In 2015, then-CEO of Cisco Systems, John Chambers, famously wrote, “There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.” [1] In his 2016 novel, “Hacked Again,” author Scott N. Schober proves that this is true, not just of organizations, but of individuals, including cybersecurity professionals.

Schober, the President and CEO of Berkeley Varitronics Systems (BVS), has put together an informative primer on the state of the information security landscape as it exists today, and in the eyes of many, it can be terrifying and confusing. BVS sells “a variety of wireless test and security devices for cellular, Wi-Fi, Bluetooth & other modulated RF signals for engineers, technicians & installers.” [2] The company is designed to protect networks, people and information, yet, as Schober details in his book, BVS was hacked, first in 2012, and again in 2013. He decided to use his position as a public speaker to educate a broader audience on the very real threats to a company’s online presence and financial well being.

Hacked Again by Scott Schober

Learning the Hard Way

Schober begins the book by telling his story. He delves into the emotions of being the victim of a cybercrime, from the frustration of dealing with the banks to even feeling a desire to store money in his mattress. His story is one that is familiar to far too many people out there. Many of us have been the victim of credit card fraud, identity theft, or worse. He expands this to include some of his personal dealings with identity theft through websites, spam and phishing, and even Twitter.

How to Protect Yourself

The second part of the book is dedicated to steps the reader can take to protect their personal and business presence online. This section includes a number of useful tips including password management and some creative approaches to things like security questions associated with password recovery. Schober then explains things like spyware and adware, and he spends some important time discussing the growing threat of ransomware. Ransomware is a rapidly expanding market for malware authors and a key priority for the Federal Bureau of Investigation. [3] He also provides some guidance on whether a business should or shouldn’t embrace moving data to the cloud.

Schober then discusses the various types of hackers, from the dangerous black hats to the ethical, helpful white hat hackers. He then pivots the conversation from outsider threats to insiders, both malicious or well-meaning. An organization’s users can expose data whether they choose to or not. Finally, Schober discusses ways to protect wi-fi, both for businesses and for consumers. After that, he discusses the dark web, including techniques like the onion routing (TOR) sites. “Tor hides your online activity, plain and simple. It covers your tracks, including your browsing history, identity and physical location.” [4]

Scott Schober (BVS)

Staying Safe

The third section of Hacked Again includes some important pointers on how to protect users and data. The first, incredibly important note is that effective security requires layers. As businesses and individuals expand what they do online and how they do it, they also expand their exposure and vulnerabilities. Traditional measures like firewalls are important, but additional approaches like intrusion detection, net flow analysis, and endpoint detection and response are also keys to securing an organization’s information. Also important is integration and automation between these solutions. As Snort founder Martin Roesch noted at RSA 2016, “Having many products all delivering incremental benefits is a trap.” [5]

Noteworthy Hacks and Breaches

To bring it all home, Schober recaps some of the most notable data breaches that made headlines in the past few years. These include obvious cases such as Target and J.P. Morgan Chase. He then goes into the iCloud breach that made headlines for leaked celebrity nude photos. He follows this with the 2014 Sony breach, considered the first major attack against a corporation based in the U.S. This is particularly of interest because it is widely believed that North Korea was involved, making this a nation state directed attack. The final breach he details is that of the U.S. Office of Personnel Management, believed to be the largest government hack in history.

Hacked Again is an excellent field guide to security for individuals, small business owners, and C-level executives of even the largest companies. Schober writes from a position of authority, and his information and guidance can keep an organization out of the headlines, and safe from threats like extortion and data loss. Readers will benefit from his guidance in protecting their data, businesses and families.

nK

_

[1]Chambers, J. (2015, January 18). John Chambers: “What does the Internet of Everything Mean for Security?”. Retrieved January 28, 2017, from http://blogs.cisco.com/news/john-chambers-what-does-the-internet-of-everything-mean-for-security

[2] Products Archive. (n.d.). Retrieved January 28, 2017, from https://www.bvsystems.com/products/

[3] Ransomware on the Rise. (2017, January 09). Retrieved January 28, 2017, from https://www.fbi.gov/news/stories/ransomware-on-the-rise

[4] Sabhlok, R. (2013, October 18). Taking Stock Of Tor: Top 5 Tips For Using The Onion Router. Retrieved January 28, 2017, from http://www.forbes.com/sites/rajsabhlok/2013/10/18/taking-stock-of-tor-top-5-tips-for-using-the-onion-router/

[5] Olenick, D. (2016, March 03). RSA 2016: Cisco’s Roesch says the most efficient security is simple and robust. Retrieved January 28, 2017, from https://www.scmagazine.com/rsa-2016-ciscos-roesch-says-the-most-efficient-security-is-simple-and-robust/article/528851/