Year: 2023

Prashanth GJ, CEO, TechnoBind Solutions In today’s era of technological advancements, artificial intelligence (AI) has emerged as a game-changer for businesses across various industries. One of the most promising and rapidly evolving branches of AI is generative AI. This innovative technology enables machines to create and generate new content, whether it’s images, music, text, or even entire virtual worlds. These AI models, fueled by deep learning techniques like Generative Adversarial Networks (GANs) and Transformers, have the potential to revolutionize various industries, from entertainment and design to healthcare and robotics. The potential benefits of generative AI for businesses are vast, ranging from enhancing creativity and innovation to streamlining operations and customer engagement. One-third of annual McKinsey Global survey respondents say that they are using Gen AI tools in at least one business function. 40% of respondents say their organizations will increase their investment in AI overall because of advances in gen AI. The most commonly reported business functions using these newer tools are the same as those in which AI use is most common overall – marketing and sales, product and service development, and service operations such as customer care and back-office support. While generative AI has enormous potential to be utilized by organizations, this has also opened the floodgate of cyber threats and breaches against its users. 21% of the annual McKinsey Global survey respondents say their organizations have established policies governing employees’ use of gen AI technologies in their work. A recent report by cybersecurity firm Group-IB revealed that over 100,000 ChatGPT accounts have been compromised and their data is being illicitly traded on the dark web, with India alone accounting for 12,632 stolen credentials. Many companies have forbidden their employees from using any generative AI-powered bots. However, the percentage of Gen AI users worrying about AI’s cybersecurity concerns has reduced from last year’s 51% to 38% says McKinsey Global survey. It is the unknown that has made users skeptical about readily utilizing generative AI Research by PA Consulting found that 69% of individuals are afraid of AI and 72% say they don’t know enough about AI to trust it. According to a survey among 200 enterprise security officials, a staggering 91% of companies reported experiencing API-related security issues in the past year. As organizations are looking forward to leveraging LLP APIs, their lack of trust and knowledge about generative AI and news about security breaches pose a challenge in readily adopting it. The open-source code in generative AI is considered a double-edged sword by many. While cost-effectiveness, transparency and easy availability are a plus, open-source code also leaves users vulnerable to attacks. OpenAI’s ethical policy prevents LLMs from aiding the threat actors with malicious information. However, the threat actors can bypass these restrictions using various malicious techniques, such as – jailbreaking, reverse psychology, prompt injection attacks and ChatGPT-4 model escaping. Apart from API and open-source threats, generative AI leaves room to create various other threats: Deepfake Threats: One of the most prominent concerns stemming from generative AI is the rise of deepfake technology. Deepfakes utilize generative AI to manipulate and fabricate realistic videos or images that convincingly mimic real people or events. This can have severe consequences such as political disinformation, impersonation, and reputational damage. Phishing Attacks: Cybercriminals can exploit generative AI to enhance the sophistication of phishing attacks. By generating hyper-realistic emails, websites, or user interfaces, hackers can deceive individuals into revealing sensitive information or unknowingly downloading malware. Malware Generation: Generative AI can be used to develop novel strains of malware that are harder to detect and eradicate. By continuously evolving their code and behavior, AI-powered malware can evade traditional security measures, potentially causing significant damage to computer networks and systems. Polymorphic malware is one such example of malicious software that continuously modifies its code to evade antivirus detection. Automated Social Engineering: Generative AI can be leveraged to automate social engineering attacks, such as personalized spear-phishing campaigns. By analyzing vast amounts of data, AI can craft persuasive messages that target specific individuals or groups, increasing the chances of success for cybercriminals. Challenges in combating and mitigating these threats Effective defense against generative AI threats requires access to vast amounts of training data to understand and detect malicious patterns. However, obtaining labelled data that covers the diverse landscape of potential attacks can be challenging due to privacy concerns and legal limitations. Cybersecurity professionals face a continuous battle to keep up with the evolving sophistication of generative AI. As AI techniques progress, adversaries can quickly adapt and develop new attack vectors, necessitating constant vigilance and proactive measures to mitigate emerging threats. Generative AI models are often regarded as black boxes, making it difficult to ascertain their decision-making process. When malicious content is generated, attributing responsibility to the perpetrators becomes challenging. This hampers effective countermeasures and legal actions. As organizations strive to combat generative AI threats, they must navigate the delicate balance between security measures and privacy concerns. Mitigation efforts should avoid unnecessary invasions of privacy while still protecting individuals and organizations from potential harm. These challenges can be mitigated using advanced detection techniques, collaboration between researchers, industry experts, and policymakers and a robust legal framework. Ethical consideration along with bias and fairness are the foundation of building and utilizing generative AI. Organizations currently seem to be mostly preoccupied with the cost-benefits and the strong support a generative AI provides. There is always a threat looming around the adoption of technologies that haven’t been tried and tested for loopholes. While some may argue that generative AI is an advantageous tool in combating cyber threats, the lack of knowledge about the tool and its possible misuse by threat actors should be a bigger concern. Generative AI holds immense potential to revolutionize various industries and foster innovation. However, the challenges it presents such as ethical concerns, bias, misuse, transparency, and human-AI collaboration, cannot be overlooked. As generative AI continues to advance, it is imperative for researchers, developers, policymakers, and society at large to work collaboratively to address these challenges, ensuring responsible…

Joanne Weng Director of the International Business Department, Synology In the ever-evolving digital landscape, businesses face increasing challenges in ensuring the safety and continuity of their data. A string of disruptions experienced by major corporations has only heightened the need for robust backup and recovery mechanisms. At the heart of modern businesses lies data, and its security and risk management play a pivotal role in ensuring business continuity. However, while the importance of backups and disaster recovery plans is universally acknowledged, executing them can become prohibitively expensive. This financial challenge underscores the necessity of prioritization and the ability to architect a lean yet resilient IT infrastructure. A clear checklist is required While the causes, impacts, and solutions of data-related incidents may vary, the overarching principles remain consistent. Your organization likely already has some backups to counter ransomware or equipment failure. So answer this – What recovery point objectives (RPOs) and recovery time objectives (RTO) can you achieve with your current backup plan if your production servers or cloud instances suddenly vanish? Put another way, how much money will that downtime cost the business if you need to perform a complete disaster recovery process? If that makes you feel uneasy, and you’re in a position that should know this, it might be time to review your backup and disaster recovery (DR) plans. Starting with the fundamentals, businesses need to map out and identify which systems are responsible for which real-world ‘work.’ While some companies may use siloed infrastructure per department, there are likely countless dependencies that need to be mapped out. For example, it’s obvious that a directory server disruption will knock out authenticating with any services or endpoint (which is huge but expected), but what about your internal ERP system? If you don’t already have a map of your IT infrastructure, get it done. Ensure that system dependencies are clearly documented and well understood. Next, list the primary real-world processes based on your business (e.g., product manufacturing, e-commerce, logistics) and most importantly, stack-rank them based on their financial impact if disruptions happen. Each business will have vastly different requirements based on its structure and technology stack. However, there will always be a cost that can be associated with downtime. This process needs to be routinely reviewed and kept up to date. Building solid foundations Building a dependable and resilient IT infrastructure isn’t easy, but it’s also not difficult once we break it down into multiple components. High availability (HA) for production environments: In the event of a server failure, the HA system should automatically take over, minimizing downtime. For companies that self-host their systems, this is usually done through HA hypervisor clusters paired with similarly HA-clustered storage systems. Cloud deployments can likewise leverage load balancers and self-monitoring tools to ensure services remain online. On-site and off-site backups: Regular backup schedules for critical operational tools like file servers, DBs, ERP systems, core service virtual machines, and offline servers should be documented. Depending on the importance of the operational service, appropriate Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) need to be carefully defined. An out-of-date database backup is better than nothing but will still cause a significant headache. Finally, off-site backups and disaster recovery (DR) capacity shouldn’t be an afterthought. To keep costs in check, retention policies and the scale of the DR equipment or cloud instances can be lowered. Restoring shouldn’t be stressful In the unfortunate event of a disruption, a three-tier restoration process can ensure business continuity: Automatic failover: HA clusters should be designed to automatically failover, ensuring that there’s no manual intervention required during critical moments. This should be enough to take care of simple equipment failures. Restore from snapshots or failover to backup systems: Local snapshots and similar technology allow servers to quickly roll back an unintended change extremely quickly. If the problem persists or the problem stems from a larger issue (e.g., the entire cluster is down), full restores or failovers to another system should be considered. Restore from remote backups or failover to the DR site: In case of major disruptions like natural disasters, remote backup solutions come into play. Businesses can restore from these backups or, if necessary, failover to a DR site to resume operations. Stay ahead of the curve Effective monitoring is the backbone of a resilient infrastructure. The approach should focus on: Filtering out the noise: Monitoring solutions need to ensure that only critical notifications are sent out, preventing information overload and ensuring that the right people are alerted promptly when critical events inevitably happen. Acting quickly and decisively: Time is of the essence during disruptions. IT, DevOps, SIRT, and even PR teams need to be well coordinated for various types of events. From security breaches to data center fires or even just mundane equipment failures, anything that might result in customer or operation disruptions will involve cross-team communications and collaboration. The only way to get better at handling these is to have documentation on what should be done, a clear chain of command, and practice drills. In conclusion, a comprehensive backup and recovery strategy is essential for businesses aiming for uninterrupted operations. While there are many solutions available in the market, it’s crucial to find one that aligns with your business needs. Over the years, companies like Synology have demonstrated expertise in storage and data protection, with numerous success stories that attest to their capabilities. *Views expressed in the article are solely of the Author  

Sergio Bertoni, The Leading Analyst at SearchInform Social engineering techniques are as old as the hills, because human beings’ weaknesses are everlasting. The term social engineering is relatively new, it was adopted in the digital era. Even though the mass media regularly report about some new method of fraud being discovered, basically these methods are just new variations on old tricks. However, they don’t become less efficient as time goes by. In this article we will find out why Let’s start with refreshing of some basics. Social engineering is the set of techniques and methods which make a person act in favor of a fraudster – expose information, follow links, transfer money etc. There are numerous variations existing, however, all of them are based on some specific methods, such as: Perceptual errors (phishing, Quid pro quo method). Curiosity (Trojan horse, road apple). Self-interest (reverse social engineering) and others. You can easily obtain data on all of these methods, they’re precisely described in specialized publications, in scientific articles and in Wikipedia as well. I would like to discuss another question – why, despite the fact that social engineering techniques are precisely examined and well known, do people still fall victim to attackers so easily? Glad to be deceived The first reason why social engineering techniques’ are so successful is that there are always some people who easily fall victims to any kind of fraudster. Sometimes, when looking through a spam letter you may ask yourself, who can believe in what the authors write? Nevertheless, it works. For instance, there is the popular Nigerian prince scam. Fraudsters deliberately target users who believe in most impossible things and don’t try to find out, whether some fact is true or not. Among millions of users there are always some people who believe in such scam and respond to the messages. Greed and curiosity makes people take the bait. The right people in right place and at right time Even if a person is skeptical, this does not mean that his/ her chances to fall intruders’ victim are significantly lower. For instance, due to lack of time a person may not recheck some data. What’s more, inattentiveness, lack of competencies in information security related issues, neglect of information, fear and, of course, combination of all these factors often lead to negative outcomes. There was once a case that was quite illustrative: the experts from antivirus company Eset described an attack that focused on MasterCard users around the world. The fraudsters sent e-mails containing notifications about updates and warned that the new security system had been implemented and that there was a chance that accounts would be deactivated. The fraudsters suggested users to follow the link and fill out some forms, so users were forced to share their personal data, login, password and other important data. To trick the user, the attackers even imitated the verification process on a fake website. Even though the email address did not correspond to any official Mastercard email address, the browser considered the opened pages as safe because the attackers used the SSL certificate. That’s how intruders managed to obtain required data, which enabled them to gain access to victims’ accounts and steal their money. One of the most successful and dangerous type of social engineering attacks, targeting companies is the so-called BEC-attacks, compromise of corporate email. According to the Internet Crime Report 2021 by FBI, BEC/ AEC attacks resulted in $2,395,953,296 losses. Thus, BEC attacks turn out to be one of the most efficient malicious technique. And it should be also noticed, that there is a step change taking place in the amount of attacks. Even largest companies such as Facebook and Google become victims of cyber attacks. For instance, there was a case when they were billed by a fake counterparty. Accountants didn’t recognize the trait as the name of the fake counterparty remained the name of the real one. It’s impossible not to be deceived As it can be seen, even if a person is very skeptical, it’s very difficult for him/ her to recognize some types of attacks, as they are prepared extremely precise – sites are forged qualitatively, security certificate are used etc. It’s crucial to remember about arising deep-fake related risks (deepfakes are convincing images, audios and videos generated by AI forgery of audio or video. Currently, there is plenty of cases of successful deepfakes usage reported globally. I’ll share details on a few of them. For instance, such an incident happened with a Japanese woman who transferred about $30.000 to a fraudster. The victim of social engineering thought that she corresponded with an ‘astronaut.’ The intruder promised to come to Japan and marry the woman. The so-called astronaut told that he needed money to return to Earth. That’s why he asked the gullible lady to cover his expenses for returning home, including the rocket flight. Another case happened when fraudster impersonated Mark Ruffalo, tricked a Japanese artist and managed to illicitly gain $500.000. A veteran manga artist Chikae Ide told that once a user, who impersonated the famous Hollywood actor, well-known for his role of Hulk, added her to friends on social networks. As a result, they had been in contact for a few years. During this time the artist even had videocalls with ‘Mark.’ However, it turned out that the fraudster used deepfake technologies to enhance the credibility. What’s more, the Japanese artist and fake Hollywood artist nearly got ‘unofficially married.’ Then, the intruder made the woman transfer large sums to him. The artist had to go into debt to financially help the impersonator. All in all, the woman transferred $500.000 to the intruder. Sometimes, intruders complement social engineering techniques with deepfake technologies. There was a case when a Lloyds Bank customer managed to access his account using AI. The user was able to trick the voice ID to log into the account by generating his voice. At the same time, technologies become a norm and some companies yet offer their…

Prakash Prabhu – Chief Business Officer & Co-Founder, VisionBot The use of cloud is rising across the globe as more organizations look to reap the benefits of a flexible and scalable service-based business model. The growth of cloudbased business functions and increase within the cloud services market is making way for Surveillance-as-a-service (SaaS) options that typically have been unavailable up to this point – especially for growing small to medium-sized businesses (SMBs). Not all physical security industry cloud offerings are true cloud systems A true cloud system’s architecture makes maximum use of modern cloud computing technology, its reliability and scalability, through a ‘pay per use’ subscription model. A true cloud system affordably and securely provides scalable capabilities that can’t possibly be achieved in client-server on-premises systems. VisionBot cloud NVR (CNVR) is the true cloud platform and artificial intelligence (AI) to dramatically transform your video surveillance system into an even more powerful tool. Features of Cloud NVR VisionBot cloud NVR is a flexibly scalable enterprise-grade platform, allowing to eliminate the need for redundant, complex on-site hardware gateways and NVRs. Connect your cameras directly to the cloud for failsafe surveillance. Scale without additional hardware, software and enable quick and easy plug & play connection. Allow authorized viewers to access multi-site surveillance from web clients or on an APP. Get the freedom to choose multi product cameras, setup without single vendor lock-in. Leverage the cloud services for centralized remote administration of users, cameras, alerts, roles and monitor events in real-time. Centralize camera footage from different locations into one platform –transforming even the most basic of systems into an intelligent, cloud-based system. Architechture of Cloud NVR New installations – No computer hardware required on site Existing installation- Existing Hardware can be repurposed as local storage or removed altogether Benefits of Cloud NVR Compatible with any camera: Connect any stream source such as IP, webcam and NVR to the cloudNVR platform. Plug and Play Setup: Eliminate the complicated network setup and connect IP cameras and NVRs to the cloud quickly. Ideal for Multi-Site & Multi Brand hardware: Centralize the management of multiple surveillance locations to be able to troubleshoot and control settings remotely. True Cloud Security and Reliability: Get a secure 99.9999% uptime promise by Industry standard cloud. Modern video infrastructure: H.264 video streams from any camera as input, Recorded video can be accessed instantly from any web browser on any device. Advantages of VisionBot Cloud NVR Easily scale on a camera-by-camera basis. Freedom from Gateways and other hardware modules. No binding to the MAC ID of devices allows easy interchanging of cameras streams on demand. Subscription model allows customer to Hop ON/Hop OFF at their discretion. Progress to cloud AI analytics. Easily upgrade or migrate from VisionBot cloud NVR to use Cloud-based AI-driven analytical models that enable maximum resource utilization. Transform your business with the VisionBot Visual AI Operations Cloud. Connect with our experts to understand how companies are using VisionBot™ AI driven Computer Vision to strengthen security, safety and streamline operations. https://Visionbot.com/contactus We welcome Technology Integrators and sector specific VAR’s to become a VisionBot™ channel partner, and discover the opportunity to offer a cutting-edge AI-powered computer vision solution to your customers. https://Visionbot.com/partnering *Views expressed in the article are solely of the Author  

Milind Borkar – Expert Security Consultant An often-overlooked critical component in video surveillance systems is the lens. The security industry has moved steadily toward providing cameras with integrated lenses taking out the ‘guess work’ for integrators. Given the increased competitive pressures, it is understandable that cameras companies make trade-offs in lens performance to meet budgetary price targets for dome and bullet offerings. This can result in less-than-ideal solutions to specific imaging tasks. Most camera companies still offer traditional box cameras that come without a lens or with the ability to remove the accompanying lens and replace it with a better, more tailored solution. Being able to select a compatible high-performance lens can ensure the investment in a high resolution system is not wasted. The following two case studies tell a story of lens selection gone wrong, and right. Through this story we will illustrate some of the most important considerations in lens selection. Both cases are from the public school sector. Both schools had defined goals, both did research, evaluation and testing of the selected lenses before installation. Yet one project failed, while the other was a success. What made the difference? Case study 1 New Jersey High School The school described their problem as a safety issue. They had unacceptable aggressive student physical behavior they did not want to escalate into violence, as well as some limited theft. They thought that an improved video surveillance system would help with deterrence as well as post event response. Their existing video surveillance system was composed of analog cameras they considered ‘high resolution,’ but not high enough resolution for use with wide angle lenses that they felt would cost effectively meet their coverage needs. They did not have or wish to have PTZ cameras as they had limited staff and would not have enough time to control and monitor such equipment. The goals they identified included having forensic quality identification at entry and exit points, people recognition in parking lots, and forensic quality identification in an unusually shaped hexagonal central hallway. The school security staff conducted an extensive online search for products to meet their needs. They felt that upgrading to megapixel cameras would provide them higher image resolution and still allow them to use wide angle lenses to cover wide areas. They looked for megapixel cameras and did a comparison of numerous camera brands, models, and features. They discovered that not all megapixel cameras could meet their needs. In addition, they researched wide angle lenses looking for coverage of their wide areas; they consulted local integrators for advice. They evaluated lens samples from 4 manufacturers. They found most wide-angle lenses they tested presented a severe fisheye effect. And to their surprise they found that some of the lenses tested resulted in a fuzzy, or ‘blurry image,’ even when using a 5 megapixel camera. After the research and evaluation, they selected two 8-megapixel, 360-degree multi-sensor cameras, one for the cafeteria and another for the computer lab. They also selected thirty-four 5-megapixel cameras, 11 of which were outdoor domes, 6 were indoor domes, and another 17 were 5” indoor domes. They chose eighteen 25-degree horizontal field of view lenses, and eight 90-degree lenses. In addition, they selected twelve 135-degree horizontal field of view, low fisheye distortion lenses from Theia Technologies – six to cover their hexagonal hallway, two to cover the parking lot and an open field area, two covering the corners of building wings, one covering the front entry, and one more covering 2 temporary buildings. They achieved the results expected when the project came in 30% under budget, they were able to achieve what they considered great resolution with the selected equipment in the designated placements, with excellent image fluidity, and fast response time. The administration was fully satisfied and planned to upgrade other schools in the district as well. The unique hexagonal hallway in the New Jersey school was a challenge. According to the school district project manager, “Every installer we contacted said the angles were way too aggressive in the ring and wanted us to double our cameras and halve the angles at the very least. The same for the parking lots. We did the math, and we knew the new 5-megapixel camera could pull it off, we just had to find a lens that could prove them all wrong. We went searching and the only thing that met our specs was the Theia lens. Jaws dropped when they saw the pictures. Not only did we get the massively wide angles we needed, but we did it without the fisheye everyone told us was impossible to avoid, and every single dot in the 5.1million pixel image is fully utilized and warp-free. The combination of the 5-megapixel cameras and the 5-megapixel Theia lenses provided the resolution they expected. You can tell if someone is holding a pencil.” Case study 2 Southern California High School Similar to the problems outlined in the New Jersey high school, the safety of students and staff was the primary concern for the administration at the California high school. Their existing video surveillance system consisted of 170 analog cameras. The system did not provide enough resolution for wide angle lenses and a legally acceptable description of individuals. They also suffered from poor system reliability, with frequent breakdowns and down time. In addition, the system was complex and costly to maintain and monitor. As to be expected, the administration’s goals were to achieve greater spatial coverage than with their existing analog system, improved image clarity, increased system uptime, and a more manageable system size. With a new system they expected to be able to zoom in to get legally acceptable descriptions of individuals from 60 to 70 feet away and have wide and continuous coverage; they also did not want any PTZ cameras. Their approach was a little different. The school district hired a consultant to design a system to meet their needs. The consultant met with the school to understand their needs, selected the equipment,…