Google this week unveiled new cybersecurity defense controls aimed at fortifying the security of its Google Workspace users against social engineering attacks like phishing and preventing unauthorized account takeovers. These robust measures include the introduction of an additional layer of protection that mandates sensitive Google Workspace actions to be authorized by two administrators.
A Vital Layer of Security
One standout feature is the implementation of multi-party approval. This entails requiring at least two administrators to confirm critical changes for enhanced security within a workspace. For instance, when a Google Workspace administrator initiates a high-stakes action, such as modifying 2-Step Verification (2SV) settings, another administrator must provide approval.
According to Andy Wen, Google Workspace’s Director of Product Management, “With this initial framework release, we currently are supporting just 2SV settings change and expanding this capability to other actions based on admin feedback.” This innovative approach is designed to provide an extra safeguard against unauthorized modifications and activities that could compromise the workspace’s integrity.
Reinforcing Administrator Security
Google is making significant strides to bolster administrator security by making 2-Step Verification (2SV), also referred to as two-factor authentication (2FA), mandatory for specific enterprise administrators. The adoption of 2SV is a proactive measure to significantly reduce the risk of compromised administrator accounts. Yulie Kwon Kim and Andy Wen from Google emphasize that “2SV can result in a 50% decrease in accounts being compromised.” Starting later this year, select administrator accounts within Google’s resellers and largest enterprise clients will be required to activate 2SV for heightened security.
Also Read: Google Chrome will soon warn you when installed extensions are malware
Empowering Gmail Defense with AI
To further elevate security, Google is expanding its AI-powered Gmail defenses to cover a broader range of sensitive email actions. This includes activities like message filtering and forwarding, crucial steps in curbing phishing and other identity-based attacks. By extending AI-powered protection to these actions, Google aims to thwart potential threats and enhance the overall security of Workspace users.
Efficient Log Export for Enhanced Threat Response
Google Workspace users will now enjoy an expedited method for exporting logs to Chronicle, Google’s cloud-based Security Operations Suite. This streamlined process empowers security teams and administrators to swiftly export Workspace logs, thereby bolstering their ability to respond effectively to potential threats. Quicker access to logs contributes to improved threat response times and a more robust security stance.
Protecting Against Social Engineering
Social engineering attacks, particularly phishing, remain one of the most prevalent entry points for data breaches. Google’s proactive threat defense controls within Workspace are geared toward preventing, detecting, and responding to such identity-based attacks before they escalate. These measures underscore Google’s commitment to fortifying its ecosystem against emerging threats, ensuring a safer digital environment for its users.
Also Read: Google will now alert you when your private contact info appears online
In conclusion, Google’s latest cybersecurity enhancements for Workspace users reflect the company’s dedication to providing advanced protection against social engineering attacks and unauthorized access. By introducing multi-party approval, mandating 2SV for specific administrators, enhancing AI-powered Gmail defenses, and facilitating expedited log exports, Google is empowering its users with robust tools to safeguard their digital workspaces.
These proactive measures underline Google’s continuous efforts to bolster cybersecurity across its platforms and create a safer online landscape for all.
