The threat of cybercrime constantly looms over business leaders – and it becomes more urgent as cyber attacks become more sophisticated. In 2019, security breaches happen more frequently, and the associated financial hit has increased, according to research from Accenture.
Notably, the report points out that hackers increasingly target humans – the “weakest link in cyber defenses” – at all levels of organizations, through tactics like ransomware and phishing. (Witness the recent wave of ransomware attacks against U.S. cities, large and small.) That’s why it’s becoming essential for everyone – not just security professionals – to be well-versed in risk and their organization’s security efforts.
[ Read also: 7 security to-do’s for CIOs in 2019 ]
We’ve rounded up eight must-read books and resources on security. Whether you are responsible for your organization’s security efforts, you want to make sure your personal security is airtight, or you are curating a library of security resources for your team, these books can provide valuable insights.
By Bruce Schneier
Book description (via Amazon): “In today’s hyper-connected society, understanding the mechanisms of trust is crucial. Issues of trust are critical to solving problems as diverse as corporate responsibility, global warming, and the political system. In this insightful and entertaining book, Schneier weaves together ideas from across the social and biological sciences to explain how society induces trust. He shows the unique role of trust in facilitating and stabilizing human society. He discusses why and how trust has evolved, why it works the way it does, and the ways the information society is changing everything.”
Why you should read it: Why do people trust each other and cooperate? What qualities make someone trustworthy and another person untrustworthy? How is trust betrayed? And what is the role of technology in all this? Bruce Schneier, a longtime online security expert and a fellow at the Berkman Klein Center for Internet & Society at Harvard University, tackles these questions and more, shining a light on the underlying systems of trust that make society function. If you want to better understand security and its significant impact on our lives, this is a great place to start.
By Kevin Poulsen
Book description (via Amazon): “Former hacker Kevin Poulsen has, over the past decade, built a reputation as one of the top investigative reporters on the cybercrime beat. In Kingpin, he pours his unmatched access and expertise into book form for the first time, delivering a gripping cat-and-mouse narrative – and an unprecedented view into the twenty-first century’s signature form of organized crime.”
Why you should read it: Kevin Poulsen tells the real-life story of hacker Max “Vision” Butler, who posed as a white-hat consultant to the FBI while running a massive cybercrime ring. As one reviewer puts it, “This book is a must-read for security professionals in order to get a glimpse behind the curtain of the attackers we deal with. It shows the tricks that these criminals use as well as their very real weaknesses, which are often an arrogance and overconfidence. As someone in the profession, this book yields valuable clues into those that made headlines over the years and how they were able to steal credit card and other info.”
By Roman V. Yampolskiy
Book description (via Amazon): “The history of robotics and artificial intelligence in many ways is also the history of humanity’s attempts to control such technologies. From the Golem of Prague to the military robots of modernity, the debate continues as to what degree of independence such entities should have and how to make sure that they do not turn on us, its inventors. Numerous recent advancements in all aspects of research, development, and deployment of intelligent systems are well-publicized, but safety and security issues related to AI are rarely addressed. This book is proposed to mitigate this fundamental problem. It is comprised of chapters from leading AI Safety researchers addressing different aspects of the AI control problem as it relates to the development of safe and secure artificial intelligence. The book is the first edited volume dedicated to addressing challenges of constructing safe and secure advanced machine intelligence.”
Why you should read it: If your organization is doing anything with artificial intelligence, pick up this handy resource for info on how to proceed with AI safely. Editor Roman V. Yampolskiy pulls together insights from a variety of thought leaders and scholars. Because each chapter is self-contained, you can skip around to the topics that capture your interest or address specific challenges you face with AI and security right now.
By James M. Kaplan, Tucker Bailey, Derek O’Halloran, Alan Marcus, and Chris Rezek
Book description (via Amazon): “Beyond Cybersecurity: Protecting Your Digital Business arms your company against devastating online security breaches by providing you with the information and guidance you need to avoid catastrophic data compromise. Based upon highly-regarded risk assessment analysis, this critical text is founded upon proprietary research, client experience, and interviews with over 200 executives, regulators, and security experts, offering you a well-rounded, thoroughly researched resource that presents its findings in an organized, approachable style.”
Why you should read it: Cyber threats continue to evolve. This book aims to be the de facto guide for leaders who want to take a more proactive approach to increasing their resilience, securing their company, and protecting customers, partners, and employees from cybercrime.
I would add The Art of Invisibility - Mitnick and Transformational Security Awareness by Carpenter