Light Dark
December 21, 2021 By Mike Elgan 3 min read
CISO
Incident Response
Risk Management
Security Services

After another tough year in the cybersecurity trenches, security professionals deserve a well-earned holiday, along with some powerful gifts to help them cope with the new year’s daunting threat landscape and the security challenges to come. 

Here’s our rundown of what cybersecurity professionals are wishing for this holiday season. 

1. An Artificial Intelligence Ethical Hacking Tool Grand Challenge

Cybersecurity is a national security priority, and bad actors have targeted government institutions, public utilities, schools, hospitals and businesses in just the past year. With that in mind, cybersecurity pros would like to see the military’s Santa Claus — otherwise known as DARPA (the Defense Advanced Research Projects Agency) — fund a big-dollar Grand Challenge contest for companies or universities to develop the Mother of All Ethical Hacking Simulators. 

It should work like this: the system would create a detailed simulation of an organization’s entire network, including third-party cloud services, user devices — everything. Then, a monster supercomputer machine learning system would throw every known attack at it, resulting in a list of vulnerabilities and policies to fix based on cybersecurity best practices. 

And since this is a wishlist, access to this cybersecurity tool should be free for all authorized cybersecurity professionals to use. Something like this would be invaluable across the industry, especially for smaller organizations that don’t have the resources to run simulations or penetration tests on their own. 

2. A New Legal Framework for Ending Ransomware Attacks

One of the worst aspects of ransomware is that its victims are the ones that pay to keep it going. Organizations often feel they have no choice but to pay off attackers to regain access to their information or systems, and those financial payments are exactly what incentivize attackers to continue their crimes. An effective legal solution for targeted organizations would help break this cycle, so it’s no surprise it’s a common wish of cybersecurity pros. 

One way that a nation could potentially reduce ransomware attacks on companies within its borders is by outlawing the payment of ransom. The problem with this idea is the catastrophic effects on organizations that don’t pay. 

Instead, imagine a legal framework that outlawed the payment of ransom, while simultaneously compensating every organization for 100% of the costs resulting from non-payment. This could function similarly to cyber insurance on a national scale, without putting money into the pockets of bad actors. 

This one-two punch would erase the incentive to conduct ransomware attacks because the attackers would know they wouldn’t get paid and the organizations targeted wouldn’t suffer catastrophic financial loss from the locking or disclosure of data. This would be a dream come true for cybersecurity professionals. 

3. A Laptop Designed From the Ground Up for Remote Work Security

Device manufacturers should recognize the reality of our times by developing a security-first laptop for remote workers following best practices and the advice of cybersecurity experts. The laptop should be built around the concept of zero trust, whereby employees couldn’t gain access to company resources except with the secure laptop, which would require biometric scans or other credentials for access to each and every resource. It should also radically isolate all processes and come with built-in safeguards for the most common cyberattacks that involve end-user devices. 

4. A Radically Diversified Supply Chain for Electronics

The cause of optimal cybersecurity is greatly harmed both by supply chain cyberattacks and the supply chain slowdowns for electronics of all kinds. Both of these problems result from a lack of diversity and distribution of supply chains. As a result, companies and individuals are struggling to properly upgrade their hardware, remaining on suboptimal and poorly performing devices for longer than they should. 

With diversification, cyberattacks on one supplier could be shut down by switching to another while the attack is addressed at the first one. As much as possible, electronic components should be manufactured and assembled in more locations than they currently are, to reduce critical vulnerabilities and chokepoint failures like we’ve seen in 2021. 

5. Total Adoption of the Zero Trust Model

One of the greatest gifts the world could bestow upon cybersecurity professionals is a total and universal buy-in of the zero trust model. Out with the old perimeter model once and for all, and in with the new. 

As with many of the wishes on this list, this would be a major change — but it would pay dividends across the entire cybersecurity world, reducing costs and downtime for businesses, government entities and individuals. Fewer successful cyber attacks are good for everyone, and full adoption of zero trust would be a major step in the right direction. 

6. Funding to Support University Cybersecurity Education on a Massive Scale

Industry, government and military organizations would all benefit from an end to the cybersecurity skills gap. It’s time for everyone to pitch in to provide scholarships, grants, early education programs, outreach efforts and other initiatives to drive up the number of students, graduates and ultimately professionals in the cybersecurity workforce. 

‘Tis the season to dream of a better world. And for cybersecurity professionals, the world would be made much better with a society-wide contribution to the cause of a better cybersecurity landscape, which benefits organizations of all shapes and sizes. 

Happy holidays!

 |  |  |  |  |  |  | 
Mike Elgan

More from CISO
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 2, 2024

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

February 21, 2024

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature