Short Review
In a scale of 1-10, I’d rate this as a 7. The stories are fairly interesting, and it does highlight the need for better security, but felt too conclusion based for my tastes.
Long Review
You’ll See This Message When It Is Too Late - The Legal and Economic Aftermath of Cybersecurity Breaches is an interesting book. The main focus of the book is to look at various Cybersecurity incidences and analyze what happened, how the response is handled, and potential changes that could have been made to alleviate them in the future. It’s a fairly long book, clocking in near 500 pages (or 12 hours in Audible).
The book is split up into chapters covering a specific Cybersecurity incident. Each collection of chapters is grouped into sections covering the main motivations of the attackers. Only the very large type of incidents is covered.
Some of the companies covered include Sony, Spamhaus, DigiNotar. The motivations covered include Financial (goal to make money), Cyberespionage (state actors), and Public Humiliation (what we see a lot of now days with doxing and the like).
The book primarily covers, for each incident, the factors that led to the exploit, and the outcome (both reaction, and legal). Toward the very end, it starts talking about various improvements that can be made to help enhance security. The theme is that it takes work from everyone from the consumer up through, and including government.
If reading the book, going to the back and reading the improvements first is perfectly fine, but the majority of the rest should be read in order since some attacks build on previous discussed attacks.
Impressions in this Space
I rated this a 7 largely because of my impressions in this space. There were some things I really liked, such as really highlighting that a company wants to take as little responsibility for their role in protecting their systems. It’s both depressing, but also incredibly important to highlight the fact that people want to avoid responsibility as much as possible (as a whole, I feel this applies to individuals up through companies).
What knocked some points off were around more freedom-oriented conclusions the author would make. I felt the consumer monitoring and segmentation (in regard to botnets) was an example of things going too far. Basically, my feeling is my ISP isn’t there to police traffic, or monitor outside of very strict legal requirements. Anything more than that is too far in my view. That said, if notified of a problem, and bubbling that to the consumer, is perfectly acceptable.
There were other parts too that fit into this, but I admit my bias given what I’m seeing in society as of late is playing into this.
The other reason why I rated it a 7 was due to my copy of it more than probably the content. I got this on Audible, and the reading on there was hard. Very slow, very ‘dry’. It took me awhile to get through this book. I wish that, with the Audible copy, a better summary could be provided in PDF. I wish this was a universal thing to create a “cheat sheet” of sorts” and distribute that along with the book. A 30 page supplemental highlighting each company, the factors for exploit, the response, and outcome would have been fantastic.