Review: 'Whaling for Beginners: Reputations'

Whaling for Beginners: Reputations by Jerome Vincent is the second instalment in AXELOS’ novella series exploring the topic of ‘Whaling’, the use of phishing techniques to specifically target board-level executives within cybercrime.

Book two picks up where the first ended with Jim Baines, fictional CEO of a major US packaging company, along with his friends and colleagues continuing to struggle to come to terms with the aftermath of an anonymous hacker’s email whaling attack brought about by straightforward social engineering, as is so often the case in real life data breach situations of this type.

With the future of his company so suddenly thrust into uncertainty, Jim is faced with the reality of learning why he was targeted and how he and his team must respond, shining a light on a plethora of lessons that can be learnt by those at the top of any organization.

“Jim’s story is fiction that has turned into reality for all too many businesses leaders,” said Nick Wilding, head of cyber resilience at AXELOS. “This new instalment of Whaling for Beginners continues to illustrate just how real the impacts of a successful cyber-attack can be on personal and corporate reputations. It tells the human, rather than just the technical, story of what it means to be a business leader having to deal with a potentially catastrophic crisis.”

“We look forward to continuing to use storytelling to bring cyber risk to life and to help provide all employees with the awareness and insight they need to make the right decisions at the right time,” he added.

For what is a very quick read, the book really does a great job of portraying the truly damaging effects of a cyber-attack, with the author using several clever shifts in narrative which allow the reader to see the events unfold not only from the perspective of the victims but also get a glimpse into the psyche of the hacker himself.

In doing so, we are treated to an entertaining whilst hard-hitting story that delves into many relevant, thought-provoking cybersecurity issues including the ins and outs of breach disclosure (particularly timely with the GDPR now officially confirmed to be coming into effect in 2018), the motivations that drive cyber-criminals to do what they do and the complexity of building a solid security culture.

What’s more, Whaling for Beginners: Reputations highlights just how vital it is to have a well-defined, tried and tested incident response plan for when an attack happens. This must go beyond technology and business continuity to include how you communicate effectively with multiple stakeholders, including customers, advisers and your wider supplier ecosystem, as well as internal to your firm – as Jim finds out to his peril.

By also exploring factors such as financial fall-outs, loss of reputation and dealing with media attention following a breach, the book highlights the very real issues that boardrooms and senior executives face as they strive to gain the insight and intelligence they require to make informed decisions around their cyber risks. 

“Cyber is a complex risk to manage effectively that can have catastrophic impacts,” added Wilding. “Whaling for Beginners has been written to provide emotional insight and intelligence to help guide business leaders through understanding the lessons learnt by Jim Baines, as he realizes just how close to home cyber-attacks can strike and how vulnerable he is to attack.”

Much like the first instalment in this series, this follow-up novella is a witty, enjoyable and educational story that I would highly recommend to anyone interested in cybersecurity and the plethora of evolving risks that now so commonly surround the digital world.

Both Whaling for Beginners and Whaling for Beginners: Reputations are available for purchase via the AXELOS or TSO websites.

What’s Hot on Infosecurity Magazine?