Original price was: 2.995,00 EGP.2.550,00 EGPCurrent price is: 2.550,00 EGP.
Publisher : The MIT Press (November 13, 2018)
Language : English
Hardcover : 336 pages
ISBN-10 : 0262038854
ISBN-13 : 978-0262038850
Item Weight : 1.3 pounds
Dimensions : 6.31 x 1.1 x 9.25 inches
Watching me, watching you
Wolff begins with an intriguing question, âIs it easier to attack or defend?â As she explains the answer to this question concerning the intrusion of intruders or hackers into computer systems, a great deal is explained about how computer systems gear themselves to protect against attacks. The writing style appears initially very stodgy and almost like a report, but it very quickly turns out to be an exciting and illuminating book that everyone ought to read â everyone who uses a computer. Using various famous cases in which hackers had succeeded, Wolff examines the three main motives of attackers â those of financial gain, espionage, and those who intend to humiliate users of the hacked systems. In the first instance, she discusses the attack by a cyber criminal named Gonzalez who hacked into the T.J. storeâs system in order to steal money. This is a somewhat primitive method and requires many intermediaries such as money mules that opens its perpetrators to detection and arrest. Then there are those who are more sinister because they are not out for money but information. The infiltration by the Chinese PLA Unit 61398 into U.S. Steel and the Office of Personnel Management are the prime examples of espionage related intrusions. The third concerns cases such as the attack by CyberBunker against the Spamhaus Project. Spamhaus is a non-profit organisation that detects spammers and helps stop them. That is bad news for CyberBunker, one of its nemesis. This book explores the major ways in which attackers infiltrate into a computer system where they can either hijack communication in order to steal money or information, or merely to exfiltrate data from the victim host. In the Stophaus case, the attackers tried to paralyse Staophaus by floding it with spam. It also shows how different motivations of attackers can change tactics. The worst case is where the attacker begins to disrupt or corrupt the host system paralysing it. Ransomeware is one such example. The cyber-attack on Sony Pictures is another. The 2015 breach of the dating website, Ashley Madison, âoffered something that was even more tantalising: a chance to gawk at the private lives of neighbors and co-workersâ. Ashley Madison settled the class action brought against it by its customers for $11m, a token sum compared to the $115m it earned in 2014. The point is that revenge motivation against Ashley Madison ended up with the wrong victims paying. Wolff discusses the ways a system can improve its defences, but she finds that in many cases, the victims, not appreciating the scope of defence, were more intent on pushing blame. This happened in many of the cases she discusses in this book. Victims also do not appreciate that a strong defence requires all the various stakeholders getting together and working together. This include browsers, app designers, domain operators, individual organisations, and end-users. Where thieves operate on a low profile, those out for revenge want their identities to be known â thus opening themselves to counter attacks â such as that launched by Stophaus and its partner, Cloudflare. By carefully explaining how computer systems work, and how attackers infiltrate them, she discusses the role of policy makers in helping to set up defence systems at the macro level. Wolff understands that in many cases, the costs of defence can be prohibitive. Nonetheless, one can utilise limited resources to shore up oneâs computer defence systems. Those involved in defending will want to read this highly informative and analytical work.
Essential reading for security risk managers
Disclosures: I do not know the author; I did buy the book from Amazon; I am not a robot. I thought this was a very intelligent analysis of the situation we are all in regarding cybersecurity. The first part of the book is a clear analysis of breaches in several domains: finance, espionage, and public humiliation. All of this information is already in the public domain, but not in one place. Very useful compilation of information. One missing sector: healthcare. The second part of the book discusses how we can prevent breaches. The author’s perspective is to include the entire scope of the breach transaction, including converting stolen cards to cash and stolen trade secrets to increased product sales. Her view is that government policy makers need to play a more active role, since no one private actor has control over the breach chain, outside their own organization. Many will support this view, but we do not yet have the political will to make effective changes to policy. Such changes may happen incrementally. This second section is a very good analysis of the roles played by all participants in a security breach. I would give the book 5 stars on content, but found the text a little wordy, so reduced my review to 4 stars.
Important – and absolutely terrifying
Prof. Wolff has done an excellent job of explaining how current cybersecurity issues have as much to do with business, policy, and law as actual technology flaws. By focusing on six large cyber attacks, she helps both lay readers and IT professionals understand how conflicting interests and complexities in assessing liability and blame confound our efforts to keep the internet secure. After reading this book I changed all my passwords – again.
Remarkably lucid and valuable
Most of the news coverage on data breaches is little more than a round of finger pointing and cries for the heads of the corporate executives involved. Professor Wolff provides a thoughtful and actionable analysis of breaches and what we can all do to mitigate them, whether as an IT professional, policy maker, or citizen.
Major use cases about data breaches.Recommended for executives to understand the risk and why that is important to have a strong security posture in order to protect the business