leveraging lower component costs has never gone away, at least for certain OEM’s.

Earlier this month, The Wall Street Journal featured a report (paid subscription or free metered view) indicating that Honda, after a long supplier relationship, is re-evaluating that arrangement with Takada in light of a series of airbag inflator product defects. Reports indicate that defective air bags, some dating back to the early 2000’s, could send metal shrapnel flying upon air bag inflation, posing serious injury risk to drivers and/or passengers. According to reports, Takada utilizes a different propellant than other suppliers, one that is cheaper but more volatile. Rival air bag suppliers that could benefit from the current crisis include Autoliv, DaicelKey Safety Systems and TRW Automotive Holdings, which is being acquired by German based ZF. The WSJ further reported that Toyota and Nissan are also concerned about Takata air bag systems in the light of the current circumstances. But, switching suppliers that support one or several global product platforms is somewhat more challenging from a timing perspective.

The WSJ report provides some in-depth perspective on how Takada has expanded its global just-in-time supplier footprint to accommodate individual OEM platform demand. The report alludes that the product quality problems may have stemmed from a period of rapid growth, testing communication and process discipline among far-flung regional plants. After two years of investigation, Honda and Takata joint quality teams discovered certain machine defects in a plant in Washington state and in process parameters in a Mexican plant. At times, poor record keeping hindered the ability to figure out which cars had defective inflators installed.

Whether Takada can recover from this ongoing and compounding product recall and branding crisis is certainly open to skepticism and speculation.  However, Supply Chain Matters feels that automotive OEM’s face their-own realities related to product development and global product platform cycles.  A global platform strategy supported by component supply agreements has to be balanced with supplier risk. Requiring suppliers to locate just-in-time production across far-flung global regions requires an assessment of rigid process control discipline and conformance. When such controls indicate cause for concern, two-way communication must be forthright and honest and procurement teams need to be proactive in assessing and communicating risk implications.

Today’s overly sensitized regulatory environment requires timely feedback and responsive risk mitigation.

The passenger safety, financial, and brand risks are far higher.

Bob Ferrari


UPS’s Latest Survey of Healthcare Supply Chains- Some Interesting Conflicts and Needs for Broader Perspectives

2 comments

This week, UPS announced the results of its seventh annual “Pain in the (Supply) Chain survey involving pharmaceutical and healthcare supply chains. According to the authors, the survey was conducted from phone interviews with 536 senior supply chain management decision-makers within the healthcare industry.  Global coverage for this survey is noted as Asia, Canada, Latin America, the United States and Western Europe.

For the third consecutive year, the survey points to regulatory compliance as the top supply chain pain point, cited by 60 percent of the 2014 respondents, indicating that this trend alone is driving current business and supply chain changes.  From our Supply Chain Matters lens, that finding is not a surprise since so many pharmaceutical and healthcare supply chain are indeed regulated, but more importantly, they are now globally extended for both supply and service demand needs.

The next largest concern was noted as product protection challenges, with 46 percent of respondents citing product security, and 40 percent citing product damage and spoilage as top concerns. Again no surprise, given the ongoing challenge of counterfeit drugs and global extensions of transportation and logistics networks.

However, what was surprising, at least for us, was that a mere 26 percent of these supply chain leaders cite contingency planning as a top supply chain concern. Perhaps this is an area that these supply chain leaders feel is being adequately addressed. Yet, 34 percent of those surveyed in Asia and 22 percent of those residing in Latin America indicated their firm’s supply chain was impacted by an unplanned event in the past 3-5 years. Cited reasons that were noted were:

  • Events being too unlikely or infrequent
  • Back-up infrastructure too expensive to deploy
  • Little or no prioritization being given to this area vs. other challenges

For an industry that is required to spend so much on product development, brand value and patient trust, it is surprising to once again note such viewpoints. The industry need only look to the previous supply chain disruptions that occurred at Johnson & Johnson to ascertain how about contingency planning has become.

Deeper in the UPS news release perhaps finds a rather important assumption related to the above concerns in compliance, product protection and contingency planning.  Many healthcare supply chains are not viewing production, distribution, logistics and transportation as a core capability and have thus outsourced these activities. According to this latest UPS survey, 62 percent of decision makers cited increased reliance on third-party logistics providers as a strategy into the foreseeable future. (3-5 years) Therefore business partners have become an important enabler in helping to overcome stated supply chain challenges.

In a previous Supply Chain Matters commentary, we called for a broader technology vision among supply chain execution partners, specifically 3PL’s. As more and more industry supply chains opt to outsource logistics, transportation and customer fulfillment to logistics and transportation partners, leveraging the potential benefits of newer technologies in item-level tracking, Internet of Things (IoT) and supply chain control towers become a de-facto capability requirement to overcome business challenges and deliver required business outcomes. Too often today, the outsourced 3PL decision has been driven solely by cost control vs. broader requirements for supply chain resiliency and responsiveness. While UPS and FedEx have embraced advanced technology, other 3PL’s have relied on customers to fund such investments, and there remains the conundrum. For us, these latest UPS survey findings concerning healthcare focused supply chains have special meaning to the new reliance on supply chain execution partners for joint goal enablement. Beyond logistics, globally dispersed contract manufacturers have an important enabling and support role as well.

The report’s executive survey indicates that healthcare supply chain leaders are themselves eyeing technology investments in two specific areas of the supply chain, namely front-end order fulfillment and overall product protection in the form of serialization and item-tracking.  Supply Chain Matters advises these leaders to also consider the all-important supporting element for connecting the front and back-end of the extended healthcare supply chain. That would be a cohesive supply chain business network that synchronizes planning, execution and early-warning intelligence to unplanned events.

Bob Ferrari

 


Warning of Increased Threat of Cyber Attacks on Global Port Facilities

1 comment

The International Maritime Bureau (IMB), a non-profit organization established to fight maritime crime and malpractice is calling for vigilance across the maritime sector concerning an increasing threat of cyber-attacks.

According to the agency: “The threat of cyber-attacks on the sector have intensified in the past few months, with cyber security experts and the media alike warning of the dangers posed by criminals targeting carriers, ports, terminals and other transport operators.” In a recent address, an IMB official reported that incidents of petty-theft break-ins at office facilities, which at-first seem harmless, were apparently efforts by thieves to physically install spyware within a port operator’s IT network. Port facilities often use industrial control systems in managing operations, systems that are sometimes not controlled by informational security software.

The IMG advisory further warns of hackers utilizing social-media channels to target truck drivers and operational personnel who travel extensively and have knowledge of port routing and tractor-trailer overnight parking patterns. Hackers are seeking information such as release codes for shipping containers from terminal facilities.

Targets seem to be containers carrying high-value items such as pharmaceuticals, drugs, and other goods. Further noted by a consultant to IMG is that hackers are the new open sea pirates.

As if industry supply chain teams did not have increasing concerns on global supply chain vulnerabilities, this latest IMG warning is especially concerning.


Napa Valley Assesses Damage to Wine Inventories and Production Equipment

Comments Off

Business owners in the Napa Valley area of California woke up today to the after-effects of the 6.0 magnitude earthquake that struck the region on Sunday.  The Napa Valley was very close to the epicenter of this earthquake and we all know and appreciate what this region’s most important commercial product is, namely great wines with global brand identity.

Reports indicate that the wine industry may have suffered some significant damage as a result of the quake and its aftershocks.  A report produced by business network CNBC features video and reports of damaged wine caskets and bottled inventory among growers and distributors, some of very expensive varieties. According to a report by CNN, the damage was isolated, some wineries being hit very hard, others not so. Wine producers and wholesalers are in the process of assessing overall damage along with trying to save stored aging wine.  Wine within damaged barrels will need to be transferred to other safe, secure, temperature-controlled facilities and the challenge is securing both additional barrels and available controlled storage that was not damaged. While insurance can compensate for lost inventory, exquisite wine cannot be replaced, and the harvesting and aging process must begin anew.  Larger producers may be in the position to sustain losses than smaller, specialized producers. That may well leave a hole in future revenues or cause a supply and demand imbalance, depending on the varietal product. The market for wine itself has its own challenges and is very much dependent on variety and brand.

Last week, we ran across a a syndicated AP published story regarding the bourbon industry.  Similar to wine making, it is an industry where long-term bets are made concerning current and future market demand. Distillers fund inventory aging for millions of gallons of product over a 2-5-10-15 year horizon. Super premium brands, currently the most popular, can often fetch large profits, but have to age 6 years or more.  The overall market for bourbon is booming, and distillers and distributors are banking on the continued boom in international demand to continue over the longer-term horizon.  Imagine your supply chain’s overall inventory averaging over multiple years. We observed that dynamic when earthquakes impacted the parmesan cheese producing areas of Northern Italy in June of 2012.

Wine and spirits supply chains feature unique challenges in long-term inventory management and associated supply and demand pricing strategies. Risk is an inherent factor, and major supply chain disruption caused by a natural disaster can be devastating to short and longer-term business results. They also add a new and far different aspect of product demand management challenges.

Napa wine producers will continue to recover from this natural disaster and hopefully, all producers, large and small, will be able to recover.  However, our community has yet another reminder of the fragile nature of today’s industry supply chains which can be significantly disrupted by a single natural disaster or event.

Bob Ferrari

 


« Previous Entries