After another tough year in the cybersecurity trenches, security professionals deserve a well-earned holiday, along with some powerful gifts to help them cope with the new year’s daunting threat landscape and the security challenges to come. 

Here’s our rundown of what cybersecurity professionals are wishing for this holiday season. 

1. An Artificial Intelligence Ethical Hacking Tool Grand Challenge

Cybersecurity is a national security priority, and bad actors have targeted government institutions, public utilities, schools, hospitals and businesses in just the past year. With that in mind, cybersecurity pros would like to see the military’s Santa Claus — otherwise known as DARPA (the Defense Advanced Research Projects Agency) — fund a big-dollar Grand Challenge contest for companies or universities to develop the Mother of All Ethical Hacking Simulators. 

It should work like this: the system would create a detailed simulation of an organization’s entire network, including third-party cloud services, user devices — everything. Then, a monster supercomputer machine learning system would throw every known attack at it, resulting in a list of vulnerabilities and policies to fix based on cybersecurity best practices. 

And since this is a wishlist, access to this cybersecurity tool should be free for all authorized cybersecurity professionals to use. Something like this would be invaluable across the industry, especially for smaller organizations that don’t have the resources to run simulations or penetration tests on their own. 

2. A New Legal Framework for Ending Ransomware Attacks

One of the worst aspects of ransomware is that its victims are the ones that pay to keep it going. Organizations often feel they have no choice but to pay off attackers to regain access to their information or systems, and those financial payments are exactly what incentivize attackers to continue their crimes. An effective legal solution for targeted organizations would help break this cycle, so it’s no surprise it’s a common wish of cybersecurity pros. 

One way that a nation could potentially reduce ransomware attacks on companies within its borders is by outlawing the payment of ransom. The problem with this idea is the catastrophic effects on organizations that don’t pay. 

Instead, imagine a legal framework that outlawed the payment of ransom, while simultaneously compensating every organization for 100% of the costs resulting from non-payment. This could function similarly to cyber insurance on a national scale, without putting money into the pockets of bad actors. 

This one-two punch would erase the incentive to conduct ransomware attacks because the attackers would know they wouldn’t get paid and the organizations targeted wouldn’t suffer catastrophic financial loss from the locking or disclosure of data. This would be a dream come true for cybersecurity professionals. 

3. A Laptop Designed From the Ground Up for Remote Work Security

Device manufacturers should recognize the reality of our times by developing a security-first laptop for remote workers following best practices and the advice of cybersecurity experts. The laptop should be built around the concept of zero trust, whereby employees couldn’t gain access to company resources except with the secure laptop, which would require biometric scans or other credentials for access to each and every resource. It should also radically isolate all processes and come with built-in safeguards for the most common cyberattacks that involve end-user devices. 

4. A Radically Diversified Supply Chain for Electronics

The cause of optimal cybersecurity is greatly harmed both by supply chain cyberattacks and the supply chain slowdowns for electronics of all kinds. Both of these problems result from a lack of diversity and distribution of supply chains. As a result, companies and individuals are struggling to properly upgrade their hardware, remaining on suboptimal and poorly performing devices for longer than they should. 

With diversification, cyberattacks on one supplier could be shut down by switching to another while the attack is addressed at the first one. As much as possible, electronic components should be manufactured and assembled in more locations than they currently are, to reduce critical vulnerabilities and chokepoint failures like we’ve seen in 2021. 

5. Total Adoption of the Zero Trust Model

One of the greatest gifts the world could bestow upon cybersecurity professionals is a total and universal buy-in of the zero trust model. Out with the old perimeter model once and for all, and in with the new. 

As with many of the wishes on this list, this would be a major change — but it would pay dividends across the entire cybersecurity world, reducing costs and downtime for businesses, government entities and individuals. Fewer successful cyber attacks are good for everyone, and full adoption of zero trust would be a major step in the right direction. 

6. Funding to Support University Cybersecurity Education on a Massive Scale

Industry, government and military organizations would all benefit from an end to the cybersecurity skills gap. It’s time for everyone to pitch in to provide scholarships, grants, early education programs, outreach efforts and other initiatives to drive up the number of students, graduates and ultimately professionals in the cybersecurity workforce. 

‘Tis the season to dream of a better world. And for cybersecurity professionals, the world would be made much better with a society-wide contribution to the cause of a better cybersecurity landscape, which benefits organizations of all shapes and sizes. 

Happy holidays!

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today