Whaling for Beginners, written by Jerome Vincent and published by AXELOS, is a thought-provoking, witty novella which explores ‘whaling’, the specific targeting of board-level executives within cybercrime. It’s no secret that these high-value individuals are a prime target for hackers and the book follows Jim Baines, fictional CEO of a major US packaging company as he, his colleagues and oldest friend become the victims of an anonymous cyber-hacker’s email whaling attack.
Nick Wilding, head of cyber resilience, AXELOS, told Infosecurity that the book is designed to give business leaders a different perspective about cyber-risks.
“The short story highlights the devastating impacts a cyber-attack can have on an organization’s hard won reputation, competitive advantage and market value. It offers a new narrative and an emotional connection to the personal impacts that a cyber-attack can have on those who lead and run organizations. It highlights just how vulnerable we all are...and just how immune we all think we are to one of the biggest risks that any organization faces.”
For what is a very quick read, Whaling for Beginners covers a lot of cybersecurity issues from board-level decisions right through to the risks of introducing third-party external flash drives into a company system. It also cleverly uses several shifts in narrative allowing the reader to see inside the minds of several contrasting characters all of whom play their own roles in the breach as it develops – these include Jim himself, his ‘Sherlock Holmes-like’ IT employee with a penchant for security and the elusive hacker who brings so much misery to the chief characters with a simple phishing campaign.
Although a fictional story, the book does a great job of addressing several real-life talking points that often crop up in discussions about cybersecurity. In particular, the author delves into to both the insider threat and just what it is that motivates cyber-hackers to do what they do.
A central message in the book is that an organization’s security infrastructure is only as strong as the knowledge of its employees about safe security practice, and more interestingly, the defenses of third-party companies that they share information with. It warns against businesses standing still and becoming complacent with what was once considered a ‘strong’ cyber-defense system; it challenges the reader to consider what type of personal and professional information they share on networking sites and social media, highlighting these as a prime source of information for hackers with malicious intent; and it shows just how vital being clued-up on security can be (it’s the young, security-minded IT ‘whiz’ who is the one that spots the breach and how it happened before the CEOs and Directors are even aware there is a problem).
Whaling for Beginners also sheds some light on what it is that cyber-criminals are looking for, and it’s not just money. Far more valuable are secrets, business ideas, designs – these are the gifts that keep on giving, as Jim finds out to his peril. The hacker is an opportunistic misfit not satisfied with plying his technical skills in a standard nine to five, instead he has his heart on the ‘Moby Dick’ of whales.
Finally, the book highlights the fact that some boardrooms and senior executives still find cybersecurity somewhat of an unknown commodity. They realize it’s an issue that requires investment, but often struggle to understand and respond to cyber-breaches effectively. Out of nowhere cyber-attackers can strike, throwing an organization into turmoil and leaving people’s futures hanging in the balance.
I’m certainly looking forward to following Jim’s story further when the next installment in the series Whaling for Beginners 2: Reputation is published next month.
Whaling for Beginners is available in print and audio versions here.