Published on September 2nd, 2021 📆 | 5864 Views ⚑
0Amazon, AWS Trumpet Free Cybersecurity Initiatives
Amazon is launching two initiatives aimed at better preparing individuals and businesses to deal with cybersecurity threats and hardening the authentication of users of its AWS cloud.
In a post on the aboutamazon.com website, the company announced that beginning in October, which is Cybersecurity Awareness Month, it will make available to the public the training materials itâs developed in-house to keep its employees and sensitive information safe from cyberattacks.
It also revealed that it will be offering âqualifiedâ Amazon Web Services customers a free multifactor authentication device designed to strengthen the security of their cloud environments.
âA fundamental problem when addressing current cybersecurity threats is education, which is why weâre excited to share our Amazon Security Awareness training for free, to help organizations and individuals understand how to navigate and fight against security events,â AWS CISO Steve Schmidt said in the web post.
âAnd by giving qualified AWS customers access to free MFA tokens, weâve made it even easier for companies to use this powerful tool to protect their data and important technology assets,â he added.
Jake Williams, co-founder and CTO of BreachQuest, an incident response company in Dallas called the release of Amazonâs training materials âa game changer, in particular for small to mid-sized businesses.â
âSecurity awareness training can have substantial impacts in preventing breaches,â he told TechNewsWorld.
âAmazonâs training will put a quality product within reach for organizations that wouldnât have it otherwise, likely preventing thousands of breaches every year,â he said. âIf thereâs one thing in the announcement that will give threat actors a big headache, this is it.â
Flexible Curriculum
Amazon explained that people and organizations need security training to identify and keep themselves safe from social engineering attacks, such as those mounted in phishing emails and scam phone calls. The rub, though, is people and businesses donât have the time to take training courses that, while effective, can take hours.
Amazonâs training materials, the company noted, form a digestible and succinct curriculum thatâs enabled its employees to anticipate possible security threats. The materials follow proven neuroscience and adult learning principles to enhance content retention, it added.
The curriculum is also flexible, it continued, so businesses and organizations can build on it to suit their needs.
In addition, the materials are regularly updated to accommodate the changing threat landscape.
âNo employee wants to see the same training more than once,â observed Perry Carpenter, chief evangelist and strategy officer at KnowBe4, a security awareness training provider in Clearwater, Fla.
âOne key to a successful security awareness program strategy is to always be putting key concepts in front of people in new and unique ways,â he told TechNewsWorld.
âA redo of last yearâs training will not cut it,â he said. âMaterials need to be updated with fresh facts, new scenarios, and even to reflect new uses of language, cultural trends, brands and more.â
âNot only do methods from threat actors change, but an organizationâs culture, its applications and infrastructure can also change,â added Chenxi Wang, founder and general partner at Rain Capital, a venture capital firm in San Francisco.
âFor those reasons,â she told TechNewsWorld, âtraining materials must be constantly updated to maintain training efficacy.
âSymbolic Gestureâ
Access to security training materials alone wonât make an organization secure, asserted Doug Britton, CEO of Haystack Solutions, a cybersecurity talent assessment company in Kensington, Md.
âThis is a symbolic gesture on behalf of AWS,â he told TechNewsWorld. âJust having top shelf training materials wonât ensure security,â he said.
âHow is an organization ensuring that staff take time to read and understand training materials?â he asked. âIs there a learning management system in place that tracks training? Is there a way to validate that staff have absorbed the information?â
âThe culture of an organization is the critical element in making training materials most effective,â he maintained.
An organization gets out of security training what it puts into it, Carpenter added.
âBy that I mean that if an organization only plays lip service to security awareness and employee training, then they will wind up with a culture where people only pay lip service to security itself,â he explained.
âBut,â he continued, âif an organization is willing to make a dedicated effort to deliver a transformational security awareness program, then it will pay off.â
âSuch a program is extremely intentional about communication, behavioral management, taking human nature into account and taking deliberate steps to foster a culture that values security,â he said.
Free MFA Token
In addition to free training materials, Amazon will be offering some AWS users a free token that can be used with a password to access an organizationâs cloud assets.
In its online post Amazon explained that AWS customers with access to the AWS Management Console will be able to authenticate themselves by typing their passwords and then simply touching the MFA security token, which plugs into a USB port on their computer.
The free MFA token adds a layer of security to protect customersâ AWS accounts against phishing, session hijacking, man-in-the-middle, and malware attacks, Amazon noted.
Customers can also use their MFA devices to safely access multiple AWS accounts, as well as other token-enabled applications, such as GitHub, Gmail, and Dropbox, it added.
âThe use of hardware or software authentication tokens is vastly superior to SMS based two-factor authentication and can massively improve any organizations security,â observed Chris Clements, vice president of solutions architecture atCerberus Sentinel, a cybersecurity consulting and penetration testing company inScottsdale, Ariz.
âSMS based two-factor authentication is routinely and simply bypassed by attackers using SIM swap attacks and should be avoided unless absolutely necessary,â he told TechNewsWorld.
Carpenter noted, though, there is a downside to using physical tokens as an MFA factor.
âI love the idea of hardware tokens from a security perspective,â he said, âbut I am also realistic that hardware tokens are not for everyone.â
âThere is additional friction added for the user because now they have to train new habits and keep up with one more thing,â he continued. âThe physical token becomes one more thing that people have to keep track of.â
Still, Amazonâs weight as a company could change user sentiment about tokens.
âGiven Amazonâs market position and notoriety, it will certainly cause companies and people to pay attention to this move,â observed Dean Coclin, senior director of business development at DigiCert, a digital security company in Lehi, Utah.
âThe Fire Stick is a huge success for this company,â he told TechNewsWorld. âPerhaps the âFire Tokenâ will have a similar outcome.â
Gloss