Google’s scale means early breach disclosure is paramount
Google has had a tumultuous past few months. The company has suffered multiple breaches, affecting millions of users and inadvertently exposing their names, email addresses and other personal information.
Recently, Google CEO Sundar Pinchai was grilled by Congress on the breaches, saying “we work hard to ensure the integrity of our products, and we’ve put a number of checks and balances in place to ensure they continue to live up to our standards.”
But is this all too little too late? 2019 is shaping up to be a crucial year for the tech giant.
When so many users trust large companies like Google with their personal data, it's up to these companies to disclose any compromise of the data security as early as possible.
Not only does it honor the rights of consumers to know what is happening with their personal data, but also gives them the opportunity to be aware of the consequences and take proactive actions to contain the damage to their online accounts.
Such disclosures should include not just the incident report but also detailed forensics and analyses about how the attack happened. This information can be critical in helping the community put up a coordinated front in fighting cybercrime. As detailed information about a breach becomes available, it helps other companies develop a comprehensive understanding of the threat landscape and attackers’ methods allowing them to become better prepared to prevent such breaches in the future.
This means that their other critical online services accounts are now at a higher risk of being compromised. Some of the most common high-risk targets are online banking, health care services, workplace data and online citizen services from the government.
There is no doubt that security breaches will continue to escalate both in frequency and profile in 2019. The increasing economic incentives for attackers, due to the evolution of dark web marketplaces for such data, will continue to motivate them to launch more attacks. Experience gained from recent successful breaches combined with hoards of data collected for AI algorithms will make attackers increasingly effective going forward.