Q. Why did I write Cyber Within?

A. I wrote Cyber Within to provide employees with an interesting guide to help them understand cyber and insider threats. The book is meant to provoke thought and provide examples concerning the current attacks happening in the corporate world today. I used a story format because I know how tough it is getting employees to read technical—and often dry—security guides.

Q. Why should companies buy this book for their employees?

A. It’s often difficult to get security practices to resonate with employees. Traditional computer-based training allows employees to rush to the end without paying much attention to the content. Additionally, the content is often dry, so employees are often uninterested. Companies should buy Cyber Within for their employees because it’s fun, engaging, and has a memorable story with lessons they can apply today.

Latest Press Release:

ATTACKS ON GOOGLE DEMONSTRATE THAT CORPORATE SECRETS ARE GETTING OUT — LEARN HOW YOU CAN PLUG THE LEAK

NORFOLK, VA. – With the continual rise in cyber crime, corporate secrets are harder to contain (as demonstrated by recent attacks against Google, Adobe and other major companies). To gain unauthorized access, attackers persuade employees to open cleverly crafted e-mail and click on links to sites that silently installs data-stealing software.

To combat this threat and protect company secrets and customer data, all employees should know how to:

• Spot social engineers trying to manipulate their way to unauthorized information
• Recognize suspicious e-mail that may contain (or link to) malicious software
• Identify suspicious behaviors, whether from systems or people
• Prevent leaking sensitive data to open sources
• Create a secure password
• Report security incidents

Through suspenseful events, coupled with lessons learned, a new book titled Cyber Within helps organizations tackle this security challenge head-on. Cyber Within, written by Marcos Christodonte II, MBA, CISSP, is an educational tool for corporate workers that uses an engaging story, lessons, and tips to help employees understand and spot security threats. Robert Lentz, former Deputy Assistant Secretary of Defense for Cyber, Identity and Information Assurance at the U.S. Department of Defense says, “Cyber Within is a stellar portrayal of why user education on Cyber Security threats, tactics and techniques is so critical.”

Kevin Beaver, independent information security consultant with Principle Logic, LLC and author of Hacking For Dummies says, “Lack of awareness is a grand security weakness. This book provides a unique approach to help fill the gaps and would be a great addition to anyone’s information security toolbox.”

Christodonte is well qualified to present security guidance to employees. He is a cyber and information security professional working for a consulting firm. He has developed security strategies for the U.S. Army, U.S. Navy and NATO.

Just after Google’s report, Adobe posted their shorter, less-detailed, account of the attack. These reports came in two days ago. Brian Krebs, former security reporter at the Washington Post, has been following this story quite closely. On his blog, he notes that the attackers appear to have targeted source code and trade secrets, and that MS has posted an advisory about the unpatched vulnerability.

This story is a very interesting and is a prime example of why user education is so important. Using this unpatched zero-day exploit and a clever social engineering attack, trade secrets from countless organizations could get stolen–possibly without notice. That’s why educating users is the aim of my new book, Cyber Within. Through education, users will obtain a better understanding of risks and security challenges and will be able to spot social engineering and other malicious schemes instead of giving up corporate secrets. By the way, Cyber Within will be available in a couple of weeks. I’ll keep you posted, but in the mean time, check out a new article by my colleague Kevin Beaver where he outlines the real deal with internal security threats.