We are perhaps fast approaching a point where the essentials of a rounded business acumen will include a not insignificant appreciation of cyber security – just like being able to make sense of a set of financial statements or regurgitate the key tenets of Sarbanes-Oxley. Some might say this time is long overdue.
Such points have perhaps not been lost on senior Economist editor and journalist Edward Lucas, who turns his attention on the security challenges posed by the cyber arena for individuals, organisations and nation states in Cyberphobia.
In this fast-paced book Lucas distills these topics into a form that will be both familiar seasoned techies yet understandable to a relative cyber newbie, such as an executive seeking to gain a firmer grasp of the threats facing his business. Both audiences can benefit, with Lucas presenting a view of technology through both ends of the security telescope – jumping efficiently between some fairly specific examples of cyber attacks, but also their higher-level implications for our world.
The book starts out by surveying the growing types of cyber threat levelled at a typical household of technology users, affectionately dubbed the Hakhett family. Through a careful blend of analogy and high-level technical explanations, Lucas demonstrates a range of ways in which the less informed can get hit by attacks they couldn’t even conceive or see coming – let alone protect themselves against.
For example, an early comparison is made between the conveniences and risks of driving versus computing: few people could describe the intricacies of how a petrol engine works, but when they jump in and drive down the highway they have a fair appreciation of the risks they are taking. This is not the case when browsing around the internet or even doing something a mundane as checking emails. Similarly, unlike a car, few of us get our household tech serviced to make sure it remains safe and secure to use.
Having walked the reader through various attack scenarios, including the emptying of poor Mrs Hakhett’s bank account, Lucas then marches on to consider the murky world of cyber warfare, espionage and the geopolitics of the internet. A particularly interesting point explored in this part of the book is the asymmetric, force-levelling affect of our networked world. In cyber terms, the physical size of a nation’s military counts for little and to a certain extent, everyone from casual ‘script kiddie’ hackers to nation states have access to similar software tools – which are often freely available.
The chapters that follow then provide an alarming summary of the vulnerabilities our smartphones can subject to, the host of issues associated with passwords as a form of authentication, and what Lucas terms ‘the danger of monoculture’ in software design – leading to the exploit of vulnerabilities on a massive scale.
Whether considering security challenges at the micro or macro level, central themes woven into the book are the rate at which threats are overtaking safeguards, the difficulty of attribution in many attacks and the complete lack of regulation in software development that makes the cyber arena uniquely difficult to police.
Potential technical, behavioural and legal solutions to cyber threats are discussed in the final chapter. A handy list of ten fundamental security steps are included in the annexes, although Cyberphobia isn’t really intended as a guide to system hardening: this book is about awareness and serves as a wake-up call for just about anyone on the shifting sands of an inter-connected threat environment.
By the end of the book a relative newbie to the subject should have a reasonable appreciation of the the range and seriousness of the threats lurking out on networks, the technologies involved (including a useful introduction to encryption) and some of the related language (a useful cyber glossary can be found at the front of the book).
Overall, Lucas has done an admirable job of condensing a wide range of cyber issues and implications into an easily readable format that could be quickly covered on a vacation. Cyberphobia arguably has a place on every business professional’s bookshelf.
Did you find this post useful? Follow @DS_Watch on twitter or sign up for email updates to get more posts on security tech.