Cloud Security is People

Last week, I had the pleasure of visiting San Francisco to co-host a dinner event with AWS focused on cloud security. 

Our attendees were a powerhouse group of CTOs from successful startups, along with some SMEs from AWS and Mission. After cocktails, appetizers, and networking, we divided into smaller groups to enjoy conversation over dinner. 

Before sitting down, I took the opportunity to seed the room with a single question: what security risks are currently keeping you up at night?

What Keeps CTOs Up at Night

My experience with cloud security goes all the way back to the dawn of cloud itself, and while cloud has significantly evolved over the years, I’ve found that answers to my seed question have remained remarkably consistent. 

So, what is keeping technology leaders up at night? 

Well, to mimic Charlton Heston from the 1973 film Soylent Green, “Cloud Security is People!” 

So much juice is given to the technical side of cloud security, focusing on software and network vulnerabilities, malware, and other such technical threats. But while holes in technology stacks can be plugged by software and tools, human beings are a bit tougher to patch.

Proactive Cloud Security

As much as I’d like to be able to apply patches to the brains of our workforce to improve our security posture, the fact of the matter is that we have to be proactive about educating our coworkers about some of the fundamental risks targeted not at our infrastructure, but at our people. 

We’re all fallible and we all make mistakes, but an educated workforce will make fewer mistakes. 

This is becoming increasingly critical given that Generative AI is an accelerant to fuel the fire of social engineering and phishing attacks that target workforces globally.

Here are some interesting data points that reinforce the message:

• 68% of breaches involve a non-malicious human element such as social engineering, phishing, or making an error according to a 2024 report from Verizon.
• The 2025 World Economic Forum Cybersecurity Outlook reports that 72% of respondents report an increase in “organizational” cyber risks, and that there was “a sharp increase in phishing and social engineering,” with 42% of respondents reporting such incidents.
• The same WEF report finds that a staggering 47% of organizations cite adversarial advances powered by GenAI as their primary security concern. GenAI is a technology that presents a particularly strong capability to enable phishing attacks.
• In fact, Microsoft reports in its 2024 Digital Defense Report that “cybercriminals are leveraging the growing cybercrime-as-a-service (CaaS) ecosystem as well as AI technologies to launch phishing and social engineering attacks at scale.”

Educate Your Workforce

Like it or not, the threat landscape is evolving, and people-focused attacks are rapidly on the rise. 

So, how can you, dear reader, help your business respond? 

While implementing tools that can catch phishing attacks before they reach employees is wise, I’ve found that people-focused problems often benefit most from people-focused solutions. 

Again, an educated workforce is your best defense against social engineering and phishing. As you roll out AI-enabled tools to your teams, they will marvel at how persuasive the output of these tools can be. 

This is an ideal time to point out that the same tools can be used to persuade them to click a link, share a password, or otherwise become the victim of social engineering. 

Stay safe out there, folks!

For more on securing your AWS environment, check out our AWS Cloud Security solutions.