hackers

now browsing by tag

 
 

While #Western Union #wired customers’ money, #hackers #transferred their #personal #deets

Source: National Cyber Security News

Western Union has confirmed one of its IT suppliers was hacked, and that customer information was exposed to miscreants.

A Register reader, who wished to remain anonymous, showed us a copy of a letter dated January 31 that he received from the money-transfer outfit. The missive admitted that a supposedly secure data storage company used by Western Union was compromised: a database full of the wire-transfer giant’s customer records was vulnerable to plundering, and hackers were quick to oblige.

“We have discovered that some of your information may have been accessed without authorization as a result of a computer intrusion against an external vendor system formerly used by Western Union for secure data storage,” the letter read.

“We promptly moved our external secure storage to a different vendor’s system. We immediately notified law enforcement, and are actively cooperating with its investigation. Expert assistance was also immediately engaged to determine what personal information may have been compromised.”

In other words, it sounds as though a cloud-based or off-site backup storage provider was hacked. Now that system has been shut down, the cops alerted, and digital forensics teams are probing the network intrusion.

Suspicious
“Upon detecting suspicious activity, Western Union permanently discontinued all use of the vendor’s system and the system was taken offline,” a spokesperson for Western Union told The Register today.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Cybercriminals, #Nation-State Hackers Use #LinkedIn for #Targeting

Source: National Cyber Security News

Cybercriminals and state-actor hackers increasingly are using LinkedIn as a source for company information and connections with diplomats and other officials, wrote chief technology officer Andy Kays in a commentary for the International Business Times on Feb. 2.

For example, in December the German Interior Ministry reported that Chinese intelligence services have been attempting to extract information and find intelligence sources by creating fake profiles on LinkedIn, Reuters reported.

Hackers can use LinkedIn’s “see all employees” feature to generate a target list for phishing attacks, wrote Kays, who works for UK threat and detection response company Redscan. Using LinkedIn to identify a company’s suppliers, technology providers and other connections, hackers can find potential ways into its systems. Information technology job ads on the site can reveal which databases, operating systems, storage and scripting languages a firm uses. Criminals also can place malware on their own profiles and then visit others’ to prompt visits that will spread viruses and other malicious software.

Kays doesn’t recommend that people and organizations stop using LinkedIn, but rather that they adjust their privacy settings and carefully consider how much and what type of information they share.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Hackers #stole $172 #billion last #year: #Consumers should #avoid these #mistakes

Source: National Cyber Security – Produced By Gregory Evans

Online hackers made out like true bandits in 2017, stealing over $172 billion from people in 20 countries around the world, a new report said.

Norton Cyber Security released its annual insights report and found that 44% of consumers were affected by a cybercrime in the last 12 months with an average victim losing $142.

Read More….

The post Hackers #stole $172 #billion last #year: #Consumers should #avoid these #mistakes appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Large #Green Bay #company hit by #hackers

Source: National Cyber Security – Produced By Gregory Evans

GREEN BAY, Wis. (WFRV) – Green Bay police say hackers broke into the computer system of a large local employer this past week, leading to the theft of a significant amount of money. Investigators told CBS 58 affiliate, WFRV, the hackers may have got in through a security flaw that could have been corrected.

Read More….

The post Large #Green Bay #company hit by #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Lebanese #Hackers that #Spied on #Targets from 21 #Countries #Exposed

Source: National Cyber Security – Produced By Gregory Evans

The intelligence agency of Lebanon seemingly has been caught carrying out espionage operations against numerous people of whom military personnel and journalists are included, across at least twenty countries say researchers from one mobile security firm called Electronic Frontier Foundation and Lookout.

One prominent hacking scheme associated with a most robust intelligence and security agency inside Lebanon is now publicly known following unskilled spies leaving stolen data sized several hundred GBs openly on the Web, states a report released January 18.

Read More….

The post Lebanese #Hackers that #Spied on #Targets from 21 #Countries #Exposed appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

90% of #world’s #Gmail accounts ‘#vulnerable to #hackers

Despite the growth of sophisticated cyber threats globally, Google has said that less than 10 per cent of active Gmail users have enabled two-factor authentication making the remaining 90 per cent more vulnerable to cyber attacks.
According to Google engineers, compromised passwords are the top way hackers gain access to accounts and all users — especially those in the enterprises — should implement two-factor authentication immediately.

“Further, only 12 per cent of Americans use a password manager to protect their accounts,” US-based news website Techrepublic quoted Google engineer Grzegorz Milka as saying in a presentation at the Usenix Enigma 2018 security conference in California late on Saturday.

Two-factor authentication is one of the most effective ways to protect online accounts given that compromised passwords are the top way attackers gain access to accounts.

In the enterprise, if a hacker can break into the email of even one employee, it gives them not only access to company data but also ammunition for future phishing attacks — making it even more important for firms to ensure all employees have enabled two-factor authentication and gone through cybersecurity training.
The feature, which Google calls 2-step verification, requires using a second step-often a single-use key or password-along with the account password to verify a user’s identity and allow them into their account.
With Google, the second step can come in the form of a text message, a phone popup, through a Google Authenticator app or from a number of printed single-use codes.
Google first rolled out its two-factor authentication feature back in 2011, yet users have failed to adopt the safety measure in large numbers. The feature adds a few seconds to the login time but is claimed to be the best option to stay away from cyber attacks.
Milka said that Google did not make two-factor authentication mandatory for all users due to usability.
“It’s about how many people would we drive out if we force them to use additional security,” he was quoted as saying.
Google has made a number of other efforts to improve security for its users.
In January 2017, the company announced new layers of enterprise-grade security controls for “G Suite” to give users more control and visibility over sensitive information.
In October last year, it rolled out the “Advanced Protection Programme” that offers better defenses against phishing, accidental data sharing and fraudulent account access for executives and professionals in fields where confidential information is shared online.
For the latest news, tech news, breaking news headlines and live updates checkout Gadgetsnow.com

View full post on National Cyber Security Ventures

6 ways #hackers will use #machine #learning to #launch #attacks

Machine learning algorithms will improve security solutions, helping human analysts triage threats and close vulnerabilities quicker. But they are also going to help threat actors launch bigger, more complex attacks.

Defined as the “ability for (computers) to learn without being explicitly programmed,” machine learning is huge news for the information security industry. It’s a technology that potentially can help security analysts with everything from malware and log analysis to possibly identifying and closing vulnerabilities earlier. Perhaps too, it could improve endpoint security, automate repetitive tasks, and even reduce the likelihood of attacks resulting in data exfiltration.

Naturally, this has led to the belief that these intelligent security solutions will spot – and stop – the next WannaCry attack much faster than traditional, legacy tools. “It’s still a nascent field, but it is clearly the way to go in the future. Artificial intelligence and machine learning will dramatically change how security is done,” said Jack Gold, president and principal analyst at J.Gold Associates, when speaking recently to CSO Online.

“With the fast-moving explosion of data and apps, there is really no other way to do security than through the use of automated systems built on AI to analyze the network traffic and user interactions.”

The problem is, hackers know this and are expected to build their own AI and machine learning tools to launch attacks.

How are cyber-criminals using machine learning?
Criminals – increasing organized and offering wide-ranging services on the dark web – are ultimately innovating faster than security defenses can keep up. This is concerning given the untapped potential of technologies like machine and deep learning.

“We must recognize that although technologies such as machine learning, deep learning, and AI will be cornerstones of tomorrow’s cyber defenses, our adversaries are working just as furiously to implement and innovate around them,” said Steve Grobman, chief technology officer at McAfee, in recent comments to the media. “As is so often the case in cybersecurity, human intelligence amplified by technology will be the winning factor in the arms race between attackers and defenders.”

This has naturally led to fears that this is AI vs AI, Terminator style. Nick Savvides, CTO at Symantec, says this is “the first year where we will see AI versus AI in a cybersecurity context,” with attackers more able to effectively explore compromised networks, and this clearly puts the onus on security vendors to build more automated and intelligent solutions.

“Autonomous response is the future of cybersecurity,” stressed Darktrace’s director of technology Dave Palmer in conversation with this writer late last year. “Algorithms that can take intelligent and targeted remedial action, slowing down or even stopping in-progress attacks, while still allowing normal business activity to continue as usual.”

Machine learning-based attacks in the wild may remain largely unheard of at this time, but some techniques are already being leveraged by criminal groups.

1. Increasingly evasive malware
Malware creation is largely a manual process for cyber criminals. They write scripts to make up computer viruses and trojans, and leverage rootkits, password scrapers and other tools to aid distribution and execution.

But what if they could speed up this process? Is there a way machine learning could be help create malware?

The first known example of using machine learning for malware creation was presented in 2017 in a paper entitled “Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN.” In the report, the authors revealed how they built a generative adversarial network (GAN) based algorithm to generate adversarial malware samples that, critically, were able to bypass machine-learning-based detection systems.

In another example, at the 2017 DEFCON conference, security company Endgame revealed how it created customized malware using Elon Musk’s OpenAI framework to create malware that security engines were unable to detect. Endgame’s research was based on taking binaries that appeared to be malicious, and by changing a few parts, that code would appear benign and trustworthy to the antivirus engines.

Other researchers, meanwhile, have predicted machine learning could ultimately be used to “modify code on the fly based on how and what has been detected in the lab,” an extension on polymorphic malware.

2. Smart botnets for scalable attacks
Fortinet believes that 2018 will be the year of self-learning ‘hivenets’ and ‘swarmbots’, in essence marking the belief that ‘intelligent’ IoT devices can be commanded to attack vulnerable systems at scale. “They will be capable of talking to each other and taking action based off of local intelligence that is shared,” said Derek Manky, global security strategist, Fortinet. “In addition, zombies will become smart, acting on commands without the botnet herder instructing them to do so. As a result, hivenets will be able to grow exponentially as swarms, widening their ability to simultaneously attack multiple victims and significantly impede mitigation and response.”

Interestingly, Manky says these attacks are not yet using swarm technology, which could enable these hivenets to self-learn from their past behavior. A subfield of AI, swarm technology is defined as the “collective behavior of decentralized, self-organized systems, natural or artificial” and is today already used in drones and fledgling robotics devices. (Editor’s note: Though futuristic fiction, some can draw conclusions from the criminal possibilities of swarm technology from Black Mirror’s Hated in The Nation, where thousands of automated bees are compromised for surveillance and physical attacks.)

3. Advanced spear phishing emails get smarter
One of the more obvious applications of adversarial machine learning is using algorithms like text-to-speech, speech recognition, and natural language processing (NLP) for smarter social engineering. After all, through recurring neural networks, you can already teach such software writing styles, so in theory phishing emails could become more sophisticated and believable.

In particular, machine learning could facilitate advanced spear phishing emails to be targeted at high-profile figures, while automating the process as a whole. Systems could be trained on genuine emails and learn to make something that looks and read convincing.

In McAfee Labs’ predictions for 2017, the firm said that criminals would increasingly look to use machine learning to analyze massive quantities of stolen records to identify potential victims and build contextually detailed emails that would very effectively target these individuals.

Furthermore, at Black Hat USA 2016, John Seymour and Philip Tully presented a paper titled “Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter,” which presented a recurrent neural network learning to tweet phishing posts to target certain users. In the paper, the pair presented that the SNAP_R neural network, which was trained on spear phishing pentesting data, was dynamically seeded with topics taken from the timeline posts of target users (as well as the users they tweet or follow) to make the click-through more likely.

Subsequently, the system was remarkably effective. In tests involving 90 users, the framework delivered a success rate varying between 30 and 60 percent, a considerable improvement on manual spear phishing and bulk phishing results.

4. Threat intelligence goes haywire
Threat intelligence is arguably a mixed blessing when it comes to machine learning. On the one hand, it is universally accepted that, in an age of false positives, machine learning systems will help analysts to identify the real threats coming from multiple systems. “Applying machine learning delivers two significant gains in the domain of threat intelligence,” said Recorded Future CTO and co-founder Staffan Truvé in a recent whitepaper.

“First, the processing and structuring of such huge volumes of data, including analysis of the complex relationships within it, is a problem almost impossible to address with manpower alone. Augmenting the machine with a reasonably capable human, means you’re more effectively armed than ever to reveal and respond to emerging threats,” Truvé wrote. “The second is automation — taking all these tasks, which we as humans can perform without a problem, and using the technology to scale up to a much larger volume we could ever handle.”

However, there’s the belief, too, that criminals will adapt to simply overload those alerts once more. McAfee’s Grobman previously pointed to a technique known as “raising the noise floor.” A hacker will use this technique to bombard an environment in a way to generate a lot of false positives to common machine learning models. Once a target recalibrates its system to filter out the false alarms, the attacker can launch a real attack that can get by the machine learning system.

5. Unauthorized access
An early example of machine learning for security attacks was published back in 2012, by researchers Claudia Cruz, Fernando Uceda, and Leobardo Reyes. They used support vector machines (SVM) to break a system running on reCAPTCHA images with an accuracy of 82 percent. All captcha mechanisms were subsequently improved, only for the researchers to use deep learning to break the CAPTCHA once more. In 2016, an article was published that detailed how to break simple-captcha with 92 percent accuracy using deep learning.

Separately, the “I am Robot” research at last year’s BlackHat revealed how researchers broke the latest semantic image CAPTCHA and compared various machine learning algorithms. The paper promised a 98 percent accuracy on breaking Google’s reCAPTCHA.

6. Poisoning the machine learning engine
A far simpler, yet effective, technique is that the machine learning engine used to detect malware could be poisoned, rendering it ineffective, much like criminals have done with antivirus engines in the past. It sounds simple enough; the machine learning model learns from input data, if that data pool is poisoned, then the output is also poisoned. Researchers from New York University demonstrated how convolutional neural networks (CNNs) could be backdoored to produce these false (but controlled) results through CNNs like Google, Microsoft, and AWS.

View full post on National Cyber Security Ventures

Hackers #Release #Huawei #Router #Exploit Code Used in #IoT #Botnet

Source: National Cyber Security – Produced By Gregory Evans

Today’s topics include the Huawei router exploit code used in the Satori IoT botnet going public; a rise in GPU sales in 2017; and LinkedIn expanding its job seeker toolkit ahead of the new year.

Researchers at NewSky Security reported Dec. 28 that code from the Satori internet of things botnet that exploits a Huawei router vulnerability has been publicly posted on the internet. The vulnerability, which internet service providers had shut down earlier this month, was discovered by security firm Check Point, which reported the issue to Huawei on Nov. 27.

“An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code,” Huawei said.

Check Point reported that the root cause of the flaw is linked to Huawei’s implementation of the Universal Plug and Play protocol via the TR-064 technical report standard. Huawei implementation allowed remote attackers to inject arbitrary commands, which hackers used to build the Satori botnet.

Maya Horowitz, Threat Intelligence Group Manager at Check Point, said “[Users should] change the default password on their router,” and recommends that end users running Huawei routers behind a firewall or Intrusion Prevention System should configure those devices to block the exploit’s traffic.

Jon Peddie Research released Dec. 29 its annual review of graphics processing unit developments, and the results indicate good things for the year past and for 2018. Despite an overall slowdown in worldwide sales of PCs, PC-based GPU sales have been increasing at the same rate as mobile devices.

Sales in the console market have also increased over the year, where integrated graphics are in every console. The IT business has seen a few new GPUs showing the path for future developments and subsequent applications, and 2017 was a solid year for GPU development driven by games, eSports, artificial intelligence, cryptocurrency mining and simulations.

Autonomous vehicles started to become a reality, as did augmented reality. Mobile GPUs, exemplified by Qualcomm, ARM and Imagination Technologies, introduced some advanced devices with long battery life and screens at or approaching 4K.

Jon Peddie Research said, “2018 is going to be an even more amazing year [for GPUs], with AI being the leading applications that will permeate every sector of our lives.”

LinkedIn, Microsoft’s business-focused social network, has new features to help members land a new job or build the skills required for a career change.

This is just in time for the many people, particularly IT workers, who are considering switching jobs in 2018, according to Spiceworks’ recent 2018 IT Career Outlook survey. Nearly a third of IT workers in North America and Europe plan to look for a new job in 2018 with higher salaries and opportunities to improve their skills sets.

LinkedIn is now issuing monthly notifications alerting users to trending skills among folks with the same job title. If members already possess a given skill, they can add it to their profiles, improving the chances that interested employers will come calling. If they lack the expertise, users can click on a skill to see corresponding LinkedIn Learning courses, along with the organizations that are hiring people with that skill.

The post Hackers #Release #Huawei #Router #Exploit Code Used in #IoT #Botnet appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

BlackBerry #Mobile site the #latest #target of #cryptocurrency mining #hackers

Source: National Cyber Security – Produced By Gregory Evans

TCL Communication Technology Holding Ltd., the operator of the BlackBerry Mobile site, is the latest victim of cryptocurrency-loving hackers in the latest of a rash of cryptomining hijacking cases.

The website for BlackBerry Mobile was discovered by a Reddit user last week to be serving up code to visitors from Coinhive, the notorious Monero mining script service. The same person who discovered the code did note that it was only the global TCL- owned Blackberrymobile.com site that was affected, not country-specific sites or those owned by BlackBerry Ltd.

Coinhive itself chimed in on Reddit, saying that one of its users had hacked the Blackberry Mobile website using a vulnerability in the Magento webshop software. “We’re sorry to hear that our service has been misused,” the company said. “This specific user seems to have exploited a security issue in the Magento webshop software (and possibly others) and hacked a number of different sites. We have terminated the account in question for violating our terms of service now.”

TCL is far from the first company to be targeted by cryptomining code, and it won’t be the last. The first outbreaks of cryptomining-related hacking occurred in September, when The Pirate Bay and then Showtime were exposed as using the method. As cryptocurrencies boomed, so instances of hackers and site owners trying to cash in on Monero mining. A RiskIQ report Sept. 26 found that more than 1,000 sites were now hijacking the computing power of site visitors to mine for cryptocurrencies.

By October, leading content delivery network Cloudflare Inc. was the first major provider to crack down on the method, banning all sites from its network that have cryptocurrency mining code installed.

The method spread to apps later the same month, when the first reports emerged of Coinhive scripts appearing in Android apps, and the new attack vector has seemingly continued to grow. Only this weekend, a security researcher discovered 291 apps across third-party Android stores that included the miming code, although they appear to be the same app and code with 291 different names.

Commenting on the Android outbreak, HackRead noted that though the biggest victims of cryptocurrency miners were previously website owners and unsuspecting visitors, now Android users are also at risk. The advice, as always, is to practice safe internet: Do not download unknown apps from Android stores, make sure they have up-to-date antivirus software installed and keep an eye on their processor usage because cryptocurrency miners trigger high usage.

The post BlackBerry #Mobile site the #latest #target of #cryptocurrency mining #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers and a #Shrinking #Talent #Pool Top #CEO #Concerns for #2018

Source: National Cyber Security – Produced By Gregory Evans

Corporate leaders see cybersecurity threats, disruptive technologies and stiffer competition for talent as some of their most pressing issues in the new year, according to interviews with nearly a dozen CEOs.

“I don’t think there’s any such thing as an easy year for CEOs anymore,” said Jim M. Loree, who just finished his first full year in the highest job at Stanley Black & Decker Inc.

The growing pressures coincide with a massive changing of the guard in the corner office, creating one of the largest legions of new leaders in years to tackle those tough tasks.

Last year, 919 chief executives resigned, retired or got fired at publicly traded North American companies, the highest number in at least a decade, according to Liberum Research.

The feverish pace of turnover claimed some of the biggest names in corporate America, including the leaders of Equifax Inc., General Electric Co., Ford Motor Co., Caterpillar Inc., Arconic Inc., Macy’s Inc. and Mondelez International Inc. And on Dec. 31, Papa John’s International Inc. founder John Schnatter stepped down as CEO.

Under increased investor pressure, directors are making unprecedented demands of their chiefs, some leadership specialists say. “The expectations that boards have of CEOs is that they can do everything,” said Hugh Shields, co-founder and principal at Shields Meneley Partners LLC, a career-transition and leadership-coaching firm for senior executives. “In some cases, they are looking for a unicorn.”

The threat of data breaches poses a critical risk, according to Mr. Loree and several other chief executives.

“These bad actors keep getting smarter and more aggressive,” Mr. Loree said. “It’s an ongoing war.”

Stanley Black & Decker, which makes power and hand tools, recruited Mark Maybury as its first chief technology officer in November. He is a cybersecurity specialist with a doctoral degree in artificial intelligence. Dr. Maybury’s duties include overseeing cybersecurity, Mr. Loree said.

About 64% of 1,031 human-resources professionals believe data security and the threat of a cyberbreach will become a very challenging or extremely challenging issue in 2018, according to a recent survey by XpertHR, an online provider of compliance guidance.

Another challenge in the new year will be anticipating how emerging technologies open new markets or upend their industries, company leaders say. Julio Portalatin, president and CEO of Mercer Consulting, a unit of professional-services firm Marsh & McLennan Cos., said that high on his priority list is guarding against unforeseen, nimble rivals that could harness automation and artificial intelligence to poach customers in niche markets. “It’s the [rivals] I don’t know about that I’m concerned about,” he said.

To gird Mercer’s business against such attacks, Mr. Portalatin said Mercer formed a business this summer focused on helping employers use data analytics and other new technologies to recruit and manage employees and assist their workforces in adapting to a more digital economy.

New technologies are disrupting the war for top talent as well, said Mike Cannon-Brookes, co-founder and co-CEO of Atlassian Corp., which has headquarters in Sydney and San Francisco. The maker of workplace software tools no longer solely competes with other tech firms for staffers. In their quest to build highly sophisticated technology platforms, some financial-services giants now have more software engineers than bankers and traders on their payrolls, Mr. Cannon-Brookes said.

To fill more than 200 positions currently open at the 2,300-employee company, Atlassian is looking to hire people across four continents.

The imminent drop in U.S. corporate-tax rates may intensify political pressure on chief executives to expand their U.S. workforces, some business leaders say.

Polaris Industries Inc., a producer of snowmobiles, motorcycles and all-terrain vehicles, expects to hire nearly 100 engineers world-wide in 2018 and most will work in the U.S., said CEO Scott W. Wine. The company already employs nearly 900 U.S. engineers.

“With the additional money from tax reform, we can invest a bit more in our best [research] programs,” Mr. Wine said. Those engineering projects typically generate a new technology, engine or vehicle.

The Polaris chief anticipates spending about $260 million on research and development in the new year, compared with just under $240 million for 2017.

Despite widespread revelations of workplace misconduct that toppled numerous powerful executives in 2017, most CEOs don’t rank sexual harassment among their top concerns for 2018.

One exception is Anil Chakravarthy, head of software maker Informatica LLC. The recent scandals have prompted “an extensive look at our code of conduct [and] what protections we have for whistleblowers,” Mr. Chakravarthy said.

Sexual harassment “is not an issue for us today,” he added. “But I don’t want it to be.”

Write to Joann S. Lublin at joann.lublin@wsj.com and Vanessa Fuhrmans at vanessa.fuhrmans@wsj.com

Corporate leaders see cybersecurity threats, disruptive technologies and stiffer competition for talent as some of their most pressing issues in the new year, according to interviews with nearly a dozen CEOs.

“I don’t think there’s any such thing as an easy year for CEOs anymore,” said Jim M. Loree, who just finished his first full year in the highest job at Stanley Black & Decker Inc.

The growing pressures coincide with a massive changing of the guard in the corner office, creating one of the largest legions of new leaders in years to tackle those tough tasks.

Last year, 919 chief executives resigned, retired or got fired at publicly traded North American companies, the highest number in at least a decade, according to Liberum Research.

The feverish pace of turnover claimed some of the biggest names in corporate America, including the leaders of Equifax Inc., General Electric Co., Ford Motor Co., Caterpillar Inc., Arconic Inc., Macy’s Inc. and Mondelez International Inc. And on Dec. 31, Papa John’s International Inc. founder John Schnatter stepped down as CEO.

Departures of company chiefs continue in the new year. On Tuesday, Rent-A-Center Inc. said founder Mark Speese had stepped down from its top spot.

Under increased investor pressure, directors are making unprecedented demands of their chiefs, some leadership specialists say. “The expectations that boards have of CEOs is that they can do everything,” said Hugh Shields, co-founder and principal at Shields Meneley Partners LLC, a career-transition and leadership-coaching firm for senior executives. “In some cases, they are looking for a unicorn.”

The threat of data breaches poses a critical risk, according to Mr. Loree and several other chief executives.

“These bad actors keep getting smarter and more aggressive,” Mr. Loree said. “It’s an ongoing war.”

Stanley Black & Decker, which makes power and hand tools, recruited Mark Maybury as its first chief technology officer in November. He is a cybersecurity specialist with a doctoral degree in artificial intelligence. Dr. Maybury’s duties include overseeing cybersecurity, Mr. Loree said.

About 64% of 1,031 human-resources professionals believe data security and the threat of a cyberbreach will become a very challenging or extremely challenging issue in 2018, according to a recent survey by XpertHR, an online provider of compliance guidance.

Another challenge in the new year will be anticipating how emerging technologies open new markets or upend their industries, company leaders say. Julio Portalatin, president and CEO of Mercer Consulting, a unit of professional-services firm Marsh & McLennan Cos., said that high on his priority list is guarding against unforeseen, nimble rivals that could harness automation and artificial intelligence to poach customers in niche markets. “It’s the [rivals] I don’t know about that I’m concerned about,” he said.

To gird Mercer’s business against such attacks, Mr. Portalatin said Mercer formed a business this summer focused on helping employers use data analytics and other new technologies to recruit and manage employees and assist their workforces in adapting to a more digital economy.

New technologies are disrupting the war for top talent as well, said Mike Cannon-Brookes, co-founder and co-CEO of Atlassian Corp., which has headquarters in Sydney and San Francisco. The maker of workplace software tools no longer solely competes with other tech firms for staffers. In their quest to build highly sophisticated technology platforms, some financial-services giants now have more software engineers than bankers and traders on their payrolls, Mr. Cannon-Brookes said.

To fill more than 200 positions currently open at the 2,300-employee company, Atlassian is looking to hire people across four continents.

The imminent drop in U.S. corporate-tax rates may intensify political pressure on chief executives to expand their U.S. workforces, some business leaders say.

Polaris Industries Inc., a producer of snowmobiles, motorcycles and all-terrain vehicles, expects to hire nearly 100 engineers world-wide in 2018 and most will work in the U.S., said CEO Scott W. Wine. The company already employs nearly 900 U.S. engineers.

“With the additional money from tax reform, we can invest a bit more in our best [research] programs,” Mr. Wine said. Those engineering projects typically generate a new technology, engine or vehicle.

The Polaris chief anticipates spending about $260 million on research and development in the new year, compared with just under $240 million for 2017.

Despite widespread revelations of workplace misconduct that toppled numerous powerful executives in 2017, most CEOs don’t rank sexual harassment among their top concerns for 2018.

One exception is Anil Chakravarthy, head of software maker Informatica LLC. The recent scandals have prompted “an extensive look at our code of conduct [and] what protections we have for whistleblowers,” Mr. Chakravarthy said.

Sexual harassment “is not an issue for us today,” he added. “But I don’t want it to be.”

The post Hackers and a #Shrinking #Talent #Pool Top #CEO #Concerns for #2018 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures