Название: The Art of Cyber Security: A practical guide to winning the war on cyber crime Автор: Gary Hibberd Издательство: IT Governance Publishing Год: 2022 Страниц: 206 Язык: английский Формат: pdf, epub, mobi Размер: 10.2 MB
This book is about cyber security. In Part 1, the author discusses his thoughts on the cyber security industry and how those that operate within it should approach their role with the mindset of an artist. Part 2 explores the work of Sun Tzu’s The Art of War.
So why is the reporting of cyber attacks so low? Why don’t people raise the flag when they’ve suffered an attack? There are several reasons for this, and cyber criminals are aware of them all. Let’s focus on phishing emails for a second; when someone clicks a malicious link and is subject to a phishing attack, their response will depend on what happens next. They might not even notice anything has happened. For example, keylogger malware downloaded from an infected email will sit quietly in the background collecting information, and the victim will be unaware until days, weeks or months later when they are alerted to some fraud. If the payload is ransomware and the victim’s device or information is made inaccessible, the first thing the user will do is call their IT support person – whether that’s their child, partner, friend or IT department. Next on the list is likely to be the bank to inform them that their accounts might be compromised. If the phishing email contains malware or ransomware, the victim might even call the police. But what about corporations that fall victim? Why aren’t they calling the police or Action Fraud? Yes, some will inform the police as they may have insurance policies requiring a police case number, but the response is often internally focused. Why? To put it simply: brand protection.
If a cyber attack hits an organisation, the reality is that there will be a heavy focus on brand protection and damage limitation. It may sound cynical, and there are exceptions to every rule, but when a CEO or business owner tells you after a breach that security and data protection are their number one priority, they are not telling you the whole truth. We’ve seen this countless times over the decades, where a breach has impacted organisations and customers only hear about it months later, after the company had “completed internal investigations”. If security and data protection were truly the number one priority, the business would have informed customers at the earliest opportunity, when it discovered the breach, so they weren’t left at risk from cyber criminals. But they often don’t, preferring instead to conduct internal investigations to find someone to blame, speak to their lawyers or insurers, create a positive marketing campaign to drown out any negative press, and perhaps sell shares in their company before the news breaks. Cyber criminals know all of this and capitalise on it.
In 2022, there are approximately 11.57 billion devices connected wirelessly to the internet, and this is expected to grow to 25.44 billion by 2030.6 Everything from mobile phones and game consoles to refrigerators and home CCTV can be remotely controlled over the Internet. We certainly are living in interesting times, as we move from the ‘Internet of Things’ (IoT) to the ‘Internet of Everything’ (IoE); from science fiction to science fact, we are living in a world where everything, including people, is becoming part of this global network of ‘things’. We have quickly moved from ‘wearable’ devices to having devices inserted into our bodies. Pacemakers, for example, are now ‘Bluetooth enabled’, able to monitor the efficiency of the heart and alert the emergency services to any potential problems. We are increasingly using systems and applications that rely upon Machine Learning, Artificial Intelligence (AI) and Cloud computing to the point that many people don’t even realise that these technologies are being used.
Скачать The Art of Cyber Security: A practical guide to winning the war on cyber crime