Leonidas Dracopoulos, Tech Lead, Greece – Cyprus – Malta of Amazon Web Services (AWS), talks to InfoCom about best practices in cybersecurity and protecting customer data. Drakopoulos emphasizes the importance of a multi-layered security strategy, including strong encryption, regular software updates and strict access control policies. It highlights the importance of employee education as the first line of defense against cyberattacks and addresses the most common vulnerabilities exploited by cybercriminals, suggesting solutions such as regular updates and training of the user. It turns out that security is at the heart of the philosophy of AWS, ensuring the protection of customers and strengthening their trust by combining security with innovation and flexibility of its services.
What are the best practices that companies should follow to protect their data from cyber attacks?
For companies to protect their data from cyber-attacks, it is important to employ multi-layered security measures, such as strong data encryption, regular updating and monitoring of systems to detect and prevent intrusions, and the implementation of strict access policies and user rights. Cyber ​​threats are constantly evolving and at AWS we are constantly investing in innovative solutions to keep our customers safe and their businesses running smoothly.
We can be confident that the AWS cloud infrastructure is one of the most secure and reliable in the world, and so are the customers who use our AI services. We have adopted advanced technology to ensure maximum protection for our customers. We offer tools like AWS Identity and Access Management (IAM) to help implement fine-grained access controls, as well as AWS Key Management Service (KMS) to securely manage encryption keys.
Our practices include implementing strong access policies, encrypting data, using multiple layers of defense, and monitoring networks to detect unusual activity. Every day, millions of users around the world trust the security of our services for their technological infrastructure. From leading companies to government agencies, our customers choose us for the support we offer, as security is at the heart of our philosophy.
What is the role of employee training and awareness in enhancing a company’s cybersecurity?
For us at AWS, security starts with knowledge. Employee training and awareness is the first line of defense against cyber attacks. At AWS, we train our partners to identify and address any potential threats, protecting our customers’ data and infrastructure. When employees are aware of the threats and techniques used by cybercriminals, they are more likely to recognize and prevent potential attacks.
Ongoing training on topics such as phishing attacks, password management and secure use of systems can significantly reduce security risks by enabling employees to recognize and understand the various cyber threats that the company can face.
In summary, employee cybersecurity training and awareness is critical for both AWS and other cloud companies. It helps protect customers and maintain the integrity of their infrastructure in an environment full of threats and constant change.
What are the most common vulnerabilities exploited by cybercriminals and how can they be addressed?
At AWS, we detect and prevent cyberattacks every day, keeping our customers’ data safe. With the largest public network of any cloud provider, we have excellent visibility into what’s happening online in real time. The most common vulnerabilities exploited by cybercriminals include software weaknesses, vulnerable websites, poorly secured accounts and poor user security practices.
Addressing these vulnerabilities requires regular software updates and upgrades, implementing strong access control policies, and training users to recognize and avoid malicious practices. Our commitment to the protection of customer data and the seamless operation of their operations remains a non-negotiable commitment for us.
What strategies and technologies do you use to ensure that AWS customer data remains secure?
Ensuring the security of our customers’ data in many ways, some examples are high-end encryption, strict access controls and constant monitoring for threat detection. We also innovate using Generative AI technologies for even more effective analysis and immediate response to cyber threats. Generative AI technology is extremely useful for organizations and a useful tool for IT and security managers, helping to identify risks and solve problems effectively.
More specifically, in AWS, we recently announced two new security services that use Generative AI technologies: the first is the ability to generate questions in natural language through AWS CloudTrail Lake, which allows security managers to quickly analyze data. With this new feature, questions like “how many errors were recorded last week and what caused them?”
Through the second service, called AWS Audit Manager, users can easily see if the way they implement Generative AI in AI / ML platforms, such as Amazon SageMaker and Amazon Bedrock, comply with security best practices AWS. At AWS, security is our first priority, because customer trust is our most valuable asset, and that is why we are committed to providing the most advanced and reliable solutions to protect their data.
More generally, how can artificial intelligence be used to detect and prevent cyberattacks?
Artificial intelligence can automatically detect anomalies and cyber attack patterns through the analysis of massive volumes of data, systematically protecting businesses. This technology offers an immediate response, reducing the response time to attacks of any kind. AWS AI solutions allow customers to flexibly integrate these technologies, increasing their security capabilities without adding unnecessary complexity.
How does AWS manage the challenge of balancing security with the need for rapid innovation and agility?
At AWS, we balance security with the need for rapid innovation and agility through a multi-dimensional approach. A central element is the automation of security processes, which is integrated from the design to the development and operation of our services. This ensures that security is not just an extra layer, but deep in our culture and processes.
Continuous training of development teams is critical. Our developers and engineers receive ongoing training in cybersecurity. This open education practice encourages communication and knowledge sharing between different teams, allowing new ideas and technological innovations to emerge immediately without compromising the security of our customers.
Through this approach and recognizing continuous training as a critical aspect of our cybersecurity success, AWS ensures not only the security of its services, but also the flourishing of innovation in a rapidly changing environment.
What initiatives or innovations has AWS taken and adopted recently to strengthen its resilience against cyber threats?
AWS is constantly innovating to strengthen its resilience against cyber threats with initiatives that reflect its commitment to the security and protection of its customers.
We recently announced MadPot, an advanced network of threat detection sensors (honeypots). This system uses fake targets to reveal attacker tactics and protect customers from cyber attacks. Also on display at the re:Inforce conference was Sonaris, an internal tool that analyzes network traffic and detects malicious connections, as well as identifying potential vulnerabilities. Between May 2023 and April 2024, Sonaris prevented more than 24 billion attempts to scan data in Amazon S3 and nearly 2.6 trillion attempts to find vulnerable services on customers’ Amazon EC2 servers.
These initiatives demonstrate AWS’ commitment to innovation and security, incorporating technologies that proactively protect its customers’ infrastructures and strengthen resilience against evolving cyber threats.
What do you think about the future of cybersecurity and what technologies or practices do you think will play a key role in protecting data and infrastructure?
Cyber ​​security is becoming increasingly important as the rapid development of technologies constantly creates new threats. We are seeing a continuous shift towards automation and the integration of artificial intelligence and machine learning in cybersecurity, with the goal of quickly detecting and effectively preventing attacks.
AWS seeks to innovate in this sector by combining security with flexibility and the performance of its services with technologies such as AWS GuardDuty that offers continuous monitoring and automatic detection of threats.
In the future, we see the integration of more advanced solutions that use artificial intelligence and machine learning to address complex cyber threats with greater accuracy and speed, increasing the security and trust of our customers.