What Businesses Need to Know about the Semiconductor Chip Shortage

People in business suits in a big building

The semiconductor chip shortage is real and not simply scarcity marketing. Find out why there is a chip shortage, the problems it is causing, and how businesses can cope with the situation.

Reports about semiconductor chips being in short supply are common. Although marketers are fond of saying that something is scarce in order to get people to buy products and services, this time the shortage is real. Here’s look at why there is a chip shortage, the problems it is causing, and how businesses can cope with the situation.

Reasons for the Chip Shortage

The Coronavirus Disease 2019 (COVID-19) pandemic is often blamed for the semiconductor chip shortage. However, it is not the only cause. There are other reasons why supply has not kept pace with demand recently. The pandemic was the match that made the existing powder keg of supply and demand issues explode into a full-blown shortage.

Here are the main reasons why the demand for chips is high while the supply is low:

High demand. For the past two decades, the demand for semiconductor chips has been steadily increasing. Worldwide sales grew from $204.4 billion in 2000 to $440.4 billion in 2020 — a compound annual growth rate of 3.91% per year. One reason for the steady increase is that chips are being incorporated into more types of products. Besides being an integral part of traditional electronic computing devices such as desktop computers, tablets, and smartphones, chips are now being integrated into goods that historically did not have them, including automobiles, appliances, televisions, and even toilets and toothbrushes. Plus, new types of electronic computing devices are being continually being developed for emerging markets such as Internet of Things (IoT) and artificial intelligence (AI).

In addition to the expected increase in demand for chips, there has also been an unexpected surge in demand due to the COVID-19 pandemic. When governments started issuing stay-at-home orders to slow the spread of the coronavirus, desktop computers, laptops, webcams, and other electronic devices started flying off the shelves. Businesses and consumers alike were purchasing them so that people could work, attend classes, communicate, and collaborate remotely. The empty shelves have, in turn, prompted electronic device manufacturers to order more chips than anticipated.

Low supply. The supply of semiconductor chips has not kept up with the high demand for a variety of reasons. The most notable ones include:

  • Recent disasters have been impacting the production of semiconductor chips. For example, a misbehaving piece of equipment caused a fire in a building at Renesas Electronics’ Naka Factory in March 2021. The building’s chip operations were completely shut down for a month. And once it reopened, it had only limited production capacity for another two months. Natural disasters have also impacted chip production. When winter storm Uri hit Texas in mid-February 2021, three chipmakers — Samsung Foundry, Infineon Technologies, and NXP Semiconductors — had to shut down their operations due to rolling power outages. Even though the power was restored by the beginning of March, it took more than a month for them to return to full capacity due to the complexities of chipmaking.
  • The US-China trade war. The trade war between the United States and China began in July 2018 and continues to this day. Primarily focused on technology, it has resulted in both countries levying tariffs on imported products and issuing company sanctions. As part of the trade war, the United States imposed restrictions on several Chinese tech companies. In anticipation, some of those companies stockpiled semiconductor chips and chipmaking equipment before the restrictions took effect. This stockpiling has drained the supply of chips and chipmaking equipment.
  • Difficulty in ramping up production. Fabricating chips is a complex, time-consuming process. It takes about 12 weeks to fabricate standard chips and up to 20 weeks to produce highly advanced ones — and that does not include the additional 6 weeks needed for back-end assembly, testing, and packaging. Fabricating chips is also resource-intensive. Besides requiring large amounts of power and ultrapure water (up to 8 million gallons per day), it must take place in specially designed cleanrooms that are up to 10,000 times cleaner than operating rooms. As a result, there is no quick and easy way to ramp up the production of chips.
  • The COVID-19 pandemic. In the United States, employees involved in fabricating chips are considered essential workers so they have worked throughout the pandemic, even if their state governments issued stay-at-home orders. Nevertheless, chip production has diminished due to coronavirus outbreaks at the fabrication facilities. Outbreaks at suppliers’ facilities are also resulting in reduced production since the chipmakers must put their operations on hold until the needed equipment and materials arrive.

Problems Caused by the Chip Shortage

Virtually all companies will be affected by the semiconductor chip shortage. Manufacturers of chip-infused products are already feeling the effects. For example, AppleMicrosoft, and other electronics manufacturers are having problems getting the chips they need to build their devices. The same holds true for automakers and appliance manufacturers.

When manufacturers do not have the necessary semiconductor chips, they have to delay or slash production. For example, Toyota will be cutting production 40% percent in September 2021 because of the chip shortage. Manufacturers also tend to raise prices on the products that they do produce.

This new reality affects other companies big and small, no matter their industry or location. Businesses will likely have to spend more time searching for chip-infused products, as their first or second choice might not be available. And when they do find a suitable product that is in stock, they will likely have to pay more for it than in the past.

Considering that companies typically use many different types of chip-infused products — laptops, printers, routers, air conditioners, refrigerators, coffeemakers, and LED light bulbs, just to name a few — the impact of the chip shortage on their budgets could be significant, especially for small businesses. In addition, if they want a specific brand and model of a product, they might have to wait a long time for it to become available.

What Businesses Can Do to Cope

Industry experts have not reached a consensus about how long the semiconductor chip shortage will last. For example, Gartner expects the shortage to end by the second quarter of 2022. Forrester is more pessimistic, predicting it will last into 2023.

While these predictions differ, they both indicate that the shortage will not end for quite a while. Thus, companies might need to change the way they approach purchasing chip-infused goods. Here are some strategies you might consider trying when shopping for chip-infused products for your business:

  • Postpone any “nice to have” purchases. Before shopping for a chip-infused product, you might want to take a step back to determine whether it is falls into the “Need” or “Nice to have” category. Consider delaying any “nice to have” purchases until after the chip shortage has ended.
  • Maintain your existing chip-infused products. It is a good idea to make sure that your existing products are being well maintained. That way, they will last longer.
  • Try a different seller. There will be times when you need to purchase a new or replacement product for your business. If the product you want is not available or is too expensive at your preferred brick-and-mortar or online retailer, try a different seller. Another retailer might have what you want in stock at a reasonable price.
  • Check out other models or configurations. If the chip-infused product you were looking for is out of stock, check out other models or configurations offered by the manufacturer. It might not be exactly what you were looking for, but at least it is in stock.
  • Research different manufacturers’ products. If the chip-infused product you want to buy is not available or is too expensive, research similar products offered by different manufacturers. You might find that the quality of their goods is comparable to the product you initially wanted.
  • Think outside the box. When shopping for chip-infused products, don’t be afraid to think outside the box. For example, buying a refurbished product or using a cloud service instead might be a viable alternative.
  • Order chip-infused products well in advance. If you need to order a product, be sure to order it well in advance of when it will be needed. A chip shortfall at the manufacturing facility might significantly delay its delivery.
  • Adjust your 2022 budget. You will likely be paying more for chip-infused products, so it is a good idea to make sure your company’s 2022 budget reflects those increases. This is especially important if your business needs to purchase big-ticket items.

You Can’t End Chip Shortage But You Can Minimize Its Impact

The semiconductor chip shortage is real. Although you can’t end the shortage, you can minimize its impact on your business by planning ahead and being sensible and flexible when purchasing chip-infused products. It also is important to keep your existing chip-infused products maintained to reduce the chance that they will need to be replaced. We can help keep your company’s computers, printers, routers, and other IT electronics well maintained and operating smoothly.

Business Photographers flickr photo by Rui de Matos shared under a Creative Commons (BY-SA) license

/by

That Text Message you Received is Smishing

That Text Message you Received is Smishing

You may have been the victim of an SMS-based phishing, or smishing, attack if you’ve ever received a text message that claimed there was a problem with one of your accounts and asked you to click on a link to resolve the issue. Smishing is one of the easiest ways for hackers to steal your data because you’re literally giving it to them.

Many people now spend most of their waking hours on their phones, which is one of the main reasons for the dramatic rise in these attacks over the last few years. As a result, law enforcement agencies and telecommunications companies are actively developing countermeasures against smishing.

Phishing is a type of cyber attack in which the attacker sends an email message designed to trick the victim into disclosing sensitive information or deploying malware on the victim’s computer. They often use fraudulent, or spoofed, websites to make it appear as if the email came from someone the victim has reason to trust, typically a bank or online retailer. Phishing attacks have become increasingly sophisticated, often allowing the attacker to observe the victims’ actions on the spoofed website and further compromise their security. Phishing is by far the most common type of cyber attack as of 2020, with more than twice as many attacks as any other type of computer crime, according to the FBI’s Internet Crime Complaint Centre (IC3).

Other cyber attacks are conceptually similar to phishing, although they may differ in their implementation. For example, smishing uses SMS rather than email to deliver a fraudulent message that invites the victim to perform some action such as clicking a link, sending an email reply or calling a phone number. The message also asks the victim to disclose personal information such as the security credentials for a website or online service that the victim is currently receiving. It can be particularly difficult to identify spoofed logon pages on a mobile phone since its small display size can prevent you from seeing the entire URL.

Current Trends

The term “smishing” was coined in 2006, but it remained a fairly obscure form of attack compared to phishing until 2020. Proofpoint reports that smishing attacks increased by 328 percent in mid-2020, largely as a result of the COVID-19 pandemic. Government agencies began sending SMS messages on a large scale to provide COVID-related information such as contact tracing, lockdowns and vaccination options. This response to the pandemic created an ideal environment for smishing, since many people now had a strong incentive to read SMS messages and follow their instructions. NextCaller reports that 44 percent of Americans experienced an increase in the scam text messages during the first two weeks of the nationwide quarantine.

Financial Losses

The IC3 reports that over 240,000 people were victims of phishing and related attacks in 2020. The reported losses from these attacks over $54 million, as compared only $7 million in losses from malware such as viruses. The European Payments Council reports that the total losses from phishing type attacks in the European Union (EU) were $26 billion between June 2016 and July 2019.

Protection

Government agencies and private businesses are currently scrambling to keep up with the millions of smishing messages that hackers send on a daily basis. However, mobile users have many options for protecting themselves from these attacks.

The effectiveness of smishing attacks is largely due to the fact that mobile users are accustomed to receiving legitimate text messages, many of which inform the recipient of suspicious account activity. It’s therefore critical to verify the sender of these messages before taking any action through SMS. For example, if you receive a message purporting to be from your bank, you should always contact your bank directly to ensure they sent you the message before following any of its instructions.

Text Messaging flickr photo by wuestenigel shared under a Creative Commons (BY) license

/by

T-Mobile Breach Exposed the Personal Data of 54 Million Customers

T-Mobile sign on side of building

The T-Mobile data breach in August 2021 was massive. Find out what data was stolen, what T-Mobile is doing to help customers affected by the breach, and how to protect yourself even if you are not a breach victim.

On August 15, 2021, the world first learned about the massive T-Mobile data breach. The disclosure came from a most unusual source — the hackers who pulled off the data heist. The cybercriminals told BleepingComputer that they hacked into T-Mobile’s production, staging, and development servers and stole the personal data of millions of T-Mobile customers. A day later, T-Mobile confirmed that its systems had indeed been attacked and some of its data stolen. Later updates revealed that the stolen data included personal information about T-Mobile and Metro by T-Mobile customers.

What Was Stolen

In the August 2021 data breach, hackers stole the personal data of more than 54 million past, present, and prospective T-Mobile customers. In addition, data about 52,000 current Metro by T-Mobile customers was taken.

The types of data stolen is a good news/bad news situation. First, the good news: No financial information was included. “We have no indication that personal financial or payment information, credit or debit card information, account numbers, or account passwords were accessed,” stated T-Mobile.

Now, the bad news: Highly sensitive ID numbers were taken, including Social Security and driver license numbers. “The exact personal information accessed varies by individual,” according to T-Mobile. “We have determined that the types of impacted information include: names, drivers’ licenses, government identification numbers, Social Security numbers, dates of birth, T-Mobile prepaid PINs (which have already been reset to protect you), addresses and phone number(s).”

In addition, International Mobile Subscriber Identity (IMSI) and International Mobile Equipment Identity (IMEI) numbers were stolen. IMSI numbers are used to identify the users of a cellular network, whereas IMEI numbers are used to identify the devices on a cellular network.

Hackers have put all the stolen data up for sale on the dark web.

What T-Mobile Is Doing to Help Customers

T-Mobile has already sent notifications to current customers involved in the data breach. Current customers who were not affected by the breach will see a banner on their MyT-Mobile.com account login page telling them so. At the time of this writing, T-Mobile is in the process of notifying former and prospective customers affected by the breach.

Besides letting customers know whether or not their data has been stolen, T-Mobile is:

  • Offering data breach victims a two-year subscription to McAfee’s ID Theft Protection Service free of charge
  • Recommending that all customers install and use T-Mobile’s free Scam Shield app
  • Encouraging all customers to take advantage of T-Mobile’s free Account Takeover Protection service
  • Suggesting other ways customers can protect themselves against identity theft and fraud (e.g., resetting their PINs and passwords)

T-Mobile set up a web page that provides links to these and other resources.

What Is Being Done to Prevent Another Attack

To prevent a similar attack in the future, T-Mobile conducted a forensic investigation of the data breach, with assistance from the cybersecurity firm Mandiant. The telecom giant has not disclosed too many details about the data breach since there is a criminal investigation underway. However, it did divulge that the cybercriminals gained access to the company’s IT network through the testing environment. They then used brute force attacks and other techniques to access the servers containing the customer data.

T-Mobile has closed the entry points that the hackers used to gain access to the various servers. It has also entered into long-term partnerships with Mandiant and KPMG, a cybersecurity consulting firm. “I am confident in these partnerships and optimistic about the opportunity they present to help us come out of this terrible event in a much stronger place with improved security measures,” said T-Mobile CEO Mike Sievert.

This help is sorely needed. The August 2021 incident is the fifth major data breach at T-Mobile in the last three years. Hackers stole the personal data of 2 million customers in November 2018A year later an undisclosed number of customers using the company’s prepaid services had their personal information pilfered. Then, in March 2020, both customers and employees had their names, addresses, account numbers, and other data stolen. Nine months later roughly 200,000 customers had their phone numbers, call records, and other Customer Proprietary Network Information (CPNI) breached.

This disturbing trend coupled with the fact that T-Mobile violated the California Consumer Privacy Act is helping fuel lawsuits against the company. Two class-action lawsuits have already been filed, with many more likely to come.

Ways Everyone Can Protect Themselves

There is little you can personally do to stop cybercriminals from hacking into companies’ databases and stealing your personal data. However, there are measures you can take to minimize the damage if you find out you are a data breach victim:

  • Monitor your accounts regularly for suspicious activity. Besides checking your monthly credit card and bank account statements, review your online service accounts (e.g., PayPal).
  • Monitor your credit reports periodically. US citizens have the right to obtain free copies of their credit reports from Equifax, Experian, and TransUnion once a year. However, all three credit reporting bureaus have been offering free weekly online reports during the Coronavirus Disease 2019 (COVID-19) pandemic. To request them, go to com, the official website sanctioned by the US government’s Consumer Financial Protection Bureau.
  • Place a fraud alert on your credit reports if you find out you are a data breach victim or you notice suspicious activity in one of your accounts. The fraud alert makes it harder for identity thieves to open accounts in your name, according to the US Federal Trade Commission. There is no fee for this service, which lasts a year. To place a fraud alert, you just need to contact one of the three credit reporting bureaus (Equifax, Experian, or TransUnion). That company must then tell the other two bureaus about the alert.
  • Use a strong password or passphrase for each online service account you have. Do not use that password or passphrase for any other account.
  • Use two-step verification (aka two-factor authentication) to protect your online service accounts if they offer this capability. Two-step verification provides an extra layer of protection against unauthorized access to those accounts.

T-Mobile flickr photo by JeepersMedia shared under a Creative Commons (BY) license

/by

The Latest Data Breach & Why It Keeps Happening

,

The Latest Data Breach & Why It Keeps Happening

The growing value of information is increasing the incentive of hackers to obtain data from both individuals and organizations. These incidents include ransomware attacks in which the perpetrator encrypts the victim’s data or threatens to publish that data unless the victim pays a ransom. Another tactic is to simply sell the information, either to a specific party or the highest bidder.

The data breach at UC San Diego Health (UCSDH) is one of the most recent of these attacks and is especially significant due to the large number of protected health information (PHI) records involved.

Timeline

The investigation is still ongoing, but the most current information shows that the breach began as early as December 2, 2020. UCSDH received a preliminary report of the attack on March 12, 2021 and launched an investigation that verified the attack on April 8, 2021, at which point the attacker’s access to UCSDH systems was terminated. UCSDH announced the breach on July 27, 2021, which was being widely reported by major media outlets by July 30, 2021.

Investigation

As is normally the case, the UCSDH didn’t immediately disclose the data breach to the public. Instead, it reported the matter to the FBI and continued its internal investigation. Once the breach was publicly disclosed, the UCSDH also began directly informing affected individuals of the breach. In addition, UCSDH has promised to provide free credit monitoring and identity theft prevention services to affected individuals one it has completed its investigations. UCSDH has also urged all users to changed their passwords and begin using multi-factor authentication (MFA) to access their accounts.

Method of Attack

The method of attack for the UCSDH data breach was a phishing scheme against the email accounts of UCSDH employees. Details of the attack haven’t been released yet, but it generally involves sending emails to the target addresses purporting to be sent by someone the victim has reason to trust. It usually informs the victim that one of their accounts may have been compromised and requests the victim to log on to that account to verify their information via a link in the email.

However, this link leads to a login page that the hacker controls, although it resembles the actual login page as closely as possible. If the victim attempts to log in to the false page, the hacker will then have the victim’s login information. From there, the hacker can use that information to login to the real account.

Information Disclosed

This data breach resulted in the disclosure of personal information of UCSDH patients, employees and students including the following:

  • Full name
  • Address
  • Date of birth
  • Email
  • Fax number
  • Social Security number
  • Student ID number
  • Username and password

In addition, the breach also compromised the PHI of affected UCSDH members, including claims information such as the date and cost of health care services received. It also disclosed Medical Record Numbers (MRNs), along with medical conditions, laboratory results, diagnoses, treatments and prescriptions. Financial information was another type of data involved in the breach, including payment card number, financial account numbers, security codes and other payment information.

The UCSDH breach illustrates the need to remain alert to the possibility of identity theft. The best defense against this type of activity is to monitor your health and financial accounts regularly for signs of unexpected activity. You should also contact the company maintaining that account as soon as possible when you suspect your account has been compromised.

Data Breach flickr photo by EpicTop10.com shared under a Creative Commons (BY) license

/by