"There is a detailed table of contents and good index, and chapters conclude with succinct summaries. In essence, Daswani and Elbayadi have brought Fowler's 2016 work [2] up to date. This is an excellent reference for anyone working in the area of ICT cybersecurity. Management in particular will find it useful, as the authors have tried to keep technical jargon to a minimum ... that can be taken to protect and minimize the impact of cyberattacks on organizations." (David B. Henderson, Computing Reviews, March 31, 2023)

Part I: The Biggest Breaches

The goal of this part is to explain, in plain English, the biggest breaches in recent years, focusing on what has resulted in everything from exposure of the majority of American consumers’ financial identities to a foreign power more than significantly “influencing” the election of our most recent President.  The breaches will be covered in reverse chronological order of the years in which the breaches were made public (even though some of them occurred prior), and in the summary section, I’ll also comment on the relevance and implications of the actual years in which the breaches took place.

Chapter 1: The Five Key Root Causes

This chapter reviews the five basic root causes that we’ll see in all the mega-breaches that will be reviewed in subsequent chapters.

1. Phishing
2. Malware
3. Third-party compromise (suppliers, customers, and partners, as well as acquisitions)
4. Software Vulnerabilities (application security as well as third-party vulnerabilities)
5. Inadvertent employee mistakes

Chapter 2: The Capital One Breach in 2019

On July 29, 2019, court documents were released regarding a security breach at Capital One that exposed data for over 105 million people. A lone hacker gained access to highly sensitive data including names, social security numbers, addresses, and dates of birth.  This hack is just one example in which over a hundred million customer records have been exposed to the entire Internet.

1. The Modern Day Datacenter: The Cloud and Hybrid Clouds
2. Erratic: Former Amazon Web Services employee
3. The Firewall Hack
4. The Ex-Filtration
5. The Simple Mistakes
6. The Charges & The Fallout

Chapter 3: Cambridge Analytica & Facebook

1. How Facebook Works
2. How Facebook Makes Money Through Ads
3. Political Ads
4. Security Challenges with Ads: Abusive Targeting, Bad Ads, Malvertising, and Click Fraud
5. Facebook’s Third-Party Apps and APIs
6. Cambridge Analytica Harvesting
7. Bungled Remediation of Harvested Data
8. The “View As…” Vulnerability
9. Remediation of the “View As…” Vulnerability

Chapter 4: The Marriott Hack in 2018

1. Marriott and Starwood
2. DBA Account Takeover
3. Malware: Remote Access Trojan and Mimikatz
4. Starwood Guest Reservation Database Exfiltration

Chapter 5: The Equifax Hack in 2017

The credit histories of 145M+ American consumers were stolen in 2017 in the largest breach of financial identity in history.

1. Vulnerability Management Problems
2. Apache Struts and CVE-2017-5638
3. The Overall State of Information Security at Equifax
4. The Hack
5. The Blundered Response
6. The Impact

Chapter 6: The Facebook Hack in the 2016 Presidential Election

This chapter describes the organized Russian disinformation campaign in which Facebook was weaponized to distribute over 5 million paid ads that focused on dividing the American public and influencing votes in the 2016 Presidential election. 

Dezinformatsiya: Inherently Russian
1. Lack of Regulatory Oversight for Social Media (as compared to TV advertising)
2. Russian Facebook Ads
3. The Internet Research Agency: Kremlin-backed Online Troll Farm (amongst 228 groups)
Weaponization of Ad Targeting: Swing States (Pennsylvania, Virginia, and Wisconsin)
4. Suspicious Advertisers: Over 9,500
5. Fancy Bear: Indictments of 13 Russian Individuals

Chapter 7: The Democratic National Committee Hack in 2016

Just as significant as the disinformation advertising campaign was the infiltration and subsequent leaks of over 150,000 emails from the Democratic National Committee.

1. Trump’s Request
2. Massive Phishing Campaign
3. How John Podesta Got Phished: 60,000 Emails Stolen
4. Additional Phishing Emails: 150,000 Emails Stolen
5. Guccifer 2.0
6. WikiLeaks
7. Key Emails and Information Leaked
8. Impact

Chapter 8: The Office of Personnel Management Hack in 2015

The SF-86 background check files of over 20 million government employees (including CIA, NSA, FBI, and other agents) which also included information about their friends, family, and neighbors, as well as over 5 million fingerprints were stolen and exfiltrated by a foreing nation state.

1. What was stolen
2. Impact
3. Root causes
4. How it could have been prevented

Chapter 9: The Yahoo Hack in 2013 and 2014 (made public in 2016)

The largest breach in the history of the Internet and the world occured in 2013 and 2014 when attackers compromised Yahoo’s email and other systems.

1. Spear phishing
2. Malware to grow footprint
3. Cookie minting
4. Yahoo Account Management Tool Compromise
5. Targeting of Politicians and Diplomats
6. Financial Impact and Verizon Acquisition
7. Former KGB Agents and Indictments

Chapter 10: Holistic Implications

1. Political Impact
2. Financial Impact
3. Regulatory Impact
4. Technology Impact

Part II: How to Recover

In this second part of the book, technologies that are critical to the roadmap to recovery are explained in plain English.  In addition, the contributions that people in various roles need to make and the processes that need to be put in place by those people will also be covered.

Chapter 11: Better Preventative Countermeasures

Password Managers, Multi-factor Authentication, and Yubico-like Hardware Tokens
1. Authentication Providers (Current as well as potential future e.g. FIDO Alliance)
2. Automated Patching: Endpoints, Servers, and IoT.  Browsers (e.g., Chrome) are a great example of how this can be done right.  Mac OS X updates are also a great example, even if a bit inconvenient sometimes.  Servers and IoT need help.  Mirai botnet from 2016 exhibits the urgency.  IoT Guidelines.
3. Building Codes for Software
   
   

Chapter 12: Detection: Identity Monitoring

1. Difference between credit monitoring and identity monitoring
2. Dark Web Monitoring
3. New Account Creation Vs. Account Takeover
   
   

Chapter 13: Detection: Bad Ads, Fake News, and Anti-Malvertising

The goal of this chapter is to focus on detection of bad ads, fake news, and malware that attempt to enter and distribute itself through the online advertising ecosystem.

Chapter 14: Containment and Recovery: How to Make the Stolen Data Useless

Chapter 15: Cybersecurity Investments: Made To-Date

Chapter 16: Cybersecurity Investments: What’s Need Going Forward

This chapter analyzes what areas of cybersecurity are ripe for further investment.  Areas such as cloud security, and artificial intelligence applications to security have received less private equity and public IPO investment as compared to, say, network security and probably warrant more investment going forward.

Chapter 17: Advice to leadership

Chapter 18: Applying your skills to the field of cybersecurity

This section provides people managers, project managers, software developers, IT administrators, in addition to product managers advice on how they can best leverage their skill sets to achieve security.

Conclusion / Summary

​Dr. Neil Daswani is Co-Director of the Stanford Advanced Security Certification program, and is President of Daswani Enterprises, his security consulting and training firm. He has served in a variety of research, development, teaching, and executive management roles at Symantec, LifeLock, Twitter, Dasient, Google, Stanford University, NTT DoCoMo USA Labs, Yodlee, and Telcordia Technologies (formerly Bellcore). At Symantec, he was Chief Information Security Officer (CISO) for the Consumer Business Unit, and at LifeLock he was the company-wide CISO. Neil has served as Executive-in-Residence at Trinity Ventures (funders of Auth0, New Relic, Aruba, Starbucks, and Bulletproof). He is an investor in and advisor to several cybersecurity startup companies and venture capital funds, including Benhamou Global Ventures, Firebolt, Gravity Ranch Ventures, Security Leadership Capital, and Swift VC. Neil is also co-author of Foundations of Security: What Every Programmer Needs to Know (Apress).