Strategic Cargo Thefts Up 430% in Q3
2023 Third Quarter Supply Chain Risk Trends Analysis
CargoNet® has recorded 692 events across the United States and Canada in the third quarter of 2023, a 59% increase when compared to the third quarter of 2022. Like in the second quarter of 2023, much of the increase is due to ongoing shipment misdirection attacks, a kind of strategic cargo theft in which actors use stolen motor carrier and logistics broker identities to obtain freight and misdirect it from the intended receiver so they could steal it. In total, thieves stole over $31.1 million in shipments in the third quarter of 2023.

In the third quarter of 2023, reported thefts increased in every event category. Documented strategic cargo theft events increased 430% year-over-year and theft of a loaded conveyance such as a full trailer increased 4% year-over-year. These kinds of thefts were most common in California, Texas, Florida, Georgia, and Illinois. CargoNet also recorded a significant increase in the "other" category, which combines several categories of reports like identity theft complaints, hostage loads, late shipment complaints, and other kinds of criminal intelligence records. now.eloqua.com


Tampa police to hold town hall amid rising crime concerns

Assessing New Hampshire's gun laws after mass shooting in Maine

Training Calif. Employees on Workplace Violence Prevention Plans-No Small Task
Employers in California have until July 1, 2024, to prepare and train employees on workplace violence prevention plans. Given all that must be done, that date is closer than it sounds. Of all the bills enacted in the state this year, SB 553, which mandated the plans and training, may be the most challenging for employers to meet.

Meeting the July 1 deadline "is not going to be an easy undertaking for employers," said Robert Rodriguez, an attorney with Ogletree Deakins in Sacramento, Calif. "It will likely require the involvement of many internal stakeholders."

"California was the first state in the nation to pass a workplace violence law of this nature," said Marisa Randazzo, executive director of threat management with Ontic, which provides security software and expertise, and is headquartered in Austin, Texas. She predicted that other states will follow California's lead. shrm.org


2.8M Workplace Injuries & Illnesses Last Year
Workplace Injuries and Illness Up 7.5% in 2022

"We have the tools and technology to make our jobs safer," says Peter Dooley, of National Council for Occupational Safety and Health.

On November 8, the U.S. Bureau of Labor Statistics said that private industry employers reported 2.8 million nonfatal workplace injuries and illnesses in 2022, up 7.5% from 2021. This increase is driven by the rise in both injuries, up 4.5% to 2.3 million cases, and illnesses up 26.1% to 460,700 cases.

The main component of illnesses come from respiratory illness cases, up 35.4% to 365,000 cases in 2022. This comes after a decrease in respiratory illnesses in 2021 compared to 2020.

Regarding statistics for 2022, the total recordable cases (TRC) incidence rate in private industry in 2022 was 2.7 cases per 100 FTE workers. In 2022, the rate of injury cases was 2.3 cases per 100 FTE workers, unchanged from 2021.

The illness rate increased in 2022, with private industry employers reporting a rate of 45.2 cases per 10,000 FTE workers compared to 37.7 cases in 2021. The increase was driven by a rise in the respiratory illness rate, which rose from 27.8 cases per 10,000 FTE workers in 2021 to 35.8 cases in 2022.

Looking at specific industries, transportation and material moving occupations experienced the highest number of DART cases among major occupation groups with 835,040 total injuries and illnesses over the 2021-2022 period. These cases occurred at an annualized incidence rate of 410.0 cases per 10,000 FTE. Among these total DART cases, 503,610 cases (60.3%) required at least one day away from work, and 331,430 cases (39.7%) resulted in one or more days of job transfer or restriction.

Do the Numbers Tell the Full Story? - Injuries Can Be Avoided: ehstoday.com


Any New Surveillance Tech Must Be Vetted in SF
Red Tape Over Tech Could Delay Key S.F. Crime-Fighting Tool
San Francisco officials, long beset by relentless car break-ins and theft at downtown department stores, are seeking to install 400 license plate readers on streets to catch perpetrators.

But the plan - funded by a state grant to combat organized retail theft - could be tied up for months, grinding through an approval process. Under an ordinance passed in 2019, every new surveillance technology in San Francisco requires a unique use policy and must be vetted at meetings of a subcommittee and the full Committee on Information Technology before going to the Board of Supervisors. Even changes to the back-end functioning of surveillance equipment can trigger this process.

Still, as pressure mounts on police and politicians to crack down on property crime, criticism of license plate readers seems to have softened. Mayor London Breed and others worry that multiple hearings - combined with a holiday break - will push implementation of the devices into next year, becoming another example of red tape constricting any movement in San Francisco.

The legislation that Breed favors asks for technical adjustments that would enable the city to use about $4 million it received to place 400 license plate readers at 100 intersections - part of a $17.3 million grant that would also pay for police patrols, crime analysts and prosecutors in the district attorney's office. Hoping to expedite installation of the new readers, Breed asked the supervisors to waive a 30-day waiting period applied to any legislation that would change city policy. govtech.com


'Duty of Care' with basically unlicensed cab drivers?
Uber to Face Almost 80 Negligence Lawsuits from Passengers
A panel ruling determined that 79 lawsuits filed by women claiming that Uber has not sufficiently protected passengers from being sexually assaulted can be joined in federal court.

This batch of lawsuits only involves passengers, not drivers, who assert they were attacked in some way-ranging from groping to kidnapping to rape.

After a spate of negative media coverage in 2018 about Uber riders being sexually assaulted, Uber has published two safety reports looking into critical safety incidents between 2017 and 2020. The company has also created safety features for app users, including an in-app 911 feature and an option for riders to share their trip details with trusted contacts-plus a list of safety tips developed with law enforcement professionals.

However, the lawsuits allege that Uber has been slow or insufficient in its response to safety concerns, including allegedly failing to remove drivers who have had sexual assault violations filed against them. asisonline.com


Negligent Hiring Risk Less Than Employers Believe
Second-chance hiring advocates argue that the fear of being accused of negligent hiring-one of the main reasons given for not hiring people with criminal histories-is overblown.

A recent report by the Legal Action Center and National Workrights Institute shows that while negligent hiring liability does exist, it is far less common than people might think. And when specific roles dealing with vulnerable populations or access to homes or financial assets are removed, there is virtually no risk, the study found.

The groups examined every reported negligent hiring decision from 1974 through 2022 and found that approximately 435 trial court decisions held employers liable for negligent hiring during that time-an average of 9 cases per year.

"Almost all cases in which employers have been found liable for negligent hiring occur in a small number of jobs involving specific risks and the employer's vetting process of candidates very often was not comprehensive," said Lewis Maltby, president of National Workrights Institute in Princeton, N.J. "Employers who conduct record checks and thorough background screens that also include employment history, skills and job-relevant competencies when making hiring decisions are rarely held liable."

When including negligent hiring cases that were settled before reaching a court decision, that number increases to around 2,260 cases total (47 cases per year).  shrm.org


Walgreens to lay off 267 corporate associates after cutting 500 in May

These 8 stores are starting Black Friday early: Amazon, Walmart, more
 

Senior LP & AP Jobs Market

Associate Director of Business Operations, Global Safety & Security job posted for Wayfair in Boston, MA
The Associate Director of Business Operations will have the responsibility for day to day operations of the Global Security Operation Center (GSOC), to include intelligence, detection, and response for all types of security threats. This role will be responsible to lead and drive a team consisting of the Global Investigations program, GLOSS Strategic Initiatives, GLOSS Program Management, GLOSS Technology and Systems, GLOSS Executive Protection and GLOSS Business Operations. wayfair.com
 

Call for Presentations Now Open for the 2024 RH-ISAC Cyber Intelligence Summit

Retail & Hospitality ISAC invites industry leaders, experts, and innovators to submit proposals for presentations and panel discussions.

Vienna, VA (November 6, 2023) - The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) is now accepting speaker submissions for the 2024 RH-ISAC Cyber Intelligence Summit, taking place in Denver, Colorado from April 9 - 11. The conference focuses on cybersecurity threats facing retail, hospitality, and consumer-facing industries, and serves as the premier platform for professionals in these industries to come together and address the latest challenges and strategies.

RH-ISAC invites industry leaders, experts, and innovators to submit proposals for presentations and panel discussions that cover topics including emerging cyber threats and trends, incident response and recovery, risk management and compliance, technology innovations and solutions, regulatory updates and legal considerations, and case studies/success stories.

Interested individuals are invited to submit their speaker proposals through the online submission portal at https://rhisac.org/events/call-for-presentations. Submissions should include a brief abstract, a biography, and relevant experience. The submission deadline is January 12, 2024.

For more information about the RH-ISAC Cyber Intelligence Summit, visit https://summit.rhisac.org/. For sponsorship opportunities or general inquiries, please contact events@rhisac.org.
 

The Promise & Peril of AI in Cybersecurity
Cyber attackers and defenders are racing to up their AI game

As AI technology advances, cyber defenders are spending more on the technology to defend against malicious actors who currently hold an asymmetric advantage in deploying new AI-generated threats.

Artificial intelligence's power and fast evolution are rapidly altering the cybersecurity landscape in ways that pose opportunities and challenges to cybersecurity defenders. As popular AI tools such as ChatGPT and, more recently, even more robust generative AI systems become mainstays of the digital ecosystem, cybersecurity professionals will increasingly deal with new threats while also turning to AI technologies to identify and ward off those threats.

Security company Axonius released today a survey on the state of IT and security teams, revealing, among other things, how AI is rising to the top of cybersecurity agendas to realize the promise and tackle the peril of the AI era. Axonius surveyed IT and security decision-makers at 950 companies with 500 or more employees in the United States, United Kingdom, and Australia.

The survey found that three-quarters (76%) of those surveyed said their organizations are spending more on AI or machine learning compared to 12 months ago, and over four in five (85%) respondents said they were interested in applying AI in their organization's IT and security operations in the coming year. Axonius also found that nearly two in five (39%) IT and security decision-makers whose organizations have reduced their IT or security headcounts in the last 12 months say their organizations have adopted AI-based tools to streamline tasks to keep pace with workload in light of reduced headcounts.

These findings go together with another survey finding: Nearly three-quarters (72%) of IT and security decision-makers reported are concerned about the potential adverse effects of generative AI on their organization's cybersecurity.

As the survey illustrates, cyber defenders will increasingly use AI technology to defend against AI threats while simultaneously coping with threat actors continuously up their game using AI-powered malware and intrusion tools. "If this technology is allowing an attacker to do something a lot faster or a lot cheaper, then that means that defenders also have to think about how can we do something faster and cheaper and effectively do more of it with the resources we have," Daniel Trauner, senior director of security at Axonius, tells CSO. csoonline.com


AI Fueling the Hottest New C-Suite Role
Chief AI officer: What it takes to land the C-suite's hottest new job

The CAIO role is fast becoming a new fixture in the C-suite, responsible for setting the AI agenda.

As countless organizations race to investigate or adopt artificial intelligence technologies, many are building out an AI skilled workforce. That includes the decision to appoint or hire a chief artificial intelligence officer (CAIO).

Indeed, new research from Foundry finds that 11% of midsize to large organizations have already designated such an individual in the role, and another 21% of organizations are actively seeking one.

The ideal individual to assume this role should have much more than top technology and AI skills, says Colin Reeves, principal data and AI recruiter at ConSol Partners in Los Angeles. They should be a champion for smart AI adoption, and be able to recognize and balance AI benefits with risks. They should be able to work collaboratively with many departments in developing AI strategy and vision, and they should be able to design and target relevant business use cases, assess project outcomes, and measure ROI in each case.

Clear expectations are emerging on the top experiences, skills, and traits that a CAIO candidate should bring to the job, Reeves says. Assuming the candidate passes muster on those counts, the individual can expect very positive short- and long-term impacts on their careers by taking up this emerging IT leadership role, he says. cio.com


Ransomware Readiness Assessments: One Size Doesn't Fit All
The impact and severity of a ransomware attack can vary depending on the attacker's objectives, the organization's security posture, and other factors. Therefore, a comprehensive response plan must be tailored to the specific circumstances of different types of impacts from an attack.

Preparing for different scenarios requires a thorough ransomware readiness assessment to better understand the current maturity of response and to develop or improve an incident-response plan that considers each potential scenario's unique characteristics. There is definitely value in identifying and resolving what keeps the business up at night and hyperfocusing on that in the assessment's first pass.

To prepare for the various scenarios that can arise during a ransomware attack, you can hold workshops on topics such as emergency implementation of containment measures, backup tooling and configurations, critical application assessment, Active Directory and network architecture, coordination processes, and surge resourcing. darkreading.com

 
Treasury Markets Disrupted by ICBC Ransomware Attack

Cyber ops linked to Israel-Hamas conflict largely improvised, researchers say