ChannelLife Australia logo
Industry insider news for Australia's technology resellers
Partner content
Story image

Without trust, your security team is dead in the water

By Jessie Chiang
Tue 5 Jul 2022

The rise of cyberattacks and data breaches has increased the need for sound security that works across any type of business. But with any change in an organisation, buy-in is essential.

Airwallex's head of IT and information security Elliot Colquhoun says from a security perspective, organisations tend to over index on reviewing security controls, such as those implemented by a vendor or implemented within their own environments.

"This is a useful lens for business as usual, however, security professionals should expand their evaluation to also include the human and often undervalued aspects of trust," he says.

"Do your employees trust your security team? Do your customers have a positive perception of your security that has earned their trust?"

Colquhoun says having the trust of employees and customers is a force multiplier for security. At Airwallex, the staff are generally passionate about privacy and understand the impact of security changes, and so positive engagement is critical.

"We have seen first-hand that the high level of trust from our employees results in easier and more effective implementation of security changes and controls. The impact of this extends to our customers – their increased trust in our controls drives loyalty and wider adoption of our products," he says.

Later on, this positive branding also becomes a differentiator and a revenue multiplier. Companies get greater customer access because they have the perception and brand to convince their internal security teams.

How can security leaders build trust with employees and customers?

Trust is built on communication and transparency. Colquhoun advises that companies should share what is on their roadmap and openly discuss recent incidents or investigations. Focus on the impact of changes they're making and explain why they are required.

"Recently, we implemented a VPN which performed TLS interception. Naturally, some employees had concerns about the privacy implications, particularly for personal internet browsing," says Colquhoun.

To navigate these concerns, Airwallex took several steps to ensure its staff backed the objective, including:

1. Distributing a fact sheet that helped explain the privacy considerations in as simple language as possible
2. Writing an internal blog post explaining why it was implementing these changes
3. Hosting town hall meetings in each region, allowing employees to voice any concerns and the security team to answer any questions.

"Being transparent made our employees feel heard, and this increased the overall uptake and integration of the VPN. Some of our most cynical users turned into supporters who helped build our VPN into firewall rules for tools within their departments," says Colquhoun.

"Transparency is equally important for your customers as it allows you to demonstrate the maturity and strength of your security program. It's important to define the perception before customers define it for you."

"For example, we list our security certifications and details about our security program on the Airwallex Trust Centre, an NDA-protected portal on our website. We also publish blogs –such as our engineering team’s Medium page– and open source parts of our security infrastructure, in an effort to be transparent about our security program and share learnings with others in the industry."

Building security into a business identity transforms how its customers view its implementation – from simply alleviating a user experience pain point to adding real value to the customer's experience.

Traditional security engagement programs have turned into a box-ticking exercise

Increasingly rigorous regulator and partner requirements for security awareness and vendor reviews have driven a need for a very specific engagement model. For employees, this is typically annual security awareness training. For customers, this is likely SOC2/ISO27001 or similar audited reports. Unfortunately, while these strict requirements are the minimum acceptable controls for a regulator or partner, they often fail to drive meaningful engagement.

Colquhoun says if we're honest with ourselves, these box-ticking exercises alone do not represent the ever-evolving security program required to safeguard against modern threats. They also lack the opportunity to showcase the meaningful and differentiated controls implemented by security programs.

This is where a dual approach can be most effective.

"At Airwallex, we strengthen compliance-driven security awareness to meet regulations, with 'behind the curtain' awareness events to build trust and transparency," he says.

"Each quarter, we run an in-person session open to all staff; diving into some recent security investigations, giving our staff a better understanding of what the security team works on, and the kind of threats we are protecting our company from. This transparency leads to increased trust."

Colquhoun says frequent communication and transparency are critical when implementing a security program that prioritises building trust. Therefore, when designing a program, businesses should consider the following:

  • Do employees know what's on the security team's roadmap for the year?
  • Do employees know why different security controls are being deployed and the risks and threats they aim to reduce?
  • What is your customer's perception of your security?
  • How closely does that customer perception match the state of your security program?
  • Are you proactive or reactive with your communications?

Additionally, a senior management team with a deep understanding of how security impacts the business and its operations, is critical in determining the success of a security program. Engagement metrics – such as employee surveys measuring trust in your security team or increases in reported security events – are useful for obtaining trust from senior management.

"All of these methods require time. While a relatively easy and impactful addition to budgets and roadmaps, trust isn't built overnight, but once earned, the return on investment is priceless," concludes Colquhoun.

Related stories
Top stories
Story image
Tech job moves
Tech job moves - Cohesity, Equinix, IDC, Proofpoint & Xero
We round up all job appointments from July 29 - August 5, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
10 Minute IT Jams
Video: 10 Minute IT Jams - An update from Heidrick & Struggles
Graham Kittle joins us today to discuss how the company is helping organisations bring about change within their business.
Story image
Inde
Exclusive: Inde provides innovative solutions across the tech sector
Inde likes to call its approach the 'power of the collective', which essentially means that if a client approaches the company with a problem, they'll get the team's collective insight to help drive the best outcome.
Story image
Tablets & laptops
Hands-on review: Xencelabs Graphic Display Tablet
Xencelabs seemed to show up out of nowhere on the market. I had no idea who they were or what they were about, but I was very intrigued.
Story image
Tablets & laptops
Chromebook and tablet shipments see another rapid decline for the year
According to research from Canalys PC Analysis, Chromebook and tablet shipments have fallen for the fourth quarter in a row for Q2 of 2022.
Story image
i-PRO
VisualCortex and i-PRO partner for enhanced APAC deployments
VisualCortex and i-PRO have partnered to facilitate enterprise-wide Computer Vision technology deployments in APAC.
Story image
Artificial Intelligence
Runecast's award-winning platform future-proofs businesses
Runecast provides both security and operations teams with what a few industry experts have called a 'must-have' solution.
Story image
Partner awards
Vertiv recognises outstanding 2021 A/NZ channel partners
Vertiv has recognised the exceptional contributions that its Australia and New Zealand channel partners made to its IT and mechanical and electrical (M&E) businesses in 2021.
Wiise
Discover why cloud ERP is central to a growing business' tech stack. Sign up now for free.
Link image
Story image
Infrastructure
Rimini Street announces new suite of security solutions for enterprises
Rimini Street has announced the launch of Rimini Protect, a new suite of security solutions set to provide a more comprehensive layer of security.
Story image
Mobile Device Management / MDM
Claroty's Team82 uncovers two vulnerabilities in FileWave’s MDM system
Claroty’s research arm (Team82) has uncovered and disclosed two critical vulnerabilities in FileWave’s Mobile Device Management (MDM) system.
Story image
Check Point
Ransomware now impacts 1 out of 40 organisations a week
Retailers and the wholesale sector saw the largest spike in ransomware attacks, with an alarming increase of 182%.
Story image
CRM
Forrester names Pega a Leader in CRM Solutions 2022 report
Forrester Research has named Pega a Leader among 11 competitors in The Forrester Wave: Core CRM Solutions, Q3 2022 report.
Story image
Cybersecurity
Optic Security Group on Australia recruitment drive
Trans-Tasman security integrator looks to meet the twin challenges of high client project demand tight & labour market supply with new opportunities.
Story image
SAP
Microsoft unveils two new security products to help reduce attack surfaces
The products are set to give companies deeper insights into threat actor activity and help them successfully navigate the changing threat landscape.
Story image
Cheetah Digital
Privacy, data ethics and the ‘seismic shift’ in consumer trust
Aussie consumers have low levels of trust for advertising, but will pay more to purchase from a trusted brand, a new report from Cheetah Digital reveals.
Story image
Gaming
Hands-on review: SteelSeries Apex Pro Mini Keyboard
SteelSeries has taken the design of its range of Apex keyboards to create a smaller version, the Apex Pro Mini. Techday’s Darren Price checks it out.
Story image
Appointments
Tech job moves - Checkmarx, Kinly, Syniti, Trellix & WalkMe
We round up all job appointments from July 22-28, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Wireless
Wave Audio spices up portfolio with first ever party speaker
Australian-based pioneers Wave Audio are enhancing their extensive range of groundbreaking new audio products by adding one of the most versatile speakers on the market to their growing portfolio.
Story image
Security vulnerabilities
Flashpoint says vulnerability disclosure ‘highly volatile’
Flashpoint has released The State of Vulnerability Intelligence: 2022 Midyear Edition, finding that the current state of the vulnerability disclosure landscape is ‘highly volatile’.
Story image
Data Protection
Video: 10 Minute IT Jams - An update from SearchInform
Alexey Pinchuk joins us today to discuss the role the company plays in helping organisations manage risk and provide better security outcomes.
Story image
BAI Communications Australia
BAI Communications to help improve mobile coverage across regional NSW
Deputy Premier and Minister for Regional NSW Paul Toole said regional communities deserve reliable and affordable mobile services.
Story image
Artificial Intelligence
Why smarter healthcare depends on data and automation
The pandemic has acted as a fierce catalyst for change. It’s strong-armed industries across the globe to embrace a world of new. Nowhere is that more evident than in healthcare.
Story image
Malware
Nozomi Networks Labs identifies impacts on 2022 threat landscape
Nozomi Networks’ latest research finds that wiper malware, IoT botnet activity, and the Russia/Ukraine war have had the biggest impact on the threat landscape in 2022 so far.
Story image
SAP
OutSystems joins SAP PartnerEdge program, integrates solutions
OutSystems has become an official member of the SAP PartnerEdge program. This will make it easier for other businesses within the SAP ecosystem to discover and connect with OutSystems.
Story image
Printers
Comedy legend Jimeoin fronts Epson advertising campaign in NZ and Australia
According to Epson the company’s EcoTank models now account for 74% of all printers sold in the category in New Zealand, alone.
Story image
Phishing
Top universities lagging on basic cybersecurity - report
Universities in Australia, the US and the UK are lagging on basic cybersecurity measures, creating higher risks of email-based impersonation attacks.
Story image
Microsoft
SaaS sector in NZ thriving as a result of trans -Tasman partnerships
New Zealand's Software-as-a-Service (SaaS) sector is on track to be the biggest contributor to GDP this year, generating more than NZD$20 billion for the New Zealand economy.
Story image
Compliance
Why security needs to shape your journey to the cloud
It's estimated that 80% of workloads could be in the cloud in the next few years. How can you make all that data secure?
Story image
Sustainability
Phronesis Security achieves B-Corp certified status
Phronesis Security has become the first cyber security company in Australia to achieve the coveted B Corp certification, having been certified since June 2022. 
Story image
Sustainability
Green hydrogen company Hysata raises AUD $42.5 million
Global investors are supporting Hysata's hydrogen electrolyser technology as the organisation closes its oversubscribed Series A funding round of AUD $42.5 million. 
Story image
Wireless
Hands-on review: James Donkey RS4 Knight Wireless Gaming Keyboard
I have always liked mechanical keyboards, and this is no exception. I find the action much easier to use than the modern keyboards with limited travel.
Story image
Digital Transformation
Macquarie Telecom rolls out SD-WAN services for mycar Tyre & Auto
Macquarie Telecom says it has rolled out NBN and SD-WAN services to more than 270 mycar Tyre & Auto stores across Australia. 
Story image
Biometrics
AU biometric security company achieves B Corp cert
Australian biometric security firm Daltrey has announced it has become the first cybersecurity vendor in AU to achieve the B Corp certification.
Story image
Cybersecurity
More than a fifth of cybersecurity teams ban the use of public WiFi
Verizon’s fifth annual Mobile Security Index report has revealed a continued rise in significant cyberattacks in the last year involving a mobile/IoT device.
Story image
Wireless
Wave Audio delivers ultimate immersion with new wireless earbuds
Wave Audio, one of Australia's best new audio brands, has recently released a set of landmark noise-cancelling true wireless earbuds, the Immersive Pro.
Story image
Data
Consumers will stop doing business over data practices
“Data privacy remains a concern for consumers when it comes to sharing their information with an online retailer with an unclear view of privacy laws."
Story image
Phishing
Phishing, software vulnerabilities cause 70% of cyber incidents
The heavy use of software vulnerabilities matches the opportunistic behaviour of threat actors who scour the internet for vulnerabilities and weak points.
Story image
Product Management
TeamViewer and Siemens to innovate product lifecycle space with AR
TeamViewer's new partnership with Siemens Digital Industries Software to bring the power of TeamViewer's AR platform, Frontline, to Siemen Teamcenter software.
Story image
Gaming
Logitech G’s new Aurora collection looks to help change gaming stereotypes
The company’s new Aurora collection is designed to be gender inclusive, not gender exclusive, addressing the needs and wants of women gamers while also still appealing to a wider general audience.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Identity and Access Management
Pitney Bowes launches rebranded management offering in A/NZ
Pitney Bowes has launched Smart Access Management (SAM), its rebranded digital visitor and contractor management offering in Australia and New Zealand.