After another tough year in the cybersecurity trenches, security professionals deserve a well-earned holiday, along with some powerful gifts to help them cope with the new year’s daunting threat landscape and the security challenges to come.
Here’s our rundown of what cybersecurity professionals are wishing for this holiday season.
1. An Artificial Intelligence Ethical Hacking Tool Grand Challenge
Cybersecurity is a national security priority, and bad actors have targeted government institutions, public utilities, schools, hospitals and businesses in just the past year. With that in mind, cybersecurity pros would like to see the military’s Santa Claus — otherwise known as DARPA (the Defense Advanced Research Projects Agency) — fund a big-dollar Grand Challenge contest for companies or universities to develop the Mother of All Ethical Hacking Simulators.
It should work like this: the system would create a detailed simulation of an organization’s entire network, including third-party cloud services, user devices — everything. Then, a monster supercomputer machine learning system would throw every known attack at it, resulting in a list of vulnerabilities and policies to fix based on cybersecurity best practices.
And since this is a wishlist, access to this cybersecurity tool should be free for all authorized cybersecurity professionals to use. Something like this would be invaluable across the industry, especially for smaller organizations that don’t have the resources to run simulations or penetration tests on their own.
2. A New Legal Framework for Ending Ransomware Attacks
One of the worst aspects of ransomware is that its victims are the ones that pay to keep it going. Organizations often feel they have no choice but to pay off attackers to regain access to their information or systems, and those financial payments are exactly what incentivize attackers to continue their crimes. An effective legal solution for targeted organizations would help break this cycle, so it’s no surprise it’s a common wish of cybersecurity pros.
One way that a nation could potentially reduce ransomware attacks on companies within its borders is by outlawing the payment of ransom. The problem with this idea is the catastrophic effects on organizations that don’t pay.
Instead, imagine a legal framework that outlawed the payment of ransom, while simultaneously compensating every organization for 100% of the costs resulting from non-payment. This could function similarly to cyber insurance on a national scale, without putting money into the pockets of bad actors.
This one-two punch would erase the incentive to conduct ransomware attacks because the attackers would know they wouldn’t get paid and the organizations targeted wouldn’t suffer catastrophic financial loss from the locking or disclosure of data. This would be a dream come true for cybersecurity professionals.
3. A Laptop Designed From the Ground Up for Remote Work Security
Device manufacturers should recognize the reality of our times by developing a security-first laptop for remote workers following best practices and the advice of cybersecurity experts. The laptop should be built around the concept of zero trust, whereby employees couldn’t gain access to company resources except with the secure laptop, which would require biometric scans or other credentials for access to each and every resource. It should also radically isolate all processes and come with built-in safeguards for the most common cyberattacks that involve end-user devices.
4. A Radically Diversified Supply Chain for Electronics
The cause of optimal cybersecurity is greatly harmed both by supply chain cyberattacks and the supply chain slowdowns for electronics of all kinds. Both of these problems result from a lack of diversity and distribution of supply chains. As a result, companies and individuals are struggling to properly upgrade their hardware, remaining on suboptimal and poorly performing devices for longer than they should.
With diversification, cyberattacks on one supplier could be shut down by switching to another while the attack is addressed at the first one. As much as possible, electronic components should be manufactured and assembled in more locations than they currently are, to reduce critical vulnerabilities and chokepoint failures like we’ve seen in 2021.
5. Total Adoption of the Zero Trust Model
One of the greatest gifts the world could bestow upon cybersecurity professionals is a total and universal buy-in of the zero trust model. Out with the old perimeter model once and for all, and in with the new.
As with many of the wishes on this list, this would be a major change — but it would pay dividends across the entire cybersecurity world, reducing costs and downtime for businesses, government entities and individuals. Fewer successful cyber attacks are good for everyone, and full adoption of zero trust would be a major step in the right direction.
6. Funding to Support University Cybersecurity Education on a Massive Scale
Industry, government and military organizations would all benefit from an end to the cybersecurity skills gap. It’s time for everyone to pitch in to provide scholarships, grants, early education programs, outreach efforts and other initiatives to drive up the number of students, graduates and ultimately professionals in the cybersecurity workforce.
‘Tis the season to dream of a better world. And for cybersecurity professionals, the world would be made much better with a society-wide contribution to the cause of a better cybersecurity landscape, which benefits organizations of all shapes and sizes.