Partners urged to be more vocal on customer security: Google’s Phil Venables

As cyber attacks become more prevalent, partners must help define strong security.

Organisations must lift their baseline security posture to avoid being easy targets for attackers exploiting weaknesses or lapses.

Phil Venables, strategic security advisor, Google said, “Given the prevalence of cyber attacks and exploitation for ransomware, more and more organisations are targets of opportunity.”

Partners play a critical role helping organisations set security controls, but they need to be more vocal.

“You have to get a lot more opinionated about what default levels of control should exist,” said Venables, speaking from the ISC2 Security Congress in the US this week.

Just a few years ago, strong cryptographic authentication, vigilant patching and strictly locking down systems were reserved for banks or telcos. Today, they’re table stakes for everyone.

“All service providers, including partners, need to be clear about implementing strong security policies,” he said.

This means having full safety settings enabled by default, but service providers shouldn’t fear customer backlash.

“Most people don't mind, as long as you're not doing something that's disastrously unusable,” have told CRN Australia.

Large tech platforms set the bar for how partners resell and manage their services, helping to raise their defences and support customers to do the same.

When Google switched on strong authentication by default, it was prioritised initially through partner organisations, which were vetted and qualified.

“They had to adopt that and then help customers they were reselling the services to adopt that,” he said.

Now AI has entered the picture, bringing new opportunities for security, but also new risks, particularly if it’s adopted in uncontrolled, risky ways.

“There's going to be a lot more software, courtesy of AI, and more vulnerabilities in that software, but many organisations are not prepared for this wall of vulnerabilities,” he said.

Partners are a key target for attackers

Venables said partners have more opportunities to integrate and package services, but they need to articulate the benefits of bundled security offerings.

“Some customers might not like that everything's aggregated because the bill’s gone up, but most want a fully integrated package,” he said.

The selling point is strengthening security with complementary services and saving the time and hassle of managing multiple different service providers.

“Customers don’t have to buy two separate things and integrate it. They just get it as part of the stack,” he said.

However, because resellers and managed service providers sit between platforms and customers, they’re becoming high-value targets for attackers seeking indirect access.

“Attackers recognise this, and there's been a lot of attacks at that partner layer as a means of getting into [customer] organisations that receive those services,” he ended.