Former FBI CIO’s Log4j Crisis Lessons | The Top 100 Brands Consumers Love | How Freshworks’ CIO Helped It To IPO | And More

Plus: Meet The Billionaire Robot Overlord Reinventing Amazon's Warehouses

Hi there, and welcome to this week’s newsletter, which is our last before the holiday season begins.

Plenty of CIOs and security teams have had a nightmare just before Christmas this year. The discovery of a vulnerability in an open source logging application known as Log4j has forced pretty much every business using the internet to check its systems to determine if they are at risk of attack by hackers exploiting the security hole. Jen Easterly, the director of the U.S. Cybersecurity & Infrastructure Security Agency (CISA), said the flaw is the most serious she’s seen in her decades-long career.

That’s quite a statement given that barely a year ago a cybersecurity crisis involving SolarWinds, whose monitoring software is used by over 18,000 organizations around the world, was described by a top Microsoft executive as “the largest and most sophisticated attack the world has ever seen.” Plenty of lessons emerged from that episode—and I interviewed SolarWinds’ CEO here a little while ago about some of the most important ones.

It’s still early days with the Log4j vulnerability, but in a timely post Forbes CIO Network Contributor Gordon Bitko, who’s a former CIO of the FBI, shared his views on some of the key takeaways for tech leaders and policymakers from this latest security crisis. One of them is that executives simply cannot afford to be complacent about cyber threats. Nor can they afford to neglect basic cybersecurity hygiene, including steps such as regularly updating software to ensure that flaws are fixed and making frequent backups of commercially sensitive data.

Bitko thinks Log4j will also lead more CIOs to embrace “zero trust” security policies, which impose extremely tight controls on who can access and extract data within an organization. Adopting this approach can be complex and time-consuming, but Bitko says the Log4j crisis is a stark reminder of why businesses need to do much more to protect their data crown jewels.

And it’s not just companies that are at risk. Plenty of other organizations are vulnerable too, including government agencies. Mark Weatherford, another Forbes CIO Network Contributor and a former deputy undersecretary for cybersecurity at the U.S. Department of Homeland Security, reported here that agencies are being urged by the White House to speed up their response times to attacks. (Public service announcement: CISA has released an open source scanner tool here to help companies and agencies find Log4j instances in their systems.)

Thanks for reading—and I’d like to wish you and yours all the very best for the holiday season and for the coming year! Special thoughts and thanks go to the cybersecurity staffers who’ll be working hard to keep us as safe as possible over the vacation period. And as always, do let me know if you have any suggestions for themes to cover in future issues. You can contact me on Twitter here and LinkedIn here.

Technology & Innovation

Expanding the healthcare cloud: Oracle is determined to compete more aggressively with other cloud providers for healthcare business. Its $28 billion purchase of Cerner could turn out to be a landmark moment in the evolution of digital healthcare. The deal will give Oracle’s cloud business access to Cerner’s technology, which speeds up access to data and reduces the time needed for clinical trials.

How to turbocharge AI: When I worked at a VC firm, one of my former partners coined the phrase the “digital dialectic.” This referred to the fact that as software becomes more sophisticated, it requires more advanced hardware to run on. Innovation in hardware then spurs developers to create even more advanced code that pushes the hardware’s limits, which in turn inspires more hardware innovation. And so the dialectic rolls on. But this post argues that when it comes to AI, simultaneous co-development will be needed to realize its full potential.

Leadership & Strategy

What makes a great green strategy? The answer might not be loads of public pronouncements about good intentions and goal-setting around sustainability initiatives, as this thought-provoking comparison of the environmental approaches of Walmart and Costco shows.

A new, CIO-driven secret to sustainable growth: As CIOs, you’re very familiar with applying the principle of continuous process improvement to your own part of your business. There’s now a great way to show you can help accelerate revenue growth by working closely with CMOs and sales leaders to apply the same principle to sales enablement, advanced analytics and digital selling activities.

Talent & Careers

Omicron puts the brakes on return-to-office plans: The rapid spread of the highly infectious omicron Covid variant is forcing more and more companies to put return-to-office plans on hold. That means tech leaders will need to recalibrate their plans in order to support a longer than expected period of mass remote work.

How to get better at goal-setting: Executives are constantly setting goals for themselves. But are the ones you are picking sensible stretch targets, or are you under or overshooting? Here are some helpful suggestions to helo guide you as you set your goals for the year that’s just around the corner.

"The Street expects a greater degree of control and governance. We were already on that path."

Prasad Ramakrishnan

CIO, Freshworks

Across Forbes

• Airbnb’s $10 Billion Engineer Is Tackling The Lodging Giant’s Toughest Projects


• One Of The World’s Most Luxurious Hotel Brands Is Launching A Super Yacht


• Indian Pharmaceutical Companies Are Ready To Bring Covid Antivirals To The World