Connect with us


Comcast Fails to Gain Broadband Subscribers for First Time




A ‘Dirty’ Job That Few Want: Mining Companies Struggle to Hire for the Energy Transition



Lily Dickson was hurrying across the University of Leeds campus when a student campaigner handed her a flier that called for a ban on campus recruiting by mining and oil-and-gas companies.

The 24-year old doctoral student in geology was taken aback. She had recently returned from a trip to Finland, having worked with Vancouver-based miner


Mawson Gold,


exploring new places to mine cobalt in Europe.

The ban wasn’t an empty threat or an isolated incident. Last year, four U.K. universities—but not Leeds—banned mining firms from recruiting on campus and attending careers fairs, part of a broader trend of college graduates and young workers turning their backs on extractive industries that they fear harm the planet. 

Companies that mine copper, lithium and other metals—viewed as a critical part of the supply chain to produce green energy—say they are struggling to find enough young workers to support the transition. Most mining companies in the U.S., Australia and Europe say their expansion and growth plans could come under pressure if current hiring trends continue, especially for high-skilled roles such as engineers, exploration geologists and data analysts.

“Changing societal expectations place pressure on our brand as an employer, and require us to become better at communicating who we are and what we stand for,” said Rio Tinto in its latest annual report. 

Despite their part in the energy transition, mining companies face a perception of being in a “dirty” industry thanks to a legacy of mining disasters and accusations of worker exploitation and sexual assault. It is among the worst ranked professions for young people to enter: A global survey by consulting firm McKinsey found 70% of its 15- to 30-year-old respondents said that they definitely wouldn’t or probably wouldn’t work in mining.

In the U.S., the number of 2020 geology and earth-sciences graduates was nearly 25% less than in 2015, according to the U.S. National Center for Education Statistics. During that period, the total number of students graduating overall increased 8%. 

Lily Dickson in front of a mine in South Africa. She was one of eight women in her 25-person mining geology master’s course last year.


Lily Dickson

Canada and Australia, countries where mining is a significant economic contributor, also saw student enrollment to related courses drop. In Australia, the total number of mining graduates fell 63% in 2020 from 2014, according to McKinsey. Canada’s mining and mineral-engineering enrollment was down 10% in 2020 compared with 2016, according to Canada’s Mining Industry Human Resources Council.  

The declines are raising concerns of a future knowledge gap that could affect extraction as companies are having to mine deposits with lower density of metals.  

“People have left before, but now we don’t have the talent pipeline coming in, and we are also losing experience through retirees,” said Alex Gorman, mining research analyst at Peel Hunt.

More than half the mine workers in the U.S. are aged 45 years or older, according to Rohitesh Dhawan, chief executive of industry group, International Council on Mining and Metals. “The people we have in the industry now are typically older and closer to retirement,” he said, adding that the recruiting challenges means the industry is “being squeezed on both sides.”

According to a McKinsey survey, 86% of industry leaders found recruiting and retaining the talent they needed harder. And, nearly three-quarters of those executives said the talent shortage is holding them back from delivering on production targets and strategic objectives. Rio Tinto has warned the shortfall could mean business delays or underperformance. 

In the U.S., the job vacancy rate for mining and logging was 5.1% in March, up from 3.6% five years ago, according to Bureau of Labor Statistics data. Canada’s mining job vacancy rates have been trending upward since 2015 to a peak last summer of around 4% in mining and quarrying jobs and slightly over 6% for mining support activities. Likewise, in Australia, mining vacancies rose to 10,600 jobs in February, up from 2,500 in May 2016, the lowest level since 2009, according to the Australian Bureau of Statistics. 

The sector also struggles to attract women. Mining is among the few industries that continue to be male dominated and has a reputation as being unsafe for women. Rio Tinto found 28% of women working in mining experienced sexual harassment while 21 women reported cases of actual or attempted rape or sexual assault in the past five years, according to a 2022 report based on its survey of 10,000 employees.

Alex Gorman core logging in Botswana. “It can be intimidating being the only woman in the room,” she said.


Alex Gorman

“It can be intimidating being the only woman in the room,” said mining analyst Gorman, who also worked in copper mining projects in Botswana earlier in her career. “It’s hard to have a family and be a geologist on site,” she said. 

An EY study last year found that women made up 12% of the global mining and metals workforce, a gender imbalance second only to the construction sector. The lack of women in leadership positions also is proving to be a hurdle when it comes to attracting a younger, diverse workforce. 


What message should mining companies deliver to young workers to attract them to the industry? Join the conversation below.

Mining companies also face accusations of exploitation of local workforces. 

“There is normally not enough responsibility taken, especially with regard to sub-Saharan Africa in terms of exploitation of countries,” said Haydon Mort, CEO of Geologize Ltd., a communications firm that helps mining companies with their public image. 

The current recruitment challenge is built upon the perception that mining companies didn’t take ownership of previous disasters and accusations of exploitation of local workforces are contributing to the bad reputation, experts say. 

Companies are taking steps to counter the perception and hiring challenges. Miners are expanding their recruiting to include business and data-science majors. They also are hiring closer to mining locations where potential recruits are more familiar with the companies. 

Rio Tinto saw a 30% uptick in the number of enrollments into its graduate-trainee program globally last year. “This was our biggest cohort to date with 265 graduate roles,” a spokesman for the company said, adding that it was hoping to recruit 300 college graduates this year. 


expects to hire 3,500 people through a new program recruiting apprentices and trainees rather than just college graduates.

Job-focused nonprofits also are jumping into the fray, eager to help build a talent pipeline for what they see as a fast-growing industry.

Women in Mining U.K., a nonprofit group, is working with schools to introduce more courses related to environmental and geological sciences into the U.K. curriculum, especially for those aged between 8 and 13. “Everyone learns a bit of geology when they learn about volcanoes and this can be complimented further,” said Stacy Hope, managing director of the group.

Workers prepare to be lowered down a shaft at the Vale Copper Cliff mine in Ontario, Canada.


Cole Burston/Bloomberg News

Hope also is aiming to introduce internships and scholarships to build a career path for young women interested in the field. She hopes that younger workers will help mining companies evolve, taking on more social responsibility and improving their mining practices.

Recruiting closer to the mines worked for Codelco, the state-owned copper mining company in Chile. In a recent survey, Codelco was the company that Chilean college graduates most wanted to work for, despite the recent disciplinary action from the environmental regulator. Other companies in the top 10 included Nestlé and


according to Merco, a rankings agency.  

Egyptian gold miner


is also hiring more local labor than expatriates from Europe and Australia. Recruiting workers from within Africa keeps them relatively local and brings people with relevant knowledge from places such as Congo, Ghana and Zimbabwe that have more recent experience of mining compared with places like Europe, said

Martin Horgan,

CEO of Centamin.

Mort of Geologize said social-media apps such as Instagram are also a good tool to reach young people, but notes that the industry also needs to take ownership of previous issues such as environmental degradation. 

“You need authenticity,” he said. “Be transparent about the environmental impact and community of what you are doing.”

However, not everyone agrees that mining is essential to the energy transition.

“A certain amount of mining is necessary but the current profit-driven industry is responsible for wide-scale environmental and ecological devastation as well as countless acts of human rights abuses,” said Jamie Kelsey Fry, a spokesman for U.K.-based environmental pressure group Extinction Rebellion. 

Dickson was one of eight women in her 25-strong mining geology master’s course last year. Most of her classmates have taken up jobs in the industry. She is continuing her studies, but she does plan to work in the industry eventually. 

For Dickson, mining offers the chance to travel, work outdoors and research into sustainability, along with feeding her fascination with how the world works. “As soon as you realize mining is essential, the most important thing is to get involved,” said Dickson. “It’s exciting—working on things like a European source of cobalt, that’s something which could actually be beneficial to society.”

Write to Yusuf Khan at yusuf.khan@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Continue Reading


Young Cyber Companies Face Uncertain Economy



Newer cybersecurity companies are grappling with uncertain economic conditions as they find it harder to raise capital, continue to trim their workforces and refocus on profits after long periods of chasing growth.

Fed by a glut of venture-capital investment, many private cybersecurity providers hired widely and expanded their operations significantly in recent years. Some have had to change direction quickly this year, as global economies soured and interest rates rose sharply. Staff numbers have often been the first casualty.


“Companies that ramped up too fast last year are the ones who are laying off,” said Ravi Srinivasan, chief executive of cybersecurity company Votiro, which was started in 2012 and hasn’t laid off staff. 

Although cybersecurity departments at companies across sectors have largely been spared the mass layoffs experienced by other areas, some companies that provide cybersecurity products or services have cut head counts in the face of economic uncertainty.

Thousands of staff have been laid off from security providers in recent months, often in sales and marketing roles, but also in areas such as engineering. Recently, cybersecurity vendor Bishop Fox laid off 13% of its workforce after the annual RSA Conference held in late April.

“We proactively made these changes in response to the global economic situation and opportunities we identified to make our business more efficient. While demand for our solutions remains solid and our business is stable, we can’t ignore the market uncertainty and investment trends in this very different global economy,” said Chief Executive Vinnie Liu.

Venture-capital funds also are more selective now in where they deploy their capital, said John Masserini, a senior research analyst at consulting company TAG Cyber.

“They’re tapping the brakes,” he said. 

VC funding for cybersecurity companies was $2.9 billion in the first quarter of 2023, compared with $5.3 billion during the same period last year, according to cyber recruiting company Pinpoint Search Group.

Chief information security officers, under pressure to justify their own budgets, are changing purchasing strategies. Younger companies without established relationships with security chiefs, or track records with potential customers, may find it harder to win business in the future as a result. John Visneski, CISO at


MGM Studios, said he is now considering how vendor products will work with technology he has already deployed, rather than simply buying the most capable product for each area and working out integration later. 

Mr. Visneski said that as a result, he is probably “less likely” to take a chance on an early-stage vendor today than he may have been a few years ago.

Benjamin Fabre, chief executive of fraud-prevention company DataDome, said he has faced challenges to contract renewals from customers’ chief financial officers, who now review budgets with more intense scrutiny.

Young cyber companies are still able to access funding, but years of outsize rounds and focus on growth at all costs are starting to be corrected, analysts say. Some companies are finding that to raise the funds they need, they must accept lower valuations than they might have in the past. 

Cybereason, a Boston-based security company, raised $100 million in Series G financing in early April, led by


Regulatory filings show that shares were sold at a discount of more than 90% to Cybereason’s previous round in mid-2021, in which it was valued at approximately $3.1 billion. 

The company’s chief executive, Lior Div, was replaced by SoftBank executive Eric Gan, with Mr. Div taking on an advisory role. Cybereason didn’t respond to a request for comment.

The overall size of the market also makes it difficult for newer companies to gain a foothold, analysts say. Mr. Masserini of TAG Cyber said his team tracks around 4,800 cybersecurity vendors, and in each segment such as email security, endpoint protection and firewalls, dozens of tech providers compete.


“It’s overly saturated,” he said. 

Write to James Rundle at james.rundle@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Continue Reading


Lachlan Murdoch Drops Defamation Lawsuit Against Australian Publisher



SYDNEY—Fox Corp. Executive Chairman and Chief Executive Lachlan Murdoch ended a defamation lawsuit against an Australian media firm, just days after his company settled a separate high-profile dispute with Dominion Voting Systems in the U.S.

Mr. Murdoch launched legal proceedings against Private Media Pty Ltd. in August, alleging that he was defamed around two months earlier by an opinion article that ran on Crikey, an online news site owned by Private Media, because it linked his family to the Jan. 6 Capitol riots in the U.S. The article, written by Crikey’s political editor Bernard Keane about the congressional investigation into the riots, ran under the headline, “Trump is a confirmed unhinged traitor. And Murdoch is his unindicted co-conspirator.”

Private Media rejected the claim that the article had defamed Mr. Murdoch and the case was due to go to trial in federal court in Sydney in October. In its defense, lodged with the court last year, Private Media said the references to the Murdoch family were “self-evidently hyperbolic” and that it used creative license to pick up on a U.S. grand jury’s naming of then-President Richard Nixon in 1974 as an unindicted co-conspirator in the Watergate scandal.

“No one would read the words literally as suggesting that the Murdochs were guilty of criminal conspiracy or treason under U.S. law,” the defense filing said.

On Friday, Mr. Murdoch’s attorney, John Churchill, filed a notice with the federal court stating that the Fox chief executive was discontinuing the proceedings.

In a statement, Mr. Churchill said Mr. Murdoch was confident that he would have won the case at trial.

“However, he does not wish to further enable Crikey’s use of the court to litigate a case from another jurisdiction that has already been settled and facilitate a marketing campaign designed to attract subscribers and boost their profits,” he said, in an apparent reference to the Fox-Dominion settlement.

Crikey, in a statement on its website, called the decision a victory for public interest journalism and said it stood by the original article.

Copyright ©2023 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Continue Reading


How Nikki Haley Went From Friend to Foe of Government Aid for Boeing



NORTH CHARLESTON, S.C.—Nikki Haley frequently questions the use of public money to help corporations as she campaigns for the Republican presidential nomination, but her tone was significantly different when it came to interests in South Carolina.

As a state legislator and candidate for governor, Ms. Haley supported a 2009 economic development package for Boeing Co. valued at as much as $900 million that helped land the company’s 787 Dreamliner production facility in this city. A few years later, as governor, she signed into law an additional $120 million for the aerospace company as part of an expansion.

After accepting a seat on Boeing’s board of directors following her time in the Trump administration, she became an opponent of the company’s potential request for government assistance as the possibility of her 2024 presidential bid loomed, abruptly quitting the board and publicly criticizing the idea of government aid.

It isn’t unusual for conservative politicians, whether governors trying to lure companies to their states or members of Congress looking to secure funding for special projects back home, to confront tensions between their support for limited government and parochial interests.

Still, as voters examine the emerging GOP field, Ms. Haley’s record on Boeing has led some to portray the former governor and United Nations ambassador as someone prone to reversals and tied to the corporate establishment.

Taylor Budowich, who leads a political-action committee backing former President Donald Trump’s bid to return to the White House, said in a statement after Ms. Haley entered the race that she resigned her U.N. post to “go rake in money on corporate boards” and that she is a “career politician whose only fulfilled commitment is to herself.”

Copyright ©2023 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Continue Reading


Companies Face Another Packed Year of Sustainability Shareholder Votes



U.S. companies are facing fewer shareholder proposals on social issues this year but more calls for climate action. Anti-ESG ones are increasing, too.

For annual general meetings taking place in the first six months of the year, shareholders across all U.S. publicly traded companies filed a total of 538 proposals related to environmental, social and sustainability governance issues, according to the Sustainable Investments Institute, a Washington-based nonprofit that tracks such votes. Last year, there were 577 filings over the same period.  


Proposals focused on social issues were again the most popular this year, mentioned in 338 of the filings, down more than 9% from 373 last year. Environmental issues were at the heart of 162 proposals, up slightly from 2022’s comparable tally of 155. Included in the grand total were 48 so-called anti-ESG proposals focused on the risk of ESG-promoting policies, up from 27 in the same period last year. 

Historically proposals sought more transparency, better disclosure or asked for companies to set goals, said Peter Reali, managing director and member of the sustainable investments team at fund manager Nuveen LLC. Now, many are calling for a change in behavior or impact, he said.

While the votes on proposals aren’t binding, they can create pressure for companies to change, to take a position on hot-button issues and can also express a lack of investor confidence in board members. However, Heidi Welsh, director of the Sustainable Investments Institute, cautioned that “it’s far too soon to draw any conclusions about support levels since we only have seen about half a dozen votes.” 

There are 298 proposals for companies to take more action on social issues, slightly down from 332 in 2022. Again this year, around a third of those concerned politics, including requests to set up board oversight or to report on a company’s lobbying, election spending or trade associations. Last year, politically-focused proposals won an average of 32% support, with only five—including at Twitter Inc.,

Netflix Inc.

and insurer

Travelers Companies Inc.

—achieving majority support. 

There are also 20 pay equity proposals this year, down from 33 in 2022. These typically ask companies to audit or report on gender-and-racial pay differences. Abortion has also emerged as a flashpoint with 22 reproductive health proposals this year, up from four last year.

Environmental action was the second most popular area of shareholder focus. So far, there are 160 pro-environment proposals this year, up from 154 in 2022. Most environmental proposals ask companies to adopt or report on Paris-aligned climate targets, while a smaller number ask investors, insurers and banks to report on, limit or cease their financing of fossil fuels. 

Shareholders voted on a record number of pro-climate proposals last year, but their support was lukewarm for more ambitious goals such as ending fossil-fuel financing. 

Support has waned slightly since 2021 when proposals calling for emission-reduction targets garnered record backing. Investors have also been more hesitant to support proposals that specifically lay out how a company should meet a climate target, said Mr. Reali: “It’s one thing to ask companies to set goals and targets, it’s another thing to tell companies how to achieve those goals and targets.” 

Evidence of the rise of the anti-ESG movement in the U.S. can also be seen. The 48 anti-ESG filings to date mostly ask companies to report on the “risks” of corporate plans for improving diversity and inclusion in and outside the company. Only five concerned the environment.

Ms. Welsh expects more anti-ESG proposals this season. However, last year, most of these types of proposals received less than 5% support, the threshold necessary to refile it again in the coming year. This year’s first anti-ESG vote—asking

Apple Inc.

to report on the “risks” of its diversity and inclusion programs—received 1.4% support.


The proposal tally will change over the AGM season, running from January to September but with most meetings happening between April and June. Some proxy statements will include new proposals. Companies will avoid votes when shareholders withdraw some current proposals, usually after they reach an agreement with the company on an issue. Last year, 273 proposals were withdrawn before they could be voted on during the AGMs in the first half of 2022. The comparable figure this year is 120, so far. 

Write to Dieter Holger at dieter.holger@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Continue Reading


Nestlé Says Less Than Half of Its Main Portfolio Is Ranked as Healthy



Nestlé SA promised it will work to boost the nutritional value of its snacks, drinks and food products, after most of its portfolio was rated as unhealthy.

Less than half of Nestlé’s main food-and-drink portfolio is considered healthy, according to the results of an international nutrient profiling system that the Swiss food company published for the first time. Nestlé started using it last year with the aim of boosting transparency about the nutritional value of its products. 

In its 2022 annual report, published Tuesday, the maker of KitKat chocolate bars and Nescafe coffee said 54% of its net sales came from products rated at the lower end of the health ratings scale. This doesn’t include pet food or other specialized products, such as vitamins, and excludes some recent acquisitions, Nestlé said.

Alongside multivitamins and bottled water, Nestlé’s brands include a range of confectionery and breakfast cereals, as well as instant-coffee and milkshake drinks, Häagen-Dazs ice cream and ready meals. The health star rating system, or HSR, ranks the nutritional profile of packaged foods on a scale from a low of half a star up to five stars for the healthiest foods. The lowest-rated products, below 1.5, are those that should be eaten only occasionally, while those from 1.5 to less than 3.5 should have their nutritional value improved and guidance given, Nestlé said.

Of Nestlé’s products by sales, 17% had an HSR of less than 1.5 and a further 18% had one below 3.5. Another 30% of the products had an HSR of above 3.5, which means the nutritional value is of a good level, Nestlé said. The remaining 35% included those that aren’t generally subject to health ratings.

To be sure, some of Nestle’s range of confectionery products are unlikely to ever qualify as healthy; however, the company has also committed to helping its consumers make healthier choices, through initiatives such as clear nutritional labeling, designing portion sizes carefully and offering recipes for use of fresh ingredients.

The HSR was formulated by the Australian government to boost transparency in food products and to encourage manufacturers to raise their nutritional value. It has been widely adopted and incorporated into companies’ own self-assessments, including by Nestlé’s rival


PLC, maker of Ben & Jerry’s ice cream and Hellmann’s mayonnaise. Unilever’s figures, published in October, showed that only 24% of its global revenue for 2021 came from products with an HSR above 3.5.

“Our focus is on improving the nutritional value of our products,” Nestlé said. “We are continuously improving the nutritional profile of our products by adding more whole grains, proteins and fibers while reducing sugars, sodium and saturated fats—without compromising taste.”

Nestlé said it would reduce sodium in many of its products, such as instant noodles and bottled sauces. It expects to complete initial reductions by the end of 2025, with a further round of reductions scheduled for 2030. 

In 2021, Nestlé came top of a ranking of major food and beverage players for its contribution to addressing malnutrition. The rankings from the Access to Nutrition Initiative rate companies on their practices and disclosure, including on ensuring healthy products and influencing consumer choices. 

Write to Joshua Kirby at joshua.kirby@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Continue Reading


European Ports Brace for Cybersecurity Regulation



European ports are preparing for a major regulatory change next year in how the hundreds of companies in their global supply chains address cybersecurity as ports have become a target for criminal hacker groups and state-sponsored attacks. 

Cybersecurity rules approved by the European Union for pharmaceuticals, transportation, energy and other critical infrastructure companies are set to take effect in 2024 and will require hundreds of firms that operate out of Europe’s big ports to use basic security measures and report hacks to cybersecurity authorities. The regulation will be the first such cybersecurity requirements for many companies that provide services to critical sectors. Violators face fines of up to 10 million euros, equivalent to roughly $10.7 million, or up to 2% of global revenue, whichever is higher. 


The war in Ukraine, rising energy prices and supply-chain disruptions during the pandemic have put port authorities on high alert for a rising number of cyberattacks. Ports in cities such Rotterdam in the Netherlands and Antwerp in Belgium, Europe’s two largest ports by cargo volume, are hubs for energy infrastructure and other critical sectors. A cyberattack three weeks before Russia invaded Ukraine in February 2022 disrupted operations at energy storage and distribution companies and a large terminal operator in Antwerp and other Belgian and Dutch ports.

Energy storage tanks at the Antwerp port.


Nathan Laine/Bloomberg News

For port authorities that ensure cargo moves safely through harbors, the coming rules could simplify their jobs because it can be difficult to nudge port-based companies, such as storage providers for oil and goods, terminal operators or logistics firms, to voluntarily adopt cybersecurity protections, said Athanasios Drougkas, a security expert at Enisa, the European cybersecurity agency. “It will make their lives easier,” he said.

The rules will apply to critical infrastructure operators and companies in their supply chains, including technology service providers. A growing number of cyber threats have targeted critical infrastructure companies during the war in Ukraine, highlighting the vulnerability of supply chains. “We felt that there was a bull’s-eye on the company,” said Yannick Herrebaut, chief information security officer at Belgium’s Port of Antwerp-Bruges NV, referring to the port authority. 

Companies based at the Port of Antwerp-Bruges were hit with ransomware in February 2022 at the same time that cyberattacks disrupted German energy storage companies and firms at Dutch ports. The victims suspended some operations and tankers crowded outside the port of Antwerp-Bruges waiting to unload.

“It’s getting more and more important that you need to have control over this supply chain,” he said.

Over time, the coming European cybersecurity law for critical infrastructure will likely have a similar effect as the European Union’s broad privacy rules known as the General Data Protection Regulation, said Deepak Mehta, an ecosystem developer at the Maritime Campus Antwerp, which works on technology innovation with maritime companies including ports and shipowners. 

A prior version of the coming EU cyber law mandated fewer safeguards than does the finalized one and applied only to large companies in a handful of critical sectors. Starting next year, the expanded cyber rules will apply to a larger pool of companies, including many medium-size firms, and to sectors including waste management, space and technology providers that previously didn’t fall under the 2018 law. EU countries have until October 2024 to start implementing the requirements and ensuring national regulators enforce the rules.

Around five companies in the port of Rotterdam fall under the jurisdiction of the earlier law, said Marijn van Schoote, head of cybersecurity at the Port of Rotterdam. That number will jump to around 200 when the updated version is in effect, he said. 

The new law requires critical infrastructure companies to make sure they carry out cyber risk assessments, use technical protections such as encryption and measures to prevent and respond to cyberattacks, and due diligence for the cybersecurity protections that service providers have in place.  

“A lot of work has to be done in the upcoming years,” Mr. van Schoote said.

The expansion will push companies to improve cybersecurity measures they have neglected, said Rob Nijman, spokesman for FERM, a group that shares cybersecurity intelligence from government bodies among around 50 member companies at the Port of Rotterdam. “There’s of course opportunities for companies to get their stuff in order because they have to,” he said. 

The port of Rotterdam is assessing whether it could set up a security operations center modeled on a similar initiative at the port of Los Angeles, Mr. van Schoote said. His office will decide before the summer whether to go ahead. 

The Los Angeles port shares information about threats through a cyber defense center with around 20 members including companies and groups such as the port’s dockworkers. A separate security operations center at the port runs around the clock and stops about 40 million attempted cyberattacks a month, said


Gene Seroka,

the port’s executive director.

More than 200,000 companies use the Port of Los Angeles every year, with shipping lines, trucks and railways transporting cargo there. “It’s a really complex set of participants,” he said.

Write to Catherine Stupp at catherine.stupp@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Continue Reading


ChatGPT Helped Win a Hackathon



The ChatGPT AI bot has spurred speculation about how hackers might use it and similar tools to attack faster and more effectively, though the more damaging exploits so far have been in laboratories.

In its current form, the ChatGPT bot from OpenAI, an artificial-intelligence startup backed by billions of dollars from Microsoft Corp., is mainly trained to digest and generate text. For security chiefs, that means bot-written phishing emails might be more convincing than, for example, messages from a hacker whose first language isn’t English. 

Today’s ChatGPT is too unpredictable and susceptible to errors to be a reliable weapon itself, said

Dustin Childs,

head of threat awareness at Trend Micro Inc.’s Zero Day Initiative, the cybersecurity company’s software vulnerability-hunting program. “We’re years away from AI finding vulnerabilities and doing exploits all on its own,” Mr. Childs said.

Still, that won’t always be the case, he said. 

Two security researchers from cybersecurity company Claroty Ltd. said ChatGPT helped them win the Zero Day Initiative’s hack-a-thon in Miami last month.

Noam Moshe,

a vulnerability researcher at Claroty, said the approach he and his partner took shows how a determined hacker can employ an AI bot. Generative AI—algorithms that create realistic text or images built on the training data they have consumed—can supplement hackers’ know-how, he said.

The goal of the three-day event, known as Pwn2Own, was to disrupt, break into and take over Internet of Things and industrial systems. Before arriving, contestants chose targets from Pwn2Own’s list, and then prepared tactics.  

Mr. Moshe and his partner found several potential weak points in their selected systems. They used ChatGPT to help write code to chain the bugs together, he said, saving hours of manual development. No single bug would have allowed the team to get very far, he said, but manipulating them in a sequence would. At the contest, Mr. Moshe and his partner succeeded all 10 times they tried, winning $123,000. 

“A vulnerability on its own isn’t interesting, but when we look at the bigger picture and collect vulnerabilities, we can rebuild the chain to take over the system,” he said.  

OpenAI and other companies with generative AI bots are adding controls and filters to prevent abuse, such as to prevent racist or sexist outputs. 

Some bad actors will likely try to get around any cybersecurity boundaries the bots are taught, said

Christopher Whyte,

an assistant professor of cybersecurity and homeland security at Virginia Commonwealth University. 

Rather than instructing a bot to write code to take data from a computer without a user knowing, a hacker could try to trick it to write malicious code by formulating the request without obvious triggers, Mr. Whyte said.

It is similar to when a scammer uses persuasion to trick an office worker to reveal credentials or wire money to fraudulent accounts, he said. “You steer the conversation to get the target to bypass controls,” he said.  

Write to Kim S. Nash at kim.nash@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Continue Reading


Courts Side With Big Companies Including Amazon and Experian in Privacy Appeals



Big companies are winning appeals to overturn regulatory decisions that allege they violated European privacy rules, potentially carving out a path for more businesses to challenge similar sanctions.

Courts in the U.K., Spain, Italy and Germany sided with companies including






com Inc. and Italian energy giant


SpA in recent rulings, in some cases striking down multimillion-dollar fines and reaffirming companies’ arguments that their data practices comply with the General Data Protection Regulation.

Companies have appealed GDPR decisions since the expansive privacy law took effect in 2018 in an effort to fight reputational harm and large fines, which can reach up to 4% of a company’s global revenue, or 20 million euros, whichever is higher. Now companies see entire business models at stake. Meta Platforms Inc., for example, said it is appealing fines of €390 million, or $414 million, imposed in Ireland in January over the social-media company’s practices in targeting Instagram and Facebook users with ads.

“We’re starting to see the through line of companies starting to pick their battles and spend the time and effort on the appeals they think they can win and would have an effect on their business models,” said Edward Machin, a lawyer in the London office of law firm Ropes & Gray LLP.

Appeals of major GDPR decisions show a significant amount of “gray area” where privacy lawyers, regulators and courts disagree over what the law allows, said Flora Egea Torrón, a partner at Spanish law firm Legal Army S.L. and former data-protection officer at Banco Bilbao Vizcaya Argentaria SA.


is a multinational financial-services company. 

“There’s so much room still to interpret GDPR, so that’s why [companies] have to fight against the decisions” from regulators, she said. 

A Spanish court overturned a 2020 fine of €5 million against BBVA related to multiple complaints of the bank processing personal data without consent. The court decision, issued in late December and made public this year, said Spain’s regulator made a broad argument about the bank’s data-protection policy without enough evidence. 

Ms. Torrón said she was aware of the appeal while she worked at BBVA but wasn’t involved as an outside counsel after joining Legal Army in February. The regulator said it is considering an appeal. BBVA declined to comment. 

An Italian court last month overturned a €26.5 million fine from 2021 against utility Enel Energia over unsolicited marketing calls—a ruling the company said “confirms the correctness” of its behavior. The Italian regulator declined to comment. 

Amazon’s use of hand scanners to monitor warehouse employees’ performance was ruled illegal in 2020 by the data protection regulator in Lower Saxony, Germany, but that decision was overturned by a court last month.


ronny hartmann/Agence France-Presse/Getty Images

Last month, a U.K. court largely sided with Ireland-based credit-rating company Experian in its appeal of a 2020 decision made by Britain’s privacy regulator that would have restricted how it processes data from public sources.

The court said Experian’s data collection can rely on legitimate interest, a legal term in the GDPR allowing companies to gather personal data without asking for explicit consent, for direct marketing. The court rejected the regulator’s argument that collecting personal data to create profiles for marketing purposes intrudes on privacy rights. The court said the regulator had “fundamentally misunderstood” the implications of how Experian used data, and that there were no negative effects for individuals. Britain’s privacy watchdog will apply for permission to appeal the ruling, a spokeswoman for the regulator said. 

The court didn’t completely exonerate Experian, agreeing with the regulator that the company didn’t properly notify around five million people about how it acquired their data from public records. Experian must issue those notifications within a year. 

Experian said in a statement that it was “very pleased with the outcome.”  

Amazon got a win when a court sided with it last month against the data protection regulator in the German state of Lower Saxony, which ruled in 2020 that the company’s use of hand scanners to monitor employee performance in a warehouse was illegal. There was no fine. The regulator said in a statement after the court overturned its decision that lawmakers need to create new protections. 

An Amazon spokesman said the company was “pleased” with the ruling. “Warehouse management systems are industry standard, and research shows that these systems have a positive effect on employees’ work experience,” he said.

These recent wins will likely embolden other companies to appeal GDPR violations, said Mr. Machin of Ropes & Gray.

“There’s a strategic element here as companies are learning, just as regulators are learning, what can work, what can’t work and what they think can be challenged,” he said.

Write to Catherine Stupp at catherine.stupp@wsj.com

Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Continue Reading


Taylor Swift’s Real-Estate Empire Is Worth More Than $150 Million



Taylor Swift got her start in the music industry at the tender age of 16, with the release of her eponymous country album in 2006. In the years since, the 12-time Grammy winner has transformed herself into a pop superstar and built her brand into a global powerhouse, selling more than two million tickets for her upcoming “Eras Tour” in a single day and announcing plans to direct an upcoming feature film. Along the way, she has become a savvy businesswoman who has often used her clout to shake up the music industry. Most recently, her decision to rerecord her older albums, ensuring that revenue from those streams go to her, caused a flurry of new standards from her label Universal Music Group NV to make sure other artists didn’t follow suit.  

So it’s perhaps not surprising that, in the process of becoming a music-industry juggernaut, Ms. Swift has also amassed an empire in the real-estate world. Despite her relative youth, the 33-year-old has assembled a portfolio of homes worth at least $150 million. With a penchant for historic houses, Ms. Swift—using a variety of trusts and limited liability companies—has acquired significant properties in locations ranging from Nashville, Tenn., to Beverly Hills and Rhode Island. Since most of these properties were purchased years before the Covid-induced real-estate frenzy, their value has risen dramatically in the time they’ve been owned by the country-singer-turned-pop star. While Ms. Swift tends to hold her properties for the long term, she has also sold a few homes along the way, often for a substantial profit.

Continue Reading