The holiday season is upon us. After a difficult year, and facing an even more challenging year ahead, digital defense experts don’t have visions of sugar plums dancing in their heads. Instead, they dream of cybersecurity tools and other resources to help them cope with a wild threat landscape. 

Here’s our ultimate holiday wish list. 

1. Skilled Cybersecurity Employees

The top thing security experts need is more of them. 

Skilled workers are in short supply. The so-called cybersecurity skills gap is a real problem. There aren’t enough qualified candidates to do the job. And as the landscape grows even more complex, the people who do enter the field specialize more and more. Their highly specific experience, training and credentials make it even harder to hire. 

Although some gains were made in the skills gap, according to the 2020 (ISC)2 Cybersecurity Workforce Study, the field needs to grow by roughly 41% in the U.S. and 89% worldwide to fill the gap. In addition, a majority (56%) of survey respondents say their employers are at greater risk because of the shortage. 

Of course, the reason for the shortfall is the field needs more training, more certification, more education, more awareness at the college level and more attention in general. All that should be the industry’s collective New Year’s resolution. 

2. Cybersecurity Tools for Business Connectivity From Home

In the rush to remote work this year, nobody had time to address the fact that a huge amount of business happens through consumer ISPs ill-equipped to handle the load. Even worse, employees’ personal computers, tablets, phones, gaming systems and consumer Internet of things (IoT) devices are all on the same Wi-Fi network. They use the same router and connect through the same internet service provider. It’s a bandwidth and defense nightmare. 

Meanwhile, threat actors are working night and day to figure out new ways to exploit this ticking time bomb. Expert defenders are doing the same to figure out how to diffuse the problem. 

Think about the implications of remote work. The perfect gift this year would be a separate business network and router in every home for remote workers. At best, it would work only via the company’s virtual private network. It would allow only company-provisioned or approved devices to connect. 

3. Cybersecurity Tools That Require Great Password Management

As much as we talk and read about a post-password future, passwords are very much with us. Talking and training on strong passwords, unique passwords and using a password manager isn’t enough. Far too many employees just do the easy thing and use a never-changing, easy-to-remember password for multiple sites. 

The widespread failure of good password hygiene is one of the things that makes it easy for threat actors to steal data. From there, they gain access to accounts and machines that link to enterprise systems in one way or another. 

One wonderful gift would be operating system-level cybersecurity tools that could be switched on, preventing entry of any password on any site, app or device that didn’t come from an approved password manager. That password manager would require strong passwords that are changed frequently, and could be made convenient for the user with biometrics. 

4. Self-Reporting IoT Devices

IoT devices are great stocking-stuffers, but lousy network citizens. They’re spreading unchecked across industries and inside remote workers’ homes. Large numbers of IoT devices massively increase the attack surface, since they are powerful enough to convey data over the network but not powerful enough to encrypt that data. 

Making matters worse, these devices show up inside enterprise networks without permission. Who knew the vending machine, digital picture frame and smart dog collar were open doors to attacks? 

What we need for the holidays is a new framework for these devices; a standard that blocks their connection unless they adhere to it. Such devices would have to be re-approved every year by security staff and would log and self-report key data into a database. That data would include where the device is; what it is; who installed it; who accesses it and when; and its battery charge level. 

AI-based advanced threat intelligence systems would have access to that database for detecting possibly malicious use. It would provide amazing data for existing cybersecurity tools to better do their job.

The idea would be that no IoT device could be stirring on the network without permission; not even a mouse. 

5. Cybersecurity Tools to Estimate Attacks and Costs

One gift that would keep on giving would be a tool that downloads constantly-updated information about cyber attacks across thousands of entities — the kinds of attacks, estimates of financial damage and other data that could scan the basics of a group’s infrastructure, policies and personnel. This could then estimate the likelihood of damage in dollars. 

Participating groups would anonymously upload their data about all metrics, as well as incidents of attacks and their cost. Next, machine learning algorithms would develop and revise estimates. 

The tool would present cybercrime risk based on probabilities and dollar amounts. So cybersecurity leaders could join budget meetings armed with a cybersecurity budget breakdown that makes sense to non-specialists and business leaders. It could say, for example, that based on the organization’s current overall security profile, there’s a 7% chance the business will have to close from catastrophic attack; 20% chance that cyber attacks this year will cost over $1 billion, etc. 

6. A Cybersecurity Best Practices Virtual Assistant 

Virtual assistants on phones, smart speakers and smart displays are growing in popularity. These mainly help people get the weather, find out trivia about celebrities, set timers and play music. 

What cybersecurity specialists really want is an AI virtual assistant that helps and guides employees on best practices for cybersecurity. When an employee clicks on a link in email, the assistant would intercept the click and ask: “Are you sure you want to do this? Malicious links are the No. 1 source of phishing attacks.”

When another device is added to the network, it could offer to contact IT and notify them about the device. 

A huge percentage of cyber attacks result from exploited employees who get tricked through social engineering techniques into unknowingly helping the attackers gain access. 

A wonderful holiday gift to cybersecurity specialists would be a kind of AI elf that sits on the shelf and helps users contribute to the security of the company through security best practices. 

7. A Cloud of Clouds

The original concept of the cloud was the unification of unspecified remote resources into a single virtual server. The designers of the cloud intended it to simplify these resources, but itself has grown complicated. Now, we have complex hybrid multicloud environments that are becoming increasingly difficult to secure. 

But, what if there was a way to secure and administer all of these as a single unit? It could be a cloud of clouds. 

That’s our holiday wish list for the coming year. Happy holidays, and have a safe and secure New Year.

More from Application Security

Critically close to zero(day): Exploiting Microsoft Kernel streaming service

10 min read - Last month Microsoft patched a vulnerability in the Microsoft Kernel Streaming Server, a Windows kernel component used in the virtualization and sharing of camera devices. The vulnerability, CVE-2023-36802, allows a local attacker to escalate privileges to SYSTEM. This blog post details my process of exploring a new attack surface in the Windows kernel, finding a 0-day vulnerability, exploring an interesting bug class, and building a stable exploit. This post doesn’t require any specialized Windows kernel knowledge to follow along, though…

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Vulnerability management, its impact and threat modeling methodologies

7 min read - Vulnerability management is a security practice designed to avoid events that could potentially harm an organization. It is a regular ongoing process that identifies, assesses, and manages vulnerabilities across all the components of an IT ecosystem. Cybersecurity is one of the major priorities many organizations struggle to stay on top of. There is a huge increase in the number of cyberattacks carried out by cybercriminals to steal valuable information from businesses. Hence to encounter these attacks, organizations are now focusing…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today