Amazon is launching two initiatives designed to better prepare individuals and businesses to deal with cybersecurity threats and strengthen user authentication for its AWS cloud.
In a post on the website aboutamazon.com, the company announced that starting in October, which is Cybersecurity Awareness Month, it will make available to the public the training materials it has developed internally to keep its employees and confidential information safe from cyberattacks.
It also revealed that it will offer “qualified” Amazon Web Services customers a free multi-factor authentication device designed to strengthen the security of their cloud environments.
“A critical issue in addressing today’s cybersecurity threats is education, which is why we are excited to share our Amazon Security Awareness training for free, to help organizations and individuals understand how to navigate and fight events from security, “said AWS CISO Steve Schmidt. on the web post.
“And by providing qualified AWS customers with access to free MFA tokens, we have made it even easier for businesses to use this powerful tool to protect their important data and technology assets,” he added.
Jake Williams, Co-Founder and CTO of BreachQuest, an incident response company in Dallas called the launch of Amazon’s training materials “a game changer, particularly for small and medium-sized businesses.”
“Security awareness training can have a substantial impact on preventing breaches,” he told TechNewsWorld.
“Amazon training will put a quality product within the reach of organizations that would not otherwise have it, probably preventing thousands of breaches each year,” he said. “If there’s one thing in the ad that will give threat actors a major headache, this is it.”
Amazon explained that individuals and organizations need security training to identify themselves and stay safe from social engineering attacks, such as those found in phishing emails and fraudulent phone calls. The problem, however, is that individuals and companies do not have time to take training courses, which, while effective, can take hours.
Amazon’s training materials, the company noted, form a concise and digestible curriculum that enables its employees to anticipate potential security threats. The materials follow proven neuroscience and adult learning principles to improve content retention, he added.
The curriculum is also flexible, he continued, so companies and organizations can develop it to suit their needs.
In addition, the materials are regularly updated to adapt to the changing threat landscape.
“No employee wants to see the same training more than once,” observed Perry Carpenter, chief evangelist and strategy officer for KnowBe4, a security awareness training provider in Clearwater, Florida.
“A key to a successful security awareness program strategy is to always put key concepts in front of people in new and unique ways,” he told TechNewsWorld.
“Redoing last year’s training will not be enough,” he said. “Materials need to be updated with new facts, new settings, and even to reflect new uses of language, cultural trends, brands, and more.”
“Not only do the methods of threat actors change, but they can also change the culture, applications and infrastructure of an organization,” added Chenxi Wang, Founder and General Partner of Capital of rain, a venture capital firm in San Francisco.
“For those reasons,” he told TechNewsWorld, “the training materials need to be constantly updated to keep the training effective.
Access to safety training materials alone will not make an organization safe, said Doug Britton, CEO of Haystack solutions, a cybersecurity talent screening company in Kensington, Maryland.
“This is a symbolic gesture on behalf of AWS,” he told TechNewsWorld. “Just having top-quality training materials will not guarantee safety,” he said.
“How does an organization ensure that staff take the time to read and understand the training materials?” I ask. “Is there a learning management system that tracks training? Is there a way to validate that staff have absorbed the information? “
“The culture of an organization is the critical element in making training materials more effective,” he said.
An organization comes out of security training with what it spends on it, Carpenter added.
“By that I mean that if an organization only speaks lip service to safety awareness and employee training, it will end a culture where people only speak lip service to safety themselves,” he explained.
“But,” he continued, “if an organization is willing to make a dedicated effort to offer a transformational security awareness program, then it will be worth it.”
“Such a program is extremely intentional about communication, managing behavior, keeping human nature in mind, and taking deliberate steps to foster a culture that values safety,” he said.
Free MFA Token
In addition to the free training materials, Amazon will offer some AWS users a free token that can be used with a password to access an organization’s cloud assets.
In its online post, Amazon explained that AWS customers with access to the AWS Management Console will be able to authenticate by typing in their passwords and then simply tapping the MFA security token, which connects to a USB port on their computer.
The free MFA token adds a layer of security to protect customers’ AWS accounts against phishing, session hijacking, brokering, and malware attacks, Amazon noted.
Customers can also use their MFA devices to securely access multiple AWS accounts, as well as other token-enabled applications, such as GitHub, Gmail, and Dropbox, he added.
“The use of hardware or software authentication tokens is far superior to SMS-based two-factor authentication and can greatly improve the security of any organization,” observed Chris Clements, vice president of solutions architecture at Cerberus Sentinel, a company based in penetration testing and cybersecurity consulting in Scottdale, Arizona. .
“SMS-based two-factor authentication is routinely and easily bypassed by attackers using SIM swapping attacks and should be avoided unless absolutely necessary,” he told TechNewsWorld.
Carpenter noted, however, that there is a downside to using physical tokens as an MFA factor.
“I love the idea of hardware tokens from a security perspective,” he said, “but I’m also realistic that hardware tokens are not for everyone.”
“There is additional friction for the user because now they have to train new habits and keep up with one more thing,” he continued. “The physical token becomes one more thing that people have to keep track of.”
Still, Amazon’s weight as a company could change users’ opinion of tokens.
“Given Amazon’s position and visibility in the marketplace, it will undoubtedly get businesses and individuals to pay attention to this movement,” observed Dean Coclin, senior director of business development for DigiCert, a digital security company in Lehi, Utah.
“The Fire Stick is a huge success for this company,” he told TechNewsWorld. “Perhaps the ‘Fire Token’ will have a similar result.”