Innovating with emerging technologies to build cybersecurity resiliency
This article is written as a memo addressing Cybersecurity innovation at Amazon.
Ransomware attacks today are costing governments and businesses billions of dollars and interrupting their operations. A recent ransomware attack on the City of Baltimore cost the city over $18M, and local governments from Riviera Beach and Lake City, Florida paid hackers $1M combined with the hope of getting its systems and data back. Since 2019 there has been a 450% increase in the count of vulnerabilities associated with ransomware and with the world’s acceleration to digital technologies for work and play, the risk of ransomware attack is only going to increase.
Amazon’s Positioning and Scope
As AWS continues to dominate the cloud computing industry, our competitors are taking note of our aggressive approach to create value for our clients and recognizing the need to be open to integrating third-party security tools into their cloud-computing platforms. Our reputation, customer-first philosophy, and exceptional talent has positioned us well to extend our existing offering of market-leading products in the cybersecurity space and maintain our competitive advantage.
In 2020, we partnered with Threatmodeler, a cloud security platform, to automate and accelerate the design of secure AWS cloud environments that allowed our customers to proactively secure their cloud. While the AWS marketplace ecosystem has benefited from this partnership, external attack surface management platforms have discovered 200,000 exposed AWS cloud assets, over two-fifths (42%) of which were identified as high severity issues — far higher than the 30% average across all industries. The management support team has done a deep dive into these gaps within our own threat modeling approach and we recommend two initiatives that can ensure Amazon’s leadership in the private sector in stopping the proliferation of ransomware attacks without trading off the present operating effectiveness of business units.
Strategies and Recommendations
i) Investing in a simulation-based training platform
Vulnerable software and improper access controls are the most common issues relating to high severity exposure. To help our clients, AWS marketplace vendors, and our customers, there is a timely opportunity to invest in developing a dynamic and experiential training platform that leverages agent-based modeling and allows our clients to simulate potential threats and take an iterative approach to building cybersecurity resiliency within their organizations. By taking a systems approach to training and education for cybersecurity, employees and stakeholders can re-engage with past threats and predict future threats with higher accuracy while reducing the upfront cost and redundancy that comes with consultancy and implementing third-party software into an organization’s tech-stack.
With the uptick in gaming induced by the pandemic and the public discourse on metaverse, the simulation-first approach has recently seen significant traction. Companies such as Actual HQ are leveraging this dynamic approach to help businesses with understanding climate risk. We are confident that our exceptional in-house team of product leaders, designers and engineers is well positioned to ship an industry-leading product designed with an unparalleled user experience for our customers that is integrated end-to-end with Amazon suite of products. This gaming-centered approach has the potential to position Amazon as a pioneer in enabling frictionless and customized threat modeling without having to rely on an expansive suite of third-party vendors and enable us to develop in-house expertise on the metaverse and to stay competitive without having to deviate core resources from existing projects on longer -term R&D initiatives.
ii) Developing the industry-standard threat modeling framework for phygital products
Our affiliate businesses that deal in hardware products continue to drive strong revenue by leveraging the network effects that come with our platform and offerings allowing them to compete with big box stores. Over the last few years, we have successfully launched in-house brands and hardware product line-ups including Kindle, Amazon TV, Alexa, and our most recent release of Amazon Astro which has allowed us to leverage the synergies that come with direct relationships with manufactures and avoid friction as we continue to pioneer ease of internet consumerism.
As the lines between physical and digital start to blur with the increase in IoT technologies and adoption of smart home devices nears 50% American households, we have an opportunity to become leaders in this category. The wrap speed at which this category is evolving presents many complexities for our customers as they try to understand the unique set of risks that come with phygital products and for us to understand how we can build systems to protect ourselves and members in our ecosystem. By increasing our R&D spend to develop an industry standard threat modeling framework for this category, which is currently non-existent, we have an exciting window of opportunity to complement our pioneering efforts in innovating for the home devices market with security guidelines and a playbook that governments and businesses can benefit from in the years to come. Such a framework can also help address the scrutiny that we’ve received in the past and our own emerging business line resilient to ransomware attacks.