War In Ukraine Raises Cyber Threat Stakes | Healthcare’s Metaverse Future | How Walmart And Ford Are Boosting Tech Talent | And More

Plus: U.S. Fiber Production Is One Bright Spot In Sobering Supply Chain Report

Hi there and welcome to the latest edition of the Forbes CIO newsletter.

In the run up to Russia’s invasion of Ukraine, some Ukrainian banks and the country’s Ministry of Defense and Armed Forces were hit by distributed denial-of-service attacks that involved flooding websites and servers with web traffic to knock them offline. The incidents didn’t cause lasting damage, but they were taken as a signal that Russia, which has a track record of causing cyber chaos in Ukraine, won’t hesitate to do so again.

The question facing tech leaders now is how to prepare for a scenario in which Russian-inspired hacking activity spreads more widely. Already one shadowy hacking group called Conti has publicly sided with Russia and pledged to strike back if entities in Moscow are the target of cyberattacks from abroad. And the stakes have risen with targets in Ukraine being hit with wiper malware. This masquerades as ransomware, but rather than encrypting files it destroys things such as system master boot records.

“Everyone’s on high alert right now because Russia has an incredible cyber capability,” Charles Carmakal, the CTO of cybersecurity firm Mandiant, told me in a recent interview. He says that although Mandiant hasn’t seen anything disruptive or destructive spreading out from the conflict in Ukraine so far, he’s advising companies to prepare for a scenario in which that changes by having ethical hacking teams test digital defenses for vulnerabilities using well-known Russian attack methods and by running desktop crisis-management exercises.

Dawn Cappelli, who recently retired as the chief information security officer (CISO) of $31 billion-market-cap Rockwell Automation, says tech leaders in critical infrastructure industries such as energy and manufacturing should revisit the state of their security around things such as systems that control key safety processes as a priority. There have been a number of cases in the past, such as the use of Triton malware, in which the origin of rogue code targeting key industrial systems has been traced back to Russia.

Cappelli also recommends CIOs and CISOs look even more closely at the state of cyber defenses at their hardware and software suppliers. It’s a timely reminder given the recent experience of Toyota, which decided to shut down its factories in Japan for a day earlier this week after one of its auto parts vendors discovered it had been hit with a computer virus.

All of these recommendations make sense, but it’s also important to bear in mind that security teams are only just recovering from the emergency triggered at the end of last year by the discovery of the Log4j vulnerability in widely used open source software. Johannes Ullrich of the SANS Institute, which conducts cybersecurity research and training, warns that too much prepping now could leave teams with less energy to tackle new crises if they materialize. Says Ullrich: “Exhausting your people with busywork will hurt you later more than it helps.”

Thanks for reading, and do let me know if you have any suggestions for themes to cover in future issues. You can contact me on Twitter here and LinkedIn here.

Technology & Innovation

Will web apps put traditional ones in the shade? That’s a question I’m hearing more and more often in the CIO community. The answer isn’t a resounding yes—at least not yet. Web apps certainly have a bunch of advantages, including their relatively low cost and versatility. But as this post notes, they’re typically reliant on an internet connection to the underlying APIs that make them work. That dependency can make it harder to craft apps that deliver truly unique experiences to users.

High-end chips are coming in smarter packages: In his State of the Union address this week, President Biden underlined his desire to boost chip manufacturing in the U.S. Intel and AMD will be key to such efforts and to more silicon innovation, including advanced packaging methods that are helping to create semiconductors with more energy-efficient processing power.

Leadership & Strategy

How to analyze data analytics projects to maximize return on investment: Many data projects still fail to deliver an acceptable ROI, so how can tech leaders get better at selecting ones that will? These five steps, which include sharpening feasibility assessments and thinking about initiatives from a portfolio perspective, will help you get more projects over their required hurdle rates.

The invasion of Ukraine could trigger greater levels of corporate activism: Plenty of businesses are already responding to the crisis, from energy giant BP, which is offloading its 20% stake in Russian energy firm Rosneft, to Verizon and other telcos who have waived call fees to and from Ukraine. More leadership from the boardroom down will be needed as the conflict progresses, including from CIOs and other tech leaders who are part of top management teams.

Talent & Careers

A weakness in your hiring strategy might be a failure to focus on strengths: One of the biggest frustrations of job seekers in a tight labor market—especially in IT—is that they’re turned down for jobs because they lack suitable experience. That can reflect an over-reliance on what’s known as a “competency-based approach” to hiring. This post argues executives should pursue a “strengths-based approach” instead to recruit team members they so badly need.

To boost recruiting, one company is giving workers an immediate vacation: My Forbes colleague Jena McGregor writes here that businesses are coming up with ever more creative ways to tempt workers to join them, including a twist on the sign-on bonus. Business software company SevenRooms is giving new employees their first two weeks as vacation while offering them pay and benefits.

"Employees could be adding much more value…if they had the time. Why not allow them to self-automate and identify those tasks they wish they did not have to do in the first place."

Dean Del Vecchio

CIO And Chief Of Operations, Guardian Life

Across Forbes

• Biden And Allies Are Coming For Russian Billionaires’ Yachts: Forbes Tracked Down 32. Here’s Where To Find Them


• Meet The Startup Behind The Robot ‘Dogs” Set To Patrol The Southern Border


• How The Crypto Couple Went From Wannabe Tech Luminaries To Targets In The Biggest Financial Seizure In Justice Department History