Scott N. Schober’s Hacked Again has emblazoned across its cover ‘It can happen to anyone, even a cybersecurity expert.’ And so it begins, Scott is a cybersecurity expert and CEO of a hi-tech firm, in Hacked Again he takes us through his journey of being the victim of cyber crime, while along the way providing a plethora of expert and common sense advice on how to avoid finding yourself at the wrong end of cyber fraudsters.
Scott opens the book with an anecdote from his youth, opening his first bank account in a friendly local bank where people were on a first name basis, he describes the evolution of this bank and how through a series of mergers, acquisitions and takeovers it has become a modern day banking machine, impersonal and globalised. As the anecdote goes on Scott subtly drops little hints that will become relevant later.
This leads the reader seamlessly into how Scott first realised he had been hacked for the first time. One morning Scott noticed he had a number of suspicious transactions on his business account, after a little investigating it dawned on him…his account had been compromised. And so the motto on the cover proves true…‘It can happen to anyone, even a cybersecurity expert.’
As Scott looks into the compromise it begins to dawn on him, that perhaps it’s not a case of ‘it can happen to anyone even a cyber security expert’ and more a case of, ‘it can happen to anyone, especially a cybersecurity expert.’ While his business account was being investigated, Scott switched to his personal account, only to realise that was also being targeted. It was then Scott began to suspect he was being specifically targeted, that his bank credentials had been compromised and were being traded on the dark web by criminals who wanted to make an example out of the cyber security experts that make their life harder.
From here Scott describes yet another fraud his company was nearly the victim of. After receiving an order for high priced items to be sent by special delivery as soon as possible to an address in Indonesia, Scotts company dispatched the items, only to receive a call from an angry lawn mower repair company demanding to know why he had been charged for the aforementioned items that were currently winging their way to Southeast Asia.
Thanks to the timely phone call, Scott was able to put a halt to the order and recover the items. The lessons Scott learned? Well amongst other things, timely incident response is critical and if something seems to good to be true..it usually is.
Hacked Again then goes on to detail other cyber crimes involving identity theft, credit card fraud, social engineering as well as the tactics deployed by the attackers and the strategies to protect yourself from them. There are many themes that emerge as the book goes on such as who to trust, how to trust, defence in depth, password hygiene, internet browsing habits and the jarring reality of the divergence of feeling secure and actually being secure.
This book takes the reader on whirlwind tour of all manner of cyber crime, it covers malware from spyware to ransomware. Scott provides advice on how to avoid being compromised via spear phishing emails that have went from being very easy to spot with their broken English and low-res pictures to very convincing emails that look and feel the part. One of the golden nuggets buried in Hacked Again is that it not only tells you how to avoid being compromised but what to do if and when you are comprised.
The book continues to follow this blend of storytelling that is part anecdote, part ‘how to’ and part ‘how not to’. It moves swiftly and logically from one subject to the next. It is a book that does not linger on a subject long enough for it become boring or uninteresting. Instead the book flows and is a very easy to read, I was shocked when I first sat down to read Hacked Again only to realise two hours had passed in what seemed like the blink of an eye. Much of this is due to the graceful manner the author moves from one subject to the next.
The question I found myself asking when reading hacked again was ‘who is this aimed at?’, my conclusion was this is book is a must read for c-level management and medium to small business owners, as well as ICT Managers across the world. It gives an overview of the risks businesses face in today’s connected world, while providing tangible and relatable real world examples of these risks becoming real life problems.
But they are not the only people who should read this book, anyone with any kind of online presence could benefit from reading Hacked Again, that includes everyone from your grandparents to your computer science graduate buddies and yes even cyber security experts. Another group who will find this book of interest and perhaps not its obvious audience is anyone who fancies themselves as an expert in a particular field. In the latter stages of the book Scott discusses his experience as an media go to expert on cybersecuirty, this is one part of the book I found surprisingly insightful, if not entirely relevant
This books fits a niche, it is not a focused investigation into a specific topics like Brian Krebs Spam Nation, Misha Glenny’s Darkmarket or Kim Zettler’s Countdown to Zero Day, nor is it a technical tour de force like that found in a Bruce Schneier book. Hacked again just touches on those subjects, giving the reader awareness of them as examples of the darkness that is lurking out there. What this book is, is an exquisitely written warning, but not only a warning, it is a manual on what you can do to keep yourself and your business safe, and this is where its true value lies.
Hacked again is a veritable 101 the of risk of cybercrime and cyber security, an impeccable overview of the whos, the whats and the hows of information security, it gives this overview without ever slipping into hyperbolic hysteria in order to get its point across.
Scott’s manner of storytelling is seamless, he starts off on a thread and leads you down a path until its conclusion, all the while dropping bread crumbs of advice and the lessons he has learned along the way. It’s an effective blend of storytelling and educating, at no point do you ever feel condescended by the advice being dispensed. As a security researcher myself I know how easy it is to feel patronised when receiving security advice.
In the foreword for Hacked Again, radio host Jon Leiberman describes how Scott can translate complex technical details and tech talk into understandable information. This is true, Scott does know how to effectively demystify tech talk into non-intimidating, flowing and compelling storytelling. Hacked Again is the work of man who knows his subject and the work of man who has learned the lessons of what can happen when you are the victim of cybercrime, it is the work of man who wants to pass on those lessons to the reader and this is why it is a must read.