The holiday season is upon us. After a difficult year, and facing an even more challenging year ahead, digital defense experts don’t have visions of sugar plums dancing in their heads. Instead, they dream of cybersecurity tools and other resources to help them cope with a wild threat landscape. 

Here’s our ultimate holiday wish list. 

1. Skilled Cybersecurity Employees

The top thing security experts need is more of them. 

Skilled workers are in short supply. The so-called cybersecurity skills gap is a real problem. There aren’t enough qualified candidates to do the job. And as the landscape grows even more complex, the people who do enter the field specialize more and more. Their highly specific experience, training and credentials make it even harder to hire. 

Although some gains were made in the skills gap, according to the 2020 (ISC)2 Cybersecurity Workforce Study, the field needs to grow by roughly 41% in the U.S. and 89% worldwide to fill the gap. In addition, a majority (56%) of survey respondents say their employers are at greater risk because of the shortage. 

Of course, the reason for the shortfall is the field needs more training, more certification, more education, more awareness at the college level and more attention in general. All that should be the industry’s collective New Year’s resolution. 

2. Cybersecurity Tools for Business Connectivity From Home

In the rush to remote work this year, nobody had time to address the fact that a huge amount of business happens through consumer ISPs ill-equipped to handle the load. Even worse, employees’ personal computers, tablets, phones, gaming systems and consumer Internet of things (IoT) devices are all on the same Wi-Fi network. They use the same router and connect through the same internet service provider. It’s a bandwidth and defense nightmare. 

Meanwhile, threat actors are working night and day to figure out new ways to exploit this ticking time bomb. Expert defenders are doing the same to figure out how to diffuse the problem. 

Think about the implications of remote work. The perfect gift this year would be a separate business network and router in every home for remote workers. At best, it would work only via the company’s virtual private network. It would allow only company-provisioned or approved devices to connect. 

3. Cybersecurity Tools That Require Great Password Management

As much as we talk and read about a post-password future, passwords are very much with us. Talking and training on strong passwords, unique passwords and using a password manager isn’t enough. Far too many employees just do the easy thing and use a never-changing, easy-to-remember password for multiple sites. 

The widespread failure of good password hygiene is one of the things that makes it easy for threat actors to steal data. From there, they gain access to accounts and machines that link to enterprise systems in one way or another. 

One wonderful gift would be operating system-level cybersecurity tools that could be switched on, preventing entry of any password on any site, app or device that didn’t come from an approved password manager. That password manager would require strong passwords that are changed frequently, and could be made convenient for the user with biometrics. 

4. Self-Reporting IoT Devices

IoT devices are great stocking-stuffers, but lousy network citizens. They’re spreading unchecked across industries and inside remote workers’ homes. Large numbers of IoT devices massively increase the attack surface, since they are powerful enough to convey data over the network but not powerful enough to encrypt that data. 

Making matters worse, these devices show up inside enterprise networks without permission. Who knew the vending machine, digital picture frame and smart dog collar were open doors to attacks? 

What we need for the holidays is a new framework for these devices; a standard that blocks their connection unless they adhere to it. Such devices would have to be re-approved every year by security staff and would log and self-report key data into a database. That data would include where the device is; what it is; who installed it; who accesses it and when; and its battery charge level. 

AI-based advanced threat intelligence systems would have access to that database for detecting possibly malicious use. It would provide amazing data for existing cybersecurity tools to better do their job.

The idea would be that no IoT device could be stirring on the network without permission; not even a mouse. 

5. Cybersecurity Tools to Estimate Attacks and Costs

One gift that would keep on giving would be a tool that downloads constantly-updated information about cyber attacks across thousands of entities — the kinds of attacks, estimates of financial damage and other data that could scan the basics of a group’s infrastructure, policies and personnel. This could then estimate the likelihood of damage in dollars. 

Participating groups would anonymously upload their data about all metrics, as well as incidents of attacks and their cost. Next, machine learning algorithms would develop and revise estimates. 

The tool would present cybercrime risk based on probabilities and dollar amounts. So cybersecurity leaders could join budget meetings armed with a cybersecurity budget breakdown that makes sense to non-specialists and business leaders. It could say, for example, that based on the organization’s current overall security profile, there’s a 7% chance the business will have to close from catastrophic attack; 20% chance that cyber attacks this year will cost over $1 billion, etc. 

6. A Cybersecurity Best Practices Virtual Assistant 

Virtual assistants on phones, smart speakers and smart displays are growing in popularity. These mainly help people get the weather, find out trivia about celebrities, set timers and play music. 

What cybersecurity specialists really want is an AI virtual assistant that helps and guides employees on best practices for cybersecurity. When an employee clicks on a link in email, the assistant would intercept the click and ask: “Are you sure you want to do this? Malicious links are the No. 1 source of phishing attacks.”

When another device is added to the network, it could offer to contact IT and notify them about the device. 

A huge percentage of cyber attacks result from exploited employees who get tricked through social engineering techniques into unknowingly helping the attackers gain access. 

A wonderful holiday gift to cybersecurity specialists would be a kind of AI elf that sits on the shelf and helps users contribute to the security of the company through security best practices. 

7. A Cloud of Clouds

The original concept of the cloud was the unification of unspecified remote resources into a single virtual server. The designers of the cloud intended it to simplify these resources, but itself has grown complicated. Now, we have complex hybrid multicloud environments that are becoming increasingly difficult to secure. 

But, what if there was a way to secure and administer all of these as a single unit? It could be a cloud of clouds. 

That’s our holiday wish list for the coming year. Happy holidays, and have a safe and secure New Year.

More from Application Security

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

A View Into Web(View) Attacks in Android

James Kilner contributed to the technical editing of this blog. Nethanella Messer, Segev Fogel, Or Ben Nun and Liran Tiebloom contributed to the blog. Although in the PC realm it is common to see financial malware used in web attacks to commit fraud, in Android-based financial malware this is a new trend. Traditionally, financial malware in Android uses overlay techniques to steal victims’ credentials. In 2022, IBM Security Trusteer researchers discovered a new trend in financial mobile malware that targets…

Twitter is the New Poster Child for Failing at Compliance

All companies have to comply with privacy and security laws. They must also comply with any settlements or edicts imposed by regulatory agencies of the U.S. government. But Twitter now finds itself in a precarious position and appears to be failing to take its compliance obligations seriously. The case is a “teachable moment” for all organizations, public and private. The Musk Factor Technology visionary and Silicon Valley founder and CEO, Elon Musk, bought social network Twitter in October for $44…