reviewed by Cy Wyss
Bullseye Breach is a fictionalization of the recent security lapses at major retailers and a plan for how to fight back against such breaches. The IT side of this book is right on. For starters, the method used by the bad guys to hack into the retailer highlights the role of social engineering. Access to Bullseye’s intranet is through a simple password gleaned from a third-party vendor via “phishing” — the technique hackers use to get someone to click on a link in an email and/or download something. The hackers dress up the link so the person being targeted ignores any security warnings from the browser or operating system. A similar technique is also used in the book to gain administrator passwords for the retailer’s intranet. The message is clear and can’t be stressed enough: know your sources. Don’t click on or download from anyone you’re not 110% sure of. And, don’t ignore security warnings from your antivirus program or operating system.
Beyond a blueprint for how the recent credit-card scams might have happened and how to prevent or deal with the hacking, Bullseye Breach is a great read. There are many characters, but each is idiosyncratic enough to be memorable in their own right. The bad guys are plausible and unfortunate. The main hero is adorable, with his loud sweater and inappropriate footwear. (You can just see this nerdy man in action.) Scott’s prose is fluid and easy to read, gently propelling the reader onward through the twists and turns of the breach and resolution. I loved this book, and you will too!