The Dark Side of Google’s Project Zero

John Gunn, July 17, 2014

Data breaches are up, losses from hacking are up, the sophistication of attacks is up, and the situation is going from bad to worse. I join my fellow citizens of the internet in a cry for help to be protected from the villains plaguing our online metropolis.

So, it is welcome news that Google is putting more resources into fighting hackers. News of Google’s Project Zero is sweeping the media and if anyone can make a difference, it’s Google. However, there is a potential downside to Google’s Project Zero and that is the danger to Google.

Here’s where I see the risk to my favorite technology provider.

Inflated expectations

Once the media latches onto a story, they can really run with it. The Guardian ran this headline, “Google uncloaks Project Zero security team set to defend the internet. Wow, talk about mission impossible – defending the entire internet. Sounds like a bigger job than increasing revenue at Yahoo; I hope the pay is as good. My favorite headline for over-hyped expectations comes from Business Insider, Google Is Hiring A Team Of All-Star Hackers To Fix The Internet.”

Collectively, security solution providers and ISVs invest untold millions fighting hackers and Google’s efforts will clearly help. But none of the security vendors has ever said they will fix the internet or defeat the growing army of hackers. They simply say they can help lower your risk. Hackers are set to outspend and outgrow Google in this war. When the internet is not fixed and people are not completely defended two of three years from now, will they blame Google?

Holy-Malware, Batman. Is that on the Google Play store?

I am an Android user and I have six or seven dozen apps on my mobile device. I am very careful about which apps I download because I know that the Google Play Store is not perfect in screening-out malware. The discovery of mobile banking malware such as the kind described in this piece from Lookout on the Google Play store will certainly come under greater scrutiny with Google’s new role as the Global Hacker Police.

You can’t protect people from themselves

Google can do a lot to reduce the impact of hacking attacks, but they could also bring about as much good by getting people to adopt safer internet habits. A leading research firm recently reported that “user collaboration,” meaning someone clicking on something that they should not, was a contributing factor in more than half of malware downloads.

How can we help ourselves?

Application developers and security solution providers have been racing forward in providing protection against hackers. At the same period, user activities have changed very little and remain a vulnerability that is more problematic and equally urgent. The adoption of basic and easy-to-implement security measures such as only clicking on safe links, not providing personal information online, and implementing two-factor authentication could go a long way to helping Google fulfill their promise of a safe internet.

John Gunn is OneSpan’s CMO and brings two decades of leadership experience in the IT security and software segments. Before joining OneSpan, John led the Security Solutions Group at Harland Clarke where he launched a popular SaaS consumer identity protection and anti-fraud solution.