Cybersecurity Canon Candidate Book Review: “Cybersecurity: A Business Solution”

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!

Executive Summary

Managing cyber risk is a challenging undertaking, even for large organizations with significant resources at their disposal. For executives and senior managers in small to medium-sized organizations, however, managing cyber risk can quickly become a daunting and overwhelming task. That is where Rob Arnold’s book Cybersecurity: A Business Solution provides a unique and helpful perspective. Written specifically for small to medium-sized businesses, the book provides executives and senior managers with a business-centered perspective on managing cyber risk in their organizations. The audience for this book also includes IT professionals and network defenders. By mapping out how to manage an organization’s cyber risk strategies, as well as how to implement an effective cybersecurity plan, it gives IT professionals a way to speak to administration and provide them with tools for an overall plan of action.

The book recognizes the challenges that face small to medium-sized organizations and provides solid strategies for managing both the technical and financial challenges that come with cybersecurity planning. Additionally, it provides tools and tactics for executives to employ to build a strategic framework and then implement a cybersecurity plan uniquely tailored to their organization.

Cybersecurity: A Business Solution is an excellent primer for executives who understand the need for cybersecurity but are unsure of how to implement the principles and procedures. While this book is written with small to medium-sized organizations in mind, CISOs for larger organizations will also find it useful as a guide for educating senior executives, board members, and other senior managers in their organization on the practical aspects of cyber risk management. I nominate this book to be considered for the Cybercanon Hall of Fame as it is a must-read for any network defender that is a member of the management team or will be discussing cyber risk with management.

Review

Cybersecurity: A Business Solution is a handbook on cybersecurity for business owners and executives of small to medium-sized businesses, which makes it a must-read for any network defender that needs to engage company leaders. In my opinion, any business owner or executive can also be seen as a network defender. Their goal, whether it be selling products to the public, dispersing information, or working with other businesses, is to do business in a safe environment. As threats of cyberattacks loom large in our increasingly technology dependent world, the damage that can be done to businesses continues to increase. It might be a phishing attack that leads to compromised personal data of business associates or customers, or it could be an attack that leaves a server shut down leading to lost sales. Cybersecurity: A Business Solution provides the information and solutions for business owners and executives to understand cyber risk and take steps to protect their company.

The book is also a must-read for network defenders in the more literal sense of the term. IT professionals and others who work to set up cybersecurity plans often find they need cooperation from other people in administration for a fully equipped plan, but have trouble communicating the need. This book will provide network defenders with the tools and language necessary to present a full cybersecurity plan to others in the business and help them understand cybersecurity is more than just an IT problem, it’s a business problem.

Part of the book’s appeal comes from the real-world experience of author Rob Arnold, who has more than 20 years of experience in the cybersecurity industry working as a consultant for companies of various sizes, from small mom-and-pop firms to large private firms and Fortune 500 companies. Through his experience, Arnold has found that many executives look at cybersecurity as an IT problem and feel that investing in a good firewall or back up system is all they need to be prepared. Unfortunately, that outlook leaves many businesses vulnerable.

The book first takes time to explain the threats to businesses of any size from cyberattack. For example, relatively innocent phishing emails can wind up costing a company thousands of dollars in lost revenue, not to mention the damage done to its reputation.

After explaining the imminent threat of cyberattack, the book proceeds to map out what a sound cybersecurity plan should entail. In addition to knowledgeable IT people and good security systems, a well-prepared business should also consider preparing from a financial and legal perspective. It explains how insurance, legal preparation, and internal policies and procedures all work together for a complete prevention and preparedness plan. The role of the business owner or executive is to organize the creation of the plan and continue to oversee operations once the plan is in place and enacted.

Cybersecurity: A Business Solution effectively brings together real-world industry experience, along with financial and insurance risk management expertise, to provide an essential how-to guide for small businesses. The book’s stated goal is to help senior leadership understand cyber risk is more than just an IT problem: it’s a business problem.

In addition to the practical business advice found in this book, another aspect that adds to its value is the inclusion of the NIST framework, a cybersecurity guideline created by the federal government. This overview helps businesses understand the ultimate goals of cybersecurity and how to work to meet those new expectations.

I believe Cybersecurity: A Business Solution provides important material for business leaders and fills a gap in cybersecurity education. Rather than focusing purely on the technical  aspect of cybersecurity, this book looks at the big picture, exploring how a cyberattack can affect all parts of a business, and then providing the reader with the knowledge and tools necessary to not only prevent a cyberattack but be prepared to act in the event of an attack. For all network defenders, the book provides information to present well-rounded cybersecurity plans to all levels of administration.

This book covers new territory, providing the tools business executives need to prevent an attack as well as be prepared for one. As cyberattacks become more and more common, the chances of a business suffering a cyberattack grow greater every day. In my work practicing law, with a concentration on cybersecurity, I understand how important it is for businesses to look at the big picture when it comes to cybersecurity. It is no longer enough to have strong passwords and a good backup system. In today’s environment you need company-wide policies enacted and followed through on; you need a plan in place for damage control in the case of an attack; you need to be prepared to contact customers and/or the authorities in the event of an attack; and you need insurance to help cover the financial losses. In my professional opinion, this book provides the information about why all of this is important as well as the practical advice to get started creating and implementing a plan right away.

Conclusion

While Cybersecurity: A Business Solution was written primarily for an audience of business owners and executives of small to medium-sized businesses, this book provides valuable information on the growing threat of cyberattack as well as a practical guide to prevention and preparedness that is just as helpful and educational for larger organizations and IT professionals. It is an essential tool in helping today’s businesses and organizations be fully prepared, from both a knowledge perspective and a practical approach, for the threat of cyberattack. No cybersecurity plan would be complete without taking into account all the different aspects of a business that will be affected, and this book examines all of those aspects, giving the reader the tools necessary to create and implement a successful cybersecurity plan.