Font Size: A A A

Home > Reviews > CyberStrong: A Primer on Cyber Risk Management for Business Managers

CyberStrong: A Primer on Cyber Risk Management for Business Managers

Author Ajay Singh

ISBN No 9789353885489

Review date 13/08/2022

No of pages 296

Publisher Sage

Publisher URL

Year of publication 30/10/2020


Our Review


£ 16, paperback

Any author of a book on cyber-security and protecting against such threats has to tread carefully - like any author, has to have an idea of who the reader is, and write accordingly - assuming the reader has a level of knowledge and ignorance (why else open the book) and inform by using what terms the reader already knows and explaining whatever the reader doesn't know. It's particularly relevant for cyber, as readers may feel they ought to understand ('a new digital society is in the making', as this book reminds us early on) and don't want to admit ignorance; or, readers may have once been well informed but fall behind.

This book strikes the right balance, thanks to a readable writing style and a good lay-out, making what the author has to say, digestible. Early on, for example, Ajay Singh uses the term 'attack surface' and sensibly explains it right away ('the total number of points or vectors through which an attacker could try to enter'). As that implies, the author does not fall into the trap of making cyber-security sound too technical - for it is not. Just as behind an attack is a human, so human IT users are the defence.

As the author says: "The rapidly increasing number of people and devices on the Internet is outpacing our ability to protect and insulate ourselves from cyber threats." He advises that before any rush to deploy tech, we should first seek to understand vulnerabilities - such as, the billions of IoT (Internet of Things) devices from healthcare and household appliances to cars.

He goes on to treat his subject in terms of threats and vulnerabilities and then risks; giving due weight to 'the human factor' and the need for leadership (something else human, we might add). It's striking for example that the author suggests that the 'technology industry needs a moral compass', in that our fascination with tech, and what's on the internet and social media, has set aside morality.

The balance of the book feels right, too; it offers international examples, both of cyber-attacks on and breaches of businesses (Sony-Playstation, Target, Equifax, TalkTalk in the UK, and some less well known cases for UK readers, such as malware at an Indian nuclear power station), and nation-states (Estonia, attacked by Russia). The author considers cyber in terms of business besides the IT function - although IT is definitely part of the story. For example, the author likens cyber to an 'arms race' between the criminals and IT security teams. For there is no 'silver bullet' to remedy cyber, nor is it a one-time initiative or activity. Rather; the author advocates a holistic approach, that takes in policy, a 'risk aligned strategy' and the engagement of all.

The book is up to date enough to cover the coronavirus pandemic at length. Like so many other commentators, Singh points out 'a sudden surge in cyber-crime in many countries with cybercriminals preying on people's need to access information'. Cybercriminals see covid-19 unlike the rest of us ('they find an opportunity in any situation'); preying on anxiety and suffering, and targeting healthcare with ransomware. The criminals are, as Singh says, tireless; and the same tech that has enabled remote working has vulnerabilities that give scope to criminals, scammers and data thieves.

A sensible and welcome book, with much to commend it in terms of tone and content, and not least its affordable price.

About Ajay Singh

The author while based in Mumbai has a master's degree from Sheffield Hallam.