After another tough year in the cybersecurity trenches, security professionals deserve a well-earned holiday, along with some powerful gifts to help them cope with the new year’s daunting threat landscape and the security challenges to come. 

Here’s our rundown of what cybersecurity professionals are wishing for this holiday season. 

1. An Artificial Intelligence Ethical Hacking Tool Grand Challenge

Cybersecurity is a national security priority, and bad actors have targeted government institutions, public utilities, schools, hospitals and businesses in just the past year. With that in mind, cybersecurity pros would like to see the military’s Santa Claus — otherwise known as DARPA (the Defense Advanced Research Projects Agency) — fund a big-dollar Grand Challenge contest for companies or universities to develop the Mother of All Ethical Hacking Simulators. 

It should work like this: the system would create a detailed simulation of an organization’s entire network, including third-party cloud services, user devices — everything. Then, a monster supercomputer machine learning system would throw every known attack at it, resulting in a list of vulnerabilities and policies to fix based on cybersecurity best practices. 

And since this is a wishlist, access to this cybersecurity tool should be free for all authorized cybersecurity professionals to use. Something like this would be invaluable across the industry, especially for smaller organizations that don’t have the resources to run simulations or penetration tests on their own. 

2. A New Legal Framework for Ending Ransomware Attacks

One of the worst aspects of ransomware is that its victims are the ones that pay to keep it going. Organizations often feel they have no choice but to pay off attackers to regain access to their information or systems, and those financial payments are exactly what incentivize attackers to continue their crimes. An effective legal solution for targeted organizations would help break this cycle, so it’s no surprise it’s a common wish of cybersecurity pros. 

One way that a nation could potentially reduce ransomware attacks on companies within its borders is by outlawing the payment of ransom. The problem with this idea is the catastrophic effects on organizations that don’t pay. 

Instead, imagine a legal framework that outlawed the payment of ransom, while simultaneously compensating every organization for 100% of the costs resulting from non-payment. This could function similarly to cyber insurance on a national scale, without putting money into the pockets of bad actors. 

This one-two punch would erase the incentive to conduct ransomware attacks because the attackers would know they wouldn’t get paid and the organizations targeted wouldn’t suffer catastrophic financial loss from the locking or disclosure of data. This would be a dream come true for cybersecurity professionals. 

3. A Laptop Designed From the Ground Up for Remote Work Security

Device manufacturers should recognize the reality of our times by developing a security-first laptop for remote workers following best practices and the advice of cybersecurity experts. The laptop should be built around the concept of zero trust, whereby employees couldn’t gain access to company resources except with the secure laptop, which would require biometric scans or other credentials for access to each and every resource. It should also radically isolate all processes and come with built-in safeguards for the most common cyberattacks that involve end-user devices. 

4. A Radically Diversified Supply Chain for Electronics

The cause of optimal cybersecurity is greatly harmed both by supply chain cyberattacks and the supply chain slowdowns for electronics of all kinds. Both of these problems result from a lack of diversity and distribution of supply chains. As a result, companies and individuals are struggling to properly upgrade their hardware, remaining on suboptimal and poorly performing devices for longer than they should. 

With diversification, cyberattacks on one supplier could be shut down by switching to another while the attack is addressed at the first one. As much as possible, electronic components should be manufactured and assembled in more locations than they currently are, to reduce critical vulnerabilities and chokepoint failures like we’ve seen in 2021. 

5. Total Adoption of the Zero Trust Model

One of the greatest gifts the world could bestow upon cybersecurity professionals is a total and universal buy-in of the zero trust model. Out with the old perimeter model once and for all, and in with the new. 

As with many of the wishes on this list, this would be a major change — but it would pay dividends across the entire cybersecurity world, reducing costs and downtime for businesses, government entities and individuals. Fewer successful cyber attacks are good for everyone, and full adoption of zero trust would be a major step in the right direction. 

6. Funding to Support University Cybersecurity Education on a Massive Scale

Industry, government and military organizations would all benefit from an end to the cybersecurity skills gap. It’s time for everyone to pitch in to provide scholarships, grants, early education programs, outreach efforts and other initiatives to drive up the number of students, graduates and ultimately professionals in the cybersecurity workforce. 

‘Tis the season to dream of a better world. And for cybersecurity professionals, the world would be made much better with a society-wide contribution to the cause of a better cybersecurity landscape, which benefits organizations of all shapes and sizes. 

Happy holidays!

More from CISO

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk…

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…