A year ago, President Biden held a cybersecurity summit at the White House with several industry-leading companies such as Microsoft, Google, Facebook, and Amazon. Andy Jassy, CEO, and Stephen Schmidt, Vice President, Security Engineering, and Chief Security Officer, represented Amazon. The ask from the President was for commitments to enhance the security posture of our nation.
Stephen Schmidt owns security for Amazon, everything from satellite systems to robots, delivery vehicles, self-driving cars, and “AWS boxes with smiley faces”. Recently I sat down with Schmidt to understand Amazon's cybersecurity contributions and a new public service announcement (PSA) campaign, “Protect & Connect,” that launched on August 22, 2022.
Multi-factor authentication (MFA) and training
After the White House Security cybersecurity summit, two not-so-surprising conclusions emerged – the need for MFA and training. Amazon responded by providing free MFA security keys to eligible AWS customers. The company also made free internal security awareness training materials available to individuals and businesses worldwide.
Breaking through the jargon
A challenge in any technology organization is to impart security knowledge to employees in the language those people understand to get them to internalize it. As an industry, we do not do well speaking the language of the average human. Much jargon, scare tactics, and awful things make it hard for an average person to understand cybersecurity.
I cannot tell you how long I have evangelized for a simplicity of the jargon and security benchmarks that can better show what organizations are getting for their security investments. So far, the industry has failed at this.
Helping to move the needle on cybersecurity
Amazon harnessed several assets and resources to help move the needle on cybersecurity. Prime Video was one such asset with creative power and top-tier talent. Another was the advertising business and the owned and operated platforms used for distributing messages. Additionally, there was consumer reach through Amazon.com.
Leveraging the security talent across the organization, Amazon created a public service announcement (PSA) campaign to help consumers understand the best practices for keeping themselves safer online.
Cybersecurity awareness is not a new thing. Amazon is partnering in this effort with the National Cybersecurity Alliance (NCA), which consistently promotes cybersecurity awareness. The emphasis with Amazon is to take a different and more creative approach to make the information more accessible, engaging, entertaining, and educational.
Protect and Connect
“Protect and Connect” introduces the concept of an internet bodyguard where you can feel empowered to protect yourself online. Amazon used Prime Video actor Michael B. Jordan and actress/producer Tessa Thompson, as internet bodyguards to make the videos timely, relevant, engaging, and dynamic. The goal was to make the videos fun and light-hearted so that people would want to watch them and share them.
The PSA includes three major themes. MFA is the easiest and one of the most powerful ways to stay safe online. MFA is an authentication method that requires two or more verification factors to gain access to an application, online account, or a VPN. Most banking applications use MFA now. Users receive one-time passwords (OTPs) such as four-to-eight-digit codes via email, SMS, or mobile application. The code is generated based upon a seed value assigned to the user at registration and other factors, which could be a counter or based on time.
Phishing is a thing people need to recognize and avoid. Phishing uses psychological manipulation to trick users into making security mistakes or giving away sensitive information, especially before that first coffee in the morning. Phishing steals user data, including login credentials and credit card numbers. Attackers have become very adept at masquerading as a trusted entity to dupe the user to open an email, instant message, or text message. The result is often a malicious link that can lead to the installation of malware or, worse, a ransomware attack. An attack can have devastating consequences from unauthorized purchases, the stealing of funds, or identity theft.
Finally, what Amazon calls personal agency, is the idea that people can protect themselves online and have some power over the situation despite complex cybersecurity threats. The message is, "you own your security, and taking a few simple steps can help you along the way." Amazon has training material on the microsite available for free.
The microsite Protectconnect.com will house the video series covering the campaign's three pillars. And will include quizzes and interactive content to test consumers' knowledge of best practices for keeping safe online. A digital advertising campaign will launch to support the PSA campaign.
An altruistic publicly traded company is an oxymoron most of the time. But surprisingly, this is not about generating dollars for Amazon.
Amazon has a significant presence everywhere: Amazon Studios, Prime Video, Thursday night football, and a website that people go to in order things that show up at the house. Besides the Amazon logo, this campaign has little to do with Amazon. Consumers must stay safe on Amazon.com, Walmart.com, a banking application, or any online interaction.
Will this PSA benefit Amazon by reducing customer service costs? Perhaps if fewer people have credentials stolen, that translates to more occasional telephone calls to forgive fraudulent charges. The PSA is not about Amazon but about making people safer and enabling people to control online experiences more effectively and safely. Will some people presume there is some ulterior motive? Of course. But this is Amazon truly realizing a unique opportunity to contribute to cybersecurity awareness.
Amazon is a big player across multiple industries and uses that position for the greater good, just like Amazon’s climate pledge.
Note: Moor Insights & Strategy writers and editors may have contributed to this article.