Category Archives: Supply Chain

Want to scan your crypto wallet for risks? Check: AML check BTC, USDT, ETH. Checking cryptocurrency wallets for dirty money. You may not be aware of a risky transaction and at any moment, even can increase your AML rating into the red zone.

Trade Dispute Worries US Companies in China

Posted on by

As the Trump administration wages an economic battle with China in the form of reciprocating tariffs and other economic measures, it may not be a great time to be an American company operating in China. The US-China Business Council (USCBC), an organization made up of 200 U.

buy arimidex online www.phamatech.com/wp-content/uploads/2023/10/jpg/arimidex.html no prescription pharmacy

S. companies that do business with China, released its annual member survey, finding the trade dispute—and the ongoing political tensions underlying it—are a huge concern for these companies and may be adding to worries about doing business in China.

Since the Trump administration declared a tariff on billions of dollars of Chinese exports in June 2018, the United States and China have traded retaliatory economic measures.

buy xenical online www.phamatech.com/wp-content/uploads/2023/10/jpg/xenical.html no prescription pharmacy

Negotiators from the countries are preparing to meet in October, hoping to break a deadlock, even as each side moves to put pressure on the other’s economy.

Last month, President Trump announced increased tariff rates on Chinese imports, and tweeted that American companies were “hereby ordered to immediately start looking for an alternative to China, including bringing your companies HOME and making your products in the USA.” Some U.S. business groups condemned the moves and the president’s rhetoric, including the National Retail Federation. “It’s impossible for businesses to plan for the future in this type of environment,” said David French, the federation’s senior vice president of government affairs. These moves are an outgrowth of continued tensions, both economic and political, between the two countries.

It is no wonder then, that between 2018 and 2019, the percentage of USCBC members who said that their company’s business had been affected by US-China “trade tensions” increased from 73% to 81%. Of the reasons companies reduced or stopped planning investment in China in the past year, 60% of respondents cited “increased costs of uncertainties from US-China tensions.”

Among the real-world results of the trade dispute, USCBC members reported that the biggest impact was “lost sales due to tariffs implemented by China” (49%) and “shifts in suppliers or sourcing due to uncertainty of continued supply” (43%). The majority of the other concerns have to do with uncertainty or stigma attached to U.S. companies in China. Additionally, 26% of respondents projected that their current year revenue from China would decrease, compared to 9% in 2018.

The USCBC reported that “respondent optimism about China market prospects five years from now is at a historic low,” with the country’s stringent regulatory environment posing the largest driver of long-term doubt for U.S. companies. Indeed, the survey showed that, for 2019, 14% had a pessimistic or somewhat pessimistic five-year outlook, while 21% were neutral, an increase of 5% for both since 2018. However, the trade disputes are a major driver of short-term pessimism.

Also, when asked about cyber-related issues with doing business in China, 64% of respondents reported that “U.S.-China political tensions” were their biggest worry. And with good cause: According to cybersecurity firm Crowdstrike’s 2019 Global Threat Report, in the past year, the firm “observed an increasing operational tempo from China-based adversaries, which is only likely to accelerate as Sino-U.S. relations continue to worsen.”

And the impact reaches far broader than just companies that do business in China, like the members of the USCBC. As reported in the Risk Management article “The Business Impact of Trump Tariffs,” because many companies have complex, interconnected international supply chains, the trade dispute has a much broader effect on a wider array of businesses and industries. For example, a tariff on Chinese solar panels does not just hurt Chinese solar panel companies, it hurts U.S. manufacturers that supply parts for those panels, and U.S. companies that rely on components from Chinese manufacturers are affected as well.

Insulin Pumps Recalled After Hacking Vulnerability Revealed

Posted on by

After the U.S. Food and Drug Administration (FDA) expressed concern this week that some of its internet-connected insulin pumps are vulnerable to hacking and could not be patched, medical device manufacturer Medtronic Plc has announced that they would offer an exchange for the 4,000 patients who are reportedly using the vulnerable devices. If patients are using vulnerable out-of-warranty models, Medtronic is offering a newer replacement at a discounted price, and in-warranty models will be replaced free of charge.

The Medtronic insulin pumps in question work by regularly providing insulin to the patient with the help of a continuous glucose monitor (CGM), which uses Bluetooth to connect to a computer via a CareLink USB device. This system allows patients to remotely send the device commands and share data with their health care providers. These devices are part of an industry-wide push to connect medical devices to the internet (as part of the wider internet of things, or IoT) to allow more efficient and cost-effective communication between patients and providers.

While the exact nature of the insulin pump vulnerability is unclear at this time—neither the FDA nor Medtronic has disclosed any technical details—the danger from someone exploiting the vulnerability is very serious and could be potentially fatal. According to the FDA, “an unauthorized person (someone other than a patient, patient caregiver, or health care provider) could potentially connect wirelessly to a nearby MiniMed insulin pump with cybersecurity vulnerabilities. This person could change the pump’s settings to either over-deliver insulin to a patient, leading to low blood sugar (hypoglycemia), or stop insulin delivery, leading to high blood sugar and diabetic ketoacidosis.” In a letter to patients using one of the vulnerable pumps, Medtronic confirmed the potential danger, saying that “An unauthorized person with special technical skills and equipment could potentially connect wirelessly to a nearby insulin pump to change settings and control insulin delivery.”

Fortunately, there have not been any reported cases of anyone exploiting the vulnerability, but it is not the case of such an issue affecting these devices. In 2011, a security researcher was able to hijack nearby Medtronic insulin pumps, giving him the ability to deliver potentially fatal doses of insulin to patients within 300 feet. After the vulnerability was revealed, Medtronic released a statement saying that it was working to improve their devices’ security.

This March, it was also revealed that Medtronic’s connected pacemakers, clinic programmers and home monitors were also vulnerable to hacking. In that case, Dutch security researchers discovered the security flaws, which the company reportedly initially denied before the FDA began an investigation. The agency later issued a warning about the pacemakers, and Medtronic released a patch for the software. As with the insulin pumps, there were no reported cases of anyone taking advantage of the security flaw before the fix was implemented.

Speaking to CBS News after the March incident, the FDA’s Dr. Suzanne Schwartz said, “Any device can be hacked and that’s often not understood,” adding that companies are not prepared for this reality and that “we still have a ways to go.” This week, the FDA released a set of recommendations regarding the latest insulin pump vulnerability, including a suggestion to patients: “Talk to your health care provider about a prescription to switch to a model with more cybersecurity protection.”

Such cases highlight the continuing potential risks of internet-connected medical devices. As discussed in the recent Risk Management article “Diagnosis: Risk—The Product Liability Challenges of Diagnostic Health Tech,” cyber vulnerability is only one of the many challenges for manufacturers and users of connected medical devices. These devices—especially ones that provide medical diagnostic data—have scores of built-in product liabilities that could land their manufacturers (as well as any number of other companies in the devices’ chain of distribution) in legal trouble if something goes awry.

Microsoft Vulnerability A Reminder to Update and Patch

Posted on by

Microsoft recently announced a major vulnerability to Windows XP, Windows 7 and several older Windows server versions. According to Simon Pope, the company’s director of incident response, “[A]ny future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.” This announcement reinforces the importance of companies patching security vulnerabilities to mitigate the risk, especially on older machines that still serve essential functions.

This news follows a TechCrunch article reporting that at least a million computers worldwide, mostly in the United States, remain vulnerable to the WannaCry and NotPetya malware because users have not installed the necessary patches. Cybercriminals continue to use this malware, based on hacking tools originally developed by the NSA, to deliver all sorts of malicious software to unsuspecting victims online.

WannaCry is ransomware—malicious software that hijacks a computer and demands payment to regain control—that quickly spreads and has affected businesses, government and individuals in over 150 countries since 2017. Around the same time, a malicious software disguised as ransomware called NotPetya spread worldwide, affecting global business operations, and effectively paralyzing multiple companies in what has been called “the most devastating cyberattack in history.” Both caused massive financial damage worldwide, with WannaCry estimated at $8 billion in damages and NotPetya estimated at $3 billion.

Windows has released patches to protect systems from the newly announced vulnerability, even for Windows XP and Windows Server 2003, despite the company not usually offering support for those older systems.

online pharmacy nolvadex with best prices today in the USA

However, XP users will have to manually download the patches from Microsoft’s update website. According to a 2017 Spiceworks study, businesses worldwide were still running Windows XP on 11% of their laptops and desktops. While that has likely decreased in the past two years, it would still leave a significant number of machines running exposed systems that require manual updates to patch.

Not patching vulnerabilities has led to serious incidents, like the Equifax breach in 2017, which led to the theft of 143 million Americans’ personal information.

online pharmacy buspar with best prices today in the USA

In that case, the US Department of Homeland Security had issued a warning about the vulnerability, a patch for a web application vulnerability had reportedly been available for 2 months before the breach, and Equifax failed to implement the fix. A US House Oversight Committee report blamed the company entirely, saying that Equifax “failed to implement an adequate security program to protect this sensitive data,” and that “such a breach was entirely preventable.”

Companies use numerous different types of software in their daily operations, and software providers issue many patches for their products, which leaves companies overwhelmed. According to an April 2018 Ponemon Institute study, 68% of companies “find it difficult to prioritize what needs to be patched first.” IT staffing limitations and competing priorities within organizations can hinder these efforts, since patching requires heavy time investment and sometimes taking important aspects of the business offline to implement fixes. Companies with third-party partners and supply chains face even more complex risks, since their systems are often integrated or dependent, and companies likely do not have direct control over partners’ systems to ensure patching. Mitigating outside risk by including in contracts stipulations that third-party partners meet certain security requirements can also help.

online pharmacy imodium with best prices today in the USA

The Economic Costs of Government Internet Interruptions

Posted on by

At the end of April, global internet access monitor group NetBlocks reported that Venezuela’s state-run internet provider ABA CANTV was restricting the country’s access to various social media platforms amid continuing demonstrations and political turmoil. In May, NetBlocks reports this has continued, in addition to similar internet limitations in Benin and Sri Lanka. While increased global internet connectivity has led to international economic growth, it has also often led to increased government control over methods of communication and commerce, and government shutdowns pose a serious risk to businesses and economic activity in these countries.

Businesses face a variety of challenges and risks when operating abroad, but internet shutdowns and limitations may present a unique impediment, especially for companies that operate largely online and rely on consistent internet access. With more countries shutting down or limiting access more frequently, companies that conduct business in countries with regular interruptions may need to plan accordingly, or reevaluate whether their operations can accommodate these disruptions. Companies that have internet-dependent supply chains may be particularly susceptible and should ensure they have comprehensive mitigation strategies in place to avoid business interruptions.

Many nations increasingly use internet and social media disruptions as a way to quell political dissent. Some countries have shut down social media after violent incidents, purportedly to curb people’s ability to incite further violence, such as in Sri Lanka after the Easter suicide bombing there. Ethiopia also limited internet access in 2017 after activists leaked copies of the national school exams online. Whatever a country’s motivation, the frequency of shutdowns worldwide is rising dramatically, according to Stastista, which notes a 6,000% increase between 2011 and 2018.

government internet shutdowns

The Indian government routinely implements shutdowns in various parts of the country, and has in turn suffered serious economic consequences. The Indian Council for Research on International Economic Relations recently reported that, between 2012 and 2017, internet shutdowns in India climbed from 3 to 70 per year, and the shutdowns’ total duration rose from 9 hours in 2012 to 8,141 hours in 2017. According to the report, titled The Anatomy of an Internet Blackout, these disruptions cost the Indian economy approximately $3.04 billion in total. This includes approximately $2.37 billion from mobile internet loss and $678.4 from fixed line internet shutdown.

The Brookings Institution released a study in October 2016 examining 81 short-term shutdowns in 19 countries and their impact on GDP. Between July 1, 2015, and June 30, 2016, the study found that the economic consequences of internet shutdowns cost at least $2.4 billion in GDP globally. The report notes that this is a conservative figure and does not account for tax losses or drops in investor, business, and consumer confidence.

Deloitte also examined the issue in 2016, estimating that the economic consequences of a temporary shutdown “grow larger as the level of connectivity and GDP increase.” For highly connected countries, a temporary shutdown could cut 1.9% of daily GDP—an estimated $141 million per day. Medium-connectivity countries lose an estimated 1% ($20 million) of daily GDP and low-connectivity countries could lose an estimated 0.4% ($3 million) of daily GDP.

A study released in October by Strathmore University’s Center forIntellectual Property and Information Technology Law (CIPIT) showed that shutdowns can also severely impact countries’ shadow economies, often uncounted in formal studies like those from Brookings and Deloitte. According to the report, titled Intentional Internet Disruptions in Africa, unreported economic activity in 49 African countries made up an average of 37.65% of all economic activity. Because this activity is not counted in previous formal studies (like the Brookings study), CIPIT estimates that including these shadow economies increases the total cost of shutdowns by 19% to 29%.

Another Statista study from August 2018 shows that certain countries are shutting down their internet more often than others, most notably India, Pakistan and Iraq. Risk managers should consider these figures and cost estimates when assessing their companies’ existing or potential operations in the countries noted below, or when looking at where to invest overseas.