Why operational context matters: Realizing the full potential of … – Supply Chain Management Review
To log into your PLUS+ account, enter the email address associated with your PLUS+ subscription below:
For PLUS+ subscription assistance, contact customer service.
Not a PLUS+ Subscriber?
Become a PLUS+ Subscriber today and you’ll get access to all Supply Chain Management Review premium content including:
- Full Web Access
- 7 Magazine Issues per Year
- Companion Digital Editions
- Digital Edition Archives
- Bonus Email Newsletters
- Full Web Access. All feature articles, bonus reports and industry research through scmr.com.
- 7 Magazine Issues per year of Supply Chain Management Review magazine.
- Companion Digital Editions. Searchable replicas of each magazine issue. Read them in any web browser. Delivered by email faster than printed issues.
- Digital Editions Archives. Every article, every chart and every table as it appeared in the magazine for all archive issues back to 2009.
- Bonus email newsletters. Add convenient weekly and monthly email newsletters to your subscription to keep your finger on the pulse of the industry.
PLUS+ subscriptions start as low as $109/year*. Begin yours now.
That’s less than $0.36 per day for access to information that you can use year-round to better manage your entire global supply chain.
For assistance with your PLUS+ subscription, contact customer service.
* Prices higher for subscriptions outside the USA.
Email: [email protected]
Phone: 1-847-559-7581
Fax: 1-847-564-9453
Mail: Peerless Media, PO Box 677, Northbrook, IL 60065-0677 · USA
Make checks payable to “Peerless Media” for all subscriptions.
Click here to log back in again.
For PLUS+ subscription assistance, contact customer service.
Our records show that you are currently receiving a free subscription to Supply Chain Management Review magazine, or your subscription has expired. To access our premium content, you need to upgrade your subscription to our PLUS+ status.
To upgrade your subscription account, please contact customer service at:
Email: [email protected] Phone: 1-800-598-6067 (1-508-663-1500 x294 outside USA)
Become a PLUS+ subscriber and you’ll get access to all Supply Chain Management Review premium content including:
- Full Web Access. All feature articles, bonus reports and industry research through scmr.com.
- 7 Magazine Issues per year of Supply Chain Management Review magazine.
- Companion Digital Editions. Searchable replicas of each magazine issue. Read them in any web browser. Delivered by email faster than printed issues.
- Digital Editions Archives. Every article, every chart and every table as it appeared in the magazine for all archive issues back to 2010.
- Bonus email newsletters. Add convenient weekly and monthly email newsletters to your subscription to keep your finger on the pulse of the industry.
PLUS+ subscriptions start as low as $129/year*. Start yours now.
That’s less than $0.36 per day for access to information that you can use year-round to better manage your entire global supply chain.
Already a PLUS+ subscriber? Log In Now.
To begin or upgrade your subscription, Become a PLUS+ subscriber now.
For assistance with your PLUS+ subscription, contact customer service.
Please recheck your login information and resubmit below.
For PLUS+ subscription assistance, contact customer service.
Editor’s Note: The following article is the unedited verion of “Realizing the full potential of supply chain resilience surveys,” a feature from the November 2022 issue of Supply Chain Management Review. The original version contains more of the authors’ research.
Abstract
At a time when massive shocks such as the COVID pandemic and semiconductor chip shortages continue to disrupt supply chains around the world, multiple market research and consulting surveys have been conducted to identify supply chain resilience strategies. However, it is difficult for managers to develop actionable strategies based on findings from such surveys, because of a lack of context of the reported decisions and because the results are aggregated over multiple levels. In this article, we analyze how such surveys can be adjusted to reveal more differentiated findings. Two recommendations have been identified: Using the supply chain as the unit of observation and adding questions to understand the operational context of the supply chain. We then illustrate the recommended methodology with three company examples.
Key words: supply chain resilience, consulting surveys, supply chain archetypes, operational characteristics
Business resilience in the context of supply chain management has become a top priority for most companies in response to the massive disruptions caused by the COVID pandemic and subsequent developments such as the chip shortage and bottlenecks in global logistics systems. Many supply chain executives are looking to develop a long-term strategy to increase their supply chain resilience since new uncertainties and major disruptions, such as the Russian invasion of the Ukraine, continue to arise.
This has led many market research and consulting companies to investigate the impact of such disruptions and to explore potential strategies to cope with them. Over the last two years multiple supply chain management surveys have been launched to discover supply chain resilience strategies. However, it has been difficult to develop actionable strategies based on insights from such surveys. This suggests that there is a need to deepen our understanding of how to interpret survey results as well as how to re-design them in order to explore supply chain resiliency.
Surveys on supply chain resilience typically use the totality of all companies in their sample as their unit of analysis, i.e., a typical result would be “x% of all companies regionalize their supply chain”. In some survey reports industry specific differences are analyzed. This can lead to interesting insights for managers and scholars. However, companies operate within idiosyncratic environments and thus there is a need for more differentiated guidance. Executives need to define strategy decisions to achieve resilience at the individual supply chain level, taking the specific challenges and constraints of their company environments into account. Thus, there is a gap between the level of analysis that is needed for decision making to support resiliency and the level of analysis that is typically provided. We call it the “unit of analysis gap”.
In this article, we want to show how this unit of analysis gap can be bridged with two steps, so that executives can benefit most effectively from survey-based insights. The first step does not require any change to the current format of the surveys since it is based on breaking down existing survey insights to the industry level. The second step requires asking additional questions in order to uncover insights at the supply chain level.
Figure 1 illustrates the concept of the “unit of analysis gap”.
Figure 1.
We were given the opportunity to collaborate with Gartner, one of the leading supply chain research and consulting companies, on the development of their 2020 global supply chain agility1 and resilience survey. Their report, “Future of Supply Chain: Crisis Shapes the Profession”2, is based on the results of that survey. We used the published report and additional access to some of the survey data3 to illustrate how survey results can be enhanced through the two steps noted above, leading to more differentiated and relevant insights.
We have grouped our findings into three parts. The first part documents the advantages of this type of survey and why researchers and managers should see them as an important source of valuable information that is relevant to mitigating the risks present in the current supply chain environment. In this section, we outline the conclusions drawn from reviewing the survey data and comparing the results to other survey-based reports.
The second part shows how survey data can be broken down and further analyzed at the industry level. We used additional data, based on the survey responses, that we received from Gartner, to show how further analysis can lead to additional industry-specific insights.
In the third section, we explain our recommendations for how to conduct future supply chain resilience surveys in order to generate supply-chain specific insights. We provide three company examples, whom we interviewed, that illustrate our methodology and our conclusions. The Henkel supply chain example illustrates the value of having a supply chain as the unit of analysis. The two Nike supply chains show that two different supply chain archetypes can exist within one company. Finally, the Infineon supply chain example shows that the operational context of the supply chain in certain industries can limit the option space to such an extent that only one feasible supply chain configuration remains.
Advantages of supply chain surveys
In this section, we discuss how surveys on resilience can support both supply chain practice and research. In particular, we discuss what can be learned from them with regards to resiliency. Consulting surveys and reports are a valuable means for discovering the perspective of practitioners concerning timely topics. Their value is based on the ability of consulting companies to reach a wide pool of respondents and their resources to conduct such surveys in a timely manner. This allows them to quickly generate large data sets that make drawing general conclusions derived from current practice feasible.
We have compared the results of 12 consulting surveys on supply chain resilience from May 2020 to July 2021 (see Appendix A for a summary of survey details) and found that there are some recurring messages in the survey reports. In Figure 2 we have summarized ten insights related to supply chain resilience that we found in multiple independent surveys. For example, all reports mention that a digital transformation through investments in IT infrastructure is a key enabler for becoming resilient. A Deloitte survey4 found that 78% of respondents view enhancing IT infrastructure to be a top operating model priority. In another survey5, 91% of the 715 managers responding strongly agree or agreed to “Effective investments in digital technologies and analytics will help companies recover faster from the impacts of COVID-19”. Moreover, a survey from Allianz6 showed that highly digitized companies took significantly more actions to mitigate disruptions compared to less digitized ones.
We note that 11 out of 12 survey reports conclude that changes to the current supply chain setup are needed for most companies. According to Gartner2, 40% of executives believe that their current supply chain is not able to cope effectively with short- to medium term challenges. Other surveys from our sample found that 65% of respondents7 said that they actively invest in regionalizing and localizing their manufacturing base or that 82% agree with the statement “Our supply chain footprint has shifted notably because of COVID-19”.
Thus, these consulting reports document similar developments when it comes to beliefs and actions of global supply chain managers8. The findings are interesting and relevant as they give an overview and cross-check of how managers think. Moreover, due to the large sample size, the survey results support making general statements about current management thinking. The insights also can be used as a starting point for scholars to examine resiliency in more detail and to develop analytical resilience models.
Generate industry insights through further analysis
In this section, we show how breaking down results to the industry level reveals interesting insights. Being resilient indeed does mean something different for each supply chain, as each company needs to balance different types of risks while minimizing overall costs. The “right” trade-off depends on individual circumstances such as regulatory requirements, geographic supply constraints, partner ecosystems, or risk appetite.
However, this is the first of two steps to bridge the gap between the general conclusions which are oftentimes found in consulting reports and supply chain-specific insights that managers require. Through this first step some questions can be answered. For example, are most companies in my industry implementing the same set of strategies? Do other executives in my industry share my beliefs regarding resilience? Why are some companies not investing in resilience?
Generating industry level insights can be done without any changes to the current format of most surveys, as usually the respondents are asked to specify the industry their company is competing in. We use the Gartner report as an example of how to conduct further analysis that can lead to additional industry-specific insights.
Example: Gartner survey
The annual Gartner survey, which is the survey we analyzed in this paper, is one of the leading and most relevant supply chain surveys, because of its global reach, large sample size, and the quality of its respondents. We observed that 1049 from a total of 1346 respondents work in operations and are a board member, director, vice president, or manager. Moreover, the respondents came from 18 different industries, which represents a good cross-section of all companies, while excluding industries such as Services, Software, and Finance. Thus, the survey is well suited for examining supply chain related topics at a general level.
To identify additional insights, we conducted further analysis through three cross-tabulations of the reported survey questions responses that Gartner provided for us, and which were not included in the survey findings report. All three cross-tabulations can be found in Appendix B9.
Resilience strategy deployment by industry
The first cross-tabulation analyzes industry-specific differences in investment decisions that have already been implemented and are not just intended. The table shows the total number of respondents per industry and how many of them indicated that they were currently investing in one of the sixteen agility and resilience strategies identified in the survey. Respondents that only intend to invest in the next two years were excluded, as intension does not necessarily translate into real action, which is what we want to focus on.
The results of this cross tabulation show that there are significant differences in supply chain resilience strategies that were implemented across industries. For example, only 30% of managers from automotive companies reported that they shifted manufacturing from one region to another, while 61% of high-tech executives reported that they have done so. Moreover, the results show that chemical companies and automotive companies have implemented significantly less in resilience strategies than the other industries.
Chemical companies reported that they have diversified their supply base (-20%points compared to average), increased inventory (-22%pts.), or outsourced (-17%pts.) far less than all other industries to become more resilient. These results can be explained by the particular setup of many chemical supply chains being asset-intensive and continuously flowing. Automotive companies seem to shift manufacturing capacities (-18%pts.), deepen collaborations with key suppliers (-16%pts.), and use demand sensing technology (-18%pts.) far less than other companies.
Their asset intensive production explains the lacking flexibility of production capacities. Having more purely transactional relationships with suppliers might explain why it is especially challenging for the automotive industry to secure enough of the supply-constrained semiconductor chips. We only mentioned some examples as this is not the focus of this article, however, more interesting insights can be found in the data.
Supply chain beliefs by industry
The second cross-tabulation looks at how managers’ beliefs or perspectives concerning factors or trends that can impact supply chain agility and resilience strategies vary by industry. The table is based on fourteen different belief statements and asks managers to agree, disagree or be neutral with respect to each statement.
Over 90% of the High-tech, Logistics & Distribution, CPG, Retail, and Industrial companies have indicated that they will invest in resilience and agility. These are industries where management generally understands and accepts the investments required to be more resilient and agile (see 2.5).
For CPG companies, one reason for investing more might be that they lag behind other industries in terms of agility, as their supply chains have been designed primarily for cost efficiency rather than resiliency or agility in the past (see 2.3). The industries that are doing less to make their supply chains resilient include Aerospace & Defense because national interests and regulation hamper supply chain restructuring (see 2.8, 2.7) or Food and Beverage because customers want local sourcing (see 2.9). However, further automation is needed to facilitate onshore manufacturing to make supply more agile and resilient (see 2.14). Moreover, investments in agility and resilience are simply too costly for Automotive companies and their leadership did not see the need for action at the time of the survey (see 2.4, 2.5).
For Medical Equipment & Devices companies the industry’s current low-cost outsourcing strategy is still largely sustainable and does not require them to act quickly (see 2.9, 2.10, 2.11, 2.13). Chemical companies already are very lean, based on continuous flow operations, and do not see the need to change their supply chain setup (see 2.6).
Overall, it can be observed that there are significant differences in answer patterns depending on the industry. For example, affirmative answers regarding a previous focus on cost efficiency (see 2.3) vary by up to 32%-points, depending on the industry. The same is true for customer preferences for local sourcing (up to 43%pt. difference; see 2.9) or whether the leadership accepts the need for investments in resilience (up to 36%pts.; see 2.5). Thus, it can be concluded that even though basically every respondent (90%) indicated that they will invest in agility and resilience, the underlying motivations and reasons for doing so vary significantly.
Beliefs versus decisions
The third cross-tabulation analyzes how the companies’ supply chain investment decisions are linked to their beliefs or perspectives on supply chain factors and trends. The table combines the answers from the investment decisions and the beliefs to show the split of agreeing and disagreeing to the fourteen statements by investment decision instead of by industry. Our hypothesis was that the actual decisions (i.e., the strategies implemented) tells us something about the underlying beliefs. For example, we expected companies that increased their safety stock levels or reduced their capacity utilization would agree to a greater extent that “our supply chains in the past have been designed primarily for cost efficiency rather than resiliency or agility”.
Surprisingly, the results (see cross-tabulation 3 in Appendix B) do not show that the beliefs are linked to the ultimate investment decisions/actions. For all beliefs, the percentage of respondents agreeing and disagreeing is basically constant across all resilience strategies (standard deviation of 1.5% across all responses). Thus, companies implement different supply chain resilience strategies, but on average have similar beliefs regarding the resilience vs. cost-efficiency trade-off, regionalization, and customer preferences.
This observation indicates that the implementation of a particular resilience investment can have multiple different reasons. For example, regionalization of the supply chain might implicate for a supply chain that previously operated a very lean global setup, the possibility to have more redundancies and diversified location risk. However, another company might want to regionalize its supply chain to reduce the time-to-market or relocate decision making to jurisdictions that are able to better serve the local customers. This suggests that further analysis is needed to understand how beliefs impact supply chain decision making.
The additional insights generated through the three cross-tabulations revealed that more can be learned, even without having full access to the raw data. However, it also showed that some patterns can only be explained through a more granular analysis. Staying at an industry level is not sufficient to understand how decision making for resilience is conducted in practice.
How surveys can provide differentiated answers to managers
In this section, the second step for bridging the unit of analysis gap is described. Based on our collaboration with Gartner, our analysis of the survey data, and our review of current supply chain resilience research literature, we have developed two recommendations for future surveys that can lead to supply chain-specific results. To illustrate our reasoning, we give three real-life company examples based on in-depth interviews with senior supply chain executives.
1. Use supply chain as the unit of observation (instead of company)
We believe that future supply chain surveys will benefit most from using a more detailed unit of observation which allows for a more differentiated analysis of the results (i.e., the unit of analysis is the organization entity that you wish to say something about). However, consulting surveys usually ask respondents to answer the survey questions from the perspective of their company (see Appendix A).
Thus, managers are forced to decide whether they are answering based on an average across all supply chains that are used by their company, which can be very misleading for conglomerates or companies with a wide product portfolio, or whether they are answering from the perspective of one specific supply chain without being able to document which one they are answering for. Both options can distort the results and complicate our understanding of the underlying drivers of resilience (see further details in Cohen et al.10).
Changing the unit of observation to be the supply chain will require clarification at the beginning of the survey, so that respondents do not answer from the perspective of the entire company, but rather do so for a particular, specified supply chain. Ideally, the survey asks the respondents to name the product (group) they are referring to at the beginning of the survey. This will lead to a respondent’s commitment to only one supply chain, for that product (group), and enable more detailed understanding of the results.
Company example: Henkel
Henkel is a global manufacturer of consumer-packaged goods with 20 billion revenue and 179 production facilities in 79 countries. The company is divided into three different business units, each with its own supply chain setup. Due to different setups, each supply chain has its own “point of differentiation” along the value chain (see Figure 3).
The laundry and home care products share the same footprint in terms of sourcing and production locations for scale efficiency reasons and use the same distribution network as all products are sold via retailers and distributors. However, the supply chains are differentiated based on a customer segmentation, resulting in different lead times and service levels.
The beauty care products also share the same production footprint due to similar technology and the resulting economies of scale, but the supply chains are differentiated by distribution channel into retail and direct-to-consumer (DTC) businesses, because personalized products which are directly shipped to the consumer require a different setup. And lastly, the adhesives business unit differentiates its supply chains based on production technology, ranging from local production facilities for construction business customers to a global center of production excellence structure for electronics customers.
This company example shows that a company might have very different supply chain setups across and even within a business unit. As these different setups need different approaches to becoming more resilient it is crucial to use a specific supply chain as the unit of analysis. Otherwise, a manager from this company could have answered the survey in many ways. Only with a survey based on a supply chain, can it be ensured that these overlapping factors are not aggregated into one response.
2. Understand the context
Choosing a more detailed unit of observation can remove some of the “noise” from the data since answers will be specific to one supply chain structure. Moreover, more can be gained by understanding the context associated with the responding managers answer.
There is a general belief that companies in the same industry tend to share the same supply chain resilience strategies. But that is not necessarily true. To understand why that is the case, it is important to realize that in general, industries are mainly defined by the primary product produced or sold. Other characteristics such as the production process or supply-side characteristics typically play a lesser role. Current research, however, suggests that grouping supply chains with regards to supply chain resilience requires similar operational product, process, and market characteristics11. Companies within the same industry can have different supply chain attributes due to factors such as company location, size, age, or number of product groups being offered.
One way to extract this information in a survey would be to ask detailed questions that reveal the operating characteristics of the product (group) with regards to the supply chain setup, market conditions, and product attributes. This approach will lead to more insights. However, this requires the addition of several “setup” questions, which already take up a significant portion of the total response time.
Instead of asking respondents to answer a lot of detailed questions about the operational attributes of their company, we recommend letting managers self-assess and classify their supply chain based on a resilience framework that associates a supply chain into a supply chain archetype which is defined by operational features of the company supply chain. Such self-classification captures the type of supply chain and the corresponding supply chain context for analyzing factors and attributes that influence current supply chain resiliency. This will put the managers’ answers into perspective and enable derivation of more detailed insights, which help companies to understand how to actually achieve resilience. This way, only one or two questions need to be added at the beginning of a survey.
The framework should be simple and easy to understand, so that it allows all respondents to select an appropriate archetype. We suggest using the “Triple-P” supply chain resilience framework12 which matches resilience strategies to supply chain archetypes. This framework requires responding to two questions13:
(1) about how the company’s supply chain(s) are organized and coordinate decision making, (homogeneity of internal supply-chain processes) with answer options “multiple independent supply chains”, “shared services”, “central guidance”; and “one-size-fits-all” and
(2) about how the company’s supply chain(s) coordinate decision making and information exchange with external partners and stakeholders (inter-company integration with other supply-chain actors), with answer options “less dependency/ engagement”, “coordination with key partners”, integrated systems”, collaboration”, and “vertical integration”.
Based on this classification into these two dimensions, three supply chain archetypes can be identified to group supply chains across industries based on their common barriers to achieving resilience and other operational features. Figure 4 summarizes the main results of the framework, adopted from Cohen et al.11. We note that other possible frameworks could be used to classify a supply chain.
Company example: Nike
Nike is a global apparel company focusing on sports and lifestyle clothes that sells $37 billion worth of products, which are produced in more than 600 factories in 54 different countries. The company is operating with essentially two different supply chain structures: a footwear and equipment supply chain and an apparel supply chain. Based on the “Triple-P” framework, the two supply chains belong to different archetypes (type 2 and 3) even though they are both within the same company. We illustrate the importance of understanding the supply chain context by considering how answers would be analyzed in typical consulting surveys versus how they can be interpreted when using the “Triple-P” framework instead.
Consolidated footwear supply chain
The footwear supply chain belongs to archetype 2, partner complexity. It is structured around a consolidated supply base with only a few contract manufacturers that can produce almost the full product portfolio with a limited number of large-scale factories in low-wage countries. Moreover, demand is rather predictable, and the technology is simple. This makes it easy to move production around in case of local disruptions or tariffs. Thus, the focal company collaborates with a dozen key partners after multiple decades of investing heavily in these key relationships to geographically diversify their manufacturing footprint.
Nike decided that further geographical diversification out of South-East Asia would make the footwear supply chain more resilient. Ultimately, the company wants to have production close to all demand hubs, in high-wage countries such as the US or central Europe.
Diversified apparel supply chain
The apparel supply chain belongs to archetype 3, process complexity. It differs with regards to technology, process, supplier relations and market dynamics. Nike is faced with a fragmented supplier market consisting of many specialized plants due to the great variety of materials and the complexity of material processing. Moreover, quickly changing customer preferences (fashion trends, seasonality) hamper long-term partnerships with suppliers.
To make the apparel supply chain more resilient, the company decided to focus on a smaller number of strategic partners with which they try to establish long-term relationships by helping them in the short term with preferred orders and financial aid and in the long run to diversify their product offerings. Geographical diversification is less of a concern as the fragmented market allows the company to easily do business with new production partners in new countries.
Analysis with and without context
Even though the supply chains are set up in different ways, managers from both business units could have selected, for example, the response to invest in “Shifting manufacturing from one country/region to another (including reshoring or nearshoring)” in the Gartner survey, for different reasons.
With the context given above for the two supply chains, it is understandable that a footwear manager would choose this strategy as the business unit tried to geographically diversify their manufacturing base to be in close proximity to final demand. In contrast, a manager from the apparel business unit has the streamlining of supply base activities in mind when indicating, that he/she is investing in shifting manufacturing. Bundling manufacturing capacities at a smaller number of contract manufacturer sites also involves shifting manufacturing capacities across countries.
However, usually the context is missing and therefore the underlying reasons for selecting a strategy remain unknown, as shown in Figure 5. If the respondents would have self-classified their supply chain beforehand, some of that context could have been understood (see Figure 6). In contrast to Partnership complexity, supply chains belonging to the Process complexity archetype usually have regional or even local setups.
Shifting manufacturing for them therefore does not involve re-shoring or diversification reasons. Thus, both business units could have chosen the same investment strategy for different reasons and this example shows that prior classification of the supply chain context could help to learn more about the reasoning behind the selected supply chain strategy.
Thus, using a framework, such as the suggested one, will enable surveys to mitigate the lack of crucial information to understand the underlying reasons for resilience strategy decision making and to compare supply chain setups based on similar operational attributes instead of using industry classifications.
Company example: Infineon
Infineon’s automotive supply chain is an example of the third archetype (type 1, product complexity). Infineon is a large player with $10 billion in revenues and 21 manufacturing sites distributed around the world. The company has basically one supply chain for its roughly 15,000 stock keeping units even though the product and demand characteristics differ.
The existing structure of Infineon due to its high-tech environment, volatile demand, and capital-intensive production, has built-in mechanisms to mitigate risk and resolve supply and demand disruptions as unexpected events occur on a regular basis. One example would be the investments in creating inhouse redundancies for the center of excellence production structure. These limiting factors are faced by all companies in the semiconductor industry which results in having basically one supply chain setup for this industry.
In contrast to the Nike footwear supply chain, Infineon is not about partnering with your core suppliers and contract manufacturers to get closer to the main demand hubs. Instead, strategies for becoming more resilient focus on logistics and distribution rather than production location or capacity. Thus, the company expanded the reach of its regional distribution centers to be able to supply not only their respective region but also the entire world. Moreover, actions such as preparation of master data were taken to enable fast stock transfers between distribution centers.
The Infineon supply chain example shows that the operational context of the supply chain in certain industries can limit the option space to such an extent that only one feasible supply chain configuration remains. For these cases, an analysis on industry level would be sufficient.
Conclusion
We identified some clear messages regarding the treatment of supply chain resilience in consulting survey-based reports and explained why such supply chain surveys are valuable for gaining an understanding about context and common approaches for new and upcoming topics such as the achievement of resiliency.
However, this article also showed that there is a mismatch between what can be inferred from these consulting surveys and what supply chain executives need to know to steer their supply chains effectively. We propose that this “unit of analysis gap” can be closed with two steps. The first step does not require any change to the current format of the surveys, as it breaks down the insights to the industry level based on further analysis of the raw data. An example is given in form of three cross tabulations drawn from a recent Gartner survey on supply chain resilience.
We noted that an industry level analysis alone, will not lead to supply chain-specific insights, which are required to develop a strategy such as resilience. We therefore introduce a second step that requires changing the unit of observation to the supply chain instead of the company. Asking additional questions to understand the context in which supply chain setup decisions are made supports overall understanding and enables differentiated statements to be made at the supply chain level. We propose letting respondents self-classify their supply chain according to the “Triple-P” framework.
This classification provides the necessary context and allows for a more nuanced understanding of why companies have implemented their current supply chain structure and strategy and provides concrete guidance for how to adopt a strategy that promotes resilience.
Three company examples are given to illustrate the three different archetypes. The company examples show how contextual factors, i.e., operational characteristics, determine the supply chain archetype and impact the implemented supply chain resilience strategy. Based on what is known about the barriers for each archetype, this context gives guidance for managers on what to do14. The Nike example illustrates the methodology by contrasting the information with and without using the Triple-P framework.
Thus, the results of this article suggest that the company-based format which is good for general management surveys is not a good fit for generating the insights necessary for a company to develop an effective resiliency strategy. Such surveys would benefit from more granular data. Questionnaire-based surveys that require the respondent to speak for a monolithic company-wide supply chain cannot effectively link operational characteristics to a supply chain-specific strategy. When applying these strategies in practice, managers necessarily run into company or supply chain setup-specific challenges and therefore they need more customized insights in order to develop resiliency strategies that will be successful.
Acknowledgement
The authors want to deeply thank Gartner and especially Geraint John and Kamala Raman for the collaboration on the survey questions of the “Future of Supply Chain: Crisis Shapes the Profession” report from December 2020. Moreover, we appreciate their help and the sharing of results and the aggregated data.
Appendix A – Overview Consulting reports
ID Title Company Date Number of responses Scope Unit of observation Unit of analysis
1 Global Supply Chain Survey – In Search Of Post-covid-19 Resilience Allianz Research / Euler Hermes December-20 1181 US, UK, FR, GER, IT Company Country/area & Industry/sector level
2 Supply Chain Resilience Report 2021 Business Continuity Institute (BCI) March-21 173 Global Company Cross-industry level
3 Fast foreward – Rethinking supply chain resilience for a post-COVID-19 world Capgemini Research Institute October-20 1000 Global Company Country/area & Industry/sector level
4 Save-to-thrive Deloitte August-20 1089 Global Company Country/area & Industry/sector level
5 Future of Supply Chain: Crisis Shapes the Profession Gartner December-20 1346 Global Company Cross-industry level
6 Weathering the storm Gartner May-20 236 Global Company Cross-industry level
7 Supply chain resilience report Hubs July-20 1281 Global Company Cross-industry level
8 Supply Chain Resilience In A Post-pandemic World Jabil September-20 715 Mainly US Company Industry level
9 The Resiliency Compass: Navigating Global Value Chain Disruption in an Age of Uncertainty Kearney July-21 360 Global Company Cross-industry level
10 Risk, resilience, and rebalancing in global value chains McKinsey & Company (McK) May-20 605 Global Company Industry level, some company specific
11 Navigating the Supply Chain through the Pandemic Supply Chain Insights (SCI) February-21 118 Global Company Cross-industry level
12 The Resilient Supply Chain Benchmark: Ready for anything? The Economist Intelligence Unit (EIU) May-21 308 US Company Industry / sector level
Appendix B
Cross tab 1
Cross tab 2
Cross tab 2 (continued)
Cross tab 3
Cross tab 3 (continued)
Cross tab 3 (continued)
Cross tab 3 (continued)
Notes
1. In the survey Gartner distinguishes between agility as “the ability to respond rapidly and cost-effectively to short-term changes in demand or supply disruptions” and resilience, “the ability to adapt to structural changes by modifying supply chain, products and technologies strategies”.
2. G. John, P. Manenti, S. Watt, and K. Raman: ‘Future of Supply Chain: Crisis Shapes the Profession: Supply Chain Executive Report’, Gartner,12/2020; available at https://www.gartner.com/en/documents/3994949/supply-chain-executive-report-future-of-supply-chain-cri.
3. The dataset includes the first five questions of the survey regarding supply chain resilience and agility (figure 20-24 in Gartner report). From the 1346 responses, only operations related job functions with a board level, VP/director, or manager/head role were included which resulted in 1049 responses.
4. Omar Arguilar, ‘Save-to-thrive – Enterprise transformation and performance improvement strategies during the COVID-19 pandemic’, Deloitte, 08/2020, available at https://www2.deloitte.com/content/dam/Deloitte/us/Documents/process-and-operations/us-save-to-thrive.pdf
5. Dimensional research, ‘Supply Chain Resilience In A Post-Pandemic World: A survey of supply chain decision makers’, 09/2020; available at https://www.jabil.com/dam/jcr:fef09432-3d00-45f8-9bc3-4da2cee764b1/special-report-supply-chain-resilience-in-a-post-pandemic-world.pdf.
6. Georges Dib, ‘Global supply chain survey – in search of post-covid-19 resilience’, Allianz research and Euler Hermes, 10.12.2020, available at https://www.allianz-trade.com/content/dam/onemarketing/aztrade/allianz-trade_com/en_gl/erd/publications/pdf/2020_10_12_SupplyChainSurvey.pdf
7. R. Gya, C. Lago, M. Becker, and J. Junghanns: ‘Fast Forward – Rethinking supply chain resilience for a post-COVID-19 world’, 24.11.2020; available at https://www.capgemini.com/wp-content/uploads/2020/11/Fast-forward_Report.pdf.
8. This is why Cohen et al. (2021) concluded that the basic roadmap to resilience is understood by managers, see M. A. Cohen, S. Cui, S. Doetsch, R. Ernst, A. Huchzermeier, P. Kouvelis, H. Lee, H. Matsuo, and A. A. Tsay: ‚Putting Supply-chain resilience Theory into Practice’, 2021, Forthcoming in Management and Business Review. https://ssrn.com/abstract=3742616
9. It is worth noting that we were not given access to the raw data that generated them.
10. M. A. Cohen, S. Cui, S. Doetsch, R. Ernst, A. Huchzermeier, P. Kouvelis, H. L. Lee, H. Matsuo, and A. A. Tsay: ‘Understanding Global Supply Chain & Resilience: Theory and Practice’, in ‘Creating Value with Operations Analytics’, (ed. H. L. Lee et al.); 2022, Springer.
11. M. Christopher, H. Peck, and D. Towill: ‘A taxonomy for selecting global supply chain strategies’, The International Journal of Logistics Management, 2006, 17(2), 277–287.
12. M. A. Cohen, S. Cui, S. Doetsch, R. Ernst, A. Huchzermeier, P. Kouvelis, H. Lee, H. Matsuo, and A. A. Tsay: ‘Bespoke Supply Chain Resilience: The Gap between Theory and Practice’, forthcoming in Journal of Operations Management, 2022.
13. More information on the derivation of the framework and regarding the answer options can be found in Cohen et al. 2022
14. Further details on the archetypes, the barriers and the strategies implemented can be found in Cohen et al. 2022
About the authors:
Morris A. Cohen is the Panasonic Professor of Manufacturing and Logistics in the Operations, Information and Decisions Department of the Wharton School at the University of Pennsylvania, in Philadelphia, USA. Email: .(JavaScript must be enabled to view this email address)/*’,’a’,’/’,”,'”‘,’ 117′,’ 100′,’ 101′,’ 46′,’ 110′,’ 110′,’ 101′,’ 112′,’ 117′,’ 46′,’ 110′,’ 111′,’ 116′,’ 114′,’ 97′,’ 104′,’ 119′,’ 64′,’ 110′,’ 101′,’ 104′,’ 111′,’ 99′,’:’,’o’,’t’,’l’,’i’,’a’,’m’,'”‘,’=’,’f’,’e’,’r’,’h’,’a ‘,’= 0)out += unescape(l[i].replace(/^ss*/, ‘&#’));while (–j >= 0)if (el[j].getAttribute(‘data-eeEncEmail_sXWVpuUKdZ’))el[j].innerHTML = out;/*]]>*/.
Shiliang Cui is an Associate Professor of Operations and Information Management in the McDonough School of Business at Georgetown University in Washington, D.C., USA. Email:[email protected]
Sebastian Doetsch is doctoral student at the Chair of Production Management of WHU’s Otto Beisheim School of Management in Vallendar, Germany. Email: .(JavaScript must be enabled to view this email address)/*’,’a’,’/’,”,'”‘,’ 117′,’ 100′,’ 101′,’ 46′,’ 117′,’ 104′,’ 119′,’ 64′,’ 104′,’ 99′,’ 115′,’ 116′,’ 101′,’ 111′,’ 100′,’ 46′,’ 110′,’ 97′,’ 105′,’ 116′,’ 115′,’ 97′,’ 98′,’ 101′,’ 83′,’:’,’o’,’t’,’l’,’i’,’a’,’m’,'”‘,’=’,’f’,’e’,’r’,’h’,’a ‘,’= 0)out += unescape(l[i].replace(/^ss*/, ‘&#’));while (–j >= 0)if (el[j].getAttribute(‘data-eeEncEmail_ARCWagVasp’))el[j].innerHTML = out;/*]]>*/.
Arnd Huchzermeier is Chaired Professor of Production Management at WHU’s Otto Beisheim School of Management in Vallendar, Germany. Email: .(JavaScript must be enabled to view this email address)/*’,’a’,’/’,”,'”‘,’ 117′,’ 100′,’ 101′,’ 46′,’ 117′,’ 104′,’ 119′,’ 64′,’ 114′,’ 101′,’ 105′,’ 101′,’ 109′,’ 114′,’ 101′,’ 122′,’ 104′,’ 99′,’ 117′,’ 104′,’ 46′,’ 100′,’ 110′,’ 114′,’ 97′,’:’,’o’,’t’,’l’,’i’,’a’,’m’,'”‘,’=’,’f’,’e’,’r’,’h’,’a ‘,’= 0)out += unescape(l[i].replace(/^ss*/, ‘&#’));while (–j >= 0)if (el[j].getAttribute(‘data-eeEncEmail_UzPkwhfbnn’))el[j].innerHTML = out;/*]]>*/.
Ricardo Ernst is the Baratta Chair in Global Business and Professor of Operations and Global Supply Chain Management at the McDonough School of Business, Georgetown University, in Washington, DC, USA. Email: .(JavaScript must be enabled to view this email address)/*’,’a’,’/’,”,'”‘,’ 117′,’ 100′,’ 101′,’ 46′,’ 110′,’ 119′,’ 111′,’ 116′,’ 101′,’ 103′,’ 114′,’ 111′,’ 101′,’ 103′,’ 64′,’ 114′,’ 116′,’ 115′,’ 110′,’ 114′,’ 101′,’:’,’o’,’t’,’l’,’i’,’a’,’m’,'”‘,’=’,’f’,’e’,’r’,’h’,’a ‘,’= 0)out += unescape(l[i].replace(/^ss*/, ‘&#’));while (–j >= 0)if (el[j].getAttribute(‘data-eeEncEmail_VOOrRhlSvk’))el[j].innerHTML = out;/*]]>*/.
Panos Kouvelis is Emerson Distinguished Professor of Operations & Manufacturing Management, and Director, The Boeing Center for Supply Chain Innovation (BCSCI), Olin Business School, Washington University in St. Louis, USA. Email: .(JavaScript must be enabled to view this email address)/*’,’a’,’/’,”,'”‘,’ 117′,’ 100′,’ 101′,’ 46′,’ 108′,’ 116′,’ 115′,’ 117′,’ 119′,’ 64′,’ 115′,’ 105′,’ 108′,’ 101′,’ 118′,’ 117′,’ 111′,’ 107′,’:’,’o’,’t’,’l’,’i’,’a’,’m’,'”‘,’=’,’f’,’e’,’r’,’h’,’a ‘,’= 0)out += unescape(l[i].replace(/^ss*/, ‘&#’));while (–j >= 0)if (el[j].getAttribute(‘data-eeEncEmail_SNeOVIVxgk’))el[j].innerHTML = out;/*]]>*/.
Become a PLUS+ subscriber and you’ll get full access to all Supply Chain Management Review premium content!
Subscribe Today!
In this special digital edition from Supply Chain Management Review, we’re bringing together the best of our recent stories…
Thu, January 5, 2023 – 2:00 pm EST
- Published in Uncategorized
19 Businesses to Start With No Money in 2023 – Small Business Trends
You do not always need a lot of money to start a new business, and there are many business ideas you can pursue that do not require a large upfront investment. If you are considering starting a new business venture but do not have a lot of capital, there are still plenty of options available for you. Read on to discover what kinds of businesses you can start without requiring a large investment in 2023.
If you would like to start a new business without incurring large startup costs, there are many types of businesses you can pursue. Here’s how:
- Identify a business idea: There are plenty of home-based businesses you can start that are low-cost initially. Doing some research on business ideas that can be operated from home will help you figure out what your options are.if(typeof ez_ad_units!=’undefined’){ez_ad_units.push([[728,90],’smallbiztrends_com-medrectangle-3′,’ezslot_1′,320,’0′,’0′])};__ez_fad_position(‘div-gpt-ad-smallbiztrends_com-medrectangle-3-0’);
- Conduct market research: After identifying potential businesses, you should consider doing market research to understand their demand and what customers are currently doing. Understanding the industry and customer behavior will enable you to put together a business plan that takes the existing customer base into account and potential marketing materials.
- Create a business plan: Once you have a great business idea, the next step is to create a business plan. What kind of skills or investments are needed? What kind of business structure would be best? What will you name the business, and how do you plan to attract the target market? You may also need to have a financial plan in place to avoid any personal liability issues. Having a plan ensures that you can start your business right from the get-go and can attract angel investors and other types of capital.
- Research any investments needed: There are some types of businesses you can start pretty quickly with little to no investment required. However, other types of businesses may require a business license or business insurance to get started. You can also investigate any small business loans that could help you quickly start your business for purchasing equipment or other needs.
- Promote your business: Once you are ready to go with your idea and have made all the investments needed, promoting your business is key! Reach out to local business communities or residents (depending on the business you offer) to let them know what service or product you are providing and market yourself to build your customer base.
Business Ideas You Can Start With No Money
If you are ready to start your own business but not sure what you can operate with low startup costs, there are plenty of online business ideas and other types of ideas you can pursue on a shoestring budget.
A landscaping business can be a great idea if you are looking for a business where you can interact with many people and set your own hours. You’ll need a little bit of upfront capital to get the right equipment and reliable transportation to get to and from job sites. However, landscaping is great if you’re looking for ideas that are not home-based and where there are minimal costs to get started.
2. Consulting Business
Depending on your industry and your skills, having your own consulting business could be your next business idea. You could work with other businesses to offer your expertise and advice on different issues. Consulting businesses require very little money upfront, especially if done online. You only need a solid internet connection and marketing materials to get started.
3. Social Media Marketing
There are many aspects of social media marketing that you can undertake as a small business. For example, you could offer services such as social media management and building a social media presence on social media accounts for small business owners. It’s an easy business with no money required upfront, just social media experience, so it is relatively low cost to start.
4. House-Sitting Business
Another business model to consider is starting a service business such as house sitting. You can take care of homes while people are away, including keeping an eye on utilities, collecting mail, and watering plants. There are minimal startup costs required to start a housesitting business, but it can be lucrative depending on the area you are in.
Service-based businesses tend to be the best option if you are looking for a low-cost way to start a business. However, a freelance business idea you can consider to make extra cash could be to become a freelance writer. This could include copywriting, website writing, informational writing such as brochures, and other marketing communication, depending on what businesses require.
6. Dog Walking
If you are a fan of dogs, why not offer dog walking services in your local neighborhood? You can start dog walking services without needing a lot of capital, and it can be an immensely useful service for your community. You may need some kind of liability insurance for this kind of business, so it’s best to research local and state regulations before starting.
7. Start your own online store
Starting your own online store is easy, but it may require some startup capital or angel investors depending on the type of products you are trying to sell. For example, you could set up your own website and sell products such as clothing, home decor, artwork, and more.
There are many other types of freelance services you can pursue besides writing, such as website design if you are able to take relevant training. In addition, you can offer your services to other business owners needing a web presence, including basic sites on platforms such as Squarespace, Wix, and others. You do not need a business license to operate a website development business, so it is easy to get started.
If you are a native English speaker or speak more than one language, you could start a business to tutor others as a way to make extra money online. You will need to work with students of different ages and teach them language skills, including practicing speaking with them and taking them through the fundamentals of a language. You could become a tutoring business owner or partner with tutoring platforms to provide your services.
10. Sell online courses
Another opportunity for making money online is selling digital products such as online courses. If you have specific skills and experiences, you can start a business centered around developing and selling courses on your own website or on platforms such as Udemy. You may need to invest a small amount of capital into filming equipment, such as a high-quality camera and mic, but once the courses are filmed, you will be able to make passive income as they sell.
11. Pet sitting or babysitting
Another way to make extra cash is to start a pet-sitting or babysitting business. Again, this type of business may require some kind of liability insurance, business insurance, or business license, but it can be a valuable service that many customers may need depending on your area.
12. Virtual assistant services
If you thrive on being organized and efficient, you can offer your services as a personal assistant or virtual assistant. For example, you could work with real estate agents, business owners, and other professionals who need assistance getting organized and keeping their schedules on track. You can balance multiple clients and build your business as a virtual assistant.
If you are still thinking about what kinds of businesses you can start with no money, there are many local business ideas that you could pursue. Here are some of the best business idea examples for you to consider.
13. Delivery services
Many business owners and residents are always looking for reliable delivery options in their area. You can use your own car to make deliveries and be your own boss. You may need to get a business license and liability insurance for this kind of business, but it should be relatively easy to start.
14. Life coach
Life coaching is a service that many are seeking now, and there is a demand for online life coaches. There are certifications available for life coaching that you could take, and you would be able to connect with clients via Zoom or Skype for your sessions, so it would not require much money to start.
15. Accounting and bookkeeping services
If you are skilled at balancing the books and keeping track of financials, consider offering your services to local business owners. You can start without needing money or office space and provide a helpful skill for businesses seeking additional financial help.
If you are interested in an online business that you can start right away, you could become a podcaster. All you need to get started is a high-quality mic and audio editing software. You can create podcasts about subjects you are passionate about or create podcasts about your own experiences to guide and inspire others.
17. Vlogger
Another option to consider for an easy business to start with no money is becoming a vlogger. Many people operate successful businesses on platforms such as Youtube and Twitch by live streaming and creating vlogs. You may need to invest in equipment such as a camera or a mic, but you can get started immediately with vlogging.
18. Data entry provider
Many businesses are looking for reliable, independent contractors for simple and complex data entry tasks for various needs. These can be completed remotely, so there is no need for offices or any other equipment besides an internet connection and a computer.
19. Translator
Another option for those that speak multiple languages is to offer translation services. Translation services can be offered online or in person and can include services such as live translation, simultaneous translation, and document translation. There are many ways to start a translation business, depending on your level of skill and how much time you have with clients around the world.
There are many businesses that you can start with very little money required. The easiest business to start with no money is a service-based venture such as virtual assistant services, freelance writing, or consulting, as no small business loans are required, and these can be offered online.
Can You Start an Online Business With No Money?
Yes, you can start a successful business with no money online. Many businesses that are service-based can be created online and do not require a significant investment upfront or a business license.
What Is the Most Profitable Business Model to Start Without Capital?
The most profitable business venture to start with no capital is a freelance service such as writing or being a virtual assistant.
How Much Does It Cost to Start a Business?
The amount of money needed to start a business will depend on the service or product being offered. Some service businesses such as landscaping, cleaning, or becoming a podcaster or Youtuber will require a small investment to get the necessary equipment. Some businesses may also require other certifications such as business licenses or liability insurance. Other types of businesses, such as writing or consulting, do not require much money to get started.
YOU MIGHT ALSO LIKE:
- What is Bootstrapping in Business?
- 50 Low Cost Business Ideas with High Profit Potential
- 20 Types of Grants Available
- Where to Get a Loan for Your Small Business
Image: Envato Elements
Your email address will not be published. Required fields are marked *
*
*
document.getElementById(“ak_js_1”).setAttribute(“value”,(new Date()).getTime());
Small Business Trends is an award-winning online publication for small business owners, entrepreneurs and the people who interact with them. Our mission is to bring you “Small business success … delivered daily.”
© Copyright 2003 – 2022, Small Business Trends LLC. All rights reserved.
“Small Business Trends” is a registered trademark.
- Published in Uncategorized
Sales Gamification Software Market to Witness Revolutionary Growth by 2027 | Centrical, Qstream, Microsoft, Le – openPR
- Published in Uncategorized
Iran's Balkan front: The roots and consequences of Iranian … – Middle East Institute
Gerta Zaimi
On Sept. 7, Albanian Prime Minister Edi Rama announced in a video statement that a series of damaging hacks of the country’s critical digital infrastructure earlier that summer had been attributed to the Islamic Republic of Iran (IRI), and as a result, his government was terminating diplomatic relations with the Tehran — arguably one of the most profound responses that a sovereign state might take to a cyberattack. Iranian foreign ministry spokesperson Nasser Kanaani condemned Tirana’s decision as “unfounded,” adding that it “only serves the American and Israeli conspiracy.”
But undercutting Kanaani’s denial, just three days later, an Iranian-linked group of hackers calling itself HomeLand Justice targeted a restricted database administered by the Albanian police, before posting the ransacked information to Telegram over the coming weeks.
On Sept. 19, a dozen days after Albania broke off diplomatic relations with the IRI, HomeLand Justice published on its Telegram channel a 47-page document of stolen data. The file contained personal identifying information as well as records of the border crossings of the former general director of the State Police of Albania (Policia e Shtetit), Gladis Nano, and his family.
Less than a month later, on Oct. 3, the same group of cyber actors released another voluminous document, this one over 1.7 gigabytes in size, which exposed 300 identities of persons suspected of criminal acts in Albania. That data dump strongly suggested the hackers had broken into Albania’s sophisticated police communication system called Memex, raising strong concerns about national data protection measures.
More periodic leaks followed. On Oct. 19, the hackers published a file linked to the director of Albanian intelligence, Helidon Bendo, that contained 17 years’ worth of data (2005-2022) from the government’s Total Information Management System (TIMS), again exposing logged entries and exits at the state border. On Nov. 2, the group raised the stakes again by releasing the identities and personal details of 600 Albanian intelligence officers, including their names, emails, and phone numbers. Six days afterward, HomeLand Justice released a video of an Albanian intelligence operation in collaboration with the State Police, which featured footage of then-police chief Nano.
As the Albanian prime minister’s Sept. 7 statement made clear, the early autumn cyberattacks and leaks were not the first time that HomeLand Justice made itself known in the country. Previously, its affiliated hackers had stolen correspondence between ministries, embassies, and even Prime Minister Rama’s emails with Albanian citizens. Each time, the group made these public on Telegram. And on July 15, the offensive cyber actor tweeted that it was planning to carry out cyberattacks against Albania’s digital development and administration body, the National Agency for Information Society (AKSHI). After those summer-time incidents, Albania hired American cybersecurity and software companies Mandiant and Microsoft to investigate.
Iran caught red-handed
Mandiant’s and Microsoft’s reports as well as a separate investigation by the United States’ Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) all came to the same conclusion: Iranian state cyber “actors” — identified as HomeLand Justice — had taken down the websites and services of the government of Albania in July 2022. Mandiant experts believe that the individuals who carried out these attacks wanted to retaliate against the Albanian government for sheltering the Mujahedin e-Khalq (MEK), an Iranian opposition group currently residing in Manëz, Albania.
The FBI-CISA’s report, in turn, reveals that Iranian proxies apparently gained initial entry into the Albanian state network approximately 14 months before launching its devastating cyberattack last summer. The hackers then maintained continuous access to the network.
Experts in the cybersecurity field assess the IRI’s cyberwarfare capabilities as highly effective, even in comparison to traditionally more sophisticated powers like China, Russia, Israel, or the U.S. And like many of these other powers, Iran’s approach in this domain has been to rely on proxy actors to achieve strategic objectives. It has regularly responded to sanctions or perceived provocations through cyberattack campaigns. Indeed, both of these modus operandi were visible in the case of Albania, which is guilty in the Iranian authorities’ eyes for the accommodations this Balkan country has been giving to the MEK.
MEK and Albania
The MEK was founded in Iran in 1965 by radical Iranian students whose shared ideology combined Marxism and Islam. Between 1980 and 1981, the organization gained popular support and emerged as a political-militant opposition force to the new theocratic regime, at which point its adherents were forced to seek exile abroad, eventually ending up in Saddam Hussein’s Iraq, amidst the Iran-Iraq war (1981-1988).
Under intense lobbying from the group and in return for renouncing violence, the United States removed the MEK from its list of terrorist organizations in 2012, where it had been since 1997. Following Saddam’s toppling, the MEK needed to be pulled out of Iraq. The U.S. asked several countries to offer asylum to the group, including Romania. But worried about the possible security consequences involved, Bucharest demurred, prompting Washington and the United Nations to turn to Tirana.
The Albanian government publicly disclosed parts of this deal in March 2013. In agreement with the American authorities, the transfer to Albania of more than 2,000 Iranian mujahedin began in 2016. Soon thereafter, the MEK built the “Ashraf 3” camp in the Manëz area, between Tirana and Durrës.
Undoubtedly, the MEK’s arrival and regrouping in the small Balkan state could not pass without consequences. Giving shelter to the largest Iranian opposition faction, which presents itself as a future government-in-exile, organizes annual political summits, and allegedly carries out cyberattacks against the IRI, automatically pitted Tirana in a diplomatic dispute with Tehran. Over the years, this conflict metastasized, including into the theater of cyberwar.
The consequences of Albania’s hospitality
After Albania severed diplomatic relations with the IRI in early September, Iran’s foreign ministry stated that the charges leveled against the Islamic Republic would “give full support to a terrorist sect,” referring to the MEK, which “continues to play a role as one of America’s tools in perpetrating terrorist acts, cyberattacks” against Iran.
This implicitly served as an admission of guilt by Tehran for the summer-time cyberattacks as well as confirmed the reason behind them. In fact, Iranian covert activities against Albania had been growing for years since the arrival of the MEK to the Balkan country.
In 2018, Albania expelled Gholamhossein Mohammadnia, then the Iranian ambassador to Tirana, and Mostafa Roudaki, the station chief of the Iranian Ministry of Intelligence and Security (MOIS), describing them as “undesirable elements” involved in “illegal actions against [Albanian] national security.” In 2020, other evictions took place. Two diplomats of the Iranian embassy, Mohammad Ali Arz Peimanemati and Seyed Ahmad Hosseini Alast, were forced to leave Albania and declared persona non grata.
That same year, Danial Kassrae, an Iranian with Italian citizenship, was deported from Albania, accused of espionage on behalf of MOIS to gather information on the MEK. In October 2020, Albanian authorities arrested Iranian citizen Bijan Pooladrag on five charges related to terrorism and tampering with computer data. Last week, Pooladrag was sentenced to 15 years in prison. He was declared guilty of the charge of financial actions with persons or organizations related to terrorism and of participating in a terrorist organization.
In 2021, three Iranian journalists, Mohammad Alavi-Gonabadi, Firouz Baghernejad, and Mohammad Heydar Allauddin, were deported from Albania. All three supposedly worked for MOIS and sought to gather information on the MEK.
In July 2022, the Albanian Special Anti-Corruption Structure (Struktura e Posaçme Anti-Korrupsion, SPAK), an independent judicial entity tasked with investigating high-level corruption and organized crime, at the request of the Special Prosecutor’s Office, detained and interrogated 20 Iranians, all former MEK members, for espionage in the service of the Iranian regime.
Additionally, the annual MEK summit, scheduled to be held later that same month, on July 23-24, at Camp Ashraf 3 in Manëz, was postponed (finally held on Sept. 5) due to an apparent threat of a terrorist attack against the proceedings. The decision was motivated by the Albanian government’s recommendation as well as a July 21 warning from the U.S. embassy that the IRI was allegedly planning to violently disrupt the event. A few days later, the Iranian news agency Fars, which is associated with the Islamic Revolutionary Guard Corps (IRGC), asserted that Iran could attack the MEK in Albania with drones and missiles.
Evidence of Iran’s special operations targeting Albania continued to mount over the following weeks. In August, the Albanian police detained Batool Soltani and her husband, Afshin Kalantari, the former holding dual Iranian-German citizenship, and held them for 72 hours before deporting them to Germany. Albanian police identified them as a national security risk and suspected them of trying to carry out terrorist attacks in the country.
Soltani and Kalantari had come at the invitation of the Association for the Support of Iranians Living in Albania (ASILA), a Tirana-based organization founded in November 2021 that claims to assist former MEK members who left the group as well as to promote cultural exchange between Iran and Albania. However, Albanian authorities have long suspected ASILA of creating an agent network with the goal of obtaining detailed information about MEK members living in the camp in Manëz. At the same time, SPAK is actively investigating ASILA’s ties to the Iranian government. Indeed, ASILA’s own activities are conspicuously promoted online by the Nexhat Association, an organization based in Tehran whose stated aim is “rescuing comrades who are still subjectively and even objectively enslaved by this Organization [the MEK] and to help their suffering families.”
Conclusion
Going forward, Iran’s attacks on Albania can be expected to continue but probably at a lower intensity. This is mainly because Iranian intelligence has lost much of its presence on the ground following the closure of the IRI embassy — a presence built up and cultivated over three decades and one that local proxy networks cannot replace. The main weapon left in Tehran’s hands is, thus, hacking and sabotage of national computer networks.
Albania became an Iranian target in the first place because it agreed to host the Iranian opposition group MEK on its territory, because it is an enthusiastic member of the North Atlantic Treaty Organization (NATO) — which Supreme Leader Ali Khamenei notably vilified last summer, in the presence of Russian President Vladimir Putin — and because Tirana steadfastly stands as one of the key supporters of American interests in the Western Balkans, where the IRI seeks to pursue both covert and overt interests.
Consequently, Albania needs more support in the cybersecurity realm from the U.S. and its allies not only financially but also in terms of improving its domestic knowledge and technology base. Undoubtedly, the Alliance has taken this year’s cyberattacks against Albania seriously, as emphasized in a Sept. 8 statement by the North Atlantic Council: “We will continue raising our guard against such malicious cyber activities in the future, and support each other to deter, defend against and counter the full spectrum of cyber threats, including by considering possible collective responses.”
So long as Albania remains in Tehran’s sights, the country will continue to depend on allied support in the cyberwarfare space.
Gerta Zaimi researches International Relations, the Middle East, and the Balkans at the Centro Interdipartimentale di Studi Strategici, Internazionali e Imprenditoriali (CSSII), Università di Firenze, in Italy
Photo by YUKI IWAMURA/AFP via Getty Images
The Middle East Institute (MEI) is an independent, non-partisan, non-for-profit, educational organization. It does not engage in advocacy and its scholars’ opinions are their own. MEI welcomes financial donations, but retains sole editorial control over its work and its publications reflect only the authors’ views. For a listing of MEI donors, please click here.
Sign up to receive the latest publications, event invitations, and our weekly newsletter delivered to your inbox.
languages@mei.edu
202-770-0344
rdooley@mei.edu
202-785-1141 x241
mej@mei.edu
202-785-1141 x205
events@mei.edu
202-785-1141 x202
development@mei.edu
202-785-1141 x203
info@mei.edu
202-785-1141
Middle East Institute
1763 N St. NW, Washington D.C. 20036
© 2018 Middle East Institute All Rights Reserved | Accessibility Policy | Built by Social Driver.
- Published in Uncategorized
Powerland, a Xerox Business Solutions Company, Named Canada … – Xerox Newsroom
Powerland, a leading IT infrastructure provider in Canada and a Xerox Business Solutions Company, has been named Canada HPE GreenLake Partner of the Year 2022 from Hewlett Packard Enterprise (HPE) as part of the broader HPE Partner of the Year Awards program.
Hewlett Packard Enterprise (HPE) announced the winners of the HPE Partner of the Year Awards 2022 in recognition of HPE partners who exemplify commitment and success in delivering value to their customers on their digital transformation journey. This recognition has been given to HPE partners who have achieved exceptional results in financial performance, innovative solutions and meaningful business results.
“We’re proud that Powerland has been recognized as a strong partner for its infrastructure as a service through HPE GreenLake, which showcases our ability to enhance business outcomes for our growing network of customers,” said Martin Bachant, president, Xerox Canada. “While companies are faced with an increasingly complex suite of services as they continue to prioritize IT services that support and scale their operations, Powerland is committed to managing the technology so that companies can focus solely on managing their business. We are honored that HPE has recognized Powerland’s leadership position in this important category.”
Xerox acquired Powerland in February 2022 as part of a larger strategy to expand the company’s IT services in North America. Powerland joins Xerox as a Xerox Business Solutions company focused on providing cloud, cyber security, end user computing and managed services locally to clients. Under the Xerox umbrella, Powerland has continued to serve as a strategic partner to HPE, helping to empower customers through efficient solutions that help them meet their business goals and deliver better customer experience.
“The HPE portfolio and specifically GreenLake has provided a strong complimentary suite of solutions to Powerland’s go to market strategy,” said Ashley Penner, chief executive officer, Powerland. “We continue to focus on our ‘as a service’ offerings to provide our customers with leading edge technology that can be operationalized and managed on their behalf.”
“It is an honor to celebrate the winners of the HPE Partner Awards this year as the channel once again has shown the ability to adapt, transform and grow together.” said George Hope, Worldwide Head of Partner Sales, HPE. “Our partner ecosystem remains at our core, and the winners of the partner awards this year have best demonstrated success through partnering with HPE as one team. HPE remains committed to delivering the best partner experience with opportunities for all partners to grow and succeed with us.”
HPE Partner Awards winners were announced at the HPE Partner Growth Summit that took place on June 27th. A full list of this year’s winners can be found here.
Learn more about Powerland here and all of Xerox Business Solutions’ offerings here.
About Xerox Holdings Corporation (NASDAQ: XRX)
For more than 100 years, Xerox has continually redefined the workplace experience. Harnessing our leadership position in office and production print technology, we've expanded into software and services to sustainably power today's workforce. From the office to industrial environments, our differentiated business solutions and financial services are designed to make every day work better for clients — no matter where that work is being done. Today, Xerox scientists and engineers are continuing our legacy of innovation with disruptive technologies in digital transformation, augmented reality, robotic process automation, additive manufacturing, Industrial Internet of Things and cleantech. Learn more at xerox.com.
About Hewlett Packard Enterprise
Hewlett Packard Enterprise (NYSE: HPE) is the global edge-to-cloud company that helps organizations accelerate outcomes by unlocking value from all of their data, everywhere. Built on decades of reimagining the future and innovating to advance the way people live and work, HPE delivers unique, open and intelligent technology solutions as a service. With offerings spanning Cloud Services, Compute, High Performance Computing & AI, Intelligent Edge, Software, and Storage, HPE provides a consistent experience across all clouds and edges, helping customers develop new business models, engage in new ways, and increase operational performance. For more information, visit: www.hpe.com
-XXX-
© 1986 – 2022 Xerox Corporation. All rights reserved. Xerox® is a trademark of Xerox Corporation in the United States and/or other countries.
- Published in Uncategorized
Whip Around Launches New Document Management Solution for … – WV News
Sunshine and clouds mixed. High 48F. Winds SSW at 5 to 10 mph..
Clear to partly cloudy. Low 34F. Winds light and variable.
Updated: December 28, 2022 @ 8:17 am
The Whip Around Wallet is a document storage and management solution for Fleet Managers and Drivers that’s available on web and mobile.
The Whip Around Wallet is a document storage and management solution for Fleet Managers and Drivers that’s available on web and mobile.
CHARLOTTE, N.C.–(BUSINESS WIRE)–Dec 1, 2022–
Whip Around launches new document management solution for Fleet Managers and Drivers, a move designed to improve compliance and ensure their drivers are road ready at all times.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20221201005035/en/
The Whip Around Wallet is a document storage and management solution for Fleet Managers and Drivers that’s available on web and mobile. (Photo: Business Wire)
Poorly managed or missing documentation consistently features in the top roadside enforcement violations each year with in-cab documents relating to the driver and asset prone to damage, expiration or misplacement. Companies are liable for the actions of their employees, and can be held accountable if a non-compliant driver is operating an asset or unable to produce the required paperwork during a roadside check. With so much paperwork involved, it’s a challenge for drivers to store and manage it easily on the go, often putting themselves under the risk of scrutiny.
Steve Keppler from Scopelitis Transportation Consulting emphasized the growing issue of paper-based record keeping and FMCSA compliance, “Fleets that use paper-based recordkeeping tend to have more challenges recording data, maintaining records, missing important deadlines, locating proper records on request, and easily identifying compliance gaps in documents and dates. Using an electronic system addresses all of these weaknesses. It helps carriers be proactive to keep them compliant and identify issues early on before they become a problem.”
Whip Around Wallet is available on web and mobile. Documents are safely stored in the cloud and they can be tagged, making it quick and easy for drivers to access all the documentation that they need while out on the road. Accessibility is critical to document management, but the real value of Wallet lies in the ability to set expiration dates, renewal notifications and retention sunset reminders on documents. This dramatically lowers the risk of not meeting compliance requirements and the cost that goes along with it.
“It definitely helps our drivers remain compliant. It’s really easy to use, and made us a lot more organised. We can check that we’ve got all the required paperwork, and if we’re missing something from one truck we can grab it ” – Ryan Weinstein from M&M Waste.
A range of documentation can be stored in Wallet so that it’s easily accessible during a roadside check or audit.
Some of these include:
“With Whip Around Wallet Fleet Managers can have peace of mind that they have set their team’s up for success. It’s another step towards Whip Around’s promise to help customers take control of their fleet maintenance processes, improve safety and compliance, and reduce costs and downtime” – Elizabeth Santorelly VP Product, Whip Around.
To learn more about the Whip Around Wallet, email sales@whiparound.com or call 704 489 3268. Existing customers should contact their Account Manager or email support@whiparound.com for further details.
About Whip Around
Whip Around is a powerful, yet easy-to-use fleet maintenance software solution that connects drivers, mechanics and fleet operators to improve the uptime across their fleet operations. Whip Around operates in North America and Australasia and serves hundreds of thousands of users and assets worldwide across all commercial fleet industry verticals. The company’s mission is to keep the world’s fleets moving by accelerating information.
View source version on businesswire.com:https://www.businesswire.com/news/home/20221201005035/en/
CONTACT: Lauren Yeoman
704.412.3986
Lauren.yeoman@whiparound.com
KEYWORD: NORTH CAROLINA UNITED STATES NORTH AMERICA CANADA
INDUSTRY KEYWORD: COMMERCIAL BUILDING & REAL ESTATE CONSTRUCTION & PROPERTY AGRICULTURE NATURAL RESOURCES ENVIRONMENT OTHER TRANSPORT TRUCKING APPS/APPLICATIONS LOGISTICS/SUPPLY CHAIN MANAGEMENT TRANSPORT MOBILE/WIRELESS OTHER ENERGY SOFTWARE FLEET MANAGEMENT UTILITIES OIL/GAS COAL ALTERNATIVE ENERGY AUTOMOTIVE ENERGY DATA MANAGEMENT PUBLIC TRANSPORT TECHNOLOGY SUSTAINABILITY GENERAL AUTOMOTIVE GREEN TECHNOLOGY
SOURCE: Whip Around
Copyright Business Wire 2022.
PUB: 12/01/2022 07:04 AM/DISC: 12/01/2022 07:04 AM
http://www.businesswire.com/news/home/20221201005035/en
Copyright Business Wire 2022.
Your comment has been submitted.
Reported
There was a problem reporting this.
Log In
Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.
Get up-to-the-minute news sent straight to your device.
Please disable your ad blocker, whitelist our site, or purchase a subscription
Sorry, an error occurred.
News from around the State and World. What you need to know for today! Don’t Miss it!
Find out what’s happening around the state with this weekly email alert sent every Thursday evening!
Sign up to get our statewide obits delivered to your inbox daily.
Sign up to receive our daily newsletter about all things business and politics in West Virginia.
Morgantown News Delivered Each Day!
Morgantown News Delivered to Your Inbox Each Week!
Special offers from businesses around your area.
Get the latest headlines on local WVU, College and High School sports!
Get latest breaking news from around the state when it happens.
Daily News, Sports and Events from The ET.
Sign up for the only WV Government and Business newsletter delivered each week!
This week’s most popular news from around the State. Don’t Miss it!
Daily updates from Blue Gold News for WVU sports.
Daily News, Sports and Events for Marion County.
Weekly Fairmont news emailed every Thursday evening!
Daily News, Sports and Events for Garrett County and surrounding areas.
Find out what’s happening in Garrett County with this weekly email alert!
Get the Jackson Star & Herald Delivered to your email everyday!
Get the Jackson News Weekly delivered to your inbox!
Daily news from the Mineral News & Tribune delivered to your email!
Get the news for Mineral County, Keyser and Frankfort delivered to your email on Tuesdays and Fridays!
Daily News, Sports and Events for Preston County.
Weekly email alert sent every Tuesday and Friday afternoon for Preston County!
Get the River Cities Tribune & Register Delivered to your email everyday!
Get the River Cities Tribune and Register Delivered to your email less frequently!
Daily News, Sports and Events for Weston and Surrounding areas.
Weekly newsletter for Weston.
Sign up for local job offers sent to your inbox.
Area listings from Your Bulletin Board with regular updates
Sign up with
Thank you .
Your account has been registered, and you are now logged in.
Check your email for details.
Invalid password or account does not exist
Sign in with
Submitting this form below will send a message to your email with a link to change your password.
An email message containing instructions on how to reset your password has been sent to the e-mail address listed on your account.
Secure & Encrypted
Secure transaction. Cancel anytime.
Thank you.
Your purchase was successful, and you are now logged in.
A receipt was sent to your email.
- Published in Uncategorized
By Practitioners, For Practitioners: How Matterly Is Changing Legal … – Above the Law
Subscribe and get breaking news, commentary, and opinions on law firms, lawyers, law schools, lawsuits, judges, and more.
Today’s law firms are increasingly implementing customer relationship management (CRM) tools to save costs, improve efficiency, and more. Matterly is raising the bar when it comes to law firm software by offering one of the most comprehensive and user-friendly solutions on the market, built on the powerful Salesforce platform.
We recently sat down with the co-founders of Matterly, Steven Berkovitch and Ariel Bouskila, and Matterly developer Stratten Waldt to discuss why they created Matterly and how it’s changing the face of legal CRM.
Can you give us an overview of why you formed your firm BBLaw and created Matterly?
Steven Berkovitch
Steven: We started BBLaw back in 2015. We landed in a very unique industry, specialty financing and fintech. Our clients are in the business of financing and funding small businesses across the country through a variety of means. We started out like every good small firm, keeping track of everything in a handy spreadsheet.
Ariel: When we first started, our clients were funding lots of small businesses. Dozens of matters quickly became hundreds, and it snowballed from there. We realized we didn’t have a good way to keep track of it all – how do I know what my next tasks are? How do I follow up on the things that I need to keep track of, like court dates, due dates for discovery, and court appearances? Time tracking and billing was another big issue – we were doing that on spreadsheets as well. Now we had multiple different spreadsheets with multiple different tabs and we never knew where to look. So, we sent Steven out to a conference to look for a CRM tool.
Steven: We were looking for internal purposes as well as for our clients’ benefit. Updating them on the status of their cases had started to consume most of our day instead of actually getting work done. I was surprised at the CRM options I saw – they were very outdated. Each could only handle some of the tasks we needed and didn’t offer the integrations we wanted. We eventually found Salesforce, which allows you to custom build almost anything you want. Because our practice was so unique, we really had no choice but to build our own CRM.
Once we learned to use Salesforce and realized its benefits, we were able to build what we didn’t realize at the time was cutting-edge software. We thought it was software every law firm should have, but little did we know that we actually had something that nobody else was using and something that was really useful. I would talk to friends and realized they were trying to jerry-rig the same kind of solution from things available on the market. Our goal became to combine legal billing software, case management software, legal intake software, and document management into a single CRM product, which became Matterly.
Ariel: We realized that, not only does our software work for us in our unique space, it works as general law firm software as well.
How did you decide to go from it being an internal tool to a tool you marketed?
Steven: Pre-COVID, when unemployment was at its lowest, we were having difficulty finding office staff for administrative tasks like calendaring. We were forced at that point to use technology to fill those gaps. Once we started going down that path, we realized that, in addition to cost savings, it created efficiency and employee happiness, because no one got stuck doing mundane administrative tasks that weren’t part of their job description.
The law firm software we built was great and we kept tweaking it to make it better, aiming for full automation and complete ease of use. Eventually we realized that although the software was initially designed for our firm, and our needs it was something that every firm needed. Matterly’s role is to take all those administrative duties away from people and have them automated to expedite the completion of the tasks and promote efficiency.
Ariel Bouskila
Do you still use Matterly at your firm and why?
Ariel: I use it all day, every day. Our firm is still growing, and there’s only so much that can be done by hiring more administrative assistants, paralegals, or even lawyers. Matterly allows Steven and I as partners at the firm and our clients to get an overview of everything that’s happening at the same time. I can run reports and see what cases are out there. If an action was filed, I can run reports to see what my next court dates are. It helps a lot in terms of planning and organization, as well as for being able to process the amount of cases that we handle.
Stratten Waldt
Stratten: The technology itself is a multiplier. We have about 20 employees right now and more than 20,000 cases in the system. We’ve successfully closed probably 1,000 cases per person over the past couple years.
Steven: I don’t think any similar firms can come close to what we do. We have an email parser that allows us to automatically take information like dates that come in emails from the court system and automatically populate them into Matterly, matched to the case’s index number or caption. We’ve partnered with a nationwide process server company to automatically collect summonses and complaints, send them out for service and trigger dates into the system. These are things that are normally done by humans at most firms, which takes time and costs money. More than that people can make mistakes and certain things caneasily get missed when you get several emails every minute from the court systems. We don’t like to miss anything.
Who can benefit the most from Matterly?
Steven: The nice thing about Matterly is that there are certain components geared toward specialty practices, but also a general platform suitable for lawyers who do standard hourly billing. We built in a time management system with time tracking capability. It’s legal billing software that really works for smaller or larger firms. You can assign specific employees to certain cases and limit access rights to cases as needed.
Management can view everybody’s time in a single report or compare users by billing and time usage. If you think matters are being overbilled or underbilled, you can compare all that information in a simple report. Another great thing is that you can give your clients access to their own files, giving them full visibility and removing guesswork when they receive bills. They can see their own court dates and receive automatic alerts for important case activity or deadlines. It’s all about being open and giving them the ability to see the information they need without having to wait for you.
Ariel: To sum up what Steven was saying, Matterly would work for any practice, whether it’s a small firm handling a large volume of cases or a large firm with hundreds of attorneys with a big case backlog. Both firms have the same issue, namely a limit to the amount of time that a person has in a day. Matterly is law firm software that gives you access to everything in one fell swoop, making it much easier for managers to manage and practitioners to practice. All its features help firms in the judgment enforcement space, general litigation, contract matters, transactional work, and more. There are always due dates, meetings, and appearances.
Stratten: Matterly does have specific, preconfigured modules for things like collections and litigation, but any new types can be added by a firm as they need them.
Why is it important that Matterly was built by lawyers?
Ariel: It’s very important that it’s built by practitioners, because we’re the ones that know what we need. Lawyers tend to speak legalese when they’re explaining what they need, and not everybody fully understands it. We understand it and we work through it. We’ve actually gone through thousands of cases from start to finish. We know what the system needs right now. At the same time, we understand that different law firms and different lawyers have different needs and different wants. It is beneficial that the software is created and being improved on by practitioners that understand the needs and wants of the end users of the product.
Can you talk a little bit about Matterly’s user interface?
Steven: Our goal was to create a simple, almost form-based layout for entering a matter. We wanted to make sure it was fully customizable to all legal needs. It’s really just about understanding what information a firm needs to open a matter. A conflicts check can take place once you enter a party’s information. The system can alert you if a party is in your system already and alert whoever’s responsible for that conflict so they can check to make sure there’s no issue and create that matter. Matters can be assigned automatically to specific people, who can set matters up the way they want, set email alerts, and set up automatic reporting. All these features are ideal for remote work scenarios. We wanted a one-stop shop where everything is stored and where a team can work together cohesively without having to call each other multiple times a day.
What does Matterly bring to CRM in terms of cost-effectiveness?
Steven: Cost-effectiveness is one of our big focuses. How many people out there today want to do case intake? Not very many, right? If you can cut it down to one person doing it or eventually to have intake fully automated, that’s our goal.
How do you handle customer service issues or feedback from clients?
Ariel: That’s one of the main ways we’re hoping to grow Matterly. We want to see what our customers are interested in, what features they like, what features they don’t like, what features they would want added to it, and then deploy them. If there’s one thing we’ve learned from this whole process, it’s that everything is possible and it’s probably simpler than you think it is. And we’re trying to develop not just superior results for today, but superior results for tomorrow. We want to have the software fill in all the gaps an attorney might have. Whatever comments and feedback clients have we will definitely take.
Stratten: When we’re deploying for clients, part of the onboarding process is doing discovery calls and interviews with their stakeholders to find out what about the system needs to be adjusted, what works well, or what is slightly off but has a good foundation. We take that feedback and we implement it for them. Because of the deployment model we’ve chosen, everybody has their own instance of matter. It’s not like other software where you’re locked into what you have. When you make changes to your instance of Matterly, you’re making it your software.
Some of the things we do for the clients are very specific or not worth implementing in the core Matterly package, but some are. Certain client requests are absolutely things we’re going to bring into the core function. We might custom build certain features for a client, but then include it in the overall product going forward.
What is the most useful Matterly feature for each of you in your day-to-day work at your firm?
Ariel: My favorite feature is probably the ability to generate documents. There’s a lot of what we do that comes off of forms, letters, summonses, and complaints. They’re essentially standard forms with a few fields that need to be filled in. Matterly tracks those fields, and when you input a matter, it prepares documents at the click of a button and emails them to the client for review and verification. So, what could potentially take hours of attorney work is done in minutes, with no errors.
Steven: I’m torn between two features. Matterly has the ability to parse all the emails from the New York court system, automatically download any documents, and save them to the appropriate case file. It’s built on Salesforce, so you have the ability to access it from anywhere in the world. We also have this really awesome partnership with a postal company that can automatically send out our mail. It gives us the ability to mail documents directly from Matterly, which cuts down on human error, complete with tracking.
What features are the favorites of your clients?
Ariel: People really like the time tracking aspect of our legal billing software. They can bill different rates for different users or for specific matters. Matterly has a start/stop feature where you describe what you’re doing when you start working on something and automatically calculate the rate when you’re done based on the amount of time that you spent. An automatic billing feature allows Matterly to automatically send out invoices to clients, broken down by matter or entity. They can also set different rates for the same person within two different matters or two different clients.
Steven: It’s all about the seamless progression after using the time tracker straight to automatic billing. We also have credit card and ACH processors that you can set up at the onset of a matter.
Why should firms use CRM in general and Matterly specifically?
Steven: It may seem daunting at first, but ultimately it will save you a lot of time and headaches. It will help you in overall firm management. You can sign up for a free trial and get a feel for it to see if it’s something that actually works for you.
Stratten: We’re here to provide whatever support you need, whatever guidance or training will make Matterly work for you. Again, one of the benefits of our deployment model is that we can hold your hand through it. So, if this is your first CRM, great. We’ll onboard you and make sure you have training videos. If it’s a transition, we’ll do videos covering how it’s different from what you’re used to or how you manage the system yourself internally. If you need to add a filter or change the layout, that’s not something we need to do. It’s not the best use of our time or your money. We’ll show you how to own your own platform. People usually see law firm software as this thing they just use, but don’t own. That’s something we’re trying to change and I think we’re doing a pretty good job.
Ariel: Matterly gives you the ability to modify the fields or the layout to meet your needs. The product is easy to use even for those without a technical background.
Steven: Our belief is that no two firms are alike. Out of the box, Matterly can apply to most firms, but for a significant amount of firms there’s 10 to 15% of it that the firm is going to want to customize or tweak, and you can easily do that. It’s a big differentiator from other CRMs on the market.
Salesforce can be daunting for many law firms. Why should lawyers be using legal solutions that involve Salesforce?
Ariel: Once you get a feel for it, you’ll see that Matterly is built in the most user-friendly way possible. Salesforce is fairly simple to use once you get the hang of it. We also offer training videos that hold your hand through the entire process. Try it free for 30 days and see what you think. There’s no commitment.
You have everything you need at your fingertips. You have a functional search bar and reporting on all of your matters and the stages they’re in.
Steven: We’re able to create custom layouts that include only the information you want to see.
Why do you believe Matterly is the best legal CRM on Salesforce?
Steven: It’s built by practitioners for practitioners. We speak your language. We know what lawyers are looking for, and when you ask for certain things, you don’t have to explain what you mean.
Biglaw, CRM, Matterly, Small Law Firms, Sponsored Content, Technology
We will never sell or share your information without your consent. See our privacy policy.
Our Sites
© 2022 Breaking Media, Inc. All rights reserved. Registration or use of this site constitutes acceptance of our Terms of Service and Privacy Policy.
Privacy Center | Do not sell my information
- Published in Uncategorized
High-Level System Design vs. Low-Level System Design in … – MUO – MakeUseOf
The software development cycle goes through many processes, and HLSD and LLSD are just two parts.
The Software Development Life Cycle (SDLC) goes through various phases like planning, requirements assessment, analysis, design, execution, documentation, testing, etc. Each phase is further divided into tasks with properly defined objectives and results.
Analysis and Design are phases where the actual architecture, working model, and execution process of building a software product is laid down.
Two crucial steps in these phases are High-Level System Design and Low-Level System Design.
High-Level Design (HLD) provides a comprehensive overview of the software development process along with the system architecture, applications, database management, and complete flowchart of the system and navigation. It’s a blueprint that consolidates the various steps and modules, their objectives, variable components, results, architecture, and timeline to develop the software. HLD translates a business plan into a software product or service.
Examples of HLD in software development include system architecture documents, app development flowcharts, etc.
Low-Level Design (LLD) deals with the planning, coding, and execution of the various components, modules, and steps in the HLD, at an individual level. Each module in an HLD has a unique LLD document that provides comprehensive details about how the module will be coded, executed, tested for quality, and integrated into the larger program. LLD provides actionable plans by deconstructing HLD components into working solutions.
Examples of LLD in software development include cart integration, security testing, user interface design, etc.
HLD and LLD also serve different functions and purposes like high-level programming languages and low-level programming languages.
HLD is a macro-level design that provides a bird’s eye view of the software development process. It includes diagrams, flowcharts, navigational details, and other technical requirements that will form the crux of the development process.
In addition to flowcharts, diagrams, navigational information, and technical requirements, LLD also has comprehensive information about the step-by-step execution of each component of the HLD. It deals with software development at the micro-level.
Every component of an HLD has a unique LLD document.
HLD precedes the LLD phase. Once the HLD is in place and approved for execution, work on the individual LLDs can begin.
HLD begins once the planning and requirements stages are dealt with and has no other dependencies.
On the other hand, LLD needs to be executed in a particular order. Some modules must await execution until others have been completed.
LLD falls under the Design phase of the SDLC, whereas the HLD falls under the Analysis phase of the SDLC.
Solution architects are responsible for creating an HLD document. It can have internal and external stakeholders like the review team that takes cognizance of the software metrics, the design team, clients, and managers.
LLD is handled by software developers, web admins, security engineers, etc., who are part of the company or vendor teams. LLDs are generally restricted to internal stakeholders.
HLD documents have the target audience of managers, clients, and software development teams.
Software engineers, coders, testers, and developers working on the project are the target audience for LLD documents.
Software design documents outline the structural, functional, and logical aspects of developing a software product or service in addition to the technical requirements and other implementation details. Whether the design deals with macro-level or micro-level execution, programmers and other stakeholders should knowq and understand the scope and the various steps of the software development process.
Former corporate communications specialist who's worked with Uber, Google, and TCS, Al Kaatib has ten years of experience as a freelance writer specializing in B2B and B2C content.
- Published in Uncategorized
Healthcare Referral Management Software Market Growth – Global Industry In Depth Study And Huge Demand In Futu – openPR
- Published in Uncategorized
2021 Top Routinely Exploited Vulnerabilities | CISA – US-CERT
An official website of the United States government Here’s how you know
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.
The cybersecurity authorities encourage organizations to apply the recommendations in the Mitigations section of this CSA. These mitigations include applying timely patches to systems and implementing a centralized patch management system to reduce the risk of compromise by malicious cyber actors.
Download the Joint Cybersecurity Advisory: 2021 top Routinely Exploited Vulnerabilities (pdf, 777kb).
Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors.
To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities—some of which were also routinely exploited in 2020 or earlier. The exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.
Table 1 shows the top 15 vulnerabilities U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities observed malicious actors routinely exploiting in 2021, which include:
Three of the top 15 routinely exploited vulnerabilities were also routinely exploited in 2020: CVE-2020-1472, CVE-2018-13379, and CVE-2019-11510. Their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.
Table 1: Top 15 Routinely Exploited Vulnerabilities in 2021
CVE
Vulnerability Name
Vendor and Product
Type
CVE-2021-44228
Log4Shell
Apache Log4j
Remote code execution (RCE)
CVE-2021-40539
Zoho ManageEngine AD SelfService Plus
RCE
CVE-2021-34523
ProxyShell
Microsoft Exchange Server
Elevation of privilege
CVE-2021-34473
ProxyShell
Microsoft Exchange Server
RCE
CVE-2021-31207
ProxyShell
Microsoft Exchange Server
Security feature bypass
CVE-2021-27065
ProxyLogon
Microsoft Exchange Server
RCE
CVE-2021-26858
ProxyLogon
Microsoft Exchange Server
RCE
CVE-2021-26857
ProxyLogon
Microsoft Exchange Server
RCE
CVE-2021-26855
ProxyLogon
Microsoft Exchange Server
RCE
CVE-2021-26084
Atlassian Confluence Server and Data Center
Arbitrary code execution
CVE-2021-21972
VMware vSphere Client
RCE
CVE-2020-1472
ZeroLogon
Microsoft Netlogon Remote Protocol (MS-NRPC)
Elevation of privilege
CVE-2020-0688
Microsoft Exchange Server
RCE
CVE-2019-11510
Pulse Secure Pulse Connect Secure
Arbitrary file reading
CVE-2018-13379
Fortinet FortiOS and FortiProxy
Path traversal
In addition to the 15 vulnerabilities listed in table 1, U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities identified vulnerabilities, listed in table 2, that were also routinely exploited by malicious cyber actors in 2021.
These vulnerabilities include multiple vulnerabilities affecting internet-facing systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure. Three of these vulnerabilities were also routinely exploited in 2020: CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882.
Table 2: Additional Routinely Exploited Vulnerabilities in 2021
CVE
Vendor and Product
Type
CVE-2021-42237
Sitecore XP
RCE
CVE-2021-35464
ForgeRock OpenAM server
RCE
CVE-2021-27104
Accellion FTA
OS command execution
CVE-2021-27103
Accellion FTA
Server-side request forgery
CVE-2021-27102
Accellion FTA
OS command execution
CVE-2021-27101
Accellion FTA
SQL injection
CVE-2021-21985
VMware vCenter Server
RCE
CVE-2021-20038
SonicWall Secure Mobile Access (SMA)
RCE
CVE-2021-40444
Microsoft MSHTML
RCE
CVE-2021-34527
Microsoft Windows Print Spooler
RCE
CVE-2021-3156
Sudo
Privilege escalation
CVE-2021-27852
Checkbox Survey
Remote arbitrary code execution
CVE-2021-22893
Pulse Secure Pulse Connect Secure
Remote arbitrary code execution
CVE-2021-20016
SonicWall SSLVPN SMA100
Improper SQL command neutralization, allowing for credential access
CVE-2021-1675
Windows Print Spooler
RCE
CVE-2020-2509
QNAP QTS and QuTS hero
Remote arbitrary code execution
CVE-2019-19781
Citrix Application Delivery Controller (ADC) and Gateway
Arbitrary code execution
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX
Code execution
CVE-2018-0171
Cisco IOS Software and IOS XE Software
Remote arbitrary code execution
CVE-2017-11882
Microsoft Office
RCE
CVE-2017-0199
Microsoft Office
RCE
Note: see CISA Capacity Enhancement Guide – Implementing Strong Authentication and ACSC guidance on Implementing Multi-Factor Authentication for more information on hardening authentication systems.
The information in this report is being provided “as is” for informational purposes only. CISA, the FBI, NSA, ACSC, CCCS, NZ NCSC, and NCSC-UK do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring.
This document was developed by U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations.
[1] CISA’s Apache Log4j Vulnerability Guidance
CVE
Vendor
Affected Products
Patch Information
Resources
CVE-2021-42237
Sitecore
Sitecore XP 7.5.0 – Sitecore XP 7.5.2
Sitecore XP 8.0.0 – Sitecore XP 8.2.7
Sitecore Security Bulletin SC2021-003-499266
ACSC Alert Active Exploitation of vulnerable Sitecore Experience Platform Content Management Systems
CVE-2021-35464
ForgeRock
Access Management (AM) 5.x, 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3
OpenAM 9.x, 10.x, 11.x, 12.x and 13.x
ForgeRock AM Security Advisory #202104
ACSC Advisory Active exploitation of ForgeRock Access Manager / OpenAM servers
CCCS ForgeRock Security Advisory
CVE-2021-27104
Accellion
FTA 9_12_370 and earlier
Accellion Press Release: Update to Recent FTA Security Incident
Joint CSA Exploitation of Accellion File Transfer Appliance
ACSC Alert Potential Accellion File Transfer Appliance compromise
CVE-2021-27103
FTA 9_12_411 and earlier
CVE-2021-27102
FTA versions 9_12_411 and earlier
CVE-2021-27101
FTA 9_12_370 and earlier
CVE-2021-21985
VMware
vCenter Server 7.0, 6.7, 6.5
Cloud Foundation (vCenter Server) 4.x and 3.x
VMware Advisory VMSA-2021-0010
CCCS VMware Security Advisory
CVE-2021-21972
VMware
vCenter Server 7.0, 6.7, 6.5
Cloud Foundation (vCenter Server) 4.x and 3.x
VMware Advisory VMSA-2021-0002
ACSC Alert VMware vCenter Server plugin remote code execution vulnerability
CCCS VMware Security Advisory
CCCS Alert APT Actors Target U.S. and Allied Networks – Update 1
CVE-2021-20038
SonicWall
SMA 100 Series (SMA 200, 210, 400, 410, 500v), versions 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv
SonicWall Security Advisory SNWLID-2021-0026
ACSC Alert Remote code execution vulnerability present in SonicWall SMA 100 series appliances
CCCS SonicWall Security Advisory
CVE-2021-44228
Apache
Log4j, all versions from 2.0-beta9 to 2.14.1
For other affected vendors and products, see CISA’s GitHub repository.
Log4j: Apache Log4j Security Vulnerabilities
For additional information, see joint CSA: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
CISA webpage Apache Log4j Vulnerability Guidance
CCCS Active exploitation of Apache Log4j vulnerability – Update 7
CVE-2021-40539
Zoho ManageEngine
ADSelfService Plus version 6113 and prior
Zoho ManageEngine: ADSelfService Plus 6114 Security Fix Release
Joint CSA APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus
CCCS Zoho Security Advisory
CVE-2021-40444
Microsoft
Multiple Windows products; see Microsoft Security Update Guide: MSHTML Remote Code Execution Vulnerability, CVE-2021-40444
Microsoft Security Update Guide: MSHTML Remote Code Execution Vulnerability, CVE-2021-40444
CVE-2021-34527
Microsoft
Multiple Windows products; see Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-34527
Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-34527
Joint CSA Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability
CCCS Alert Windows Print Spooler Vulnerability Remains Unpatched – Update 3
CVE-2021-34523
Microsoft
Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft Exchange Server 2016 Cumulative Updates 19 and 20
Microsoft Exchange Server 2019 Cumulative Updates 8 and 9
Microsoft Security Update Guide: Microsoft Exchange Server Elevation of Privilege Vulnerability, CVE-2021-34523
Joint CSA Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
ACSC Alert Microsoft Exchange ProxyShell Targeting in Australia
CVE-2021-34473
Microsoft
Multiple Exchange Server versions; see: Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473
Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473
CVE-2021-31207
Microsoft
Multiple Exchange Server versions; see Microsoft Update Guide: Microsoft Exchange Server Security Feature Bypass Vulnerability, CVE-2021-31207
Microsoft Update Guide: Microsoft Exchange Server Security Feature Bypass Vulnerability, CVE-2021-31207
CVE-2021-3156
Sudo
Sudo before 1.9.5p2
Sudo Stable Release 1.9.5p2
CVE-2021-27852
Checkbox Survey
Checkbox Survey versions prior to 7
CVE-2021-27065
Microsoft Exchange Server
Multiple versions; see: Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-27065
Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-27065
CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities
ACSC Advisory Active exploitation of Vulnerable Microsoft Exchange servers
CCCS Alert Active Exploitation of Microsoft Exchange Vulnerabilities – Update 4
CVE-2021-26858
Microsoft
Exchange Server, multiple versions; see Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26858
Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26858
CVE-2021-26857
Microsoft
Exchange Server, multiple versions; see Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26857
Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26857
CVE-2021-26855
Microsoft
Exchange Server, multiple versions; see Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26855
Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26855
CVE-2021-26084
Jira Atlassian
Confluence Server and Data Center, versions 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
Jira Atlassian: Confluence Server Webwork OGNL injection – CVE-2021-26084
ACSC Alert Remote code execution vulnerability present in certain versions of Atlassian Confluence
CCCS Atlassian Security Advisory
CVE-2021-22893
Pulse Secure
PCS 9.0R3/9.1R1 and Higher
Pulse Secure SA44784 – 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4
CCCS Alert Active Exploitation of Pulse Connect Secure Vulnerabilities – Update 1
CVE-2021-20016
SonicWall
SMA 100 devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v)
SonicWall Security Advisory SNWLID-2021-0001
CVE-2021-1675
Microsoft
Multiple Windows products; see Microsoft Security Update Guide Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-1675
Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-1675
CCCS Alert Windows Print Spooler Vulnerability Remains Unpatched – Update 3
CVE-2020-2509
QNAP
QTS, multiple versions; see QNAP: Command Injection Vulnerability in QTS and QuTS hero
QuTS hero h4.5.1.1491 build 20201119 and later
QNAP: Command Injection Vulnerability in QTS and QuTS hero
CVE-2020-1472
Microsoft
Windows Server, multiple versions; see Microsoft Security Update Guide: Netlogon Elevation of Privilege Vulnerability, CVE-2020-1472
Microsoft Security Update Guide: Netlogon Elevation of Privilege Vulnerability, CVE-2020-1472
ACSC Alert Netlogon elevation of privilege vulnerability (CVE-2020-1472)
Joint CSA APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
CCCS Alert Microsoft Netlogon Elevation of Privilege Vulnerability – CVE-2020-1472 – Update 1
CVE-2020-0688
Microsoft
Exchange Server, multiple versions; see Microsoft Security Update Guide: Microsoft Exchange Validation Key Remote Code Execution Vulnerability, CVE-2020-0688
Microsoft Security Update Guide: Microsoft Exchange Validation Key Remote Code Execution Vulnerability, CVE-2020-0688
CISA Alert Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
Joint CSA Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
CCCS Alert Microsoft Exchange Validation Key Remote Code Execution Vulnerability
CVE-2019-19781
Citrix
ADC and Gateway version 13.0 all supported builds before 13.0.47.24
NetScaler ADC and NetScaler Gateway, version 12.1 all supported builds before 12.1.55.18; version 12.0 all supported builds before 12.0.63.13; version 11.1 all supported builds before 11.1.63.15; version 10.5 all supported builds before 10.5.70.12
SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO all supported software release builds before 10.2.6b and 11.0.3b
Citrix Security Bulletin CTX267027
Joint CSA APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
CISA Alert Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
CCCS Alert Detecting Compromises relating to Citrix CVE-2019-19781
CVE-2019-18935
Progress Telerik
UI for ASP.NET AJAX through 2019.3.1023
Telerik UI for ASP.NET AJAX Allows JavaScriptSerializer Deserialization
ACSC Alert Active exploitation of vulnerability in Microsoft Internet Information Services
CVE-2019-11510
Pulse Secure
Pulse Connect Secure 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
Pulse Secure: SA44101 – 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX
CISA Alert Continued Exploitation of Pulse Secure VPN Vulnerability
CISA Alert Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
ACSC Advisory Recommendations to mitigate vulnerability in Pulse Connect Secure VPN Software
Joint CSA APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
CCCS Alert APT Actors Target U.S. and Allied Networks – Update 1
CVE-2018-13379
Fortinet
FortiProxy 2.0.2, 2.0.1, 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6
Fortinet FortiGuard Labs: FG-IR-20-233
Joint CSA Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology
Joint CSA Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities
Joint CSA APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations
ACSC Alert APT exploitation of Fortinet Vulnerabilities
CCCS Alert Exploitation of Fortinet FortiOS vulnerabilities (CISA, FBI) – Update 1
CVE-2018-0171
Cisco
See Cisco Security Advisory: cisco-sa-20180328-smi2
Cisco Security Advisory: cisco-sa-20180328-smi2
CCCS Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature
CVE-2017-11882
Microsoft
Office, multiple versions; see Microsoft Security Update Guide: Microsoft Office Memory Corruption Vulnerability, CVE-2017-11882
Microsoft Security Update Guide: Microsoft Office Memory Corruption Vulnerability, CVE-2017-11882
CCCS Alert Microsoft Office Security Update
CVE-2017-0199
Microsoft
Multiple products; see Microsoft Security Update Guide: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows, CVE-2017-0199
Microsoft Security Update Guide: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows, CVE-2017-0199
CCCS Microsoft Security Updates
U.S. organizations: all organizations should report incidents and anomalous activity to CISA 24/7 Operations Center at report@cisa.gov or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. For NSA client requirements or general cybersecurity inquiries, contact Cybersecurity_Requests@nsa.gov. Australian organizations: visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories. Canadian organizations: report incidents by emailing CCCS at contact@cyber.gc.ca. New Zealand organizations: report cyber security incidents to incidents@ncsc.govt.nz or call 04 498 7654. United Kingdom organizations: report a significant cyber security incident: ncsc.gov.uk/report-an-incident (monitored 24 hours) or, for urgent assistance, call 03000 200 973.
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
We recently updated our anonymous product survey; we’d welcome your feedback.
(888)282-0870
Send us email
Download PGP/GPG keys
Submit website feedback
Receive security alerts, tips, and other updates.
CISA is part of the Department of Homeland Security
- Published in Uncategorized