Google invests in SMB cybersecurity adoption as attackers focus on India

The move is a part of Google’s efforts to take global cues and reduce cyber threats encountered by businesses that are largely online-facing, for which India is one of the world’s largest markets, said Heather Adkins, vice-president of security engineering and founding member of Google’s security team, in an interview with Mint.

“With the sheer volume of the Indian market, there is a massive amount of cyber threats that small businesses with limited resources face in India. We’re working with key government departments to raise awareness and help government officials take a cyber-first mindset, and are also ramping up our total funding of cybersecurity clinics for SMBs to $20 million to help the small businesses ramp up the prioritising of cybersecurity initiatives,” Adkins said.

On Tuesday, Google also said that it is ramping up its existing awareness initiatives with officials at the home affairs ministry and the Indian Cyber Crime Coordination Centre (I4C) in the face of rising scams—now popular as digital arrests. Some such attacks have seen individuals lose up to $700,000 in targeted scams, leveraging identity theft, spear phishing, and other various techniques.

The Big Tech firm’s safety initiatives in question seek to tackle a larger threat, which cybersecurity industry stakeholders have repeatedly raised will require efforts from governments, private firms in a public-private partnership (PPP) model, and stakeholders across agencies. To this end, Adkins said that the company already plays a role in enabling the sharing of data between organisations and geographies, as and where necessary.

Collaboration across borders

“Data sharing across geographies still requires the requisite regulations to play out as intended. But if two nations are actively collaborating, then we’re often a part of enabling the sharing of information as far as possible for investigations to materialise. On our end, we read trends originating in one geography to enforce preventative measures in another nation, to see if we can prevent scams from replicating across geographies. We’re actively leveraging automated and artificial intelligence markers to detect which patterns of usage or conversations lead to scams and cyber breaches, and a key part of our India charter is to try and prevent them,” she said.

Industry stakeholders believe that investing in a ground-up solution, the roots of which Google underlined as part of its cybersecurity efforts with small businesses, could be key.

“By sheer volume, small and medium businesses are the root points of an online security stack, and your cybersecurity is only as secure as its weakest link. To this end, can we set up a cyber dome akin to Israel’s ‘Iron Dome’ air defence system? Today, this is steadily becoming an imperative,” said Aditya Varma, commander (retired), Indian Navy and head, defence and homeland security for STL Networks Ltd.

The key to achieving this, Varma added, would be to offer a rationalised cost structure for small businesses to invest in cybersecurity. “It’s difficult to demarcate where critical infrastructure begins in a stack of operations among businesses. The government has to play a role in subsidising access to cybersecurity, and companies such as Google, while having the capacity, could see complex business cases in bringing small businesses into the cyber-secure network,” he said.

Android majority

Adkins, however, added that Google continues to invest in cybersecurity efforts in India, since the vast variety of businesses and the size of the country’s consumers naturally make it a hotspot for various cyber scams and spam. As part of these efforts, Google is also ramping up its efforts to notify if a call is a potential spam—baking the feature natively into its Android ecosystem, she said. The latter accounts for over 95% of the 750 million active smartphones in India.

This is a key factor affecting millions of users daily, beyond cyber attacks permeating small business networks. In February, Singapore-based cybersecurity firm Cyfirma highlighted the propagation of ‘SpyLend’—a “simplified finance and lending” application that spread data-stealing malware across more than 100,000 devices within one week.

To take on this, India is a key part of Google’s security engineering efforts.

“Our security team is spread around the world—overall, we have nearly 8,000 people working horizontally across divisions on security initiatives. In India, we have over 1,000 people based in Bengaluru and Hyderabad working on security in products, security strategies, government partnerships and more. We’re using these to scan billions of mobile applications on Android, and eventually, hope that we can filter out as many threats as possible,” Adkins said.