Month: February 2021

Organizations worldwide are witnessing the power of cutting-edge video to drive a return to business as (almost) usual. But while the technology itself is vital, it’s only one part of the process. In this article, we explore the health, safety and welfare policy that businesses should operate alongside their technology investment. Today’s intelligent AI-powered cameras provide vital screening services to organizations striving to get people back to business. These cameras can measure someone’s skin temperature and check if they’re wearing a mask or not; they can carefully monitor crowd density, flagging when there are too many people in a certain location; and they can accurately measure the distance between people, helping to uphold local social distancing regulations. But for this technology to deliver its full potential, businesses should also consider key HR and legal matters that may affect all those coming into view of the cameras. These considerations can be woven into a custom health, safety and welfare policy, which is understood and adhered to by all. Make sure your staff are on hand and informed First of all, you need to ensure there are staff available to support the screening process at your premises, and that they know exactly what they’re expected to do. Consider temperature screening, for instance. Who is going to be present to monitor temperature readings? And if someone does have a high temperature, what happens next? Moreover, what will you do if someone objects to having their temperature screened? Such things need careful consideration. Equally, when it comes to mask detection, will you have members of staff on hand to guide people towards your mask detection cameras? And if the camera finds no mask, will you provide one? For flow control, it’s vital to consider how many people you can safely accommodate on your premises at any one time. You also need to have a policy for what happens if people still proceed to enter a location that has reached full safe capacity. And if the system sounds an alert to one or more individuals, asking them to maintain social distancing, one key question is – how will you go on to enforce this? Consider employee consent and privacy I t’s also vital that staff fully understand that they are being screened, and that they agree to it before you do it. You should clearly inform employees of the video technology, the nature and extent of the monitoring, and its purpose, clarifying what has changed from your normal policies. It’s recommended to get official written employee consent for being screened. If you decide to use facial recognition for employee access control, this technology will reveal ‘personal data,’ which is defined as ‘processing personal data,’ and privacy regulations apply (such as GDPR in the EU). Consent for processing facial images is essential, so you must obtain it from each employee, who should be clearly advised that this data will be used only for future access control/ time attendance. Employees should also be given the option to withdraw their consent in the future if they change their mind. The data of a human subject’s body temperature generated during automated temperature measurement is not defined as a ‘personal data’ under certain data protection laws. However, it cannot be ruled out that data protection law does apply in the case that it’s possible (even subsequently) to identify the people passing the cameras. Tailor your policy to your business Of course, every business is different. So when devising your own health and safety procedures, it’s vital you tailor each element to your business, your environment and your policies. What’s more, it’s important to check changing guidance and requirements for your geography regularly. You may want to consider getting legal advice, so that you get this part of the process absolutely right. At Hikvision, we have endeavored to optimize our products and help our customers reduce the compliance risks regarding data protection law. What’s more, we recognize that technology is only one part of the back-tobusiness story. That’s why we’ve produced a back-to-business eBook that overviews our camera portfolio, explains how to install them for the best results, and outlines the health and safety considerations for using them.  

Sandesh Kaup Country Manager, Milestone System, India & SAARC The retail industry in India is one of the fastest-growing in the world. According to the Indian Brand Equity Foundation (IBEF), it is also the fifth largest and preferred retail destination globally. With the number of large format stores from major retailers on the rise comes the question of security. Traditionally, each brick-and-mortar store would have a local security center or room in the store where one or two security personnel will sit. At a broader level for a retail chain, this model has many drawbacks such as having to manage feeds from multiple locations, maintain the hardware at each store, and add to this the complexity of securing stores for servicing growing online business. The answer to these challenges lies in shifting multiple, local security monitoring systems to an integrated, cloudbased video management system (VMS). A cloud-based, open VMS allows retailers to centrally monitor the store security, thereby standardizing security systems and protocols across their stores and providing a uniform customer experience. Here are some key factors that retail organizations need to consider while adopting a cloud-based VMS solution. Reduce infrastructure operational expense A major driver for retailers to opt for a cloud-based VMS is to eliminate the cost of maintaining physical infrastructure at each location. On-premise hardware can be costly to maintain, update and replace. By taking it to the cloud, retailers can eliminate upfront costs associated with purchasing and installing physical infrastructure in all stores. This would be profitable in the long term too. As on-premise infrastructure can chalk up additional operational costs for server maintenance and software upgrades, a cloud-based VMS does away with the need for maintaining and updating on-premise infrastructure and software. Save physical space by reducing video hardware Depending on the store size, on-premise video hardware can take up a considerable amount of space inside the store. As retailers are always in need of more space, it can otherwise be used for product display or storage. Every square foot of space in a storage area comes at a cost to the retailer. Hence the objective of retailers is to generate revenue from every bit of this space. Moving physical infrastructure to the cloud will help retailers optimize that extra space to enhance profitability. Reduce inventory Some retailers also keep servers on inventory to ensure they always have backup equipment available in case of malfunction. However, this requires retailers to store multiple, sometimes hundreds of servers in their warehouses. The cost of purchasing and storing backup servers can be significant. By deploying a true cloud-based VMS, retailers eliminate inventory costs since the video is sent directly to the cloud. Bring in agility It is always advisable to have more agile systems in place, in case retailers need to move their set up to a new space or renovate the existing one. A cloud-based server brings in more agility, in addition to reducing costs. Without hardware and inventory requirements, a cloud-based VMS makes it easy to deploy security at a new location. A centralized security control to free up IT resources When you take away hardware, including the additional requirement of hardware maintenance and software update, it frees up IT manpower and reduces manpower cost. This job now goes to the VMS vendor while retailers can fully focus on running the business. Retailers should go for a solution that serves them in the long run. With COVID-19 bringing in new challenges, store owners must prepare to implement and manage social-distancing norms such as allowing a safe number of visitors inside the store at a time and providing proper space movement. The sudden sweep of COVID-19 took most retailers by surprise, exposing massive weaknesses in their infrastructure and abilities to quickly adapt and scale to demands. As the pandemic has affected in-store footfall, cost-saving on infrastructure, clearing up more space for free movement of shoppers, having a centralized security control can help retailers focus on profit maximization. As per a Retail Holiday Reality Report 2020 by Google Cloud, 53% of retail executives in India feel that their company is accelerating cloud adoption to ensure business continuity in response to COVID-19. Further, retail businesses in India have taken steps to prepare for any unexpected changes and 73 per cent of the surveyed have increased the use of technology for logistics planning as well. Gartner in a recent virtual symposium, also stated that the onset of the COVID-19 pandemic was the starting point of the Cloud 2.0 era. As digitalization efforts further evolve in the country, we can expect that cloud will become a must have technology for Indian enterprises.    

Overview On December 2, the International Criminal Police Organization (INTERPOL) issued a global alert to law enforcement across its 194 member countries warning them to prepare for organized crime network targeting of COVID-19 vaccines, physically and in cyberspace. Distributed as an ‘Orange Notice,’ the alert identifies new criminal activity related to falsifying, stealing, and illegally advertising COVID-19 and seasonal flu vaccines, including embedding malware via online websites. The new alert is just the latest pandemic-triggered criminal behavior, following counterfeit tests, fake cures, and misleading websites among other illicit activities by individuals and organized criminal groups alike. As international travel gradually resumes and testing for the virus becomes more important, parallel production and distribution of unauthorized and falsified testing kits are likely to result. OSAC members should take special care when going online to search for medical equipment or medicines for their organizations and personnel. Additional Context to the INTERPOL Warning As a number of COVID-19 vaccines gain approval and become available globally, there is a general short- and medium-term risk to the safety of the supply chain, with a likely proliferation of websites advertising, selling and administering fake vaccines or purporting to do so. The pandemic has already triggered unprecedented opportunistic and predatory criminal behavior by individuals and organized criminal groups; the same threat actors are likely to target vaccines. The public has been and will continue to be a primary target via fake websites and false cures, but vaccine manufacturers and their global supply chains are also likely targets, offering a potentially lucrative opportunity for criminal enterprises producing and distributing counterfeit and untrustworthy test kits. Cyberspace is Key for Criminal Groups and Other Nefarious Actors COVID-19 has significantly broadened the cyber threat landscape, allowing nefarious actors to prey on pandemic-related fears. Not only are criminals using online platforms to sell illicit (or nonexistent) medical supplies, but they are also using them to inject malware and steal personal information. An INTERPOL cybercrime unit analysis of 3,000 websites associated with online pharmacies suspected of selling illicit medicines and medical devices found that more than half (approximately 1,700) contained cyber threats. Cybercriminals are employing a variety of means, from voice and SMS phishing to fake advertisements on social media sites to lure victims into providing personal information or clicking on unsafe links. Similar to the wave of COVID-19 testing scams that emerged earlier in the pandemic, COVID-19 vaccines have been a key focus of recent scam campaigns. On December 21, the Federal Bureau of Investigation (FBI), Department of Health and Human Services Office of Inspector General (HHS-OIG), and Centers for Medicare & Medicaid Services (CMS) issued a warning to the public regarding fraud schemes related to COVID-19 vaccines. Specific fraud schemes mentioned include: Advertisements or offers for early access to a vaccine upon payment of a fee; Requests asking victims to pay out of pocket to obtain the vaccine or to put their name on a COVID-19 vaccine waiting list; Offers to undergo additional medical testing or procedures when obtaining a vaccine; Marketers offering to sell and/ or ship doses of a vaccine, domestically or internationally, in exchange for payment of a deposit or fee; Unsolicited emails, telephone calls, or personal contact from someone claiming to be from a medical office, insurance company, or COVID-19 vaccine center requesting personal and/ or medical information to determine recipient eligibility to participate in clinical vaccine trials or obtain the vaccine; Unverifiable claims of FDA approval for a vaccine; Advertisements for vaccines through social media platforms, email, telephone calls, or online – from unsolicited/ unknown sources; and Individuals contacting victims in person, by phone, or by email to tell them that the government or government officials require them to receive a COVID-19 vaccine. The Better Business Bureau (BBB) and Federal Trade Commission (FTC) have also provided information to the public regarding expected scams related to COVID-19 vaccines, many of which could make individuals and organizations vulnerable to cyber threats. The U.S. Department of Justice also announced on December 18 that it had seized two internet domains that impersonated the biotechnology firms Moderna and Regeneron, both of which are involved with developing treatments for the coronavirus. Criminals had been using the sites as ‘watering holes,’ to collect visitors’ personal data as part of a scam. According to the FTC, Americans have reported over $211 million in losses from coronavirus-related fraud. “On December 2, the International Criminal Police Organization (INTERPOL) issued a global alert to law enforcement across its 194 member countries warning them to prepare for organized crime network targeting of COVID-19 vaccines, physically and in cyberspace“ Region-Specific Criminal Concerns Organized criminality is certainly a worldwide phenomenon, as is the push for COVID vaccination. However, certain regions of the world may be affected more (or sooner) than others when it comes to the intertwining of the two. Below, OSAC identifies trends in Europe, Latin America, and Africa worthy of private-sector attention. But, evidenced by instances such as the Japanese Yakuza crime syndicates attempting to gain public favor by providing PPE, opening soup kitchens, and offering to sanitize the Diamond Princess cruise ship early in the pandemic, Asia is certainly not a stranger to this type of development. Europe The European Union’s current schedule has the distribution of an initial 200 million doses of the Pfizer developed COVID-19 vaccine completed by September, with additional shipments arriving thereafter. Authorities expect the primary risk in Europe to be organized criminal scams attempting to sell dangerous counterfeit vaccines or to hijack shipments of genuine shots. Counterfeit and substandard medical equipment and COVID tests are already rampant. Similar schemes with vaccines are most likely representing a significant public health threat if they are ineffective at best or toxic at worst. Fake vaccines may even have a wider-reaching impact if new outbreaks emerge in communities assuming themselves to have received proper vaccinations. According to Europol, criminals have placed advertisements on dark web marketplaces “using the brands of genuine pharmaceutical companies that are already in the final stages of testing.” Law enforcement agencies…

Iqbal Singh Technology Expert & Senior Corporate Executive in a European MNC E: iqchucks@gmail.com The recent SolarWinds Cyber hacking is deemed by many cyber security experts to be the biggest security breach ever in the history of cyber hacking. The attack was audacious, sophisticated, meticulous, stealthily executed, and the range of targets is said to be staggering – Fortune 500 companies, US Federal and State Departments including Defense, State, Treasury, US Cyber Command and the National Nuclear Security Administration (NNSA). The attack has shaken up the establishments and the corporate world across the globe. Such was the importance attached to the matter that US President Joe Biden allocated US$ 9 billion to improve cyber security infrastructure on Day 1 of taking office. The full impact of the attack and the causes are still being ascertained as I write this. Being an extremely complex attack while a lot is spoken, written and talked about it, most people are not very clear about as to what exactly happened, and how and what preventive measures should one take in the future. In this article I shall attempt to demystify the attack in as simple a manner as possible bereft of technical jargon, and in an easy to understand manner even for a non-technical layman. I must also insert here a disclaimer that the article is based on the current understanding of the issue as per the info available in the public domain, things can change as more unknown details unravel. SolarWinds SolarWinds is a company that makes IT monitoring and management software solutions. It counts 425 of the Fortune 500 companies and several key US Federal and State agencies amongst its customers. It has over 33000 customers globally. One of their products Orion had been infected and the same software was installed by around 18,000 of its customers. I feel that for giving the readers an idea of the attack it would be best to begin with how the attack came to light. While the readers may not understand all the jargon I request them to hold on for a few moments as I would explain them later in the article. The chronology of events as they were revealed to the world 08-Dec-2020 FireEye suffers attack: Hackers broke into FireEye’s network and stole the company’s red team penetration testing tools (Red team is the offensive side of the security. Red teams think like the attacker, they imitate real-world attacks and mimic adversary techniques and methods, uncover vulnerabilities in an organization’s infrastructure, launch exploits, and report on their findings). From that point of view the theft of these tools is pretty significant and serious. In simple terms the tools fell into the hands of the bad guys – the very guys against whom it was meant to protect. 11-Dec-2020 FireEye discovers SolarWinds was attacked: FireEye discovered that SolarWinds Orion updates had been corrupted and weaponized by hackers. 12-Dec-2020 FireEye alerts SolarWinds CEO: Orion contained a vulnerability as the result of a cyberattack. Emergency NSC White House meeting: The National Security Council holds a meeting at the White House on Saturday to discuss a breach of multiple government agencies and businesses. 13-Dec-2020 CISA emergency directive: The Cybersecurity and Infrastructure Security Agency (CISA) issued emergency directive 21-01, ordering federal agencies to power down SolarWinds Orion because of a substantial security threat. SolarWinds security advisory: SolarWinds issued a security advisory outlining the Orion platform hack and associated defensive measures. FireEye disclosure: FireEye said an attacker had leveraged the SolarWinds supply chain to compromise multiple global victims. Microsoft guidance: Microsoft offered guidance regarding the attacks. Media coverage: Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury and Commerce departments. 14-Dec-2020 SolarWinds disclosed breach in an SEC filing. SolarWinds stock falls: Shares fell down by about $20. 15-Dec-2020 SolarWinds released software fix. Investigation request: A bipartisan group of six senators wanted the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to submit a report to Congress about the impact of the SolarWinds cyber attack on agencies. 17-Dec-2020 US CERT alert issued. IT Service providers targeted: Microsoft discovered more than 40 of its customers were targeted. Five IT solutions providers and consulting firms – Deloitte, Digital Sense, ITPS, Netdecisions and Stratus Networks – were breached. U.S. Nuclear agency targeted: Hackers accessed systems at the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile. Microsoft: Impacted by malware. United States cybersecurity policy: President-elect Joe Biden vowed to elevate cybersecurity as an ‘imperative’ when he took office and said he would not ‘stand idly by’ in the face of cyber attack   What is different this time? Cyber attacks are not new. Usually there’s a vulnerability that allows threat actors to get into the network. What’s unique about this case is that the initial vulnerability was in the vendor software, so it’s often now being referred to as a supply chain hack because the vulnerability was embedded as code. Other differences are: SolarWinds’ security products impacted. 18 known products and 18,000 customers were delivered with the malicious code. Federal agencies. The exposure to federal agencies was a matter of grave concern. While targeting government agencies, they focused to access their emails. FireEye red team tools. Sophisticated tools from FireEye got into the nefarious actors’ hands. Post breach into the target network. The attackers settled in, sat there for a while, scanned the network, moved laterally in that environment and hunted for privileged access. Orion software build and code signing infrastructure was compromised. The source code of the affected library was directly modified to include malicious back-door code, which was compiled, signed and delivered through the existing software patch release management system. Attackers were very patient. They waited for a prolonged duration to extract the data and then cover their tracks. SolarWinds operation is an intelligence gathering effort,’ rather than an operation looking to destroy or cause mayhem among US IT infrastructure. SolarWinds customers. Look like the who’s who of the…

It’s fair to say that 2020 has been an exciting year for crypto. From Bitcoin’s peak in December 20 at £14,450 to new contenders such as Ethereum, Ripple and Bitcoin Cash entering the running, Cryptocurrencies have been the darling of investors and speculators everywhere. One of our Berlin-based meetups was focused on Blockchain recently and you can watch the replay of the livestream at (https://www.youtube.com/watch?v=Pt1ihk_7J6c&feature=youtu.be). But it may not be all sunshine and rainbows ahead. Navigating the cryptocurrency realm requires skill and an understanding of the subtleties of the market as it also comes with significant risk. From government regulations to security, within this article, we’ll look at some of the big problems facing cryptocurrencies. Let’s begin… Government regulation is inevitable Government reactions to cryptocurrencies have ranged from aggressive to indifference, with investors and speculators cautiously monitoring international developments. Just recently, the Head of the International Monetary Fund, Christine Lagarde, stated that regulatory action from the international community on cryptocurrencies is ‘inevitable.’ Christine also said, “We are actively engaging in anti-money laundering and countering the financing of terrorism; and that reinforces our determination to work on those two directions.” According to a report by CoinDesk, in late January 2021, world leaders gathered for the Davos World Economic Forum, with several sharing the same sentiment, including the French President, UK Prime Minister, and the secretary of the U.S. Treasury Department. South Korea is reported to have recently banned the trade of bitcoin and other digital currencies anonymously but says it does not intend to ban cryptocurrency exchanges. The next subject is often overlooked… There’s an issue of inheritance The unregulated nature of bitcoin means that without the keys needed to view a relative’s digital wallet, there’s no way of accessing their funds if they are to pass away. For example, five years ago, Matthew Moody died during an observational flight, and at the time he had been mining bitcoin. His father, Michael Moody, has spent the last three years trying to find out how many bitcoins his son has and how to find them. However, without knowing every single address, he is unable to locate every piece of currency. Moody has since called for better education about how to ensure investments are secured properly for those individuals mining bitcoin. I’m sure you’d already know the next one… There’s a security risk Bitcoin exchanges are digital and therefore vulnerable to hackers, operational glitches and malware. By targeting and hacking a cryptocurrency exchange, hackers can gain access to thousands of accounts and digital wallets where the cryptocurrencies are stored. One infamous example was the COX hacking incident in 2014, which saw the Japanese exchange closing down after millions of dollars in bitcoin were stolen. And the one everyone is talking about… There’s a market risk As with any investment, the value of cryptocurrencies can fluctuate, this should be no surprise. Within their short time, they’ve seen fierce swings in value and an extreme sensitivity to headlines, due to the high number of informal and amateur investors. If there’s continued resistance to the adoption of bitcoin and other cryptocurrencies, they may lose value. “Bitcoin exchanges are digital and therefore vulnerable to hackers, operational glitches and malware. By targeting and hacking a cryptocurrency exchange, hackers can gain access to thousands of accounts and digital wallets where the cryptocurrencies are stored. One infamous example was the COX hacking incident in 2014, which saw the Japanese exchange closing down after millions of dollars in bitcoin were stolen“ Experts, investors and budding traders will continue to speculate as to the future of cryptocurrencies. All we can know for sure is that it’s going to be an interesting journey. BLOCKCHAIN  Blockchain is often touted as a world-changing technology and in many ways, it is. However, it isn’t necessarily the cure-all panacea for the world’s problems that many evangelists would have you believe. Here’s a breakdown of some of the issues with blockchain that anyone thinking of using it should understand. Starting with perhaps is the biggest… 1. Blockchain has an environmental cost At least, the way it is being used today, it does. Blockchain relies on encryption to provide its security as well as establish consensus over a distributed network. This essentially means that, in order to ‘prove’ that a user has permission to write to the chain, complex algorithms must be run, which in turn require large amounts of computing power. Of course, this comes at a cost. Taking the most widely known and used blockchain as an example – Bitcoin – last year it was claimed that the computing power required to keep the network running consumes as much energy as was used by 159 of the world’s nations. Yes, Bitcoin’s blockchain is a hugely valuable network – with a current market capacity at the time of writing of over $170 billion – and so sophisticated and computationally intense security is essential. Smaller scale blockchains – such as those that an organisation may deploy internally to securely monitor and record business activity – would consume a fraction of that. Nevertheless, it’s an important consideration, and the environmental implications as well as the energy costs can’t be ignored. 2. Lack of regulation creates a risky environment Again, this is largely a problem with Bitcoin or other value-based blockchain networks. But the fact is, as many investing in Bitcoin or other cryptocurrencies for the first time in the last few months have found to their cost, it’s a very volatile environment. Due to the lack of regulatory oversight, scams and market manipulation are commonplace. Among the high profile cases is Oncecoin – recently revealed as a ponzi scheme which is believed to have robbed millions from investors who believed they were getting it early on what would become the ‘next Bitcoin.’ As with many areas of tech in recent years, legislators have largely failed to keep pace with innovators (or scammers), leading to rich pickings for those seeking to exploit ‘FOMO’ – the ‘fear of missing out.’ Even…