- Security TWENTY Home
- Women in Security Awards
Author James Bone
ISBN No 9781498749817
Review date 23/07/2018
No of pages 181
Publisher CRC Press
Publisher URL https://www.crcpress.com/
Year of publication 21/02/2017
Cognitive Hack. The new battleground in cybersecurity ... the human mind, by James Bone. Published by CRC Press, ISBN 978-1-4987-4981-7, 181 pages. Visit crcpress.com
We are not going to patch our way into cyber-security, writes the author of Cognitive Hack.
One of the most satisfying ways of approaching cyber-security is to get beyond the technical - and not only because it can be hard to digest. What may look like a cyber-crime can turn out to have a physical or other human element; a hacker gained access first by gaining some password or other clue from a ‘phone call or spam email. It’s a known tactic in penetration testing and in social engineering, as featured in the February and March issues of Professional Security.
A book by an American author, James Bone, makes the case for a new science - cognitive security (CogSec for short). In brief, he argues that for all the billions spent on securing cyber, it has failed to make us safe.
Turn the tables
It’s ‘surprisingly simple for hackers to bypass defences’. If the human, or to be exact what the computer user does is the ‘weakest link’ (clicking for infected videos, and fake adverts) is it possible to build ‘cognitive defences’. The author says you can turn the tables on the hacker, even as he admits that it’s human nature to use ‘free wi-fi’ in a coffee shop, even if it’s insecure. One angle is ‘active defence’, in plainer English taking the fight to the hacker. He sets out how the US federal govenment’s doing that; small businesses can and must too, he argues. If you’re struggling to keep up, that’s part of his point; ‘even if we were able to find and patch every system vulnerability, there would remain a big gaping hole created by human behaviour’. Tech alone will not close the holes. Bone does talk in terms of risk; and how one problem for businesses is that while they’re aware of cyber, they can’t justify the spend, by bringing in revenues. Given that social media and tech are changing the way we work and consume, and lawyers and insurers are figuring out how to treat cyber, we can at least commend Bone for offering more than the newest black box, and talking in terms of principles, and frameworks. That way, as cyber is progressing so fast, into the Internet of Things for example, so that the potentially insecure devices will multiply into the billions and in homes and on streets; by working in terms of a framework, whatever you do in detail has a chance of staying relevant.
However, as the internet has been going roughly since 1990 as the author points out, and the cyber 'black market' has grown to such proportions (although invisible), you have to wonder if it is all too late to secure it.
As a comment rather than a criticism, the book is largely written from a US point of view - perfectly reasonably, as the author is in the States; except that when Bone writes in terms of the law, for example, it doesn't apply to non-Americans. As a sign of the times, all the references the author gives are of web addresses.
Cognitive Hack: The new battleground in cybersecurity ... the human mind, by James Bone. Published by CRC Press, ISBN 978-1-4987-4981-7, 181 pages. Visit crcpress.com.
Introduction: The Analytics of Data Breaches. Cyber-security: Understanding Vulnerabilities. Cognitive Behavior and Cyber-Security. Risk-weighted Exposures of System Applications. The Art and Science of Data Governance. Mapping the Digital Footprint of Data Breaches.