Cyber Smart by Bart McDonough (Review by Paul W. Smith)
Each of us has a unique relationship with our things – especially stuff like smartphones, tablets, laptops, connected cars and all the sundry members of the Internet of Things family. We may see these as a means of making our lives simpler and more comfortable, or perhaps as tangible proof that we are affluent and technologically savvy. Bart McDonough, author of Cyber Smart, treats each as yet another threat to personal privacy, mental well-being and financial security.
The golden key on this book’s cover conjures thoughts of encryption, security, and perhaps some special knowledge that might be valuable. While the Internet can seem intimidating to many, the book’s subtitle “Five habits….” hints that there might be a manageable approach to avoiding catastrophe. Cyber Smart is not about becoming an expert in all things Internet, but rather a very readable attempt to raise awareness of the many serious threats that do exist, while offering understandable and actionable ways to make oneself a tougher target. The two main sections of the book, Setting the Stage and Specific Recommendations, provide the framework for a deep dive into the variety and extent of the bad things that can happen in the Cyber World, followed by a step-by-step process to secure one’s digital life from bad actors. As part of Setting the Stage, the author introduces his “Brilliance in the Basics” approach, a forthright discipline for self-protection. A detailed Table of Contents will make it easy to go directly to a particular topic for those who may find themselves operating in crisis mode. The author’s extensive industry experience is aimed at protecting the individual, whereas much of the literature on this topic is for businesses and corporations.
The dangers of the Cyber world are tangible, really bad things like losing large sums of money or ruining your reputation are alarmingly possible, and even a small mistake can have terrible consequences. In the meantime, we are our own worst enemies – 45% of us are so stuck in the status quo that we won’t change our password even after being hacked. If you finish this book and don’t at least implement two-factor authentication, you weren’t paying attention.
Many of the mistakes described in the book begin with things that most of us routinely do. It is surprising how a bad actor sitting at home at a keyboard can leverage their computer skills to make a great deal of money or cause an enormous disruption. The book purports to be much more than just fear-mongering, although there is a fair amount of that. The good news is that there is hope; just because governments and huge corporations experience data breaches doesn’t mean that the little guy is powerless.
At this point in the evolution of the Internet, most of us have reluctantly conceded that there is no Nigerian Prince who named us as heirs to his multi-million-dollar fortune in an email. Typical warning signs include unorthodox sentence structure, emotional appeals with a sense of urgency, and requests for money. It helps to know that leverage is a very important tool for bad actors; it is relatively easy to put out tens of thousands of scam emails, and it often takes only one naïve recipient to make the whole effort worthwhile. There are plenty of other not-so-transparent risks lurking out there, and the author creates a sense of urgency by opening topics with stories that can really make the reader feel the panic of becoming a scam victim.
Cyber Smart provides some worthwhile insight into bad actors and what motivates them. Most are males under 34 years of age, and many have full time jobs and are hacking in their spare time, motivated as much by the challenge as the money. Still, the money is there. Stolen credentials can easily and profitably be traded on the Dark Web, where PayPal info is currently the most valuable at $274 per individual.
Not all hackers are bad actors, however. White Hat hackers work to strengthen business cybersecurity while Black Hat hackers are the ones who strive to destroy, deplete and monetize computing resources. Perhaps the most dangerous of all are the Nation State hackers due to the extent of their resources. Often these are politically motivated, as we experienced during the 2016 election.
Most cyber-attacks are automated via bots, and phishing attacks conducted in this manner are the way that most of us get hacked. Such attacks usually convey a sense of urgency, preying on our basic desire to get tasks out of the way, as well as triggering our “fight or flight” instinctive response to fear. When large-scale phishing attacks become more personalized, focused for example on alums of one school or people with a single breed of dog, they are referred to as “spear phishing.” Phone scams (voice phishing) are best dealt with by not answering calls from any unrecognized phone numbers. Scammers can use phone number spoofing to appear to be calling you from a legitimate number, such as one with an area code and digit sequence like your own. Bart effectively explains how these various scams work, and how to minimize the dangers.
Ransomware attacks are a more directed form of hacking; rather than phish a large number of people and hope for a bite, a bad actor installs the ransomware code on an individual’s computer, locks up the files, and then demands a payment – often through a hard-to-trace bit coin exchange. The FBI advises victims not to pay - some scammers don’t even know how to unlock your files, some won’t bother, and either way you don’t want to encourage this. Bart on the other hand suggests that while payment is a long shot, it might be your only hope if the locked files are critically important.
The list of vulnerabilities in Cyber Smart is staggering, and it’s sobering to note that most cyber-fraud victims never get their money back. Google once argued in court that someone who sends a web-based email has no reason to expect privacy; part of their business model involves scanning emails and selling the keywords to be used in targeted advertising. Recent controversies involving Facebook have led to the public realization that when an Internet service is free, you are not the customer but the product. Surveillance Capitalism is the driving force behind much of the Internet, and websites by default will collect as much information on you as they can.
The scale of the problem continues to grow; by 2020, there will be greater than 20 billion IoT devices. There are now around 3 billion social media users, with a new one created every 15 seconds. LinkedIn has 500 million accounts, and 40 million are estimated to be fraudulent. Twitter is a bad-actor favorite due to its bot-friendly interface and short links which hide destination URL’s. Although there is much danger here in the U.S., the problem is even worse when traveling overseas as most countries don’t have legal restrictions on surveillance. Russia, one of the most dangerous, sponsors legal malware/spyware tracking by cyber-criminals in exchange for the billions of dollars that it brings into their economy.
Through necessity, Cyber Smart uses lots of terminology that may not be familiar to all readers – a glossary of terms would have been nice. The notes at the end of each chapter are comprised of URL’s, some of which are long and complicated to type in (my review copy was a paper edition – perhaps these are live links in the digital version?). The author actually warns against typing in such long strings, as mistakes can lead to dangerous, bogus websites that often make subtle name changes as a way of trapping their victims. And if you’re looking for the oft-referenced principles labeled “Brilliance in the Basics”, the core of the book’s advice to readers, they don’t show up until Chapter 7.
Despite these minor issues, Cyber Smart is an entertaining read that exposes the Internet as a bad neighborhood where extreme caution is advisable. The author does a lot of foreshadowing of what’s to come in subsequent chapters, but then draws the storylines together for the now-motivated reader. Unless you are a seasoned professional cyber security expert, Cyber Smart will open your eyes to the Internet’s abundance of risks, and then outline a straightforward action plan for self-defense.
Author Profile - Paul W. Smith - leader, educator, technologist, writer - has a lifelong interest in the countless ways that technology changes the course of our journey through life. In addition to being a regular contributor to NetworkDataPedia, he maintains the website Technology for the Journey and occasionally writes for Blogcritics. Paul has over 40
years of experience in research and advanced development for companies ranging from small startups to industry leaders. His other passion is teaching - he is a former Adjunct Professor of Mechanical Engineering at the Colorado School of Mines. Paul holds a doctorate in Applied Mechanics from the California Institute of Technology, as well as Bachelor’s and Master’s Degrees in Mechanical Engineering from the University of California, Santa Barbara.