In today's ever expanding digital landscape, every business is experiencing some sort of cyber threat. Businesses can not afford the impact of cyberattacks as it goes beyond financial damage, affecting company's reputation, it's customer confidence and overall operational effectiveness.
This book, "Vulnerability to Victory" authored by Mr Arul Selver Thomas, Founder & Director, BriskInfoSec, having an experience of protecting businesses from cyber threats for over a decade, is a reference guide book written in a easily understandable manner by both professionals and common people and in particular business leaders who have a different mindset on investments in cybersecurity infrastructure.
The book in it's twenty chapters provides essential explanations to various cyber Vulnerabilities and steps to be taken to overcome them in the form of guidelines and checklists. It tries to bridge the gaps of misconceptions and ignorance with a right dosage of knowledge, presented in conversational style like a storybook with minimal technical jargons. Mr Arul Selvar has attempted to share his real life experiences and used metaphors to make complex concepts relatable.
The book starts with demystifying the myth compliance certificate is a guarantee to safety from cybersecurity. He highlights on the over reliance of developers who could be a biggest threat to security. He cautions on the threats which can emanate from the network of organisations involved in the delivery of IT products and services, from raw materials to end users, covering entire supply chain entities.
An entire chapter is devoted on rise of machine intelligence and threats powered by AI.
The point that cybersecurity is not a one time fix and the need for incident response and recovery plans are essential to minimise the damage and downtime is made clear.
Newer threats -- Cryptojacking -- stealing computer power, Ransomware which can cripple the business are elaborated with means to overcome them.
The book stresses the fact that the employees are the first line of defence and insists to empower them to be cybersecurity superheroes.
One chapter deals with fileless malware which are silent killers of a business and how to deal with them.
The author suggests every business should establish a cyber war room with centralised intelligence to respond and take decisions to cyber threats in a coordinated manner and gain strategic advantage.
In a long chapter, the social engineering techniques used by hackers is dealt with tips to master the art of deception detection since well crafted social engineering attacks are more sophisticated.
The importance of preparing for zero-day exploits -- which are unknown and surprise attacks, to minimise the damage is well emphasized.
Threats coming from connected devices -- through both consumer IoT & Industrial IoT devices and the ways to handle them are presented in detail.
The dangers of risks hidden in third party codes and protecting the businesses from these vulnerabilities we don't know exist are well highlighted.
A briefing on Blockchain & smart contracts which offer advantages in terms of cybersecurity and transparency along with the responsible and best implementation practices is very informative.
While the cloud offers flexibility, there are security challenges. Securing the cloud environment and the business data are paramount important and the checklist and tips provided are elaborate.
The need to have a Security Operations Centre, an early warning system to detect and prevent the threats is highlighted in an exclusive chapter.
The chapter on calculating the cost of Cyber Insecurity is an eye opener. It explains on the true cost of cyber breach and explores the benefits of cyber insurance and how to go about preparing for the worst.
The chapter on psychological disorders of management teams is a must to be read by the investment decision makers in an organisation as it explicitly deals with how management's denial of cyber risks leads to underfunded budgets, causing reactive panic spending after breach and business disruptions. It emphasis the point ROI for Cybersecurity can be difficult to quantify, but the risks of not investing are far greater and highlights that Cybersecurity should be treated as a business problem and not just an IT problem and requires the commitment of top management.
Fighting against cybersecurity alone could be a challenge and it is preferable to have a third-party partner is a better way in the context of acute shortage and qualified and experienced manpower to handle the threats through an in-house team. How to identify and select a trusted partner who could be a strategic partner in the business is well highlighted in a chapter.
The book ends with a chapter on designing a perfect Cybersecurity strategy, leverage insights to build a robust defence and achieve vulnerability to victory, in which security standards, frameworks and strategies are explained in detail.
On the whole, the book is an essential read by all especially those involved in managing the business systems.
We, at SETS, IEEE CS, CSI, ACM and CoE-DSCI are very happy in formally launching the book at the Computer Security Day Celebrations on 29th Nov 2024 at SETS, Chennai.
Review by: Mr HR Mohan, Chair - IEEE Computer Society, Madras & IEEE Ambassador.
Note: The cover price of book is Rs. 599. It is available for Rs. 479 (at discount of 20%) when ordered online at https://pages.razorpay.com/v2victory
