Digital Resilience: Is Your Company Ready for the Next Cyber Threat?

by Ray A. Rothrock, Richard A. Clarke (Foreword)

Don’t let your company be the next grim headline . . .

Cybercrime is on the rise — and businesses large and small are at risk. For management, the question is not if you will be targeted, but when. Are you prepared? Is your enterprise actively monitoring networks, taking steps to understand and contain attacks, enabling continued operation during an incident? Do you have a recovery plan ready?

Few are prepared, explains cybersecurity expert Ray Rothrock, who lays bare tactics used by hackers, vulnerabilities lurking in networks, and strategies not just for surviving attacks, but thriving even while under assault.

Fascinating and highly readable, Digital Resilience opens with the infamous 2013 Target attack, which compromised the credit card information of 40 million customers. In hindsight, the hack (like most today) was preventable. This book helps businesses:

● Understand the threats they face
● Assess the resilience of their networks against attacks
● Identify and address weaknesses
● Respond to exploits swiftly and effectively

Data theft. Downed servers. Malware. Even human error can trigger cyber events anytime from anywhere around the globe. This powerful guide provides the resilience-building strategies you need to prevail — no matter what strikes.

Genres: Technology

256 pages, Hardcover

Published April 17, 2018

About the author

RAY A. ROTHROCK is CEO of RedSeal, a premier cybersecurity analytics platform. RedSeal’s corporate customers span the finance, utility, technology, and retail sectors. Government clients include defense, intelligence, and civilian agencies.

Reviews

[Lucas De · Rating 5 out of 5]

A good non technical book. It helped me to give a step back and remember why resilience is a important block for the XXI society.

[James Voorhees · Rating 4 out of 5]

Ray Rothrock is a CEO writing for the C-Suite. Digital Resilience is a plea for companies to go beyond seeking security for their digital assets. Instead, he argues, they should strive for resilience. The latter, he argues, is a business issue; the former is not. Resilience assumes that a company will be attacked and that breaches will happen, but that a business must learn how to absorb any losses and continue.

His argument starts with the Target breach of 2013, in which data for 70 customers was lost. It is based on the nature of networks and the centrality of networks to how we live. The argument is not technical. Indeed, much of what Rothrock proposes has less to do with technical solutions and more with organizational structure and corporate culture.

Each chapter is punctuated by action items and ends with a takeaway. The last chapter ends wit h26 action items designed to lead an business to resilience.

Many of the actions he proposes are typical recommendations for cybersecurity, things like 'know your network,' 'don't click on attachments,' and 'install updates and patches.' But the key to his argument and the value of the book lies with proposals that will take cybersecurity out of its ghetto. Cybersecurity, he might say, is too important to be left to the geeks alone. It must be taken up by the entire business, from the board on down. Curiously, he also urges companies to look on their attackers as competitors and that resilience itself can be used to add value to a firm.

[Anurag Kharapkar · Rating 4 out of 5]

Cyber attacks are becoming intensive and complex; Digital resilience is a key to survival. Ray elaborates on the need for people, organisations, and governments to develop strategies to withstand and recover from cyber threats as the world becomes more interconnected and dependent on technology. The widespread nature of cyberattacks and their capacity to seriously harm people and institutions. The devastating effects of cyber incidents through case studies and real-world examples like Target; the book explores the organisational and psychological aspects of resilience while also exploring the technical aspects of cybersecurity. He contends that building a culture of readiness, adaptability, and ongoing learning is as important as implementing the newest security tools and technologies. While also examining the technical aspects of cybersecurity and the organisational and psychological aspects of resilience. He argues that establishing a culture of readiness, adaptability, and continuous learning is equally crucial to security as putting the most recent security tools and technologies into practice.

Building digital resilience requires ongoing effort rather than a single effort. Rothrock emphasises the significance of routinely reviewing and updating cybersecurity measures to keep up with the changing threat landscape. He also emphasises the importance of leadership in promoting digital resilience and encourages executives and decision-makers to prioritise cybersecurity and integrate it into their organisation's operations.

[Dmitry · Rating 1 out of 5]

(The English review is placed beneath Russian one)

И сложно читать, и не понятно для кого написана книга. Пожалуй, именно так я бы её и охарактеризовал в целом. Текст довольно сложный и из-за этого многие вещи я упустил. В особенности там, где автор решил углубиться в детали того, как функционирует сеть. Но даже без этого (и много другого), книга оставляет много вопросов.
Во-первых, непонятно на кого ориентирована книга. Для профессионалов из IT сферы, книга слишком поверхностная. Даже для непрофессионалов она крайне неглубокая. Например, автор много пишет о таком способе запуска вируса, как заражённые письма. Т.е. когда приходит письмо от якобы известной компании, с которой вы каким-то образов связаны, вместе с прикреплённым файлом или ссылкой ведущей на фальшивый сайт, где человек заполняет специальную форму с паролями и логинами (или что-то скачивает). Именно таким способом была взломана почта демократической партии США накануне выборов. И это, фактически, единственный способ о котором будет упоминать автор, да и то не очень уж и подробно. Автор пишет, что мол, человек придумал автомобиль и автоматически, из-за этого, появились аварии. Придумал интернет - появились хакерские атаки, воровство паролей и так далее. В самом начале книги он пишет о том, что хакеры воруют информацию, благодаря которой они обчищают как дебетовые карточки, так и кредитные. Но ничего глубже стандартный утверждений, о которых и так каждому известно, автор не приводит. Далее он пишет о русских, украинских и пр. хакерах (но основное внимание уделяет российским хакерам и хакерам аффилированными с российскими правительственными структурами). К примеру, история о Dos-атаках на прибалтийские государственные сайты, когда была вся та история с бронзовым солдатом или взлом демократической партии США. Ну, да. Однако даже более глубокую информацию можно прочесть в обычных газетах. Тогда какой смысл? В общем, эта идея или задумка автора мне совершенно не понятна. Зачем об этом писать, да ещё так неглубоко, что многие СМИ более информативны в данном вопросе?
Во-вторых, специалистам из IT сферы тут совершенно нечего ловить. Сотрудники компаний в целом? Просветить их о важности проблемы? Ну, я не думаю, что у кого-то из сотрудников есть такие пробелы, которые могли бы быть заполнены данной книгой. Опять же, хватит с одной стороны СМИ, а с другой – коллег из IT отдела.
В-третьих, автор зачем-то углубляется в историю и начинает аж с древнего Рима с его знаменитой александрийской библиотекой. Автор пишет, что мол, информация всегда была ценным ресурсом. Далее он быстро пройдётся по всем заметным событиям связных с данной темой (включая телефон, телеграф и пр.). Зачем?
В общем, используя тяжёлый язык, автор замаскировал свой поверхностный взгляд на сегодняшние проблемы связанные с интернет безопасностью. Не более того. Предложить более серьёзный анализ какой-то отдельной сферы, автор почему-то не захотел (или не смог). Да, та глава, где рассказывается о первых взломах телефонной сети (как предтеча нынешним хакерам) с реальной опасностью устроить ядерную войну между США и СССР, было довольно интересно. Но, опять же, автор упомянул об этом вскользь.

It's hard to read, and it's not clear for whom the book is written. Perhaps that's how I would characterize it in general. The text is quite complicated and I missed a lot of things because of it. Especially where the author has decided to go deeper into the details of how the network works. But even without that, the book leaves a lot of questions.
First of all, it is not clear who the book is aimed at. For IT professionals, the book is too superficial. Even for non-professionals, it is extremely shallow. For example, the author writes a lot about such a way of launching a virus as infected emails. That is, when a letter comes from an allegedly well-known company with which you are engaged, together with an attached file or a link to a fake site, where a person fills out a special form with passwords and logins (or something downloads). This is how the mail of the Democratic Party of the USA was hacked before the elections. And this is the only method the author mentions and describes it not very in detail. The author writes that a man invented a car and automatically, because of this, there appeared car accidents. The Internet was invented and there appeared hacker attacks, stealing passwords and so on. At the very beginning of the book, he writes that hackers steal information, through which they rob both debit cards and credit cards. But there is nothing deeper than the standard statement that everyone already knows about. Then he writes about Russian, Ukrainian and other hackers (but the main focus is on Russian hackers and hackers affiliated with the Russian government structures). For example, the story of Dos-attacks on the Baltic state sites, when there was the whole story about a bronze soldier or breaking into the Democratic Party of the United States. Well, yes. However, even deeper information can be read in regular newspapers. Then what is the point? In general, I do not understand this idea or the author's idea at all. Why does the author write about it so superficially, because it makes many media look more informative in this matter than this book?
Secondly, there is absolutely nothing for IT specialists to catch here. The employees of companies in general? Should we educate them about the importance of the problem? Well, I don't think any of the employees have any gaps that could be filled in with this book. And if there is, there will be enough media and colleagues from the IT department.
Thirdly, for some reason, the author goes deep into history and starts from ancient Rome with its famous Alexandria library. The author writes that information has always been a valuable resource. Further it will quickly pass on all appreciable events connected with the given theme (including phone, a telegraph and so forth). Why?
In general, using heavy language, the author disguised his superficial view of today's problems related to Internet security. No more than that. For some reason, the author did not want (or could not) offer a more serious analysis of a particular area. Yes, the chapter telling about the first hacking of the telephone network (as a precursor to today's hackers) with a real danger to arrange a nuclear war between the U.S. and the Soviet Union was quite interesting. But, again, the author mentioned it in passing.

[Shanell Meek · Rating 4 out of 5]

An important read for any company leader or manager as well IT professionals.

Digital Resilience: Is Your Company Ready for the Next Cyber Threat? By Ray Rothrock discusses the state of our digital security. I feel like this book would appeal to IT professionals as well as business owners/leaders and even individuals that want to learn more about digital resilience. Rothrock presents a convincing and informative book for why companies need digital resilience and what it can do for them and their customers sense of security. Rothrock uses examples such as Targets 2003 fiasco which left thousands of customers information vulnerable due to a cyber security breach. Rothrock drives home that digital resilience is not a program or service you can buy, it’s something that is taught and will someday be a part of all school, management trainings and required by corporations. Overall I found this book to be very informative and made me much more aware of the digital world around me.

[Kate Brackett · Rating 4 out of 5]

For anyone in the IT world, this book is for you. I work in IT, and found this book to be eye-opening and enlightening. I especially liked the examples Ray used of past cyber attacks and how companies recovered (or didn't.) Cyber threats are at all time highs nowadays, and preparing for them is something everyone that is involved in technology should be aware of and prepared for. Attacks can happen from human error, malware, phishing, etc and the author elaborates on all of these. An excellent book for those who are (and aren't!) involved in the technology world.

[Erin · Rating 4 out of 5]

Dense, critical, in-depth with actionable solutions to data and network resilience.

[Frank · Rating 5 out of 5]

Great book, there is plenty of useful information and actionable items. I'm going to listen again, it's worth the time.

[Carter · Rating 3 out of 5]

This book is probably an attempt to raise some awareness here. In light of the apparent Solarwinds breach, this is a more pressing issue that ever.

[Douglas Shaw · Rating 5 out of 5]

Alarmingly clear for deep, novel insights about how wrong the common perception of cybersecurity is (it’s the networks, not the tech).