{"id":10372,"date":"2015-09-23T05:00:31","date_gmt":"2015-09-23T12:00:31","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=10372"},"modified":"2020-04-21T14:29:43","modified_gmt":"2020-04-21T21:29:43","slug":"the-cybersecurity-canon-future-crimes-everyone-is-connected","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2015\/09\/the-cybersecurity-canon-future-crimes-everyone-is-connected\/","title":{"rendered":"The Cybersecurity Canon: Future Crimes: Everyone Is Connected, Everyone Is Vulnerable and What We Can Do About It"},"content":{"rendered":"

\"cybersec<\/span><\/div><\/a><\/p>\n

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite<\/a>.\u00a0<\/em><\/p>\n

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!<\/em><\/p>\n

Book Review by Canon Committee Member<\/a>,\u00a0Jon Oltsik<\/a>:\u00a0<\/strong>F<\/em>uture Crimes:\u00a0 Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It<\/em> (2015) by Marc Goodman<\/p>\n

Executive Summary<\/h3>\n

Future Crimes<\/em> by Marc Goodman details the dark side of technology, examining how new technologies are used and abused for criminal purposes.\u00a0 In just under 400\u00a0pages, Goodman provides some basic historical background on computer security and then guides the reader through a cybercrime journey spanning consumer, industrial, medical, and various other technologies.<\/p>\n

Fair warning to prospective readers: the story isn\u2019t pretty.\u00a0 The author starts with a wake-up call about data privacy and how a plethora of companies like Facebook, Google, and OkCupid, and the $150 billion dollar data broker industry regularly collect, sell, and abuse user data.\u00a0 When it comes to Internet services, Goodman reminds readers, \u201cyou\u2019re not the customer, you\u2019re the product.\u201d<\/p>\n

Future Crimes <\/em>also explores the current derelict world of cyber peeping toms, bullies, revenge porn, and extortion.\u00a0 While these crimes are already rampant today, Goodman theorizes that things will get worse with the proliferation of surveillance cameras, geo-location services, RFID tags, and wireless networking technology.\u00a0 The point is crystal clear: each technology innovation increases the attack surface, and cybercriminals are only too happy to exploit these vulnerabilities for profit.<\/p>\n

Aside from level setting on the present, about half of this book examines the future of cybercrime with an in-depth analysis of cybercriminal organizations, cybercrime processes, divisions of labor, specialization, and the overall cybercrime marketplace.\u00a0 This analysis is especially useful for cybersecurity professionals seeking to understand what motivates cyber adversaries and how they do what they do.\u00a0 Goodman also does a good job of aligning cybercrime with the proliferation of Internet of Things (IoT) technologies.\u00a0 The author succeeds in introducing IoT technologies, describing their potential benefits, and then providing numerous examples of how these innovations have or will be used for nefarious purposes.<\/p>\n

Future Crimes <\/em>can be verbose and even alarmist at times, but these are minor shortcomings within an otherwise extremely educational and informative book.\u00a0 The author is especially adept at providing real-world examples, research points, statistics, and news stories to back up his points throughout the text.\u00a0 And while experienced cybersecurity readers may be familiar with many of the events described in the book, Future Crimes <\/em>goes beyond other books by covering a variety of territories like consumer, industrial, medical, and even military technology threats, vulnerabilities, and crimes.\u00a0 In this way, Goodman weaves familiar cybersecurity events into a unique wide-angle lens of cybercrime.<\/p>\n

I found Future Crimes<\/em> extremely educational and believe it is a worthwhile read for cybersecurity professionals and even business managers interested in learning more about a broad range of cyber risks.\u00a0 As such, Future Crimes <\/em>should be included in the Cybersecurity Canon.<\/p>\n

Review<\/h3>\n

Being an industry analyst, people often ask me a rather fundamental question:\u00a0 What is the difference between information security and cybersecurity?\u00a0 Some of my peers believe that any distinction between the two terms is nothing but semantics. I disagree.\u00a0 In my humble opinion, information security is inexorably linked to the confidentiality, integrity, and availability of IT assets and infrastructure (i.e., applications, data, networks, servers).\u00a0 Alternatively, cybersecurity is a broader topic that encompasses the confidentiality, integrity, and availability of all connected systems \u2013 industrial control systems, medical devices, consumer devices, etc.<\/p>\n

With these discrepancies in mind, Future Crimes<\/em> by Marc Goodman can be categorized as a comprehensive analysis of the state of cybersecurity, its implications on consumer safety and privacy, and the collective impact of cybersecurity vulnerabilities on our society at large.<\/p>\n

The book is divided into three sections.\u00a0 In Part One (A Gathering Storm<\/em>), Goodman explores today\u2019s cybercrime realities.\u00a0 Part Two (The Future of Crime<\/em>), looks at the cybercrime underworld and maps technology development to new types of burgeoning and creative criminal activity.\u00a0 Finally, Part Three (Surviving Progress<\/em>) provides some cybersecurity recommendations to consumers, government agencies and technology companies.<\/p>\n

In the first chapter of the book (Connected, Dependent, and Vulnerable)<\/em>, Goodman provides a situational analysis describing the state of cybercrime today and how we got to this point.\u00a0 Here, Goodman compares cybercrime to physical crime, explains the differences, and then gives the reader a historical review of computer security and basic malware tutorial.\u00a0 The author then quickly fast-forwards to today\u2019s dangerous threat landscape, illustrating his points by recounting examples of identity theft and data breaches while providing several ominous statistics on the explosion of malware.\u00a0 By the end of the chapter, readers should be well-aware of Goodman\u2019s in-your-face message:\u00a0 \u2018Think your online world is secure?\u00a0 Think again!\u2019<\/p>\n

With the first chapter as a baseline, Goodman proceeds through the first part of the book by digging deeper into criminal activities associated with the technologies we all use in our daily lives for communication, entertainment, health care, our jobs, etc.<\/p>\n

For example, Future Crimes <\/em>exposes the dark side of all of the free Internet services we all enjoy, such as email, search engines, and social networks.\u00a0 Goodman provides numerous examples of how companies like Facebook, Google, and LinkedIn provide these free services while playing fast and loose with user privacy and monetizing user data as they see fit \u2013 today and in perpetuity.\u00a0 Of course, most users have no idea this is happening, as they are relatively defenseless against typical terms of service (TOS) agreements.\u00a0 The author actually cites a Carnegie Mellon University study stating that the average American encounters thousands of privacy policies each year with an average of over 2,500 words.<\/p>\n

As if this weren\u2019t enough, the book proceeds with a creepier scenario: everyone is gathering and profiting from our data\u2014cellular phone carriers, data brokers, dating sites, you name it.\u00a0 I was particularly troubled by the story of a supposedly altruistic website, PatientsLikeMe, focused on connecting people with chronic illnesses.\u00a0 As it turned out, PatientsLikeMe was actually selling this deeply personal patient information to a Nielsen subsidiary (BuzzMetrics), which then packaged the data for sale to drug companies, medical device manufacturers, and insurance companies.\u00a0 This served as a strong example of cyber caveat emptor for consumers.<\/p>\n

Once readers understand just how vulnerable they are, Goodman shifts the narrative from victims to perpetrators.\u00a0 Part Two of Future Crimes <\/em>specifies that criminals have always pioneered new ways to use new technologies for malevolent purposes, and this trend is only accelerating with accelerated innovation.\u00a0\u00a0 The author delves into the organizational structure of cybercriminals, looking at reporting structure, specialization, outsourcing, and the overall criminal marketplace.\u00a0 These chapters act as a Cybercrime 101 course with details about things like the use of money mules, cybercriminal communication using the Dark Net, digital currencies like Bitcoin, and average prices for stolen merchandise like credit card numbers, documents, and even assassination services.<\/p>\n

True to its name, the book also examines future crimes associated with evolving Internet of Things (IoT) technologies that combine compute, network, and storage resources with consumer and industrial capabilities.\u00a0 Goodman is a fan of IoT and highlights its potential benefits but is also quick to identify a myriad of vulnerabilities.\u00a0 For example, implanted medical devices (IMDs) like pacemakers and insulin pumps could be remotely controlled and monitored by physicians, improving care and reducing healthcare costs.\u00a0 Alternatively, insecure IMDs could also be hacked and used for criminal acts.\u00a0 Imagine if thousands of diabetics using a particular IoT insulin pump received an email threatening to give them a lethal dose of insulin unless they paid an extortion fee of $1000.\u00a0 Future Crimes <\/em>looks at many similarly frightening scenarios.<\/p>\n

It is worth pointing out a core strength of Future Crimes<\/em>: it is replete with countless real-world stories and copious data points that accentuate Goodman\u2019s points throughout the book.\u00a0 For example, the book recounts the 2008 attack in Mumbai and describes how terrorists took advantage of technologies like cell phones, GPS, and real-time access to news feeds.\u00a0 Goodman also reveals incidents of cyberbullying, industrial espionage, revenge porn, and outright cyber vandalism.\u00a0 For example, the 2001 hack of an Australian sewage treatment plant that \u201ccaused millions of litres of raw sewage to spill out into local parks, rivers, and even the grounds of a Hyatt Regency hotel,\u201d really reinforced Goodman\u2019s message on the cyber risks and consequences related to critical infrastructure.<\/p>\n

Future Crimes <\/em>is not without a few flaws.\u00a0 Experienced cybersecurity professionals are all too familiar with many of the examples cited, and there are certainly other books providing more details about each individual topic.\u00a0 Some may consider Goodman as a cyber \u201cChicken Little,\u201d pummeling readers, page after page, with a dystopian diatribe about technological evils.\u00a0 The author\u2019s recommendations toward the end of the book are somewhat disappointing; those with cybersecurity policy and management experience won\u2019t find anything new here.\u00a0 Finally, Future Crimes <\/em>can be a bit verbose and repetitive at times, exhausting even the most energetic reader.<\/p>\n

In spite of these few shortcomings, however, I believe that Future Crimes <\/em>is a very good book.\u00a0 In truth, Goodman is really a technology optimist and does a fine job of explaining the use of technologies for good and evil.\u00a0 While some of the stories are familiar to the cybersecurity community, I found the author\u2019s reviews to be concise and relevant toward a variety of cybercrimes.\u00a0 Future Crimes\u2019 <\/em>best quality is its breadth of coverage.\u00a0 In just under 400 pages, Goodman seems to cover everything (consumer technology, industrial technology, medical technology, etc.), comes up with specific examples of criminal exploits, and offers intelligent insight about future criminal trends.\u00a0 Well done, Marc!<\/p>\n

In my humble opinion, cybersecurity professionals will advance their education by reading this book, so I recommend its inclusion in the Cybersecurity Canon.\u00a0 I would also suggest that business executives read Future Crimes <\/em>in order to expand their knowledge about cyber risks.\u00a0 This will help CEOs and corporate boards realize that they need to consider cybersecurity vulnerabilities and threats as they relate to employees, products, and the cyber supply chain \u2013 not just their organization\u2019s IT assets.<\/p>\n","protected":false},"excerpt":{"rendered":"

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting …<\/p>\n","protected":false},"author":40,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[155,4521],"tags":[251,1460,510,1459],"coauthors":[1325],"class_list":["post-10372","post","type-post","status-publish","format-standard","hentry","category-cybersecurity-2","category-canon","tag-cybersecurity-canon","tag-future-crimes","tag-iot","tag-marc-goodman"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/10372","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=10372"}],"version-history":[{"count":5,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/10372\/revisions"}],"predecessor-version":[{"id":109923,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/10372\/revisions\/109923"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=10372"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=10372"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=10372"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=10372"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}