Sunday, July 15, 2007

Book review - Spies Among us

Spies Amoung Us: How to stop spies, terrorists, hackers and criminals you don't even know you encounter every day by Ira Winkler was a little disappointing we thought. Well, probably the most likely reason is that we've heard it all before. Security isn't as destination it is a process as all good security professionals know. Ira's book covers a wide range of topics but the answers are always very simple and usually just require common sense. We suppose that in this day and age that is what is missing from most people. Why would someone from Nigeria ask you to allow them to transfer money through your account for a significant handling fee? C'mon, now really, but you'd be amazed at how many people just that scam alone fools. From memory we think email scams are Nigeria largest earning export.

This book is probably a good read for someone who really hasn't had to think too much about security. It does provide plenty of real world examples of how professionals perform penetration tests of businesses and generally how they walk away with the information they require with a few days. It is probably a good book to get your boss to read to convince them to spend more on security but as we all know this is highly unlikley. Why? Simply because security is all about maintaining the status quo in managements eyes. They think that it doesn't contribute to profits and it doesn't reduce expenditure so what good is it? In the face of this sort of attitude we like to ask - “What do you have to do to be 100% certain that a break in will not re-occur once your computer systems have been compromised?“ - Answer “The only way to be 100% certain is to wipe EVERYTHING (servers, workstations, the lot) and reload“. How expensive is that going to prove boss?

The cost of proactive security is always far cheaper than reactive security but not many businesses understand that until it is too late. If you don't see the benefit of security then read Spies Amoung Us before your business becomes a victim.