Google gets tough on security

MOUNTAIN VIEW, Calif. – Google recently began enforcing security changes to Gmail that are designed to protect users, foil phishing attempts and reduce unwanted spam by targeting bulk email senders – a welcome development for the industry.

Security measures designed to protect vulnerable users from targeted attacks align with the priorities of industry data privacy experts.

“It's more than just the sort of bad actors that might be attempting to use that,” said Mark Bennett, CEO of Sentry Enterprises, during a recent webcast hosted by Security Systems News. “One of the biggest sources of data breaches is just simple internal employee human error, right? Somebody makes a mistake and inadvertently exposes, you know, data and how are we protecting ourselves against those sorts of concerns. (When) you think about the complexity of these systems, they're so complex, and it just leaves so many opportunities and such a large attack surface. There's just tremendous number of vulnerabilities in these systems that really aren't adequately being addressed and certainly not transparently.”

Google – whose email platform has become the largest email service with more than 1.2 billion users around the world – began enforcing the changes in February, targeting users that send out more than 5,000 emails per day.

Among the many changes, users must set up SPF and DKIM email authentication for their domain, ensure that sending domains or IPs have valid forward and reverse DNS records, use a TLS connection for transmitting email, and more.

“As Gmail implements new verifying rules for high-volume email senders, it is a major roadblock for cybercriminals’ phishing and spam tactics,” Dr. Suleyman Ozarslan, Picus Security co-founder and vice president of Picus Labs, told Security Systems News (SSN). “Typically relying on ambiguity and impersonation, these threat actors lean heavily on identity obfuscation. By enforcing strong email authentication through DMARC, DKIM and SPF, Gmail will reduce email spoofing and domain impersonation-based phishing attempts. This shift in approach may prompt cybercriminals to explore more sophisticated or novel attack vectors, thus continuing the cat-and-mouse game between attackers and defenders.”

An important factor to note is that the security changes that have been implemented currently apply to emails sent to personal Gmail account holders, not Google Workspace accounts.

“These changes make the email environment safer and more reliable when put together,” Ozarslan said. “It’s a good step toward making common cyber threats less dangerous, which is good for the whole community. Nonetheless, it is very important to keep in mind that these measures will only work if they continue to evolve and adapt. That’s why our protections need to evolve, as well.”

Related Articles

Inovonics to feature Inovonics Cloud Services software at ISC West, booth #3103

Investing Now Makes the Rest of the Year Less Taxing. Literally.

WeSuite’s Tracy Larson Shares How Speed and Accuracy Grow Sales Organizations

Four Ways Your Sales Process Defines Company Growth & Profitability

ADT – Knoxville, TN Receives TMA Five Diamond Monitoring Center Designation

Vitaprotech announces Delphine Guerrier as CEO EMEA

ALCEA and LRG Inc. announce security partnership

Iowa’s East Union Community School District to deploy ZeroEyes

Paladin Technologies launches ULC-certified monitoring station

Secure Logiq launches new website

Vince DiValerio retires after 48-year career with Vector Security

RapidFire acquires Albuquerque Low Voltage

Nice launches smart garage door opener and new mobile app

Everon’s ‘momentum is real,’ says CEO Dan Bresingham

Industry luminary Jim Henry passes away, colleagues reflect

Resideo acquiring Snap One for $1.4 billion

Google gets tough on security

Sponsored Stories

Related Articles