With businesses of all sizes facing a range of cybersecurity threats on a daily basis, the need for a strong and intelligent threat protection offering has never been more crucial.
At its recent Google Cloud Next 25 event, the company was understandably keen to tout its cybersecurity leadership, unveiling a range of new tools and services, with AI unsurprisingly playing a major supporting role.
To find out more on what threats businesses should really be worried about, and to learn more about Google’s own security priorities, I spoke to Sandra Joyce, Vice President of Google Threat Intelligence Group, at the event.
Cyber superpower
Cyber threats can now originate from any country, but Joyce highlights the sheer amount of possible risks coming from “the big four” - Russia, Iran, North Korea, and most notably - China.
China is, “probably the biggest (threat)...they’re getting so hard to detect,” Joyce declares. “They have, I would say, completed their journey to cyber superpower status.”
“There’s likely a capability we haven’t seen, but certainly espionage is first and foremost China’s big lever to pull,” Joyce explained.
“Their capabilities are increasing in ways that are very concerning,” she says, highlighting the recent Salt Typhoon attacks against critical US infrastructure as evidence of the nation’s growing strength in cyber operations.
"We're looking at a major increase in capability,” Joyce says, “they’re leveraging what we’re calling the visibility gap and concentrating their efforts on those areas where endpoint detection and response solutions (EDRs) don’t traditionally operate, like firewalls and edge devices.”
Joyce notes that her team used to be able to detect Chinese threat actors “pretty easily” via the infrastructure being used - however the criminals have now switched to using rented hardware, which is refreshed every 30 days and operated in small offices.
Given the scale of these threats, I ask Joyce about what role Google itself has to play in the wider security space going forward - is it being a first response system, a protector - or to take the first strike?
“That is the goal,” she says, “we do take direct action, especially if they’re touching the Google infrastructure - but we have a lot of options to take action…more and more, some of the creative thinking we have is, how do we disrupt this type of activity - within the laws that govern this type of activity.”
Working with law enforcement forces is a key method, she notes, but Google Cloud also takes direct action on the infrastructure itself, and partners with other organizations for co-ordinated takedowns.
“There's a lot of ways we can disrupt and do the right thing,” she says, highlighting the company’s responsibility to protect not only Google’s products and people - but its customers too, “the more we know about the threats, the more we can do.”
I also ask Joyce about the role of AI in cybersecurity, given it has transformed so many other areas in the business world over the past few years.
The company announced several AI-enabled security services and tools at Cloud Next 25, most notably Google Unified Security (GUS), a combined platform for firms to access all their security tools in a single location, as well as several security-focused AI agents.
Joyce says the potential impact is, “fascinating…this is now the modern way people are going to expect to be able to interact with data.”
She notes that threat detection, analysis and mitigation will all see a huge boost from AI, greatly speeding up processes that used to take months into a matter of days, all enabled by natural language prompts that make it easy for all workers to use.
"I don’t think that we have an excuse to not lead in this space,” she adds, "because we have the technology, we have the expertise, we have the recipe to make something incredible.”
