About the Book
To counteract a cyber attacker, organizations need to learn to think like one. Understand the Cyber Attacker Mindset explores the psychology of cyber warfare and how organizations can defend themselves against attacks.
This book provides a comprehensive look at the inner workings of cyber attackers in the digital age and presents a set of strategies that organizations can deploy to counteract them. With technological advancements in cybersecurity, attackers are increasingly falling back to social engineering and preying on people's vulnerabilities. This book examines different types of cyber attackers, explores their motivations, and examines the methods used. It also reviews key industry developments such as cybercrime as a service, brokers and syndicates, nation-sponsored actors, insider sabotage and the challenges faced by law enforcement in tracking and apprehending attackers.
Understand the Cyber Attacker Mindset offers expert, strategic guidance on how organizations can improve their cybersecurity operations in response, including enhancing security awareness training, educating employees to identify and resist manipulation, understanding the importance of cultural variances and how board-level decision-making can directly influence attacks. Written by a renowned cybersecurity leader, the book draws on interviews with ex-criminals and top experts in the field to share rich insights and a wide range of case studies profiling notable groups, such as Anonymous, Lapsus$, FIN7, Nigeria's Yahoo Boys, Sandworm, and the Lazarus Group. The human side of cybersecurity has never been so important.
Table of Contents:
Section - ONE: Understanding types of attack, how they operate and why they are successful;
Chapter - 01: The evolution of cybercrime in the digital age;
Chapter - 02: Understanding the will and motivation of attackers;
Chapter - 03: Types of cyber attack and why they work;
Chapter - 04: How covid-19 created an epidemic of cybercrime;
Chapter - 05: Cybercrime as a service – a booming enterprise;
Section - TWO: Incidents, lessons learnt and the rise of the insider threat;
Chapter - 06: Opportunists and activists – how anyone can become a cybercriminal;
Chapter - 07: New kids on the block – new groups making names for themselves;
Chapter - 08: Syndicates – how groups work together to build services and avoid detection;
Chapter - 09: Brokers – law enforcement headaches in tracking cybercrime and money laundering;
Chapter - 10: Influencers – how nation-sponsored actors change social dynamics;
Chapter - 11: Insiders – how attackers take advantage of internal loopholes;
Section - THREE: Strategies to counteract the criminal mindset and build resilience;
Chapter - 12: Why your security awareness training sucks, and education is the differentiator;
Chapter - 13: Are people really the weakest link?
Chapter - 14: The human factor – mindset, cultural variances and what factors tip people over the edge;
Chapter - 15: Strategies for counteracting human adversaries;
Chapter - 16: The board-level response – how decisions are made in times of crisis;
Chapter - 17: Final thoughts on the direction and evolution of the human adversary;
About the Author :
Sarah Armstrong-Smith is recognized as one of the most influential women in cybersecurity and UK tech, with over 25 years' experience delivering and advising C-suite leaders on large-scale cybersecurity, information protection and resilience programmes. She is Chief Security Advisor at Microsoft and has previously held roles at EY, Fujitsu, AXA, and the London Stock Exchange Group. She is based in Bath, UK.
Review :
"There is so much rich content in this excellent and important book by Sarah Armstrong-Smith - why cybercrime is booming, how it works, and why so many of the approaches we've taken, like blaming poor, befuddled users, haven't worked. Anyone wondering about how and why their business might be at risk of cyber attacks, and what they can do about it, would be well advised to dip into it!"
"Sarah Armstrong-Smith masterfully bridges the gap between technology and psychology of the adversary, exposing the vulnerabilities and desires that fuel cyberattacks. Understand the Cyber Attacker Mindset is as a powerful call for empathy and understanding and essential for charting a safer course through the ever-evolving world of cybercrime."
"Understand the Cyber Attacker Mindset offers a thorough and contextual look at cybercrime, analysing the conditions that allow it to flourish. Sarah Armstrong-Smith's insights demonstrate the complexity of the cyber attacker mindset, which is essential to understand if we want to overcome the growing scourge of cyberattacks."
"Understand the Cyber Attacker Mindset is the book everyone in cyber security needs to read. It's easy to digest and is one of the first to step into the space that connects cyber security and the social sciences. Understanding how different environments and relationships with the cyber space can influence criminal behaviour will give organizations a deeper understanding of how to strengthen their security awareness training. Sarah Armstrong-Smith's book will act as the missing link to help non-technical and individuals outside of cyber security, sit up and take note of how and why their business may be the next target."
"Sarah Armstrong-Smith is a first-rate guide to where cybercrime lurks and how you can protect yourself from such attacks. Understand the Cyber Attacker Mindset is a very timely, very useful guide to not just how people attack computers, but why they do it. Understanding their motivation is half the battle."
"Understand the Cyber Attacker Mindset sets out the landscape of cybercrime, how we got here and most importantly what the mindset of the attacker actually is. Sarah Armstrong-Smith is a seasoned luminary in the field of cybersecurity, and her latest work is a testament to her dedication to shedding light on the intricacies of the cyber threat. I can confidently recommend it as a must-read for those who seek to understand the evolving threat landscape and take proactive steps to secure their digital estate."
"Understand the Cyber Attacker Mindset is what we've been waiting for! It genuinely captures all relevant and important aspects of the cyber attacker mindset and provides unique insight. Sarah Armstrong-Smith's book is an important knowledge source. A must read!"
"Cybercrime is often mistakenly perceived as a problem that is solely related to technology. However, it is fundamentally driven by human motivations such as the desire for financial or professional gain, nationalism, greed, notoriety, or revenge. Sarah Armstrong-Smith's Understand the Cyber Attacker Mindset shows defenders how they can develop effective strategies and methods to combat cybercrime."
"Through terrifying real-life examples and hands-on advice, Sarah Armstrong-Smith's Understand the Cyber Attacker Mindset offers a thorough and practical survey of the growing cyber threat facing today's organisations, and how they can tackle it from the frontline to the boardroom."
"Understand the Cyber Attacker Mindset is essential reading for all practitioners involved in tackling fraud and cybercrime, academics, and anyone with an interest in understanding the hidden world of these criminal activities, the darker sides of human behaviour and how to guard against them."
"Understand the Cyber Attacker Mindset is the ideal guide to revealing how different threat actors really operate with insight from experts in the field. Sarah Armstrong-Smith raises the standard in recognizing the all-important human side of security to help make organizations and their people more resilient."
"Understand the Cyber Attacker Mindset is an interesting, accessible read focussing on the human aspects of cybersecurity. The discussions concerning the motivations of digital criminals are illustrated with some great up-to-date case studies. There are some great suggestions for dealing with all of the issues considered."
"Sarah Armstrong-Smith expertly takes the reader through a comprehensive, but clear, journey leaving them with a path for creating security strategies that integrate both technology and people. Whether you have a technical, business, or human-centric background, Understand the Cyber Attacker Mindset demonstrates how to create a holistic security strategy."
"The premise of Understand the Cyber Attacker Mindset, that the focus of cybersecurity strategy should be on humans and not just machines, is something that should resonate with any reader with an interest in cybersecurity. As a seasoned intelligence and cybersecurity practitioner I have learned a lot from reading this work, and I would suggest that others can do too."
"This is an absolute must read for anyone wanting a solid history of cybercrime and cybersecurity. Understand the Cyber Attacker Mindset brilliantly frames the key events in recent years that have helped shape the attacker mindset."
