Skip to Content

Google gets tough on security

Google gets tough on security

No longer fooling around

MOUNTAIN VIEW, Calif. – Google recently began enforcing security changes to Gmail that are designed to protect users, foil phishing attempts and reduce unwanted spam by targeting bulk email senders – a welcome development for the industry. 

Security measures designed to protect vulnerable users from targeted attacks align with the priorities of industry data privacy experts.  

“It's more than just the sort of bad actors that might be attempting to use that,” said Mark Bennett, CEO of Sentry Enterprises, during a recent webcast hosted by Security Systems News. “One of the biggest sources of data breaches is just simple internal employee human error, right? Somebody makes a mistake and inadvertently exposes, you know, data and how are we protecting ourselves against those sorts of concerns. (When) you think about the complexity of these systems, they're so complex, and it just leaves so many opportunities and such a large attack surface. There's just tremendous number of vulnerabilities in these systems that really aren't adequately being addressed and certainly not transparently.” 

Google – whose email platform has become the largest email service with more than 1.2 billion users around the world – began enforcing the changes in February, targeting users that send out more than 5,000 emails per day. 

Among the many changes, users must set up SPF and DKIM email authentication for their domain, ensure that sending domains or IPs have valid forward and reverse DNS records, use a TLS connection for transmitting email, and more. 

“As Gmail implements new verifying rules for high-volume email senders, it is a major roadblock for cybercriminals’ phishing and spam tactics,” Dr. Suleyman Ozarslan, Picus Security co-founder and vice president of Picus Labs, told Security Systems News (SSN). “Typically relying on ambiguity and impersonation, these threat actors lean heavily on identity obfuscation. By enforcing strong email authentication through DMARC, DKIM and SPF, Gmail will reduce email spoofing and domain impersonation-based phishing attempts. This shift in approach may prompt cybercriminals to explore more sophisticated or novel attack vectors, thus continuing the cat-and-mouse game between attackers and defenders.” 

An important factor to note is that the security changes that have been implemented currently apply to emails sent to personal Gmail account holders, not Google Workspace accounts. 

“These changes make the email environment safer and more reliable when put together,” Ozarslan said. “It’s a good step toward making common cyber threats less dangerous, which is good for the whole community. Nonetheless, it is very important to keep in mind that these measures will only work if they continue to evolve and adapt. That’s why our protections need to evolve, as well.” 

Comments

To comment on this post, please log in to your account or set up an account now.