Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Events
Videos
Audiobooks
Packt Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Cyber Minds
Cyber Minds

Cyber Minds: Insights on cybersecurity across the cloud, data, artificial intelligence, blockchain, and IoT to keep you cyber safe

Arrow left icon
Profile Icon Shira Rubinoff
Arrow right icon
₹2606.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2 (10 Ratings)
Paperback Jan 2020 252 pages 1st Edition
eBook
₹999.99 ₹2085.99
Paperback
₹2606.99
Arrow left icon
Profile Icon Shira Rubinoff
Arrow right icon
₹2606.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2 (10 Ratings)
Paperback Jan 2020 252 pages 1st Edition
eBook
₹999.99 ₹2085.99
Paperback
₹2606.99
eBook
₹999.99 ₹2085.99
Paperback
₹2606.99

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Cyber Minds

How Risky Behavior Leads to Data Breaches

Many employees have a lot on their plate and work hard to keep up with their rigorous job responsibilities. To meet the demands of their position, they create shortcuts to expeditiously accomplish their tasks and not get mired in the details. Herein lies the problem of risky employee behavior – in many cases, employees are not aware that their shortcuts or truncations of protocol are creating gaping holes in an organization's cyber hygiene. They may not mean to harm the organization, and their behavior is certainly non-malicious, but their risky behaviors have turned them into insider threats all the same.

This chapter is about this behavior and how it can lead to devastating outcomes. In reality, a great deal of this risky behavior can be stopped by creating cognizance around the implications of these actions. In most cases, employees are woefully unaware of the consequences of their actions, and what they don't realize is that a small error can quickly snowball out of control.

Even when employees know these behaviors are technically risky, they underestimate the risk of their actions and overvalue convenience.

In this chapter, we'll discuss some risky behaviors common to oblivious and negligent non-malicious insiders, and then we'll move on to how social media is often misused by employees of an organization. For each risky behavior, I'll make sure you know how to combat it effectively, and improve your organization's cyber hygiene.

Oblivious behaviors

We'll start by discussing the kind of behavior you might find from an oblivious, non-malicious insider threat. Oblivious employees aren't motivated by any desire to cause harm, or even by laziness or resistance to protocol; they simply don't understand that the actions they're taking, or forgetting to take, cause holes in their organization's security.

Unattended computers are a hazard

One classic form of oblivious behavior is leaving computers unattended when outside the organization – I've seen this many times at conferences, even security conferences. People go and check in their laptops along with their coats! They hand the laptop over for a checkout ticket, getting a false sense of security and trust because they've got the checkout ticket in their possession. That makes them feel like the laptop's safe; when really, it's been taken by an individual you don't know, to a place you can't see.

This happens at restaurants as well, and it's obviously risky behavior, especially for an executive. They might think that they don't want to bring the laptop case to their table because it's more secure with the checkout kid in the coat check. This is not a rational decision, but people can convince themselves of almost anything. In fact, I've seen people ask the bartender to put their devices under the bar. There's zero protection, but we've been socially engineered to think if it's OK for my coat, why not my computer? Let me make it clear—even in secure establishments, it's terrible cyber hygiene to leave your computer in somebody else's hands.

Many employees are under the impression that leaving a computer with someone else is totally fine as long it's off. This is a common mindset–if it's turned off, it's safe. In reality, that's patently false, as any computer can be accessed and hacked even when turned off, through a cold boot attack. Any device that has privileged company information on it needs to be locked down at all times when it's not in the hands of the designated employee.

Maintaining privacy while working remotely

Another risky behavior is not thinking about someone peering over your shoulder. Often, employees do not understand the need for privacy screens on computers, tablets, and smartphones when working remotely. This phenomenon becomes most problematic when working remotely on confidential documents in public places such as airports and coffee shops.

Employees need to understand that there are many ways for a breach to happen after some looks over your shoulder to see what you are working on. It only takes a few seconds for someone to grab your credentials, such as your username or password.

Even worse, they can use any information they can gather for a phishing or social engineering attempt. Avoid these pitfalls by investing in a privacy screen. It's an inexpensive and practical way to keep your documents and credentials confidential in a public setting.

Carrying around sensitive information

Yet another risky behavior that we see among employees is carrying around unnecessary sensitive or confidential data on one's computer, tablet, or smartphone. It's easy to imagine an employee who's finished a project, no longer views information about it to be sensitive because it's finished, and who doesn't bother to delete it from their device. Alternatively, think about what happens when an employee upgrades their device to a new one – and doesn't wipe the old one. This happens every day across the globe, as people sell used equipment that still contains sensitive information.

For example, there have been cases reported in which unwiped remote access equipment was sold online, and gave access to sensitive information that put the company at risk. That was only discovered due to the honest nature of the buyer. A worse scenario is what would happen if you sold a used VPN remote access kit that wasn't properly wiped. This could potentially give the buyer access to the entire network, with live data.

To reduce risk, protocol should be stringent, and demand full deletion of sensitive or confidential information the moment the employee does not need access to it. Human behavior is tied to meaningful information. If the information is no longer meaningful to an employee, the level of discretion and importance of protecting that information drops. Without a firm protocol to follow, it's easy to forget to delete "old" data, and eventually that will open up a straight line of access to someone who wants to lift that information.

Whether information is old or new, it remains very valuable in the eyes of a hacker. It's obvious why new information is valuable; but bad actors can also use old information to gain the trust of someone else within the organization. Leveraging that trust, they can gain access to everything, using intel acquired from seemingly outdated information.

The good Samaritan – beware of unintentional risky behavior

Another pitfall is an oblivious employee unintentionally becoming an attack vector themselves. For example, picture an employee driving to work on a Monday morning. They park their car and proceed to walk into the building. By the front door, they see a USB drive with the company logo printed on it. They pick it up thinking it may have some valuable company information on it. So, like a good employee, they walk it into the building and bring it to their office. Then they plug it into their computer to see what information was on there, in order to figure out which person needs their drive back. While the oblivious employee's intentions were honorable at every step, this remains a clear example of a non-malicious insider threat.

The USB in question could very easily be a hacker's way of social engineering their way into an organization. This is a simple but powerful social engineering technique, similar to the baby shower cake example. Something as simple as a USB drive with a company logo that became immediately trusted because of a logo. It belonged, it was familiar, it felt safe—never mind that the hacker loaded a USB with malware hoping an employee of the company would plug it into the network.

Betting on the "good Samaritan theory" – that a noble person would plug it into the network to identify its rightful owner, since it had the markings of the organization imprinted on it – it would seem, "the right thing to do." Best practice here would be to take the USB drive and deliver it to the security team in the organization and explain how and where it was found.

Negligent behaviors

Oblivious behavior is in some ways easier to deal with – the employee doesn't know that their behavior is threatening to the organization, and if they're educated properly and become part of a security culture, those behaviors will stop. Negligent non-malicious behavior, on the other hand, is when the employee knows that their action causes a security risk. They simply underestimate the risk, and overestimate the convenience of the risky action. These employees need to be convinced not just of what to do, but also of how important it is that they do it, and the possible consequences of not following the protocol.

Leaving the door open – the problem with recycled passwords

Coming up with a new password is often a task one faces without preparing for it – a reminder pops up and, suddenly, you need to invent a password. This leads to negligent employees using the same passwords and usernames that they've already used for websites and other accounts. This, unfortunately, is a very common problem in most organizations. More often than not, employees utilize the same two or three passwords and usernames across all their accounts, as well as the websites they visit.

These habits often jump from personal devices to company devices. People mistakenly believe that they can use the same username and password for both their personal and work life because they're not connected. After all, it can be hard to remember so many passwords and logins, so it's easier just to standardize them across the board.

Herein lies the problem: Bad actors can first hack unprotected or lightly protected websites to gain access to the list of usernames and passwords. After swiping that information, they can use this list for the real targets where they're hoping to gain access. Traversing these steps, they're counting on the fact that one or more accounts and their access will line up exactly.

Unfortunately, the prevalence of recycled passwords means hackers have pulled this off many times. For example, hackers used an employee's recycled password they obtained from a past LinkedIn breach to access information on 60 million accounts from Dropbox.

I've found it's incredibly important educate your employees about the dangers of reusing passwords and usernames. Instead, have them utilize a password-encrypted app or password minder if they have trouble remembering too many of them. You can also make use of multifactor authentication, which is an important, reliable vector for identity and trust.

Not to be shared – a password should remain secret

Another big problem you'll face is maintaining the personalization of your employees' passwords. A password is what is means – your access to where you need to go. Sharing passwords, especially administrative credentials, is a sure way to cause a breach. Even if you keep your passwords in an encrypted password keeper, you can't share them. When a negligent employee shares their passwords, they've just left another door open for the leakage of information through human error. Even with a trusted person, the chance of human error doubles when a password is passed to just one person other than the intended user.

Walking through executive suites on my way to deliver presentations, I've seen passwords on Post-it notes attached to the desks or screens of employees. Trying to lighten the mood while giving a stern warning, I would bring up how openly displaying passwords is a prime example of poor cyber hygiene. The misguided response was enough to make me cringe: putting passwords on Post-its was totally permissible, because it's the executive suite and only executives are allowed in this area. Therefore, they trusted employees who would traverse that allegedly secure area.

I could hardly believe their retorts. I pointed out that I was walking there freely, just like anyone else invited to meetings there. Scores of people likely did the same, and they would now have these passwords that could grant access to everything. Never mind the nightly cleaning crew, or any other third-party vendor who came to perform repairs or install something new. Access was right there for them as well, if they choose to use the information right in front of them.

This nearly comical blunder is seen in many kinds of organizations, including finance, healthcare, security, and many more. Entry into an organization's network can come from any point, even one as simple as a password on a lifted Post-it that was attached to a computer or desk.

The takeaway is clear: Never share passwords, and never keep them in a place where they can be lifted and used by others.

Failure to report a lost or stolen device

Another form of risky behavior arises when employees fail to report lost or stolen laptops, smartphones, or USB drives that contain confidential data in a timely manner. Employees might be dissuaded from reporting such an event because they're fearful of repercussions, afraid of losing their job, or didn't even realize that anything was missing. All three of these cases are negligent, but the first two are far more common.

I can't stress enough how much timely reporting is critical in minimizing the risk of a breach. The sooner the organization knows, the sooner they can act to protect themselves. Linking back to the discussion about training and global awareness steps to achieving cyber hygiene, it's imperative to have open and honest communication with all of your employees.

Having the foundational discussions around all areas including human error will prove to be very valuable. Lay the groundwork for an organization where employees understand that human error absolutely will occur, and when it does, they'll work together as a team to minimize the fallout and mitigate risk.

Unsecured Wi-Fi is a no-go

It might be convenient, but accessing Wi-Fi via unsecured wireless networks is a big no. This a common and commonly accepted protocol for employees to follow, but most people do it anyway, without taking a moment to realize the consequences of their actions.

In reality, it's a very risky behavior; but the draw to engage in this behavior, the sheer convenience, remains a powerful motivator. Imagine yourself sitting in a coffee shop, or at the airport and remembering those last few emails you just have to get out. Let's face it: VPN-ing is not at the forefront of your mind when you want instant access to Wi-Fi.

In fact, tests conducted around public Wi-Fi and the public's love for it have found that finding free Wi-Fi feels like a win in most people's book. There have even been instances where the Wi-Fi names were obviously malicious, like IwillStealYourData, IamAHacker, or DataGrabber, and even that didn't stop most people. People clicked on it to grab the free Wi-Fi without stopping to think if it was a smart choice to do so. For the bulk of folks, convenience and speed outweigh any thoughts around security.

No one has the mindset that they will be the ones to get hacked or breached. We often fall into the trap of wishful thinking that there have to be more compelling targets than us, and we can't be that important in the grand scheme of things. This line of thinking is incorrect.

In general, hackers cast a wide web and try to garnish as much information from as many people they can at once and will later attempt to make that data work for them. In sum, everyone who accessed these Wi-Fis are at risk.

To avoid creating unnecessary risk, always have your employees securely VPN in, and discourage public Wi-Fi use. In the end, grabbing information via a public Wi-Fi is just a popular and easy way into your organization for hackers to use. Another way into your organization, which makes use of a combination of oblivious and negligent behaviors by your employees, is social media.

Social media

Many people don't realize that social media is one of the biggest portals for data breaches, phishing attempts, and social engineering. Given that social media has many risks from many different vantage points and plays an outsized role in modern life, let's explore every angle of the risks in detail.

As a rule of thumb, when it comes to using social media within an organization, employees will feel secure for the most part because they believe that they're safe at work. From an employer perspective, organizations may be under the impression that by having a firewall they can stop access to some social media sites during work hours. Those who believe this have obviously not thought about the realities of living in an age of BYOD (Bring Your Own Device).

We all know BYOD has become very popular in recent years because we all do it. Many of us carry around two phones: a work phone and a personal phone. Inevitably, we bring both into the work environment. Perhaps we even bring our own laptop to the workplace, because we feel more comfortable on a device we purchased ourselves. BYOD means that any attempts to stop employee use of social media during work hours are probably dismal failures.

Social media use is inevitable, but the kind of oversharing that undermines your cybersecurity is avoidable. Your employees need to fully understand the risks involved in oversharing and how their innocent actions can have dire consequences.

When information is overshared, or privileged information is shared online, via social media, it typically falls under the non-malicious insider threat category. Management can attempt to monitor work accounts or handles, but in most cases they are unable to keep tabs on their employee's personal accounts. Much to the chagrin of cybersecurity professions, the vast majority of information leakage through social media comes from personal accounts when employees are on lunch break, weekends, or even on vacation.

Preventing oversharing

To prepare companies for this brave new world, I cofounded SecureMySocial several years ago. SecureMySocial is a technology-assisted self-monitoring tool for employers to give to employees, to help them self-monitor themselves across social media.

There is no big-brothering involved, with real-time warnings and auto-delete capabilities if authorized. You can group employee rules and notifications based on their section of the business, whether it's M&A, HR, Finance, and so on. Using that categorical information, rulesets are deployed that are applicable to them. Moreover, there are no false positives, and warnings are sent to the user's own choice of personal email or SMS.

The program reminds them, in real-time, if information was put out there that would cause data leaks or reputational harm to the organization. It then gives the employee the ability to rectify the situation all in real time, as rapidly reversing any type of leak as swiftly as possible is critical to minimize the risk and damage.

Remember that leakage of information is not typically malicious; it is a way of communicating and sharing. We live in a world where sharing is part of being present and belonging. The more we share, the more relevant we are, the more social we are, the more impact we have, the more we will be noticed and recognized, and the more we become part of the social community. Social media self-monitoring tools allow your employees to think for just a moment longer about what they're posting, and why; it doesn't take away their ability to use social media effectively. Constant sharing is a new area of social life, at the heart of Millennial and Gen Z culture, and it's not going away any time soon.

A real-life example of oversharing on Facebook

Some time ago, I came across an example of how someone can think they're engaging in harmless social media usage, when in reality they're oversharing, and creating an entry point for a breach. At the time, I was doing some consulting for a bank, which was implementing a new piece of internal security in its organization.

One of the bank's engineers, who was part of the implementation group, ran into some difficulty implementing the new security solution and getting it to flow through the organization.

How did he troubleshoot when he ran out of ideas? He did what he typically did when he had questions to be answered, or problems to be solved. He went onto Facebook, where he connected and communicated with a lot of his engineering friends. He posted his questions about the security issues and technological problems he was having while implementing the new security solution, and about the difficulty his team was having getting it to work. He asked if anyone worked with that particular security, and if they had, could they give him some pointers. To him it was an innocent act, merely asking his peers for advice, just so happening to use social media as his medium of communication. At this point, it's important that we don't just blame this guy for oversharing; the bank was not practicing proper cyber hygiene, and did not have appropriate security and communication protocols in place.

Take a moment and imagine the sheer size of the audience for this information, about exactly what new security was being put in place, and exactly what troubles the implementing team were having with it. In a moment, that information was made available to his friends, the friends of his friends, their family members, and so on. The number of people who now had access to all this information could be in the millions. It could have led to a devastating breach. To be clear, this security was never forward facing, and should never have been known by outside parties.

In this specific case, disastrous outcomes were avoided when the company was made aware of this serious breach of sensitive information. The company quickly decided to change the security being implemented, because of the nature of the information that was shared.

As you can see, oversharing can cause massive costs and inconvenience even if it's caught in time. In this case, disaster was averted at the last minute, but it certainly convinced the c-suite of the importance of cyber hygiene, and the tools and protocols their employees needed to use social media in a safer way.

Career-focused websites are conduits too

Another innocent example of oversharing on social media would be to give too much away on LinkedIn. You probably already know that LinkedIn is used as social media for professional networking, people looking for jobs, and organizations posting ads. In most cases, users of LinkedIn display their current job, their job history, schooling, awards, certifications, and current job description as well as a wealth of other information.

Most people like to be as descriptive as possible, sharing as much information about themselves as possible, for a number of reasons: networking, being relevant for headhunters approaching them for their next opportunity, socializing with the right groups, and so on.

In some cases, putting too much information about your current role in your LinkedIn profile can cause more harm than benefit. That's because identifying your exact role in a company can, in some cases, target you as a prime candidate for a phishing or hacking attack.

Bad actors scour social media, looking for the right tidbits of information to create profiles of the people that they think would most likely fall prey to an attack. They might gather information from similar accounts, and invite the target to be part of an exclusive networking group of like-minded individuals. Human nature means people want to belong, and even more so if it involves an exclusive invite-only club.

Another example would be for a bad actor to social engineer their way into the good graces of an employee. They can accomplish this by doing their homework on the company they are targeting, which is easily done on LinkedIn. Step one is to search the employees within the organization, get their names, information, job description, and title. From that information alone, our bad actor can then identify a few employees to social engineer.

Typically, the easiest route is for the bad actor to create a fake LinkedIn account, and make themselves an imaginary employee of the company they wish to infiltrate. Their job description and title would be a few levels up from that of the target.

They would then send the target a direct message saying something along the lines of "I've noticed your work on XYZ project (having grabbed that information from a little digging) and I would love to help you grow within the company," and then send then a LinkedIn request.

The targeted employee would likely approve the connection request, since they would be under the impression that the bad actor works for the same company, knows about project XYZ, and might be a person that they need to facilitate a move up the ranks of the organization. That paves the path to a breach that will greatly damage the organization.

One simple message on social media can lead to an avalanche

It all begins with one simple message that taps into the human factors of trust or want from the targeted employee. Once trust has been established, the bad actor can start requesting a bit more information each time they communicate, all with promises to help the employee move forward in their organization. These kinds of social engineering attacks and phishing attacks are very common; it's a simple use of social engineering, to find the weakest link in the security chain – the human – and use that weakness to break into an organization.

You can prevent a great deal of heartache by educating your employees about what's at stake. Have discussions with your employees about the dangers of phishing and social engineering, and teach them how to stay vigilant on social media. It is important to be clear in employee contracts about what they're allowed to list as their position within the organization, when they put it out there for public consumption on LinkedIn, Facebook, or any other social media.

For example, it's ok to say Director, Managing Director, or even VP, but getting too detailed may prove to be problematic. It's important to note that employees take their social media very personally even as it pertains to LinkedIn, so the best thing would be to make it part of an employee agreement when signing contracts, instead of trying to have a discussion with employees who have been working there for years.

Takeaway – practicing cyber mindfulness

As you'll have gleaned through these examples, when your employees engage in risky behavior, they can actively undermine the thorough security protocols that you've worked diligently to put in place. Employees must understand that when they leave their workplaces, their responsibilities to protect their organizations, as well as themselves, do not cease. Everyone within the organization must practice cyber mindfulness as a way of life, no matter where they are at any given moment. Just as traditional mindfulness encourages you to be aware of your surroundings and the consequences of your actions, cyber mindfulness involves being aware of your online connections and the consequences of your digital actions.

Even at a personal level, cyber mindfulness helps you protect every single facet of your life, including your career, reputation, and family. We live in a fast-paced world where we're constantly on the go, have many duties and desires pulling at us, and are completely connected to the technology around us. When we multitask, we are spread thin, which means we need to introduce the idea of pausing and thinking before we pull a digital trigger. When we act quickly to complete mundane tasks, we often do it without a lot of forethought. If "stop, pause, and think" were ingrained in our mindset, most of these risky behaviors would be curbed, or eliminated entirely.

Looking forward – breaking down cybersecurity through interviews

Over the next few chapters, we'll delve deeper by talking to the experts who will outline what you need to know about their respective fields within cybersecurity. After each interview, I'll discuss and distil these concepts to highlight critical takeaways that I personally believe will be game changers for your organization, and your cyber hygiene.

Cybersecurity is not a standalone concept, and these interviews and commentary reflect that reality. I approach the topic using as many real-world examples from my own career journey and from my interviewees' experiences as possible. These real-world anecdotes highlight problems with relatable and teachable moments, providing you with solutions that can help inform your decisions on how to approach these situations.

First, we'll tackle blockchain, a technology that's already changing the landscape of the digital world. But like any human creation, it's not foolproof. It's still in its infancy, and its real long-term impact remains to be seen.

Left arrow icon Right arrow icon

Key benefits

  • Explore the latest developments in cybersecurity
  • Hear expert insight from the industry’s top practitioners
  • Dive deep into cyber threats in business, government, and military

Description

Shira Rubinoff's Cyber Minds brings together the top authorities in cybersecurity to discuss the emergent threats that face industries, societies, militaries, and governments today. With new technology threats, rising international tensions, and state-sponsored cyber attacks, cybersecurity is more important than ever. Cyber Minds serves as a strategic briefing on cybersecurity and data safety, collecting expert insights from sector security leaders, including: General Gregory Touhill, former Federal Chief Information Security Officer of the United States Kevin L. Jackson, CEO and Founder, GovCloud Mark Lynd, Digital Business Leader, NETSYNC Joseph Steinberg, Internet Security advisor and thought leader Jim Reavis, Co-Founder and CEO, Cloud Security Alliance Dr. Tom Kellerman, Chief Cybersecurity Officer for Carbon Black Inc and Vice Chair of Strategic Cyber Ventures Board Mary Ann Davidson, Chief Security Officer, Oracle Dr. Sally Eaves, Emergent Technology CTO, Global Strategy Advisor – Blockchain AI FinTech, Social Impact award winner, keynote speaker and author Dr. Guenther Dobrauz, Partner with PwC in Zurich and Leader of PwC Legal Switzerland Barmak Meftah, President, AT&T Cybersecurity Cleve Adams, CEO, Site 1001 (AI and big data based smart building company) Ann Johnson, Corporate Vice President – Cybersecurity Solutions Group, Microsoft Barbara Humpton, CEO, Siemens USA Businesses and states depend on effective cybersecurity. This book will help you to arm and inform yourself on what you need to know to keep your business – or your country – safe.

Who is this book for?

This book is essential reading for business leaders, the C-Suite, board members, IT decision makers within an organization, and anyone with a responsibility for cybersecurity.

What you will learn

  • The threats and opportunities presented by AI
  • How to mitigate social engineering and other human threats
  • Developing cybersecurity strategies for the cloud
  • Major data breaches, their causes, consequences, and key takeaways
  • Blockchain applications for cybersecurity
  • Implications of IoT and how to secure IoT services
  • The role of security in cyberterrorism and state-sponsored cyber attacks
Estimated delivery fee Deliver to India

Premium delivery 5 - 8 business days

₹630.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jan 13, 2020
Length: 252 pages
Edition : 1st
Language : English
ISBN-13 : 9781789807004
Category :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Redeem a companion digital copy on all Print orders
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to India

Premium delivery 5 - 8 business days

₹630.95
(Includes tracking information)

Product Details

Publication date : Jan 13, 2020
Length: 252 pages
Edition : 1st
Language : English
ISBN-13 : 9781789807004
Category :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
₹800 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
₹4500 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₹400 each
Feature tick icon Exclusive print discounts
₹5000 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₹400 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 11,768.97
Cyber Warfare – Truth, Tactics, and Strategies
₹2606.99
Cybersecurity – Attack and Defense Strategies
₹6554.99
Cyber Minds
₹2606.99
Total 11,768.97 Stars icon

Table of Contents

12 Chapters
Integrating Humans and Technology – Four Steps to Cyber Hygiene Chevron down icon Chevron up icon
How Risky Behavior Leads to Data Breaches Chevron down icon Chevron up icon
Blockchain – The Unwritten Chapter on Cybersecurity Chevron down icon Chevron up icon
Cybersecurity in the Cloud – What You Need to Know Chevron down icon Chevron up icon
The World's Biggest Data Breaches – Proactive and Reactive Approaches Chevron down icon Chevron up icon
Trends in Cybersecurity Chevron down icon Chevron up icon
Staying Cybersecure in the IoT Revolution Chevron down icon Chevron up icon
Cyberwars – Bringing Military Lessons to Modern Information Security Chevron down icon Chevron up icon
Can Artificial Intelligence (AI) be Trusted to Run Cybersecurity? Chevron down icon Chevron up icon
Conclusion Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon
Index Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.2
(10 Ratings)
5 star 80%
4 star 0%
3 star 0%
2 star 0%
1 star 20%
Filter icon Filter
Top Reviews

Filter reviews by




Nathan Chung Feb 06, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Book was received as a gift for review. I wanted to read this because I was interested to learn about how cybersecurity will be affected by new technologies such as AI, Blockchain, and IoT. What surprised me was how the author focused more on thought leaders and their ideas. This is the first cyber book I have read that uses this format and I enjoyed it. Even for people who do not understand the impact these new technologies will bring; this book will help them to bring awareness to the new cybersecurity risks and opportunities. Highly recommended! Great book!
Amazon Verified review Amazon
Chicago2305 Jan 29, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
A fresh take on a tough subject. Shira takes us through the basics of what we need to know and through interviews with other thought leaders gains additional perspective. It’s a very enjoyable read that also informs!
Amazon Verified review Amazon
C. Schober Feb 23, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
It takes a great cyber mind to probe great cyber minds for answers and Shira Rubinoff is no exception. From CISO's to high level executives keeping tech titans safe, Rubinoff asks them all thought provoking questions that unfold as enjoyable interview-style conversations and go on to educate and inspire readers. Discussing major breaches of our time while delving into intellectually diverse technologies including AI, cloud, IoT and blockchain, Rubinoff never strays far from the guiding principle that the human factor is still the weakest link in the cybersecurity chain. Cyber Minds offers a unique perspective to both novice and expert practitioners of cybersecurity and will always occupy a special spot in my library for years to come.
Amazon Verified review Amazon
Wes Knight Jan 21, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
As a Chief Information Security Officer, I know that one of the very difficult parts of this job is explaining cyber security and information security in a way that can be understood by everyone. Shira does a great job with this. Her interview and writing style keep the flow on target and address some very important aspects of cyber security. It's not just writing and interviewing. The Discussion sections that offer a recap and highlight the most important parts of the interviews are great. This give solid take-aways from the book.I found the interview with General Touhill very interesting. Applying some basic military thinking and tactics to cyber-warfare should be fundamental to any cyber defense. This may not be a kinetic war, but it is war. Being situational aware when using social media, using MFA and VPNs, and using a Zero Trust model should be everyone's starting point.Shira has written a great book for everyone to read and understand.
Amazon Verified review Amazon
RDiver Mar 04, 2020
Full star icon Full star icon Full star icon Full star icon Full star icon 5
There is a need for organizations to change from a compliance culture and adopt a real security culture. Stop doing security because you are told to do it, and start doing security like the future of your entire business relies on it (because it does!)If you are reviewing you enterprise level securities strategy, and looking at Zero Trust or Insider Threat models, this book will assist you in gaining a wider range of ideas and approaches.By reading this book you will dig into the psychology of people and gain new ways to tackle your risks and threats. The method of using an interview approach to gaining insights from experts in their field, changes the dynamic of reading a book written solely by the author alone, to providing an engaging journey of discovery; as of you had hired these consultants yourself.I hope you enjoy the read as much as I did.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the digital copy I get with my Print order? Chevron down icon Chevron up icon

When you buy any Print edition of our Books, you can redeem (for free) the eBook edition of the Print Book you’ve purchased. This gives you instant access to your book when you make an order via PDF, EPUB or our online Reader experience.

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
Modal Close icon
Modal Close icon