Category: Feature

Body worn cameras are firmly established in law enforcement and security segments, with its main uses including deterrence of disorderly conduct and capturing first-hand evidence for use in court. These benefits can also extend to other industries such as healthcare and retail. However, there has been a lack of awareness of body worn cameras usefulness beyond law enforcement. Cameras are often associated with violence and police enforcement. These notions have held back the adoption of body worn cameras in other segments. Axis has introduced AXIS W110 Body Worn Camera to address these barriers to adoption. Compared with previous body worn cameras such as the AXIS W100 and AXIS W101, the AXIS W110 camera emphasizes discreetness, being smaller, lighter and easier to mount. The friendlier design makes it better suited to both retail and healthcare workers. Addressing industry challenges with AXIS W110 Body Worn Camera As with many industries, retail and healthcare are places of work where an unfortunate part of being an employee can involve dealing with disorderly, aggressive or violent behavior. This has been investigated by the World Health Organization which revealed up to 62% of health workers have experienced workplace violence. The Bureau of Justice Statistics data also indicates that the retail industry experiences the third-highest workplace violence victimization rate, after law enforcement and mental health professionals. Employees need to feel safe and protected. Not only can this impact staff retention, but mental health and productivity are also affected. In particular, medical staff retention is one of the biggest challenges healthcare faces today. To support the safety of staff, being equipped with wearable cameras can add a visible deterrent to disorderly conduct, helping to diffuse situations before they escalate. The National Institute of Justice has also reported that the ‘civilizing effect’ of a visible camera may prevent certain situations from escalating, and instead encourage citizen compliance. Wearable solutions can create a safer environment which helps with employee retention and attracting visitors. In instances where legal action is unfortunately needed, there comes the additional challenge of navigating budget constraints. The AXIS W110 provides first-hand, highly secure footage that can help reduce your legal expenses in response to complaints such as from a patient or customer. By acting as a visible deterrent to staff mistreatment and documenting evidence, the AXIS W110 can help safeguard against insurance and liability claims. A new wearable camera designed to meet worker’s needs AXIS W110 Body Worn Camera is a low profile, compact and light weight camera. Its back plate magnets allow for easy, flexible mounting on clothes. This, combined with its reduced size, makes it perfect for healthcare professionals to easily attach to scrubs, even when wearing additional items. While a separate mini cube was needed for the previous version of the body worn camera to be worn on the hip, the new version does not require an external sensor and includes the battery within the unit for a more discreet look. This also supports the retail segment by re moving the need for additional items to compete with other technologies placed on it, like walkie-talkies. We know patient care involves lengthy shifts, and so the smaller and more friendly design of AXIS W110 delivers a long-lasting battery of up to 13 hours depending on camera configuration, alongside reliable footage capture. As with all Axis body worn cameras, the AXIS W110 is part of a system based on the open platform. This enables integration with a video management system (VMS) of choice. First-hand and untampered evidence provided by the camera can be seamlessly integrated with the current system to provide valuable additional insight for resolving disputes and fraudulent claims. To further support with providing valuable insight, AXIS W110 comes with improved image quality as well as improved low light capabilities and motion capture. Additionally, as with previous types of cameras, AXIS W110 is highly cyber secure. The footage cannot be tampered with and cannot be accessed by anyone that should not be able to access it – such as the wearer. All video and audio footage does not go against HIPAA regulations and is only to be used to capture vulnerable situations. Being very visible, the camera ensures people are aware that they are being recorded. AXIS W110 also maintains the live streaming functionality of all Axis cameras. When connected to Wi-Fi the wearer can activate a livestream providing operators with first-hand footage in real time. The livestream footage is saved in the cloud for up to 24 hours and administrators or operators can access and process the footage within that timeframe. The livestream also includes the pre-buffer of up to 90 seconds, allowing the watcher to see why the livestream has been started. Utilizing recording to train and upskill the workforce The high-quality footage from the wearable camera can be used to document compliance with protocols and health and safety regulations. For example, in both healthcare and retail pharmacies, the camera can be used for drug and control compliance when counting pills. Body worn video footage ensures correct medication dispensation, deterring the illegal channeling of drugs to people they were not prescribed to. In addition to reviewing real-life scenarios, cameras can be used for training and educational purposes. First-hand recordings can help identify areas for improvement, and enhance skills through educational programs and workshops, especially when training resources are limited. Moving into new industries Wearable cameras can support various business processes and help reach objectives for security, staff safety, compliance and training. AXIS W110 is based on leading technology which grows with your needs. It will be available on the market from Q4 2023. From its smaller design to its highly secure documentation and seamless integration with existing security surveillance, the AXIS W110 will help lead segments beyond law enforcement into realizing the benefits of wearable video solutions. *Views expressed in the article are solely of Axis Comm.  

The importance of traffic management system is growing with time across the globe and India is no exception. Traffic monitoring has three core functions – traffic law enforcement, traffic direction and traffic accident reporting and investigation. Each of these functions contributes to highway safety directly and also by enhancing the safety efforts of other agencies. Traffic monitoring systems have their unique importance in traffic management. This equipment has a sensor that gives out information on the number of vehicles on a given road at a given time or a camera that helps with images of potholes and various other aspects related to traffic movement. The Urban Transport Authorities have raised the bar high when it comes to the usage of the exact equipment for predicting better road safety. Intelligent transport supported by a robust technological system. There are certain benefits attached to it such as: Resolving Traffic Problems: Resolution of traffic problems, which includes congestions, pollution, and safety. Enhancing Efficiency of Traffic Management: Enhancing the efficiency of the transport management system. Incident Reporting and Recording: Traffic violations, accidents, incidents, road rage, hit & run cases. The need for data related to traffic safety and transportation is critical. The contribution of technology in getting access to data is noteworthy. Relevant authorities can take steps to enhance the safety of commuters and other key stakeholders. There are two immediate benefits, which can be derived from data. The data helps in quick resolution of issues. It also helps in identifying problems, analyzing them and above all correcting them. The advanced traffic monitoring systems are composed of a set of application and management tools to improve the overall traffic efficiency and safety of the transportation systems. Furthermore, to overcome such issue, traffic management system gathers information from heterogeneous sources, it helps to process information and data to identify the hazards and challenges that may impede the traffic efficiency. These systems provide the vital information to manage the evolving challenges based on the traffic scenarios. There are multiple sets of traffic monitoring systems available, but broadly they fall into two categories, the first set consists of a traditional traffic monitoring system and the other one is comprised of intelligent traffic monitoring and management systems. The intelligent automated systems help to address the challenges in traffic monitoring through the help of IoT and AI Technologies. These automated systems are helping to simplify the challenges faced in achieving the goals of smart mobility, safe public transportation and reducing traffic rule violations. Latest trends The latest development in Traffic monitoring and management is enabled by Artificial Intelligence and big data analytics. Intelligent Traffic Systems (ITS) with advanced sensors, radars and license plate recognition cameras are helping to detect and deter the cases of traffic rule violations. These systems are further helping the cause in reducing the traffic congestion by managing the traffic scenarios with real time data visualization. Thus, Intelligent Traffic Management Systems are building consensus and creating awareness among the key stakeholders. Indian metros and cities are facing huge traffic congestion related issues in the recent past, one can hope that Intelligent Traffic Management Systems can offer some solace to the citizens.  

Garima Goswamy, Associate Protection Professional, Chief Executive Officer and Co-Founder, Dridhg Security International Pvt. Ltd. OSINT or Open-Source Intelligence is nothing new. It is information gathering from publicly available sources, which are out there for everyone to see. It has been used extensively by investigators – private and public across generations in their assignments and missions. In fact, during the second world War, Lt. Gen. Samuel V Wilson, who headed the American Defense Intelligence, made an astounding claim – he received 90% of intelligence through open sources. Today in 2023, with a variety of sources available, especially with possible access to the deep web, dark web and regular search engines, and a multitude of social media platform, it becomes exceedingly difficult to retrieve useful information – unless one is adequately trained in usage of OSINT or familiar with different OSINT tools and techniques. With a continuous aim of knowledge enhancement, Dridhg Security International Private Limited, conducted an OSINT Workshop – Social Media Intelligence and Digital Footprint Analysis on 1 December 2023. It was open to all – from students to research analysts, risk analysts operating in Security Operating Centres (SOCs), law enforcement personnel, to senior citizens. It was well received with employees of prominent organizations such as VFS Global, Vedanta Limited, UPL Limited, NetApp, and Mondelez. In fact, a repeat session also saw entrants from prominent Indian investigation companies. A case study was discussed where incessant internet searches led to the arrest of an alleged murderer this year. We attempted the digital footprint analysis of the Instagram posts of the late actor Matthew Perry. Tools and techniques were also a prominent part of this workshop where the participants were introduced to AI software, which made image searches much more specific than one using search engines. What a lot of people do not realize is that by helping in fraud detection OSINT tools and techniques help in fraud prevention. And while it is relevant for the security and risk consulting fields, given that internet safety and cyber security awareness is relevant for students and senior citizens alike, it is a pertinent subject in which all should have some level of understanding, if not expertise. By investing some time, it is possible to verify whether an email id, phone number, or a message which is floated on your devices is genuine or not. One can easily figure out the intention of the person who is communicating with you online. For instance, a few months ago, a contact was established by a person who claimed to be the ‘Crown Prince of Egypt’ on Linkedin. It took me just some cues and time to find the official Linkedin page of the real ‘Crown Prince of Egypt.’ Interestingly now fraudsters are also using bots and AI for social engineering. Celebrities like Tom Hanks and Ratan Tata have warned users not to believe in fake news created by their AI versions. Companies like Boat and Netflix too educate users about their authentic sites. There are some observations which suggest that a site or email or message is untrustworthy. Some tips to spot a phishing email or message are as follows: Suspicious domain name – The email that is sent from a public email domain instead of an official email domain. A misspelled domain name The message is not articulate and is poorly written. One might notice some grammatical errors. The email or text might contain a suspicious attachment or links. Usually there is a sense of urgency indicated in the email or message. This is because the fraudster wants you to act before you can think. Social Media Intelligence, in particular, is a double-edged sword. We are not the only ones reading about others. Others are also watching us. In fact, fraudsters use social engineering tools like creating a shortened URL link which is either shared along with some text or embedded in an image. The moment their target clicks on such a link, the fraudster gets a lot of information about the target which can include the target’s exact GPS location, compromising the target’s privacy. The same social engineering tools can also be used by a tech-savvy person to try to find details about, lets say, a catfish. Catfish is a term used to refer to a person who pretends to be someone else online and communicates under false pretense. Considering the increasing number of cyber frauds, the chances of anyone becoming a target are high. Whether or not you become a victim totally depends on how aware and careful you are in protecting yourself from such attacks and fraudsters. And that is where the OSINT tool and technique becomes useful. There are multiple software tools, for instance, which can analyze emails, and websites and provide information whether such platforms have been compromised. Many times, email ids and even passwords get leaked on the dark web. In online workshops offered by DridhG Security International Private Limited, we try to educate the participants about reliable tools and techniques. We need to be aware how open-source intelligence is being used, how it can be used and how it should or should not be used.    

Prakash Prabhu – Chief Business Officer & Co-Founder, VisionBot In latest rapid-paced production and first-class manipulate environments, precision and performance are paramount. Ensuring product first-class while optimizing manufacturing tactics is a steady project. This is wherein Automated Visual Inspection (AVI) structures come into play. AVI structures leverage modern era, including artificial intelligence and system mastering, to carry out visual inspections with incredible accuracy and velocity. However, implementing such systems involves an economic investment. To decide whether it is a profitable undertaking, groups frequently behaviour a Cost-Benefit Analysis (CBA). In this write up, we’ll explore the idea of CBA in the context of AVI systems, inspecting the way to examine the Return on Investment (RoI) when imposing these technologies Understanding Automated Visual Inspection Systems Automated Visual Inspection systems are designed to duplicate and often exceed the talents of human vision. They use cameras, sensors, and superior algorithms to research and evaluate products, additives, or substances for defects, inconsistencies, or first-rate deviations. AVI systems can be deployed in various industries, inclusive of manufacturing, electronics, prescribed drugs, automobile, and food manufacturing, to name some. Here’s how they normally paintings: Capture Images or Video: AVI structures use cameras to capture snap shots or films of the gadgets being inspected. Processing and Analysis: These images or motion pictures are processed by specialized software program that employs artificial intelligence and de vice mastering algorithms. This software program can become aware of defects, degree dimensions, verify product integrity, and more. Decision-Making: Based at the analysis, the machine makes selections in actual-time. It can categorize objects as ‘bypass’ or ‘fail,’ triggers alarms or signals while defects are detected, and even initiates corrective actions in some cases. Data Logging and Reporting: AVI systems frequently log inspection facts and generate special reports. This information can be helpful for exceptional manipulate, method development, and compliance functions. The Need for Cost-Benefit Analysis The integration of AVI systems into current processes requires a large investment in terms of hardware, software, training, and integration. Therefore, enterprises must determine if the advantages will exceed the expenses before making such a significant investment. The Cost-Benefit Analysis (CBA) is useful in this situation. Cost-Benefit Analysis (CBA) for AVI Systems The financial viability of a project or investment is assessed using the cost-benefit analysis method, which is an organized procedure. CBA entails a complete analysis of the advantages and disadvantages of adopting Automated Visual Inspection systems in the context of deploying them. Here is the normal procedure: Identifying Costs: Initial Investment: This consists of the value of purchasing AVI hardware, software licenses, and any extra system or infrastructure required for implementation. Installation and Integration: Expenses associated with the setup, configuration, and integration of AVI structures into current manufacturing traces or tactics. Training: Costs related to training personnel to perform, hold, and troubleshoot the AVI machine efficiently. Operational Costs: Ongoing fees inclusive of preservation, software updates, and any required technical aid or carrier agreements. Identifying Benefits: Quality Improvement: AVI structures are frequently carried out to decorate product exceptional. This gain can be hard to quantify but could have a massive impact on purchaser satisfaction and popularity. Reduced Labor Costs: Automated Visual Inspection systems can extensively lessen the want for manual inspections, saving on exertions charges. Increased Throughput: By carrying out inspections at excessive speeds, AVI systems can contribute to expanded production performance. Reduced Scrap and Rework: Detecting defects early in the production process can lessen scrap and rework costs. Compliance and Risk Mitigation: AVI systems can also assist in ensuring adherence to enterprise norms and policies, reducing the hazard of high-priced penalties or product recollects. Data-Driven Insights: The statistics accrued via AVI structures can provide valuable insights for manner optimization and continuous improvement efforts. Steps to Perform a CBA for Automated Visual Inspection Systems Performing a CBA for AVI systems includes a hooked up method to evaluate the costs and advantages. Here are the key steps: 1.Define the Scope Clearly outline the scope of the AVI implementation challenge. Identify the right merchandise or strategies to be able to reduce hassle to the computerized inspection. 2.Identify Costs Initial Investment: Calculate the entire fee of acquiring and putting in place the AVI device, which include hardware, software program software program, and set up. Training Costs: Estimate the charges associated with training employees to feature and hold the AVI device. Operational Costs: Determine ongoing prices, which encompass maintenance, software, software updates, and technical assists. 3.Identify Benefits Quality Improvement: Assess the potential effect of AVI on product brilliant and consumer delight. Consider factors collectively with reduced defects and superior consistency. Labor Cost Reduction: Estimate the tough work price economic financial savings as a result of the decreased want for guide inspections. Increased Throughput: Calculate the capability growth in manufacturing output because of quicker inspections. Scrap and Rework Reduction: Estimate the price economic savings from minimizing scrap and remodel. Compliance and Risk Mitigation: Consider the potential value financial savings from averting fines or recalls due to non-compliance. Data-Driven Insights: Determine how to use the data gathered by AVI systems to enhance the system and reduce costs. 4.Calculate the Net Benefit Subtract the entire expenses (initial funding, schooling, and operational expenses) from the entire blessings (excellent improvement, exertions cost discount, throughput boom, scrap and remodel cut price, compliance benefits, and information-pushed insights). 5.Calculate the RoI Calculate the Return on Investment (RoI) by dividing the net benefit by the total costs and expressing it as a percentage. RoI = TotalCosts/ NetBenefit×one hundred. 6.Sensitivity Analysis Perform sensitivity analysis to assess how changes in key variables, including inspection speed or hard work fee financial savings, effect the RoI. This enables in expertise the robustness of the investment choice. 7.Decision-Making Based at the calculated RoI and sensitivity analysis, make a knowledgeable choice about whether or not to proceed with the implementation of the AVI gadget. A positive RoI shows that the funding is financially justified. Factors Affecting RoI for Automated Visual Inspection systems Several factors can impact the ROI of implementing AVI structures: 1.Scale of Implementation The length…

Vishak Raman Vice President of Sales, India SAARC and Southeast Asia at Fortinet An Annual Perspective from FortiGuard Labs Adversaries always discover new ways to compromise networks, yet executing successful attacks hasn’t always been straightforward or quick. But today, thanks to the growth of the Cybercrime-as-a-Service (CaaS) market and the rise of generative AI, cybercriminals have more ‘easy’ buttons than ever. The result? Attackers will expand their ‘work smarter, not harder’ approach to cybercrime by relying heavily on the new capabilities in their respective toolboxes. This year’s threat predictions report examines a new era of advanced persistent cybercrime, discusses how AI is changing the attack game, shares fresh trends to watch for in 2024, and more. Here’s a look at how we expect the threat landscape to evolve and our best tips for protecting your organization. The Evolution of Old Favorites We’ve been discussing numerous attack trends for years, including in our 2023 threat predictions report, noting how we expect these fan-favorite tactics to evolve in the days ahead. For example, we’ve witnessed advanced persistent cybercrime become more sophisticated and targeted, the rise of more intense turf wars occurring between cybercrime groups, and a shift in how AI is used to support attacks. Below is a look back at some key 2023 predictions and our thoughts regarding how these longstanding trends across the threat landscape will change in 2024 and beyond. A new era of advanced persistent cybercrime For the past several years, we’ve predicted that the growth of new vulnerabilities combined with more pre-attack activity among adversaries would pave the way for the expansion of the CaaS market. Today, as cybercriminals and advanced persistent threat (APT) groups continue working together (there are more on the dark web than ever), it’s safe to say our prediction came true. Unfortunately for security practitioners, it’s only the tip of the iceberg. APT activity is on the rise. In the first half of 2023, we witnessed significant activity among APT groups, with 41 (about 30%) of the 138 groups that MITRE tracks being active during this time. Of those, Turla, StrongPity, Winnti, OceanLotus, and WildNeutron were the most active, according to our FortiGuard Labs malware detections. Looking ahead, we predict that even more of these APT groups will become more active – even beyond the 138 identified by MITRE and those that CISA outlines with active cycles – likely engaging in dual cybercrime and cyber-espionage activities. We also expect to see a trend in which more APT groups will transition to employing even more stealthy, innovative methods to initiate attacks. Techniques such as HTML smuggling are gaining popularity, and we foresee additional novel methods emerging in the coming year. Their tactics, techniques, and procedures (TTPs) continue to evolve, evading security products with outdated analytics. Alongside what’s sure to be a banner year for new Common Vulnerabilities and Exposures (CVEs), we should expect the growth of TTPs and, therefore, the MITRE ATT&CK framework. In addition to the evolution of APT operations, we predict that cybercrime groups will continue diversifying their targets, looking for hidden (and highly lucrative) gems among a long list of already-compromised organizations. For example, in the operational technology (OT) space, the manufacturing industry has historically been the top target among cybercriminals. Going forward, we expect OT attacks to increasingly reach beyond manufacturing, with malicious actors setting their sights on industries such as healthcare, utilities, finance, oil and gas, and transportation. These attacks will also move beyond data encryption and focus primarily on the extortion of their targets. They’ll also continue embracing supply chain attacks, working to disrupt critical services and organizations. In our 2023 threat predictions report, we also said that edge attacks would go mainstream, and we expect to see even more of this activity in the future. Not only did this happen, but we anticipate that attackers will work to diversify their targets beyond what we typically think of as an edge device. With Flipper Zero and other such tools at their fingertips, money or device mules could hack IoT devices in person by cloning RFID cards or hotel key cards and then running arbitrary commands on devices such as phones and laptops. Recently, Flipper Zero made it possible for attackers to avoid plugging in USB devices in a BadUSB attack. It only takes one employee to connect via Bluetooth before malicious commands get executed. With a zero-day exploit, user interaction may not even be required. The bottom line: The sheer breadth of potential targets and more left-hand activity in the attack chain ensures a constant stream of victims and profitable payouts for cybercriminals. Get off my lawn: The cybercrime turf wars intensify We predicted several years ago that we’d see turf wars emerge between cybercrime groups, with multiple adversaries focusing on the same targets. Today, we’re seeing just that, as multiple cybercrime groups try to infiltrate the same target in a short period – sometimes in a matter of 24 hours or less – deploying ransomware variants of AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal in different combinations. Many organizations that experienced this had similar attacks made against them within days, all led by various adversaries. We can assume other cybercriminals closely monitor communications on the dark web and then run the same attack or piggyback off attacks initially executed by rival threat actors. The growth of this emerging trend prompted the FBI to issue a warning to organizations in September 2023, urging security leaders to review and enhance their defenses to guard against ransomware incidents. We saw that roughly two-thirds of all categorized MITRE ATT&CK techniques were actively used in attacks in the first half of this year, with defense evasion being the top tactic and process injection being used across the board for evasion on compromised systems. Stolen credentials are like an all-access pass for bad actors, enabling them to infiltrate your network to launch ransomware and other attacks. Given how valuable stolen credentials are to threat actors, we predict that the emerging trend…

ANIL PURI CMD, APS GROUP The globalization has led to adaptation of best practices and standards universally accepted worldwide. Most of the industries in India are in process of transformation or have already evolved and transformed at par with such global standards. As regards to Private Security Industry (PSI) in India, although regulatory framework exists on paper, the same has not been enforced with the speed, energy and intent it needed to be. In the context of the private security industry, ‘Standards and Services’ generally refer to the established norms, guidelines, and practices that govern the conduct and operations of private security firms. This includes both industry-specific standards and the range of services offered by private security companies Generic understanding of the standards Primarily, generic understanding of the standards in the industry parlance is in terms of: Regulatory compliance: Private security firms are often subject to regulations and standards set by government authorities. These standards may cover aspects such as licensing, training requirements, and ethical conduct. Industry best practices: There are also industry-specific best practices that private security companies may follow voluntarily or as part of professional associations. These practices can cover areas such as personnel training, use of force, and technology implementation. Quality assurance: Adhering to standards helps ensure the quality and reliability of services provided by private security firms. Clients often look for companies that comply with recognized standards to ensure a certain level of competence and professionalism. Need for instituting the standards PSI in India is one of the fastest growing industries with growth rate zooming to 25% per annum. It is accredited to be one of the largest employment providers and also the largest tax payer. In 2016 its market size was valued around INR57000/- Crores which now stands approximately at staggering INR1.5 Lakh Crores. Despite all these credentials, we still find 50% of the industry reeling under the unorganized section and majorly responsible for dilution of quality in services delivery, violation of the regulatory framework and compliance metrics. This anomaly is equally attributable to both the segments – end user (Principal Employer), as well as service provider (Security Agency). New guidelines need to be framed to eradicate the ambiguity which is being exploited and misused at both ends and rendering the deterioration of the standards of Indian PSI at global platform. Adoption of globally accepted standards to usher in quality of services is bound to see a quantum jump in demand of Indian Security Personnel as well as Indian MNCs operating abroad, as also domestic players. Standards There isn’t a specific ISO standard dedicated exclusively to services in the private security industry. However, there are broader ISO standards that relate to service management systems and may be applicable to private security services. Here are a few key standards in that context. ISO 9001:2015 – Quality Management Systems: While not specific to services in the private security industry, ISO 9001 sets out criteria for a quality management system. Private security companies can use this standard to ensure that their quality management system is robust, helping to enhance the quality of their services. ISO 18788:2015 – Management System for Private Security Operations: This standard, although not exclusively focused on services, provides a framework for managing private security operations. It covers aspects related to the provision of services, including the planning, execution, and improvement of security operations. ISO 41001:2018 – Facility Management: Private security services often involve facility management aspects. ISO 41001 provides requirements for an effective facility management system, ensuring that services related to facility security are well-managed. ISO 31000:2018 – Risk Management: This standard provides principles and guidelines for effective risk management. Private security agencies may use this standard to assess and manage risks associated with their operations. ISO 22301: 2019 – Societal Security (Business Continuity): Business continuity is crucial in private security industry. This standard provides a framework for establishing, implementing, maintaining, and continually improving a business continuity system. ISO/ IEC 27001:2013 – Information Technology – Security Techniques: Information security is vital in the modern security landscape. ISO/ IEC 27001 provides requirements for establishing, implementing, maintaining, and continually improving an information security management system. ISO 10002:2018 – Quality Management – Customer Satisfaction – Guidelines for Complaints Handling in Organizations: Customer satisfaction is a critical aspect of service provision. This standard provides guidance on handling complaints, which is relevant for private security companies aiming to improve customer satisfaction. Services Services in the security industry can be broadly bracketed into the following: Security guarding: This is a fundamental service where private security personnel are stationed at various locations to deter and respond to security threats. Surveillance and monitoring: Private security companies may offer surveillance ser-vices using technology such as CCTV cameras and monitoring systems to enhance security measures. Event security: Providing security services for events such as concerts, conferences, and private functions. Consulting and risk assessment: Offering expertise in assessing security risks, developing security plans, and advising clients on security measures tailored to their needs. Cybersecurity: With the increasing importance of digital security, some private security firms offer services related to protecting clients’ digital assets. Cash in transit: Cash-in-transit (CIT) services involve the secure transportation of cash and other valuables from one location to another. These services play a crucial role in the financial and retail sectors by ensuring the safe and efficient movement of money between banks, businesses, and other institutions. PSOs (Personal Security Officers): PSOs, or personal security officers, are professionals trained to provide personal security and protection to individuals. They may work for private individuals, celebrities, executives, or anyone who requires personal security. PSOs are trained to assess potential risks, implement security measures, and ensure the safety of their clients. Current regulatory framework PSI in India comes under aegis of the Ministry of Home Affairs (MHA) of Government of India (GoI) and currently functions primarily under framework of PSAR Act 2005 and Central Model Rules (CMR) 2020-21. Both pivot documents by design are generic and lay down only the broad guidelines but specifics…

Garima Goswamy, Co-Founder & CEO, DridhG Security International Pvt. Ltd. Cyber Attacks As technology has become an integral part of everyone’s life, threats have moved from the physical space to the virtual space. Within a week in August 2023, the websites of two educational institutes in NOIDA were hacked. We are all aware that in November 2022, Delhi’s All India Institute of Medical Sciences (AIIMS) faced a ransomware attack. Such an attack denies a user or an organization to access its files. In this attack, outpatient and research data were wiped out from AIIMS’ primary and back up servers. The database of the Unique Identification Authority of India (UIDAI) too suffered from intrusion from hacking groups in June and July 2021. Forget singular institutes, the city of Mumbai faced a blackout in October 2020 for 10 to 12 hours. It impacted business continuity, halted local transport, and even was responsible to shut down the stock market. It, too, is believed to be a possible result of a cyber-attack. One thing all these attacks have in common is that these were apparently orchestrated by foreign national cyber criminals, who might be sponsored by India’s neighbouring nation states including China, Pakistan, Bangladesh, to name a few. Associated Geopolitical Tussle Between India & Its Neighbours Just as terrorists from other nations, who may or may not have the backing of their countries, there is an army of cyber terrorists whose mission is to attack India. The ban of several Chinese apps by India’s Ministry of Electronics and Information Technology since the India-Chinese face-off along the Line of Actual Control in 2020 is not a coincidence. India’s Foreign Secretary Vinay Mohan Kwatra did state that the reason to ban some Chinese applications pertaining to betting and loans was to stop the spread of misinformation, the spread of disinformation and fake information. Many might not be privy to the speculation that in April 2022, Chinese attackers strategically targeted as many as seven Indian centers in Ladakh which help in electrical dispatch and grid control near India-China border. There are reports which suggest that the cyber-attack at AIIMS was also orchestrated by the Chinese government aimed to gather data of Very Important Persons (VIPs) of India and Indian celebrities. Similarly, Chinese hackers may be behind the Unique Identification Authority of India (UIDAI) 3 attack, for as per a report, the breaches were doctored through a malware named Winnti, deployed by Chinese Advanced Persistent Threat (APT) groups, known to be state sponsored. Recorded Future, a US based cyber security company, claims that the Mumbai 2020 blackout was the work of multiple malwares deployed by another Chinese group RedEcho. While the Chinese government denies their role in these attacks, there are some foreign national groups of cyber criminals who are very vocal about their involvement of hacking India’s websites as they are motivated by political hate towards our nation. Upon hacking a school website on 10 August 2023, they identified themselves as ‘Muslim Hackers from Bangladesh’ who believe they are freedom fighters as their message read “When liberty is at risk, expect us.” These might be rogue elements from Bangladesh and supposedly became increasingly active since an incident when a Bhartiya Janata Party leader Nupur Sharma had allegedly made some derogatory remarks against the Prophet Muhammad. These are different from cyber criminals who engage in ransomware attacks which strategically attack another nation’s critical infrastructure. Hacktivists are mainly motivated by religion and politics and want to publicize themselves and deface websites to show the loopholes in the targeted country’s cyber security. “Just as terrorists from other nations, who may or may not have the backing of their countries, there is an army of cyber terrorists whose mission is to attack India. The ban of several Chinese apps by India’s Ministry of Electronics and Information Technology since the IndiaChinese face-off along the Line of Actual Control in 2020 is not a coincidence. India’s Foreign Secretary Vinay Mohan Kwatra did state that the reason to ban some Chinese applications pertaining to betting and loans was to stop the spread of misinformation, the spread of disinformation and fake information” Game Changer – Geopolitical Cyberwar A prominent hacktivist group which has carried out several Distributed Denial of service (DDoS) attacks since June 2022 is called ‘Mysterious Team Bangladesh.’ Here hackers flood a website with so much of traffic that legitimate users cannot access it. As per a report published by Group IB, MTB is associated with 750 DDoS attacks and as many as 70 cases of website defacement mainly targeting India’s government, financial and transportation sectors. They also target Israel and other countries. While this particular group might not be state sponsored, an increase in activity by state sponsored hackers is related to the Russia-Ukraine conflict where at least 19 state sponsored groups from Ukraine, Russia, China, Belarus, North Korea and Iran carried out attacks in relation to the conflict. This probably influenced state sponsored groups from other countries not directly involved with the Russia-Ukraine conflict to conduct cyber espionage in their neighbouring countries. In fact, it is noteworthy that now ‘camps’ exist! There is a collaboration between India and Nepal Hacktivists on one side and Pakistan, Bangladesh, Malaysia and Indonesia on the other side. Unlike international ransomware groups which may have targets on occasional events, hacktivists work on a daily basis to weaken their adversaries. Let’s have a look at what are these online hackers from these two camps doing? Defacing websites: Indian Cyber Force defaced the website of Pakistan’s Regional Forensic Science Laboratory Swat. Distributed Denial of Service (DDoS) Attacks: Indonesian GANOSEC targeted Indian sites: kerala.gov.in; incometax.gov.in, and rajpolice. gov.in Data leaks: MTB managed to release internal login information of All India Council of Technical Education (AICTE). Indian Cyber Force and Black Dragon Sec leaked several passport and other government identification information of Pakistani nationals. What should be done? To be aware of such daily attacks is pertinent for government and organizations, so that they can prioritize investing in adequate…

John Davies, Managing Director of TDSi The idea of ‘Frictionless Access Control’ is not a new one, but in the wake of the COVID pandemic we are all more aware of the need for security systems that operate and rapidly adapt to changing needs, without causing users unnecessary inconvenience. The key issue, and indeed balancing act, with this approach is always ensuring security continues to actually be ‘secure,’ whilst also making life easier for the authorised people that rely on it as part of their daily routine So, have we reached true Frictionless Access Control yet? We need to start by understanding what the concept actually means. What is Frictionless Access Control? Frictionless Access Control refers to a set of technologies and systems designed to provide secure access to physical spaces (such as buildings, offices, or restricted areas) with minimal or no inconvenience to authorised individuals. The goal is to streamline and simplify the process of gaining access while maintaining a high level of security. What Powers Frictionless Access Control? The obvious answer is technology advancements. Over the last decade or so there have been significant advancements in access control technologies, including biometrics (such as fingerprint and facial recognition), contactless card systems (like RFID or NFC), and smartphone-based access control credentials (such as Apple Wallet, Google Wallet, and the introduction of Ultra-Wide Band – UWB – for highly effective short-range communications). These technologies aim to reduce the friction associated with traditional access methods like keys or PINs. Implementation is of course another key factor. The effectiveness of Frictionless Access Control depends on how well it is implemented, be that the close integration of hardware and software, user training, and security protocols, all of which play a crucial role in achieving seamless and secure access control. Sector driven demands are also an important element in driving Frictionless Access Control. For example, the Proptech (property technology) sector uses technology to optimise the way people buy, sell, research, market, and manage a property. This includes looking for ways to deliver a better user experience by improving how people interact with the built environment, so effortless access control technology is very well placed to help with this. Making it Work As we have already discussed, security versus convenience is the crucial question here. There is often a trade-off between security and convenience and achieving higher levels of security may require additional authentication steps or slower access processes, which can introduce some friction. Striking the right balance between security and convenience is essential. This of course depends on the type of security deployment and the value/ vulnerability of the people and property it protects. For example, Frictionless Access Control may work well in certain situations such as corporate environments, where users are familiar with the technology and the access points are well-maintained. However, it may face challenges in more complex or high-security settings such as financial institutions, military installations, or sites with vulnerable people (such as schools and colleges). Potential Stumbling Blocks Careful consideration needs to be paid to how using a frictionless approach could compromise security. For example, biometric technologies used in Frictionless Access Control can raise concerns about privacy and data security (there are many ethical debates over the collection and storage of such personal data). Ensuring that user data is protected and used responsibly is critical and will always need to take precedence over user convenience. Cost is another key consideration. Implementing Frictionless Access Control systems can be expensive, particularly if it involves the deployment of advanced high security biometric or contactless technologies. Organisations need to weigh the cost against the benefits and available budget. The convenience of employees will not always be the prime concern. Is Frictionless Access Control Achievable? The short answer is yes, absolutely. In fact, although it was accelerated by the desire for ‘non-touch’ solutions thanks to COVID, Frictionless Access Control was already a reality well before the pandemic and is quickly transforming the way we, as users, interact with our Access Control Systems. The rapid development and integration of advanced technologies such as Facial Recognition and Smart or Mobile credentials, with traditional access methods, are evolving into seamless, touchless experiences. Although these advanced technologies are often more secure than the traditional card or fob-based credentials, true frictionless access is only as good as the speed and accuracy with which the technology can function – which in the past has often been a limiting factor to its mass adoption. Any organisation considering whether Frictionless Access Control is right for it needs to carefully assess its needs, risks, and resources when considering the adoption of these systems and must ensure that they are deployed and managed with a focus on both security and user experience. *Views expressed in the article are solely of the Author  

Dominic K. P., Managing Director, Blue & Gray With booming infrastructures in India, is no stranger to the devastating impacts of fire-related incidents. As urbanization progresses, the risk factors associated with fires in commercial and residential buildings increase. Insurance companies play a pivotal role, not only in providing financial coverage against such tragedies but also in actively promoting the adoption of robust fire systems. Here’s a closer look at their influential role. Mandatory Fire Insurance for Commercial Establishments Many Indian cities have made it mandatory for commercial establishments to have fire insurance. Insurance companies, recognizing the immense risks involved, stipulate that these businesses must have standard fire safety measures in place before they can be insured. This indirectly forces businesses to adopt fire systems and comply with safety norms. Implementing an effective functional Fire Protection system and Passive Fire Protection in a building can significantly contribute to obtaining better insurance premiums. Insurance companies must assess the risks associated with a property when determining premiums. The Role of a Passive Fire Protection in Reducing The Risk A well-designed Passive Fire System plays a crucial role in reducing risks and containing fires within a building. Passive fire protection systems should be an integral part of the building to reduce the risk and containment of fires within a building. Insurance companies must recognize the value of such systems in preserving life and property, and they may reward property owners with better premiums for investing in and maintaining a robust passive fire protection infrastructure. Regular inspections, maintenance, and documentation of these systems are essential to demonstrate an ongoing commitment to safety and risk mitigation. Premium Reduction as an Incentive Insurance companies should offer premium discounts to entities that go above and beyond the minimum fire safety requirements. This not only encourages businesses to invest in advanced fire protection systems but also promotes a culture of safety and preparedness. Regular Audits and Inspections To ensure compliance, insurance companies often conduct routine audits and inspections of the insured properties. These inspections verify the functionality and maintenance of fire safety equipment. Non-compliance or neglect can lead to a cancellation of the policy. Collaborations with Certified Contractors Insurance companies should collaborate with fire protection contractors, offering packages that include both fire protection installers and passive fire applicators. Such collaborations make it financially attractive for businesses and occupants to invest in quality fire safety equipment. Knowledge Dissemination & Training A robust fire system is only as effective as the people operating it. Recognizing this, many insurance companies in India should host workshops, training sessions, and awareness campaigns on fire safety. By educating the insured about the importance and proper use of fire systems, they not only reduce risks but also ensure that in the event of a fire, damage is minimized. Claims and Feedback Loop After any fire-related incident, insurance companies should engage a third-party Fire Risk auditor or Fire experts or Retired Fire Officers to conduct thorough investigations to determine the cause and assess the effectiveness of the installed fire systems. This feedback loop is vital. It helps in understanding any new risks and refining the requirements for future policies. Conclusion As India continues to grow and urbanize, the challenges posed by firerelated risks will only escalate. Insurance companies, by intertwining the need for safety with financial incentives, play a crucial role in ensuring that buildings are well-equipped to combat these threats. Their proactive approach not only safeguards assets and lives but also reinforces the importance of a culture of preparedness and a Fire-Safe India. *Views expressed in the article are solely of the Author