After another tough year in the cybersecurity trenches, security professionals deserve a well-earned holiday, along with some powerful gifts to help them cope with the new year’s daunting threat landscape and the security challenges to come. 

Here’s our rundown of what cybersecurity professionals are wishing for this holiday season. 

1. An Artificial Intelligence Ethical Hacking Tool Grand Challenge

Cybersecurity is a national security priority, and bad actors have targeted government institutions, public utilities, schools, hospitals and businesses in just the past year. With that in mind, cybersecurity pros would like to see the military’s Santa Claus — otherwise known as DARPA (the Defense Advanced Research Projects Agency) — fund a big-dollar Grand Challenge contest for companies or universities to develop the Mother of All Ethical Hacking Simulators. 

It should work like this: the system would create a detailed simulation of an organization’s entire network, including third-party cloud services, user devices — everything. Then, a monster supercomputer machine learning system would throw every known attack at it, resulting in a list of vulnerabilities and policies to fix based on cybersecurity best practices. 

And since this is a wishlist, access to this cybersecurity tool should be free for all authorized cybersecurity professionals to use. Something like this would be invaluable across the industry, especially for smaller organizations that don’t have the resources to run simulations or penetration tests on their own. 

2. A New Legal Framework for Ending Ransomware Attacks

One of the worst aspects of ransomware is that its victims are the ones that pay to keep it going. Organizations often feel they have no choice but to pay off attackers to regain access to their information or systems, and those financial payments are exactly what incentivize attackers to continue their crimes. An effective legal solution for targeted organizations would help break this cycle, so it’s no surprise it’s a common wish of cybersecurity pros. 

One way that a nation could potentially reduce ransomware attacks on companies within its borders is by outlawing the payment of ransom. The problem with this idea is the catastrophic effects on organizations that don’t pay. 

Instead, imagine a legal framework that outlawed the payment of ransom, while simultaneously compensating every organization for 100% of the costs resulting from non-payment. This could function similarly to cyber insurance on a national scale, without putting money into the pockets of bad actors. 

This one-two punch would erase the incentive to conduct ransomware attacks because the attackers would know they wouldn’t get paid and the organizations targeted wouldn’t suffer catastrophic financial loss from the locking or disclosure of data. This would be a dream come true for cybersecurity professionals. 

3. A Laptop Designed From the Ground Up for Remote Work Security

Device manufacturers should recognize the reality of our times by developing a security-first laptop for remote workers following best practices and the advice of cybersecurity experts. The laptop should be built around the concept of zero trust, whereby employees couldn’t gain access to company resources except with the secure laptop, which would require biometric scans or other credentials for access to each and every resource. It should also radically isolate all processes and come with built-in safeguards for the most common cyberattacks that involve end-user devices. 

4. A Radically Diversified Supply Chain for Electronics

The cause of optimal cybersecurity is greatly harmed both by supply chain cyberattacks and the supply chain slowdowns for electronics of all kinds. Both of these problems result from a lack of diversity and distribution of supply chains. As a result, companies and individuals are struggling to properly upgrade their hardware, remaining on suboptimal and poorly performing devices for longer than they should. 

With diversification, cyberattacks on one supplier could be shut down by switching to another while the attack is addressed at the first one. As much as possible, electronic components should be manufactured and assembled in more locations than they currently are, to reduce critical vulnerabilities and chokepoint failures like we’ve seen in 2021. 

5. Total Adoption of the Zero Trust Model

One of the greatest gifts the world could bestow upon cybersecurity professionals is a total and universal buy-in of the zero trust model. Out with the old perimeter model once and for all, and in with the new. 

As with many of the wishes on this list, this would be a major change — but it would pay dividends across the entire cybersecurity world, reducing costs and downtime for businesses, government entities and individuals. Fewer successful cyber attacks are good for everyone, and full adoption of zero trust would be a major step in the right direction. 

6. Funding to Support University Cybersecurity Education on a Massive Scale

Industry, government and military organizations would all benefit from an end to the cybersecurity skills gap. It’s time for everyone to pitch in to provide scholarships, grants, early education programs, outreach efforts and other initiatives to drive up the number of students, graduates and ultimately professionals in the cybersecurity workforce. 

‘Tis the season to dream of a better world. And for cybersecurity professionals, the world would be made much better with a society-wide contribution to the cause of a better cybersecurity landscape, which benefits organizations of all shapes and sizes. 

Happy holidays!

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today