Cyberphobia – Identity, Trust, Security, and The Internet by Edward Lucas covers a lot of topics under the umbrella of information security, as you might guess from the book’s tagline. The book sets out for itself the valiant goal of educating the masses and solving the problem of information security through end-user education. Unfortunately, I do not think any progress was made toward that goal through this book.
I am not this book’s target audience. I am too technical and too familiar with the topic. That is fair enough. It is spelled out right in the preface for whom the book is intended, which also explains the book’s title.
This book is called Cyberphobia because so many people are so put off by needlessly complicated technical language that they fail to realize the importance of the issue at stake. Many books about this subject explain in great technical detail how to build and defend a supposedly secure network of computers. These are rather like technical manuals for locksmiths: interesting to the specialist, but useless to the layman.
The central message of this book is that our dependence on computers is growing faster than our ability to forestall attackers. Criminals, hooligans, activists and hostile foreign powers are constantly attacking individuals, businesses, organizations and governments. They are winning and we are losing. Unless our thinking and behavior change, we will become less safe, less free, less healthy and less happy. Most of all we need to understand that cyber-security is not a technical issue, any more than road safety is about engineering. The books is about how we need to rethink our behavior – as individuals, organizations, and societies – in dealing with the threats we face online. But above all, this is a book about humans, not about machines.
In my opinion, this book achieved a different blend – useless to the specialist and boring to the layman. I was already familiar with almost all of the content conveyed in this book with an exception to the digital identity chapter. Beyond that, I was annoyed by technical definitions that were just close enough to be hard to argue but did not really do the topic justice. Remembering that I am not the target audience, I dumbed myself down and tried to enjoy the book by not getting hung up on specific details.
Continuing on through the material, I found myself wanting the book to end. After the long preface and long introduction, we finally get to the first chapter and it is an eye roll worthy course of information security issues with an on-the-nose example of a married couple that has lived in blissful ignorance of these concerns. Through the rest of the book, it covers botnets, ransomware, politics, foreign spying, vulnerabilities, passwords, identity, and other topics.
My main problem with the book is that I do not think it will find its audience. If you are technical and interested in the topic, you are already familiar with these current events. Even my recollection of some real-life examples given were more detailed and accurate than they were described in the book. The second half of the problem is that the book is too long but mostly too wordy for the topic. If someone has remained blissfully unaware of security problems until coming upon this book, they should not be punished with over-explained recaptures of events and tedious analogies that just keep going.
The book ends after 264 pages and that is far more than is needed. There are multiple appendices, endnotes, and an index which thankfully brings the ending sooner than expected.
Overall, I do not recommend Cyberphobia. I found the writing tedious, boring, and generalizing. A more concise and accurate book could capture and retain an audience’s attention better, which was the whole goal of the book. If you wanted to jump to specific topics, you will first have to “translate” the chapter titles in the table of contents such as “Clearing the Jungle”, “The Geopolitics of the Internet”, and “Spies v. Warriors” in an annoying way, not an intriguing way.
If you would like to see for yourself or know someone that falls perfectly in the target audience niche, you can find Cyberphobia by Edward Lucas on Amazon.
What I would rather recommend, is that you read some of the sources that Cyberphobia drew from, such as Brian Krebs’ site Krebs on Security. A book that will draw you in, and teach you all about social engineering, is Kevin Mitnick’s Ghost in the Wires.
