Hackers and cyber-criminals improve their tactics every day. As a consequence, the cybersecurity industry must perpetually adapt to stay ahead of malicious actors. Verizon points out in its 2019 Data Breach Investigations Report, which is based on 42,000 recorded incidents, that the best defense against cybercrime is knowledge. Unless organizations understand the digital threats they face, they will be powerless to stop them.
Whether you are simply reading for pleasure or hoping to protect yourself by improving your cybersecurity knowledge, there’s no better place to turn to understand the nuances of information security than a good book.
To help you find the most informative, engaging, and up-to-date works published on cybersecurity, we put together the list below. These are the top 5 must-read cybersecurity books to pick up in 2020.
1. Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World
Marcus Carey was inspired to write Tribe of Hackers after listening to Timothy Ferriss’s Tribe of Mentors. He and Jennifer Jin put together 14 questions, starting with broader topics and moving toward more personal themes, and used them to conduct 70 interviews with influential hackers and information security (infosec) professionals.
The result is a fascinating compilation that covers a diverse range of viewpoints on cybersecurity issues. This makes it a great resource for experienced professionals who want to be exposed to new ideas or for anyone just getting started in infosec.
Undoubtedly, the key strength of this work is the diverse backgrounds of the experts who the authors interviewed. Thanks to this, Tribe of Hackers manages to showcase the attributes shared by successful infosec professionals while providing practical insights into how to kickstart your career or further development in the field.
2. How to Measure Anything in Cybersecurity Risk
The follow up to 2007’s < em>How to Measure Anything, Douglas Hubbard’s most recent book takes a penetrating look at the way businesses and individuals deal with modern cybersecurity risks. Hubbard convincingly demonstrates that many widespread cybersecurity management techniques generate more risks than they solve, making this is an important read for any digital security manager.
The central thesis of How to Measure Anything in Cybersecurity Risk is the idea that any issue can be quantified, it’s just a problem of which metrics are most suitable and how you should go about measuring them. Hubbard’s advice and the book’s partner website, which is packed with free-to-use spreadsheet files, will help you to answer those questions.
For readers attempting to improve their own cybersecurity risk management, the best thing about this thought-provoking work is that Hubbard doesn’t just point out flawed risk management techniques, he also provides actionable alternatives.
3. Hack-Proof Your Life Now! The New Cybersecurity Rules: Protect your email, computers, and bank accounts from hacks, malware, and identity theft
Published in 2016, Hack-Proof Your Life Now! remains one of the most pragmatic guides to personal cybersecurity out there. Authors Devin Kropp and Sean Bailey will help you better secure yourself from cyber and hacking attacks by applying simple rules. This includes, for instance, making use of mindfulness techniques when scanning your inbox so you aren’t tricked by a phishing email attempt.
In this book, one of the key aims Bailey and Kropp set out to achieve is making it easier for readers to stop hackers from impersonating them. To do this, they provide a thorough guide to creating a free fraud detection system. Remember, never underestimate how commonplace identity theft is. Over the next 24 hours alone, hackers are expected to steal the identities of 35,000 people, potentially wrecking their finances and credit scores.
Hack-Proof Your Life Now! promises to stop you from becoming one of those victims. With checklists and straightforward guides, this book will help you to meaningfully improve your cybersecurity score in less than two hours.
4. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon
For readers more interested in the geopolitical and cultural implications of cyberattacks than personal protection, Countdown to Zero Day is a superb read. In 2010, Stuxnet, a worm now believed to be the joint creation of the USA and Israel, was used to damage equipment at a uranium enrichment plant in Iran. This worm was groundbreaking because it was intended not only to cause software damage but also physical harm to the computers it was implanted in.
In Countdown to Zero Day, WIRED senior reporter Kim Zetter explores the backstory and context of Stuxnet, the world’s first digital weapon. After the Stuxnet worm was identified almost half a year after its successful deployment in Iran, experts managed to identify three related pieces of spy software. These had been embedded in computer systems around the world, and researchers quickly realized they had been developed by the team behind the original Stuxnet worm.
Zetter’s account helps the reader to understand the new era that the Stuxnet worm helped to kick-start. In today’s world, nations are able to wage war with one another without resorting to bombs and guns, but with highly-sophisticated software-based attacks on key pieces of infrastructure.
5. Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers
In many ways, Sandworm, first released in late 2019, picks up where Countdown to Zero Day left off. Like Kim Zetter, Andy Greenberg is a WIRED senior writer interested in the way modern cyberwar is conducted on a global scale.
Sandworm tells the story of a group of Russian hackers who began going after a series of wide-ranging political targets (from NATO to Eastern European electricity grids) in 2014. This elite group came to be known as Sandworm, and they are thought to have the backing of the GRU, Russia’s foreign military intelligence agency. In this gripping narrative, Greenberg recounts attempts to unmask this group. He also seeks to comprehend the threat that Sandworm and similarly relentless, well-resourced hacking teams present to security around the world.