By Shrikant Shitole, Chief Executive Officer, iValue InfoSolutions As of July 1, businesses in India must comply with new regulations set forth by the country’s Computer Emergency Response Team of India (CERT-In) organization and the Ministry of Electronics and Information Technology (MeitY). These new directives require businesses to report any cyber incident within 6 hours – one of the shortest cybersecurity incident reporting windows. The recent directives from the Computer Emergency Response Team of India (CERT-In) have caused quite a stir in the security community. Apart from mandatory reporting of cybersecurity-related events, organizations must sync server time stamps, maintain 180 days log back-up, and customer details of virtual private network (VPN) services for a period of five years. The rules [PDF] mention 20 cyber incidents to be reported, including data breaches, ransomware, and fake mobile apps. The new guidelines will come into effect from June end and will also be applicable to cloud service providers and virtual private server providers. What does it mean for businesses? CERT-In’s directive is a cause for concern for businesses in India. Domestic and global industry bodies like ITI are voicing their concern and the potential impact on every business. Impact on VPN providers During the pandemic, a paramount cybersecurity tool has been a Virtual Private Network (VPN). According to a report by Atlas VPN, VPN usage in India exploded with a growth of 671% in 2020, totalling 348.7 million users by the first quarter of 2021. The growth is mainly attributed to the Indian governments growing restrictions on internet usage. India joins a handful of countries, like Belarus, China, Iraq, North Korea, Oman, Russia, and the United Arab Emirates, that heavily regulate or outright ban VPN services. The new guidelines are a severe pushback to VPN providers in India. For many, it goes against their core USP of privacy, strict no-log policies, and their main selling point of anonymity. Companies like NordVPN and SurfShark are considering moving out in light of the guidelines. While CERT-In is said to issue a clarification on the April 28 directives, we are yet to see any shift in their stance on VPN privacy. Impact on crypto wallets Joining the league of financial service regulators, CERT-In now requires virtual asset service, exchange, and wallet providers to maintain Know Your Customer (KYC) and financial transactions for five years. Experts suggest that these directives will form the foundation for crypto regulation in India. This follows the recent Union Budget announcement of a flat 30 percent tax on gains from cryptocurrencies and a 1 percent TDS on all crypto transactions. Organizations must start syncing their system clocks with ICT systems and connect to the Network Time Protocol (NTP) server of the National Informatics Centre (NIC) or National Physical Laboratory (NPL). Syncing timestamps with distant servers raises latency issues. Large data centres would prefer a server that is nearby and trustworthy public NTP servers (like Google) over time sync servers of NIC and NPL. How will CERT-In create dedicated server time? We are yet to get clarification. The cost, time, and resources to implement the change Making changes in organizational security in just 60 days is challenging. The number of resources required to sustain the new changes is questionable on either side. Would CERT-In be able to handle the load? Organizations must maintain logs of ICT systems for a rolling period of 180 days and retain personal data such as names, addresses, phone numbers, emails, and IP addresses of subscribers for a minimum of five years. This could be a potential violation of GDPR norms. Companies would also need to maintain log servers or invest in services of Security Information and Event Management (SIEM). While SIEM is a valued option, the cost of implementing these changes would be hefty for small to medium organizations. The failure to comply with CERT-in directives would attract a fine of up to Rs.1,00,000 or imprisonment for up to a year under Section 70-B(7) of the IT Act. The bottom line? We are eagerly anticipating clarity in certain places, especially whether additional infrastructure has to be created to store the data. Or whether they are allowed to outsource the storage of data to third-party data storage, retention, and localization service providers. While India’s move to strengthen the digital ecosystem is a welcome initiate, in the long run a pragmatic approach would gain better coverage, keeping a fine balance between national security, public surveillance, business priorities, and netizen’s privacy.  

In a new world where healthcare systems need to be of the highest order, the processes have taken a strong momentum to improve infrastructure and amenities following the pandemic years. The policies are rapidly resurfacing as they have become crucial for the citizens of a country. Hospital Security involves securing patients, staff, visitors, and physical infrastructure. Hospitals have multiple access points and witness huge crowds daily. Most hospitals are considered ‘soft targets’ as they are high-density locations including crowded areas such as schools, shopping malls, and schools. They commonly have many access points with limited security guards. Even the threats of theft, violence and other crimes are real risks for hospitals. These are some of the common reasons why we may be more vulnerable to certain types of security risks in the coming future if left unattended. In the face of a pandemic, risks are heightened, and the need for stricter security norms looms large. The role of hospital security is to ensure the safety, security, and welfare of all patients, staff, and visitors to their full capacity. Apart from people, it is also important to secure medical equipment, operating rooms, facilities, and sensitive information. Without adequate safety and security measures, hospitals can become easy targets for intrusion and unwarranted activities. Statistics There are a total of 18,99,228 hospital beds in India, out of which 11,85,242 are in the private sector, and the remaining 7,13,986 are in the government sector. 59,262 ICU beds are in the private sector and 35,699 beds in the public sector. (April 2020, analysis by the Center for Disease Dynamics, Economics & Policy). The Union Budget of 2022-23 allocated INR86,200 Cr. to the Ministry of Health and Family Welfare, a nearly 16% increase in comparison to FY 2020-21. By 2036, the population of India is expected to increase to 151.8 crores (approx.) at the rate of 1.0 percent annually. Calls for better infrastructural facilities. Types of Hospital Safety Patient and child safety, emergency services, contract staff, catering establishments, parking traffic, pharmacy control, clinical safety, equipment protection, fire safety, and evacuation. Risks & Security Threats The healthcare industry is widely regarded as having a weak security system. The main challenges that arise in hospital security are: Deficiency in manpower and infrastructure. Unchecked visitors due to heavy traffic at the entry and exit gates is one of the probable risks. The parking area is a hot spot that needs immediate attention for threat control, as the damages may result in an expensive disaster. Healthcare data breaches and cyber-attacks expose highly sensitive and valuable information of patients. In 2016, a kidney trafficking racket was wedged in Mumbai’s hospital meanwhile Delhi faced an incident that includes the swapping of newborn babies due to gender biases in 2017. The year 2022 recorded an unpleasant episode where some of the relatives ransacked a private hospital in Nagpur and further assaulted a doctor after the patient’s death. These are some of the issues that are confronted by hospitals every day, and the number of such incidents per year is increasing. If we tighten our security systems, it may reduce the scope of these cases significantly. Together with manned guarding, vigilance, surveillance, and electronic security can such threats be addressed better. Safety Measures Maintenance of the records and medical history of all patients as credible National Health Data is important for the govt, and stakeholders, and to also maintain transparency with the democratic citizens of this country. Provisions by regulatory authorities, planned strategy, patrolling and reporting, quick response teams (QRTs), protection of high-value laboratories, allotting of investigation officers, more organized and categorically strict ‘entry & exit’ systems, easing out language barriers, and reduction of cues, monitoring, and checking of cue reduction besides registration of all visitors. Electronic access systems for physical security needs like printing photo ID access cards and face recognition systems for the authorized staff, and visitors. Biometric authentication such as fingerprints, upgraded software integrations, high-speed internet access, 24×7 control room regulation, and automatic door controllers with a magnetic locking system. Disease control/ prevention, administrative security, and safeguarding of dormitories having high-risk equipment and inflammable tools. Reliable and latest information on healthcare resources and their deployment can address problems with real-time solutions. To further ensure a district-level electronic database of information on health system components. Hospital staff & security coordination training, fire training, and security guards training to counter any mishaps for real-time action control. Verification of IDs and badges to make sure the doctors, patients, and visitors are at their assigned wards. Furthermore, contactless access card readers for easy access. Effective communication amongst security officers, quick monitorization of strategically positioned CCTV cameras. Metal detectors and screening tests of all visitors. Handling the patient’s and their relative’s emotions in cases of serious medical issues. Besides the doctor, a skilled healthcare security officer can maintain composure and tactically handle the emotions of the deceased/ injured. Patrolling by the trained security officers for potential fire threats due to sparks generated via electrical equipment or combustible materials. Regularly examine the expiration dates of the fire extinguishers. Further reporting the issue to the firefighters. Abduction of infants, inmate escapes, drug theft, and even gun violence are some of the crimes committed in hospitals. These crimes can be avoided by a strong and effective security system to avoid these crimes. Establish integrated health information Exchanges, architecture, and national health information networks. The year 2020 recorded the concentration of most ventilators and hospital beds in India and found seven states that topped the charts. Uttar Pradesh, Karnataka, Maharashtra, Tamil Nadu, West Bengal, Telangana, and Kerala. Amongst which the highest number was recorded in UP (as shown in the previous page). Although the dynamics have changed now with an increase in the number of hospital beds and ventilators over the years. Besides taking these necessary steps; the latest tools and technology are the requirement of the emerging healthcare sector. To detect and protect people from waste, and acquired infections, systematic management systems, information systems, establishing hospital committees, planned…

Prashanth G J, CEO of TechnoBind Today, almost everything you need to run and manage in an organization is stored online. From digitally preserved company processes, customer, client and partnership data, to your website, login credentials, company emails, team messages, saved conference calls, social media accounts, advertising campaigns, product and service manuals, and every other byte of data that is generated within your organization is your digital asset. Investors value digital assets because they increase a company’s overall worth. Companies can claim expenses and tax deductions against their digital assets because they can be sold separately. They are just as valuable to a company as physical assets, and businesses must take the same precautions to protect digital assets as they would for physical assets. Client and partnership information, login details, business emails, digital chat messages, recorded conference calls, email lists, social media profiles, website content, and more are all considered as digital assets. By 2024, the worldwide digital asset management industry will have grown to $8.1 billion. To preserve their critical information and brand, businesses must ensure that their digital assets are safe and secure. Where to start Protecting digital assets starts by studying the company and creating a thorough inventory of what they possess – and what they might have – they should not ignore something that could be a valuable asset! Start by identifying all of the digital assets the company owns. This stage is crucial because many business owners are unaware of what their company’s digital assets include. Organizations will be able to develop a robust system to secure their digital assets after going through all of these processes and having a comprehensive grasp of their company’s digital assets and intrinsic value. Here are a few steps and practices that enterprises can adopt to protect their digital assets: Locate and list: Although not all forms of data are vital. Organizations need to segregate and prioritize their data. A data asset is something that a business can use to create revenue in the future. Images, digital content, social media, apps, proprietary processes, customer databases, proprietary information, and any organization material or intellectual property protected by copyright, trademark, or patent are all examples of digital assets. Among these digital properties such as customer databases, proprietary information, transactions and interactions etc. are crucial and the ones which help a company to generate income. Organizations can begin by making a comprehensive list of all of these assets. Segregating the data assets on the basis of which would you want or consider valuable if you were buying this company? For example, think of anything that the company has online or on its business’ server that could be valuable. They should be looking for things that are proprietary things that are important for the company to run. Consider these digital assets as crucial items. Protect your network and stay updated: Most firms today rely heavily on their networks. To secure the safety of the company’s digital assets, you must adopt professional network security measures. The most prevalent approach for hackers to obtain access to a company’s digital assets is through security flaws and vulnerabilities. Ensure that the firewall is turned on and that the firmware and software are up to date. Companies should make a habit of updating their operating system and other programmes. Limit access and use secure authentication: Not everyone in an organization requires complete access to all digital assets and applications. Limit application access to only those team members who require it. Organizations can also choose who can see, edit, or download digital assets by setting permissions in certain programmes. For remote workforces, organizations can use a password manager programme to store encrypted passwords online to keep such applications secure. Organizations can use secure authentication, such as two-factor authentication, to offer an extra degree of security in addition to limiting and restricting access (2FA). If a hacker gains access to an employee’s password, the hacker will be unable to access the company’s digital assets. After entering the password, the user is asked to answer a question or enter a second one-time password, which is often given by text message, to validate the user’s identity. Educating employees: Employee education is also important for safeguarding your company’s digital assets. Ensure your employees are familiar with cybersecurity best practices, such as what to do and what not to do when using public Wi-Fi, utilizing their devices, and accessing specific applications. Data backup & data encryption: Copying files and data to a secondary location is known as data backup. A robust disaster recovery plan relies heavily on data backup. Companies who do not take data backup are often at jeopardy from software or hardware errors, data corruption, malicious hacking, user negligence, natural disasters, or other unpredictable circumstances. Backups allow you to recover files that have been lost, erased, or rewritten. Backups can be archived locally on hard drives or storage devices, remotely at another physical location, or on the cloud. This cloud infrastructure could be public, private, or hybrid. Irrespective of the state whether the data is in transit or at rest, it is always vulnerable. To keep data safe while in transit, encrypt it before uploading it. Authenticate the endpoints before decrypting and verifying them at their destination. You must use security access policies to secure data at rest. Control who has access to the data, what data is accessible, and where it is stored safely. Taking cyber insurance into consideration: Cyber insurance can help businesses safeguard their digital assets from cyber threats. It can help companies cover the cost of disaster management and legal expenses, along with the amount spent retrieving the network on the occasion of ransomware attacks. When it comes to recovering from a hack, cyber insurance might make all the difference. When it comes to recovering from a hack, cyber insurance might make all the difference. Addressing the bottom-line Knowing how to safeguard digital assets in the short and long term is critical to your company’s overall value…

To help customers maximize security at night and in other low-light environments, Hikvision has taken ColorVu technology further, combining it with other advanced technologies, like panoramic, varifocal, 4K, AI and more. As a result, homeowners, business owners, security teams, and ARCs can make smarter decisions, react faster to security events, reduce false alarms, and take their security capabilities to the next level. When it comes to ensuring security and safety, seeing every detail is critical – especially in low light conditions. Hikvision developed its ColorVu technology – which provides high-resolution, full-color video imaging in light conditions down to 0.0005 lux, to help homeowners, business owners, and security teams to see exactly what’s happening. But different security scenarios require different points of view, various angles, and AI capabilities. That’s why Hikvision has now combined ColorVu with other technologies – panoramic, varifocal, 4K, AI – which we call ‘ColorVu + X,’ for a broad range of security needs and scenarios – from apartment buildings, residences, offices, and warehouses, to large outdoor spaces such as parking lots. Five ColorVu + X offerings for improved security, safety, and efficiency In the following sections, we outline how ‘ColorVu + X’ works to help customers take their site security and safety to the next level. ColorVu + Panoramic: The whole scene in vivid color Large areas can be very difficult to secure, often requiring multiple cameras to provide full coverage. With traditional cameras, monitoring these kinds of areas can also be difficult, or even impossible in low light conditions, or at night. To address all of these challenges, Hikvision has integrated ColorVu into its industry-leading panoramic cameras, which use the image fusion technologies to stitch together images from two side-by-side lenses for a seamless, 180-degree view. The results are reduced equipment requirements (with fewer cameras needed to cover large areas); improved situational awareness based on a single, wide-angle image and no blind spots; and the ability to capture every detail in full color – even in the dark. ColorVu + Varifocal: Zoom in with vivid color Cameras with zoom capabilities are more flexible to adapt to various installation environments, making product selection and installation easier. The challenge here is that this process can reduce the amount of light entering the lens, reducing the clarity or color of images. Hikvision has addressed this by integrating ColorVu technology into its varifocal (zoom) cameras. By combining ColorVu with a fixed F1.0 large aperture in the camera, Hikvision guarantees image brightness and full color as the camera zooms in and out. ColorVu + 4K: Capture richer, more colorful details Traditional cameras may lack the resolution to provide clear, full-color video images in lower light conditions. Hikvision overcame this challenge by integrating ColorVu technology into advanced 4K cameras. The results are clear, crisp imaging, fluid footage previews and playback, and enhanced color imaging in low light conditions, or at night. ColorVu + Live Guard: Deter trespassers and intruders from causing harm While most security systems can detect intrusions and other security incidents, goods and property can still be lost or damaged before teams can respond. Hikvision tackles this issue by integrating ColorVu technology and Live Guard sound and light alarms into selected camera ranges. While ColorVu technology captures detailed video footage of security incidents in high resolution and full color, Live Guard sirens and strobe light alarms let trespassers know they have been detected, deterring them from entering a site or building. Notifications of intrusions and other events can also be sent to homeowners, business owners, or security teams in real time, supporting faster, more effective responses. ColorVu + Deep Learning: Smarter security detection 24×7 Often, security systems are unable to differentiate between moving objects – such as falling leaves, heavy rain, and moving animals, and real security threats – such as people breaching a site perimeter. To overcome this, Hikvision has integrated ColorVu into its AI-powered cameras with AcuSense. These reliably identify real security threats, such as people and vehicles, and send alerts to security teams in real time. At the same time, false alarms are minimized, reducing workloads and costs, and increasing efficiency. With ColorVu and AcuSense together, customers get intelligent, proactive security, with high-resolution, full-color video imaging.