Ben's Book of the Month: Review of "Cyber Wars: Hacks that Shocked the Business World"


Posted on by Ben Rothke

The only problem I have with Cyber Wars: Hacks that Shocked the Business World (Kogan Page 978-0749482008) by Charles Arthur is that these breaches really didn’t shock the information security community or the business world. These stories are simply narratives of firms that didn’t take information security seriously and suffered the consequences.

In this interesting book, he details some of the most devastating information security events of the last few years. These include Sony, HBGary Federal, John Podesta’s phishing attack, T.J. Maxx, and more.

While all of these stories have been told before at a high-level, Arthur digs much deeper and details the issues that led to the breaches. The book makes for some compelling insights around the importance of taking security seriously. There are countless lessons learned that can be gleaned from this book. While not a technical book, Arthur writes of the technical issues that led to many of these breaches. This is a very readable and engaging book that makes for a great reference to an information security awareness reference.

John Podesta was chairman of Hillary Clinton's 2016 U.S. presidential campaign, and as the book notes, it is rare that a hack changes the course of history. In the case of Podesta’s falling for a phishing attack, it did indeed.

There is some also humor in the book. In detailing the devastating Sony Pictures hack, he quotes then Sony Pictures Entertainment CEO Amy Pascal as telling Sony employees not to read any of the breached emails, because of their potentially divisive effect, both internal and external to the organization. Pascal was oblivious to the Streisand effect, and it’s likely the request had the opposite effect on her employees.

For anyone who is struggling to get people, be it management or the like, to take information security seriously, Cyber Wars: Hacks that Shocked the Business World makes for a great wake-up call.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

cyber warfare & cyber weapons

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community