“Google has fortified its defenses against cyberattacks, developing a resilient system capable of responding to threats at any moment. South Korea must adopt similar tactics and defenses to safeguard its infrastructure.”
Mark Johnston, Google’s Director of the Office of the Chief Information Security Officer (CISO), shared his insights on cybersecurity in an interview with the Chosun Daily on June 20 at the Westin Josun Hotel in Jung-gu, Seoul. He was in South Korea as a keynote speaker at the ‘2024 Cyber Security Conference’ hosted by ChosunBiz.
Google was the victim of the 2009 cyberattack known as “Operation Aurora,” where a cyber-espionage group linked to the Chinese government infiltrated servers and stole intellectual property from several tech companies, including Google. This incident led Google to enhance its cybersecurity measures significantly.
One of Google’s most notable cybersecurity programs is the Zero Trust system, which operates on the principle that no entity is trusted by default, and every action is authenticated and verified at each step.
“Zero Trust is a practice that has proven immensely valuable in building a secure and resilient infrastructure for Google,” Johnston said. “It’s a methodology that can help governments create a secure online infrastructure.”
Johnston explained that Zero Trust focuses on high levels of automation. If an endpoint is deemed insecure, it is automatically isolated for remediation, preventing the spread of risk to other network devices or users.
“Resilience is something Google takes very seriously,” Johnston emphasized. “Zero Trust is a fundamental capability that we believe ensures enterprise resilience.”
After serving as an Executive Security Advisor at IBM for over six years, Johnston joined Google in 2017 as a Cloud Security Specialist and now leads the Office of the CISO. The office helps Google Cloud customers securely navigate their digital transformation journeys and drive security innovation through cloud technologies. Johnston also advises on AI-related risk analysis and regulatory compliance.
Johnston highlighted the importance of South Korea preparing for potential cyber espionage operations. “It’s crucial to have a strong playbook to detect and respond to threats effectively,” he said. “Collaboration between private and public sectors in threat intelligence sharing can help identify potential local threats.”
Google’s security subsidiary, Mandiant, categorizes threats into Advanced Persistent Threats (APT), Financial (FIN), and Unclassified (UNC). APT involves prolonged attacks to leak information and destroy systems, while FIN seeks financial gain, including many of North Korea’s cyberattacks. UNC covers threat behaviors that do not fit into APT or FIN categories.
Johnston also recommended that South Korean companies leverage AI to bolster their cyber defenses. “Google’s ‘SecLM’ platform uses Gemini, a generative AI, to speed up incident response and report writing for cyberattacks by 51%,” he said. “South Korean companies can use AI to upskill their cybersecurity workforce and improve their response to cyberattacks. Investments in AI to automatically detect cyber threats should be a priority.”
