The CISO for Amazon Web Services (AWS) is advising fellow cybersecurity leaders to observe, learn and innovate as quickly as possible in an era where IT environments are rapidly changing faster than ever.

AWS CISO Amy Herzog said that while threat prevention remains critical, it’s clear that the tactics and techniques being employed by adversaries are rapidly evolving as AI is increasingly employed to continuously launch more sophisticated cyberattacks. Cybersecurity teams now need to be able to continuously observe IT environments in order to be able to respond faster than those adversaries can act, said Herzog.

In effect, cybersecurity teams now need much higher levels of visibility and automation to enable them to resolve issues at speeds that make it significantly less profitable for adversaries to launch a cyberattack in the first place, she added.

Most organizations are a very long way from being able to achieve that goal today, but the need to revamp cybersecurity workflows is becoming more pressing with each passing day. Cybercriminal syndicates are investing more in automation and AI with an eye toward not just reducing the cost of launching a cyberattack but also the amount of time required to exploit any newly discovered vulnerability.

At the same time, most cybersecurity teams, even in the age of AI, remain understaffed, noted Herzog. The only viable option will be to invest more in automation to enable organizations to combat threats in near real time, she added.

Additionally, most organizations will need to reconstitute how their cybersecurity teams are organized with an eye toward hiring more creative thinkers who are able to anticipate how a cyberattack might be launched against a specific IT environment, noted Herzog.

As part of that effort, cybersecurity teams will also need data engineers to manage the massive amounts of telemetry data that are needed to continuously observe IT environments, she added.

The ultimate goal is to create a cross-disciplinary team that has a much deeper level of understanding of the IT environment they are tasked to protect, said Herzog.

Achieving that goal will require significant investments, which may be one reason that even during challenging economic times, the size of the average cybersecurity budget continues to increase. The issue is that cybersecurity syndicates and nation-states are leveraging much larger financial resources to make similar investments at a much faster pace.

Like it or not, many of the tools and platforms that cybersecurity teams currently rely on are not designed to enable them to respond in near real time to cyberattacks. Each organization will need to determine to what degree to replace those tools and platforms versus, alternatively, adding an integration framework capable of processing and analyzing telemetry data in real time that they would have to deploy and maintain.

Regardless of approach, the one thing that is certain is that the pace at which cyberattacks are launched and, hopefully, thwarted is about to exponentially increase. Unfortunately, the only thing left to determine in the meantime is the damage those cyberattacks might inflict before organizations are able to effectively respond.