(Credit: SWEviL/Shutterstock.com)

In a year of change, one issue has become so tied to our daily lives that its emergence has been somewhat masked—and that issue is cyber.

Just a few short years ago, cyber was seen as an edge issue that impacted technology companies. Now one need only look at the continuing discussion regarding the presidential election and the effect of the alleged interference by state-sponsored threat actors to see that cyber is embedded in our daily lives in a way that many did not imagine.

There are a few lessons to be learned from the events of 2016, and these lessons impact us as professionals, as well as citizens.

1. It’s Not Just Consumer Data and Tech Companies Anymore

Direct cyber threats can take many shapes, and as we have seen in 2016, the threats are not just limited to stealing consumer data. The threat can be directed towards business data for industrial espionage, insider trading, and other criminal activity, as well as towards damaging businesses by destroying data, holding data for ransom, or damaging physical hardware or other systems to impact the business in often unforeseen ways. As the threats continue to change, companies need to consider what their exposure is, including beyond the theft of consumer data.

2. Cyber as a Threat Vector/Hacking for Hire

Cyber has also become a way for attacks to start, even where a “cyber event” is not the end result. In essence, just as a physical or kinetic attack doesn’t always have theft as the end result, cyber has become an entry point for other criminal activity that isn’t always directed towards information or information systems, and one need only consider the debate currently occurring about “hacking” an election to see this point clearly.

This issue is closely tied to the new trend of “Hacking for Hire,” which really means that certain hackers have begun emphasizing a different business model—creating easy to use “weaponized malware” that even less sophisticated people can use. In essence, some hackers have moved from hacking to becoming cyber arms dealers, and these cyber arms are readily available. This means that companies must factor in that they may be under an increasing number of sophisticated attacks, and attacks that might seek to publically disclose information rather than steal it.

3. The Ultimate Asymmetric Threat

One of the real challenges is that companies in many cases face organized threat actors who look for a company’s weakness and exploit it, which is why cyber is a classic asymmetric threat. The threat actors in many cases share information and exploits and are now increasingly selling them, as noted above. This gives companies an information deficit if they are not looking at whether they should be considering information-sharing in some form, whether that is sharing among private sector companies, or sharing with certain public sector entities.

Given the trends noted above, sharing information in the private sector, as well as with the public sector, is becoming an even more important consideration. Knowing what the threat trends are and how these threats materialize, is critical information for many companies, and the importance of information-sharing will likely only increase as the cyber threat continues to grow.

In a year of change, one issue has become so tied to our daily lives that its emergence has been somewhat masked—and that issue is cyber.

Just a few short years ago, cyber was seen as an edge issue that impacted technology companies. Now one need only look at the continuing discussion regarding the presidential election and the effect of the alleged interference by state-sponsored threat actors to see that cyber is embedded in our daily lives in a way that many did not imagine.

There are a few lessons to be learned from the events of 2016, and these lessons impact us as professionals, as well as citizens.

1. It’s Not Just Consumer Data and Tech Companies Anymore

Direct cyber threats can take many shapes, and as we have seen in 2016, the threats are not just limited to stealing consumer data. The threat can be directed towards business data for industrial espionage, insider trading, and other criminal activity, as well as towards damaging businesses by destroying data, holding data for ransom, or damaging physical hardware or other systems to impact the business in often unforeseen ways. As the threats continue to change, companies need to consider what their exposure is, including beyond the theft of consumer data.

2. Cyber as a Threat Vector/Hacking for Hire

Cyber has also become a way for attacks to start, even where a “cyber event” is not the end result. In essence, just as a physical or kinetic attack doesn’t always have theft as the end result, cyber has become an entry point for other criminal activity that isn’t always directed towards information or information systems, and one need only consider the debate currently occurring about “hacking” an election to see this point clearly.

This issue is closely tied to the new trend of “Hacking for Hire,” which really means that certain hackers have begun emphasizing a different business model—creating easy to use “weaponized malware” that even less sophisticated people can use. In essence, some hackers have moved from hacking to becoming cyber arms dealers, and these cyber arms are readily available. This means that companies must factor in that they may be under an increasing number of sophisticated attacks, and attacks that might seek to publically disclose information rather than steal it.

3. The Ultimate Asymmetric Threat

One of the real challenges is that companies in many cases face organized threat actors who look for a company’s weakness and exploit it, which is why cyber is a classic asymmetric threat. The threat actors in many cases share information and exploits and are now increasingly selling them, as noted above. This gives companies an information deficit if they are not looking at whether they should be considering information-sharing in some form, whether that is sharing among private sector companies, or sharing with certain public sector entities.

Given the trends noted above, sharing information in the private sector, as well as with the public sector, is becoming an even more important consideration. Knowing what the threat trends are and how these threats materialize, is critical information for many companies, and the importance of information-sharing will likely only increase as the cyber threat continues to grow.