Skip to content

Book Review: Weakest Link

Bloomsbury Business;; 240 pages; eBook; $21.99.

Cybersecurity is a complex issue that spans multiple disciplines and occupational fields, and it’s a topic that can make executives nervous. The Weakest Link: Why Your Employees Might Be Your Biggest Cyber Risk offers an in-depth look at the cyber vulnerabilities that exist within organizations. It offers an international perspective on how to implement simple strategies through situational awareness, observation, and other methods. 

The authors are seasoned practitioners with excellent credentials. Their real-world experience translates into viable text as they articulate their viewpoints through practical standards, charts, graphs, diagrams, behavioral explanations, scenario-based examples, and other materials.

Research indicates that employees create one of a company’s biggest vulnerabilities as they connect to the Internet through internal resources. Today nearly all employees complete at least some of their duties on a computer, tablet, machine, or other peripheral that is connected to a computer network. This book highlights just how easily they can put an entire organization at risk.

The authors explain the import­ance of having specific policies, procedures, and protocols in place to prevent internal vulnerabilities from becoming active threats. They recommend implementing a strong security culture throughout the organization by engaging leaders and creating a plan that involves all of the internal stakeholders. The plan must be purposeful, collaborative, defined, communicated, accountable, enforced, and—perhaps most importantly—realistic. Other practical strategies from the textbook are based on strict historical and proven principles. 

The only shortfall of this book is that some of the examples and models provided are brief and not fully explained. Additional real-world examples and case studies would help the reader see how the principles can be applied. That said, this interdisciplinary book is a great addition to security management literature and applicable to other organizations in the international community.  

Reviewer: Thomas Rzemyk, Ed.D., is a professor of criminal justice at Columbia Southern University and director of technology and cybersecurity instructor at Mount Michael Benedictine School. He is a criminology discipline reviewer in the Fulbright Scholar Program, and he is a member of ASIS.