Google has today announced that the company is starting a new pilot program in which some employees will have their internet access restricted to help reduce cyberattacks.
More than 2,500 employees — many of whom volunteered — have been selected to participate and will only have access to internet-free desktop PCs. However, following feedback, this trial has since been revised to allow staff to opt out as well as take part.
With data breaches on the rise across the entire business landscape this year, Google’s aim is to try and reduce the number of cyberattacks it has recently fallen victim to.
Employees Won't Have ‘Root Access'
According to internal materials, not all employee restrictions will be the same, depending on the job role.
Some employees will lose their root access, meaning they won’t be able to install software or run administrative commands. Others will have revoked internet access with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail.
The program comes as a response of Google being a “target of frequent attacks,” such as the recent design flaw in the Google Cloud Build service, which let attackers escalate privileges to gain almost-full, unauthorized access to Google Artifact Registry code repositories.
The concern that triggered this particular security program is if an employee's device gets compromised, it means attackers can gain access to infrastructure code and user data, which in turn could result in a major incident affecting users.
Turning off the majority of internet access will make it a lot more difficult for attackers to find a way in.
Google Is Working Hard to Boost Security
Not only has Google and other tech companies experienced a recent rise in cyberattacks, but they’ve noticed an increase in their level of sophistication too.
Last week, Microsoft reported a “significant breach” in which Chinese intelligence had hacked into company email accounts to two dozen government agencies. This follows last month’s large-scale DDoS attack, which affected Microsoft Teams and Outlook. A Google spokesperson stated:
“Ensuring the safety of our products and users is one of our top priorities. We routinely explore ways to strengthen our internal systems against malicious attacks.”
In an effort to contain data leaks and fuel its cybersecurity efforts, Google has also turned to generative AI. Earlier this year, it introduced Sec-PaLM, an offshoot of the PaLM model that has been “fine-tuned” to include intelligence — like research on software vulnerabilities, threat indicators, and malware — into its security offerings.
Since launching its public sector division last year, the search giant has been pursuing US government contracts, making this rapid expansion into security initiatives even more understandable.