The 6 Best Cyber Security Books

Cyber Security

There are a plethora of books relating to cyber security, the following review features the 6 best cyber security books, that are all bestselling publications, written by industry experts within their own specialised field.

The following review attempts to look at books with differing aspects of cyber security.

The 6 Best Cyber Security Books
By: Geoff White

The Lazarus Heist

In The Lazarus Heist, investigative journalist Geoff White examines how the North Korean regime has harnessed cutting-edge technology to launch a decade-long campaign of brazen and merciless raids on its richer, more powerful adversaries.

Read Blurb

The 6 Best Cyber Security Books
By: Nicole Perlroth

This is how they tell me the world ends

The thrilling untold story of the cyberweapons market-the most secretive, invisible, government-backed market on earth-and a terrifying first look at a new kind

Read Blurb

The 6 Best Cyber Security Books
By: Gordon Corera

Intercept

Gordon Corera’s compelling narrative takes us from the Second World War through the Cold War and the birth of the internet to the present era of hackers and surveillance

Read Blurb

The 6 Best Cyber Security Books
By: Andy Greenburg

Sandworm

Andy Greenberg explores the alarming evolution of cyberattacks through the eyes of a diverse international cast of cybersecurity analysts and experts, revealing the growing dangers of cyber warfare while providing plausible explanations for U.S. government

Read Blurb

The 6 Best Cyber Security Books
By: Kevin Mitnick

Ghost in the wires

A thrilling true story of intrigue, suspense, and unbelievable escapes and a portrait of a visionary who forced the authorities to rethink the way they pursued him, and forced companies to rethink the way they protect their most sensitive information

Read Blurb

The 6 Best Cyber Security Books
By: Bruce Schneier

Click here to kill everything

Bruce Schneier argues that driverless cars are just one of many new technologies that present a serious and imminent security threat in the realm of IoT.

Read Blurb

Lazarus Heist

The award-winning investigative journalist Geoff White has produced what can only be described as a gripping, if not scary novel that focuses on the antics of the notorious North Korean aligned Lazarus group.

The novel follows the actions of a sophisticated collective of hackers as they target a variety of organisations ranging from banks, the British National Health Service (NHS) and a Hollywood studio.

The Lazarus group have allegedly stolen over a billion dollars, which the author describes in his own informative, yet highly entertaining style. Through the use of highly sophisticated, leading-edge technology, Geoff White examines how this group are able to successfully breach the cyber defences of globally recognised institutions.

The author leverages his journalistic background to skilfully follow the attack patterns across the world from Dhaka to Hollywood, Pyongyang and Macau. The attacks are truly global in nature and the trail leads White to a glitzy casino with very high-stake players.

Whilst the book is highly entertaining, it does highlight the real word actions of these malicious actors who care little for the damage they cause or the harm they inflict, this is especially true of attacks that affected the NHS in 2017.

This book is very relevant to current geo-political events and specifically in relation to state sponsored attacks that are evident against Ukraine.

This book is highly recommended…

The 6 Best Cyber Security Books Rating: 4/5

More information

This is how they tell me the world ends

This book can be described as a spy thriller in a world where technology dominates. The New York Times Bestseller and winner of the Financial Times book of the year award. The book delves into the murky world of the procurement of cyberweapons, that includes nation state sponsorship.

The book’s author (Nicole Perlroth) takes the reader through an intrepid journey of the opaque code-driven market delving deeper into the dark world of spies, hackers, arms dealers and an assortment of unusual characters.

In the rush to migrate the world’s critical infrastructure online, the author focuses on the extreme and very real threats that pose a huge risk to governments, businesses and society as a whole.

The book describes Zero days as the blood diamonds of the security trade, that are pursued by nation states, cybercriminals, and the infosec fraternity. In this clandestine market, governments are the clients – paying vast sums to anyone willing and able to develop code that exposes weaknesses in technology, whilst staying silent.

This book is very well written, one of the best cyber security books in recent years, it comes highly recommended for those wishing to have their eyes opened to a secret market that is frequented by nation states and some of the world’s elite hackers.

The 6 Best Cyber Security Books Rating: 4.5/5

More information

Intercept

Intercept author Gordon Corera is perhaps better known as the BBC security correspondent. His 2015 book provides a detailed and interesting account of how computers and the internet have transformed the ancient art of spying.

Since the start of World War One, when the British cable layer CSS Alert cut the German telegraph cables that forced German communications through British controlled relay stations, technology has played an important role in espionage. Corera takes the reader through the history of intercepting data that leverages technology and describes how computers and the internet have transformed spying.

Intercept describes how governments have embraced hacking at an industrial scale, to vacuum data at an unprecedented level.

In 2013, Ed Snowden exposed the NSA and its British counterpart GCHQ, who had collectively used bulk data collection for mass surveillance purposes. This included world leaders and allies within NATO. Snowden revealed how the NSA & GCHQ hacked into organisations private data connections to skilfully steal data without detection.

Corera notes that the NSA and its partners still require human intervention. This was evident in the Stuxnet attack that targeted the Iranian centrifuges, which formed an integral part of their uranium enrichment programme.

Whilst this book was written 7 years ago it provides a detailed and informative history of technology and how it has been adapted for espionage purposes.

The 6 Best Cyber Security Books Rating: 4/5

More information

Sandworm

This book can be described as a chilling reflection on the modern world and the shadowy collective of cyber criminals that the Kremlin leverages for its own purposes. The author Andy Greenburg highlights the dependency the world has on technology and computers, and the fact they are all interconnected via the internet. A cyberwar that is orchestrated by the main nation state protagonists could cripple a country, or even a continent.

The author depicts cyberwar as an invisible force capable of attacking a nation state and inflicting damage on an unimaginable scale.

The book describes cyberwar as a cyber-attack against a nation’s financial services, national grid, hospitals, factories, travel and commercial interests. It can even destroy machinery that can have a lasting effect on critical infrastructure.

Greenbug provides detailed information on malware and worms, such as the devastating NotPetya, and the infamous Mimikatz. The author dives into the technical depths of how such malware functions.

Greenburg details what he describes as the first state-sponsored espionage hack which took place in 1986. West German adversaries who attempted to sell their illicit gains to the KGB.

In 2007 an employee at the National Laboratory in Idaho demonstrated to U.S. government that cyberwar techniques could be orchestrated to cause significant physical damage to critical infrastructure. Through attacking and compromising computer networks, the employee as able to manipulate the software controlling a huge diesel generator causing its destruction.

The author also details the Stuxnet attack against Iranian centrifuges, effectively bringing Iran’s uranium-enrichment process to a temporary halt. Stuxnet is considered a gamechanger and represented a significant advancement in malware sophistication, that instigated a new era in cyberwarfare.

This book provides an in-depth view of how technology is being manipulated by nation states to target adversaries, probing critical infrastructure to discover weaknesses. However, you get the impression that this is the tip of the iceberg and that much of what goes on in the deepest echelons of cyber space goes undocumented. Nevertheless, this book provides an excellent depiction of the secretive world of government agencies, organised crime and technology.

The 6 Best Cyber Security Books Rating: 4.5/5

More information

Ghost in the Wires

I will try to be as objective as I can with this book as I have met Kevin on numerous times and worked with him in London when I hosted the Cyberincursion event in the City of London during 2018.

In the hacking fraternity Kevin Mitnick is considered a hero by many. He describes himself as world’s most famous computer hacker. He was definitely the most wanted computer criminal in US history, as outlined by the US Department of Justice.

Mitnick started his hacking career at an early age and hacked the North American Defence Command (NORAD) in 1981. The Hollywood movie ‘War Games’ (1983) was partly inspired by Mitnick’s antics.

In 1989, Mitnick hacked Digital Equipment Corporation’s (DEC) network, for which he was arrested and sent to prison for 5 years, 4 of which was in solitary confinement.

Ghost in the Wires explores Mitnick’s journey as a hacker and his abilities as social engineer, for which he is considered a master. The book is a thrilling true story of suspense, intrigue and unbelievable escapes. Mitnick is portrayed as a visionary who forced the authorities to rethink the way they pursued him. He also forced organisations to reassess their own security and address how they store and protect their most sensitive data.

The book portrays a cat and mouse hunt by the FBI for the elusive Mitnick, who is wanted for accessing computers and networks at the world’s biggest organisations. When reading the book, you are astounded how Kevin stayed one step ahead of the authorities, using his full range of technical and non-technical skills to manipulate computer systems and people alike.

Whilst Ghost in the Wires is highly entertaining, it does highlight a frailty in technology and how humans can be manipulated by a skilled individual. Mitnick was able to penetrate the systems of Sun Microsystems, DEC, Nokia, Motorola, Pacific Bell, and other huge organisations using his ability to leverage a human’s natural desire to trust.

It is interesting to note that throughout the book Mitnick highlights the misconceptions and prejudices held by law enforcement and how this reflects the penalties imposed on those who get caught. Ghost in the Wires offers a rare opportunity for the reader to delve into the mindset of notorious hacker. It is both entertaining and thought provoking, especially when you consider this took place decades ago.

Kevin Mitnick is now a successful author, internationally renowned speaker and security expert with his own business. He is also considered by many as the godfather of hackers, Ghost in the Wire comes highly recommended as it provides an insight into how this legacy was created.

The 6 Best Cyber Security Books Rating: 5/5

More information

Click here to kill everything

Bruce Schneier is considered a world-renowned expert in IT security; he is a bestselling author with more than a dozen books published. Click here to kill everything focuses on politics rather than any practical cybersecurity tips. Schneier describes how the growth of the Internet, and the connectivity across the globe has made it hugely powerful but potentially insecure. He attempts to rally citizens to lobby governments into changing policy that would redesign the Internet and ultimately make it more secure.

The book also delves into the Internet of Things (IoT) and how this has increased vulnerabilities, weakening networks by providing pivot points for cyber criminals.

Schneier argues for better practices and standards and highlights GDPR in the EU is a firm step in the right direction. He also champions greater transparency in data handling practices, that affect everyone. He has suggested consumers “vote with their wallet”, and that they should consider privacy and security before ordering services or goods.

Click her to kill everything is an excellent book for those attempting to get to grips with technology, security and privacy. Bruce Schneier reiterates the point that everything is now internet connected, including our homes, cars, watches and even our clothes. It can therefore be considered essential that we take care of our digital security. This book is useful for any individual requiring a greater understanding of the risks relating to technology within an increasingly interconnected world.

The book is written to raise awareness of the issues associated with insecure devices that have become an essential part of our lives. These same devices are being systematically connected to the Internet with minimum security. By highlighting this fact Schneier hopes to provoke a wider discussion.

It is clear the author has spent considerable time researching this topic prior to publication. Schneier has a very persuasive writing style that can transcend from a highly technical offering to a book that can be understood by the general public. Schneier is clearly passionate about this topic, this is evident within the chapters.

The information contained within this book will still raise awareness of the issues and be useful for decisions made by the consumer. This book is recommended as it highlights a growing weakness on the Internet and specially the IoT. The information provides a good introduction to current cybersecurity issues for individuals interested in educating themselves on the subject.

he 6 Best Cyber Security Books Rating: 4/5

More information

You may find the 14 Steps Cyber Security Best Practice useful