securitylinkindia

How Traffic Monitoring System can Help Traffic Management Authorities

The importance of traffic management system is growing with time across the globe and India is no exception. Traffic monitoring has three core functions – traffic law enforcement, traffic direction and traffic accident reporting and investigation. Each of these functions contributes to highway safety directly and also by enhancing the safety efforts of other agencies. Traffic monitoring systems have their unique importance in traffic management. This equipment has a sensor that gives out information on the number of vehicles on a given road at a given time or a camera that helps with images of potholes and various other aspects related to traffic movement. The Urban Transport Authorities have raised the bar high when it comes to the usage of the exact equipment for predicting better road safety. Intelligent transport supported by a robust technological system. There are certain benefits attached to it such as: Resolving Traffic Problems: Resolution of traffic problems, which includes congestions, pollution, and safety. Enhancing Efficiency of Traffic Management: Enhancing the efficiency of the transport management system. Incident Reporting and Recording: Traffic violations, accidents, incidents, road rage, hit & run cases. The need for data related to traffic safety and transportation is critical. The contribution of technology in getting access to data is noteworthy. Relevant authorities can take steps to enhance the safety of commuters and other key stakeholders. There are two immediate benefits, which can be derived from data. The data helps in quick resolution of issues. It also helps in identifying problems, analyzing them and above all correcting them. The advanced traffic monitoring systems are composed of a set of application and management tools to improve the overall traffic efficiency and safety of the transportation systems. Furthermore, to overcome such issue, traffic management system gathers information from heterogeneous sources, it helps to process information and data to identify the hazards and challenges that may impede the traffic efficiency. These systems provide the vital information to manage the evolving challenges based on the traffic scenarios. There are multiple sets of traffic monitoring systems available, but broadly they fall into two categories, the first set consists of a traditional traffic monitoring system and the other one is comprised of intelligent traffic monitoring and management systems. The intelligent automated systems help to address the challenges in traffic monitoring through the help of IoT and AI Technologies. These automated systems are helping to simplify the challenges faced in achieving the goals of smart mobility, safe public transportation and reducing traffic rule violations. Latest trends The latest development in Traffic monitoring and management is enabled by Artificial Intelligence and big data analytics. Intelligent Traffic Systems (ITS) with advanced sensors, radars and license plate recognition cameras are helping to detect and deter the cases of traffic rule violations. These systems are further helping the cause in reducing the traffic congestion by managing the traffic scenarios with real time data visualization. Thus, Intelligent Traffic Management Systems are building consensus and creating awareness among the key stakeholders. Indian metros and cities are facing huge traffic congestion related issues in the recent past, one can hope that Intelligent Traffic Management Systems can offer some solace to the citizens.  

Read More

OSINT Tools & Technique: Fraud Detection to Help Fraud Prevention

Garima Goswamy, Associate Protection Professional, Chief Executive Officer and Co-Founder, Dridhg Security International Pvt. Ltd. OSINT or Open-Source Intelligence is nothing new. It is information gathering from publicly available sources, which are out there for everyone to see. It has been used extensively by investigators – private and public across generations in their assignments and missions. In fact, during the second world War, Lt. Gen. Samuel V Wilson, who headed the American Defense Intelligence, made an astounding claim – he received 90% of intelligence through open sources. Today in 2023, with a variety of sources available, especially with possible access to the deep web, dark web and regular search engines, and a multitude of social media platform, it becomes exceedingly difficult to retrieve useful information – unless one is adequately trained in usage of OSINT or familiar with different OSINT tools and techniques. With a continuous aim of knowledge enhancement, Dridhg Security International Private Limited, conducted an OSINT Workshop – Social Media Intelligence and Digital Footprint Analysis on 1 December 2023. It was open to all – from students to research analysts, risk analysts operating in Security Operating Centres (SOCs), law enforcement personnel, to senior citizens. It was well received with employees of prominent organizations such as VFS Global, Vedanta Limited, UPL Limited, NetApp, and Mondelez. In fact, a repeat session also saw entrants from prominent Indian investigation companies. A case study was discussed where incessant internet searches led to the arrest of an alleged murderer this year. We attempted the digital footprint analysis of the Instagram posts of the late actor Matthew Perry. Tools and techniques were also a prominent part of this workshop where the participants were introduced to AI software, which made image searches much more specific than one using search engines. What a lot of people do not realize is that by helping in fraud detection OSINT tools and techniques help in fraud prevention. And while it is relevant for the security and risk consulting fields, given that internet safety and cyber security awareness is relevant for students and senior citizens alike, it is a pertinent subject in which all should have some level of understanding, if not expertise. By investing some time, it is possible to verify whether an email id, phone number, or a message which is floated on your devices is genuine or not. One can easily figure out the intention of the person who is communicating with you online. For instance, a few months ago, a contact was established by a person who claimed to be the ‘Crown Prince of Egypt’ on Linkedin. It took me just some cues and time to find the official Linkedin page of the real ‘Crown Prince of Egypt.’ Interestingly now fraudsters are also using bots and AI for social engineering. Celebrities like Tom Hanks and Ratan Tata have warned users not to believe in fake news created by their AI versions. Companies like Boat and Netflix too educate users about their authentic sites. There are some observations which suggest that a site or email or message is untrustworthy. Some tips to spot a phishing email or message are as follows: Suspicious domain name – The email that is sent from a public email domain instead of an official email domain. A misspelled domain name The message is not articulate and is poorly written. One might notice some grammatical errors. The email or text might contain a suspicious attachment or links. Usually there is a sense of urgency indicated in the email or message. This is because the fraudster wants you to act before you can think. Social Media Intelligence, in particular, is a double-edged sword. We are not the only ones reading about others. Others are also watching us. In fact, fraudsters use social engineering tools like creating a shortened URL link which is either shared along with some text or embedded in an image. The moment their target clicks on such a link, the fraudster gets a lot of information about the target which can include the target’s exact GPS location, compromising the target’s privacy. The same social engineering tools can also be used by a tech-savvy person to try to find details about, lets say, a catfish. Catfish is a term used to refer to a person who pretends to be someone else online and communicates under false pretense. Considering the increasing number of cyber frauds, the chances of anyone becoming a target are high. Whether or not you become a victim totally depends on how aware and careful you are in protecting yourself from such attacks and fraudsters. And that is where the OSINT tool and technique becomes useful. There are multiple software tools, for instance, which can analyze emails, and websites and provide information whether such platforms have been compromised. Many times, email ids and even passwords get leaked on the dark web. In online workshops offered by DridhG Security International Private Limited, we try to educate the participants about reliable tools and techniques. We need to be aware how open-source intelligence is being used, how it can be used and how it should or should not be used.    

Read More

Cost Benefit Analysis: Evaluating the RoI of Implementing Automated Visual Inspection Systems

Prakash Prabhu – Chief Business Officer & Co-Founder, VisionBot In latest rapid-paced production and first-class manipulate environments, precision and performance are paramount. Ensuring product first-class while optimizing manufacturing tactics is a steady project. This is wherein Automated Visual Inspection (AVI) structures come into play. AVI structures leverage modern era, including artificial intelligence and system mastering, to carry out visual inspections with incredible accuracy and velocity. However, implementing such systems involves an economic investment. To decide whether it is a profitable undertaking, groups frequently behaviour a Cost-Benefit Analysis (CBA). In this write up, we’ll explore the idea of CBA in the context of AVI systems, inspecting the way to examine the Return on Investment (RoI) when imposing these technologies Understanding Automated Visual Inspection Systems Automated Visual Inspection systems are designed to duplicate and often exceed the talents of human vision. They use cameras, sensors, and superior algorithms to research and evaluate products, additives, or substances for defects, inconsistencies, or first-rate deviations. AVI systems can be deployed in various industries, inclusive of manufacturing, electronics, prescribed drugs, automobile, and food manufacturing, to name some. Here’s how they normally paintings: Capture Images or Video: AVI structures use cameras to capture snap shots or films of the gadgets being inspected. Processing and Analysis: These images or motion pictures are processed by specialized software program that employs artificial intelligence and de vice mastering algorithms. This software program can become aware of defects, degree dimensions, verify product integrity, and more. Decision-Making: Based at the analysis, the machine makes selections in actual-time. It can categorize objects as ‘bypass’ or ‘fail,’ triggers alarms or signals while defects are detected, and even initiates corrective actions in some cases. Data Logging and Reporting: AVI systems frequently log inspection facts and generate special reports. This information can be helpful for exceptional manipulate, method development, and compliance functions. The Need for Cost-Benefit Analysis The integration of AVI systems into current processes requires a large investment in terms of hardware, software, training, and integration. Therefore, enterprises must determine if the advantages will exceed the expenses before making such a significant investment. The Cost-Benefit Analysis (CBA) is useful in this situation. Cost-Benefit Analysis (CBA) for AVI Systems The financial viability of a project or investment is assessed using the cost-benefit analysis method, which is an organized procedure. CBA entails a complete analysis of the advantages and disadvantages of adopting Automated Visual Inspection systems in the context of deploying them. Here is the normal procedure: Identifying Costs: Initial Investment: This consists of the value of purchasing AVI hardware, software licenses, and any extra system or infrastructure required for implementation. Installation and Integration: Expenses associated with the setup, configuration, and integration of AVI structures into current manufacturing traces or tactics. Training: Costs related to training personnel to perform, hold, and troubleshoot the AVI machine efficiently. Operational Costs: Ongoing fees inclusive of preservation, software updates, and any required technical aid or carrier agreements. Identifying Benefits: Quality Improvement: AVI structures are frequently carried out to decorate product exceptional. This gain can be hard to quantify but could have a massive impact on purchaser satisfaction and popularity. Reduced Labor Costs: Automated Visual Inspection systems can extensively lessen the want for manual inspections, saving on exertions charges. Increased Throughput: By carrying out inspections at excessive speeds, AVI systems can contribute to expanded production performance. Reduced Scrap and Rework: Detecting defects early in the production process can lessen scrap and rework costs. Compliance and Risk Mitigation: AVI systems can also assist in ensuring adherence to enterprise norms and policies, reducing the hazard of high-priced penalties or product recollects. Data-Driven Insights: The statistics accrued via AVI structures can provide valuable insights for manner optimization and continuous improvement efforts. Steps to Perform a CBA for Automated Visual Inspection Systems Performing a CBA for AVI systems includes a hooked up method to evaluate the costs and advantages. Here are the key steps: 1.Define the Scope Clearly outline the scope of the AVI implementation challenge. Identify the right merchandise or strategies to be able to reduce hassle to the computerized inspection. 2.Identify Costs Initial Investment: Calculate the entire fee of acquiring and putting in place the AVI device, which include hardware, software program software program, and set up. Training Costs: Estimate the charges associated with training employees to feature and hold the AVI device. Operational Costs: Determine ongoing prices, which encompass maintenance, software, software updates, and technical assists. 3.Identify Benefits Quality Improvement: Assess the potential effect of AVI on product brilliant and consumer delight. Consider factors collectively with reduced defects and superior consistency. Labor Cost Reduction: Estimate the tough work price economic financial savings as a result of the decreased want for guide inspections. Increased Throughput: Calculate the capability growth in manufacturing output because of quicker inspections. Scrap and Rework Reduction: Estimate the price economic savings from minimizing scrap and remodel. Compliance and Risk Mitigation: Consider the potential value financial savings from averting fines or recalls due to non-compliance. Data-Driven Insights: Determine how to use the data gathered by AVI systems to enhance the system and reduce costs. 4.Calculate the Net Benefit Subtract the entire expenses (initial funding, schooling, and operational expenses) from the entire blessings (excellent improvement, exertions cost discount, throughput boom, scrap and remodel cut price, compliance benefits, and information-pushed insights). 5.Calculate the RoI Calculate the Return on Investment (RoI) by dividing the net benefit by the total costs and expressing it as a percentage. RoI = TotalCosts/ NetBenefit×one hundred. 6.Sensitivity Analysis Perform sensitivity analysis to assess how changes in key variables, including inspection speed or hard work fee financial savings, effect the RoI. This enables in expertise the robustness of the investment choice. 7.Decision-Making Based at the calculated RoI and sensitivity analysis, make a knowledgeable choice about whether or not to proceed with the implementation of the AVI gadget. A positive RoI shows that the funding is financially justified. Factors Affecting RoI for Automated Visual Inspection systems Several factors can impact the ROI of implementing AVI structures: 1.Scale of Implementation The length…

Read More

International Conference on: Cyberlaw, Cybercrime & Cybersecurity

The world saw the holding of the mammoth International Conference on Cyberlaw, Cybercrime & Cybersecurity, 2023 in New Delhi. The said conference was organized by Cyberlaws.Net and Pavan Duggal Associates, Advocates on 29, 30 November & 1 December, 2023 at Scope Convention Centre, Scope Complex, Lodhi Road, New Delhi The Conference 2023 was supported by UNESCO, UNODC, University For Peace of United Nations, Ministry of Electronics & Information Technology, Government of India, Department of Legal Affairs, Ministry of Law & Justice, Government of India, IEEE Technology & Engineering Management Society, Ecommerce Forum Africa, Globethics.Net, EC Medici Framework and Association of Indian Universities. The Conference 2023 had 46 different sessions with more than 250 speakers over three-day deliberations from different parts of the world. The conference discussed and deliberated upon some of the important aspects, issues and challenges concerning cyberspace. In the past years, the International Conference on Cyberlaw, Cybercrime & Cybersecurity has been supported by 125+ international and national organizations. These include UNESCO, ITU, and UNU-EGOV in the UN Family, as also by Intersputnik International Organization of Space Communications, Europol Cybercrime Centre, Interpol, Internet Society, World Federation of Scientists, International Association of Prosecutors, Global Prosecutors E-Crime Network and Asia Cloud Computing Association. The world’s famous International Conference on Cyberlaw, Cybercrime & Cybersecurity, saw a glittering inaugural ceremony on 29 November, 2023. This annual Conference, which has become the only authoritative Conference in the world looking at the intersection of Cyberlaw, Cybercrime & Cybersecurity, got off to a flying start, with a galaxy of speakers addressing the inaugural ceremony of the Conference. Addressing the Conference, Hon’ble Justice Sanjay Kishan Kaul Judge, Supreme Court of India highlighted the significance of Internet for societies and the massive misuse of Internet that is emerging across the world. He also highlighted the need to have greater knowledge about Cyber Laws and various cyberspace related aspects concerning the law enforcement agencies, prosecuting agencies and the courts of law. He particularly also highlighted how the Internet is being used to target the sovereignty of countries, which is emerging as a big trend which need to be appropriately addressed. He flagged the tremendous increase in cyber terror and cybercrime cases and advocated the need for judiciary to adopt more proactive approach towards cyberspace related issues and challenges. While talking about the access to justice and digitization of courts, he emphasized on the need of ensuring access to justice to the last man. The inauguration of the conference was further addressed by various national and international dignitaries including Vint Cerf, Chief Evangelist, Google and the Father of the Internet, Alfredo M. Ronchi, General Secretary of the European Commission – MEDICI Framework. In his sterling Cyberlaw address, the Conference Director Dr. Pavan Duggal specifically spoke about the evolving legal landscape, as far as Cyberlaws across the world is concerned. He highlighted the distinctive new trends in Cyberspace and how there is a need for addressing the same. He specifically addressed the need for expeditious evolving of norms of behavior in cyberspace. He emphasized on how distinctive national approaches on cyber security can become a predominant approach for regulating security and why there is a distinctive need for coming up with international common denominators to deal with cyber security regulation at global level. He also highlighted various cyber legal challenges that emerging technologies like Artificial Intelligence have brought forward to the world at large. The three-day of the conference marked massive discussions, deliberations and debates amongst various stakeholders. The conference had different sessions relating to cyberlaw, cybercrime & cyber security, darknet, regulating Artificial Intelligence, freedom of speech online, digital transformation etc. on the second day. The remarkable capacity of the conference was its unique multi-stakeholder approach where attendees saw different stakeholders from different verticals coming in, deliberating, discussing and analyzing not just the present trends but also the future trends that are emerging on the horizon concerning cyberspace issues and how appropriate proactive approaches need to be adopted in this regard. The conference specifically talked about darknet, personal privacy in cyberspace. The conference also talked about Artificial Intelligence, cybercrime and cyber security. Other sessions of the conference include norms of behaviour in cyberspace, Cybercrimes, Trolling, Cyber Bullying, Cyber Harassment & Cyber Nuisance, Critical Information Infrastructure Protection, Free Speech Online, Cryptocurrencies, Blockchain etc. The Conference was addressed by distinguished global experts and thought leaders as also Indian digital thought leaders and important towering personalities in the digital world including Hon’ble Justice Rajesh Bindal, Judge, Supreme Court of India, Justice Gita Mittal, Former Chief Justice, Jammu & Kashmir High Court, Alfredo M. Ronchi, Secretary General, EC MEDICI, Alan Brill, Managing Director, Kroll, Dr. Triveni Singh, Superintendent of Police, Cybercrimes, Uttar Pradesh Police, Harshdeep Marwah, CEO & Managing Director, OA Compserve Group – RASPL, OACPL Ltd., Prof. Dr. Christoph Stueckelberger, Founder and President, Globethics.Net amongst others. The conference had a unique format where interactivity amongst the panelists and the audience was highlighted. There were immense discussions and debates amongst the participants of the conference on coming up with new approaches on how to deal with newly emerging cyberspace issues. The valedictory session of the Conference was addressed by Hon’ble Justice Anup Bhambani, Judge, Delhi High Court. Speaking at the conference, Justice Bhambani highlighted the significance of the conferences like the present one and further highlighted the need for coming up with proactive approaches so that the judiciary can appropriately address nuances pertaining to cyber disputes. The conference came up with Outcome Document with various recommendations from various sessions of the conference that were discussed and debated by various stakeholders. The said Outcome Document has come up with various recommendations for stakeholders at a global, regional and national level. Addressing the valedictory session, the Conference Director Dr. Pavan Duggal thanked all stakeholders and hoped that the International Conference on Cyberlaw, Cybercrime & Cybersecurity will continue to contribute to evolving jurisprudence on Cyberlaw, Cybercrime & Cybersecurity. The conclusion of the conference marked yet another important chapter in the direction of India contributing its thought leadership…

Read More

Cyberthreat Predictions for 2024

Vishak Raman Vice President of Sales, India SAARC and Southeast Asia at Fortinet An Annual Perspective from FortiGuard Labs Adversaries always discover new ways to compromise networks, yet executing successful attacks hasn’t always been straightforward or quick. But today, thanks to the growth of the Cybercrime-as-a-Service (CaaS) market and the rise of generative AI, cybercriminals have more ‘easy’ buttons than ever. The result? Attackers will expand their ‘work smarter, not harder’ approach to cybercrime by relying heavily on the new capabilities in their respective toolboxes. This year’s threat predictions report examines a new era of advanced persistent cybercrime, discusses how AI is changing the attack game, shares fresh trends to watch for in 2024, and more. Here’s a look at how we expect the threat landscape to evolve and our best tips for protecting your organization. The Evolution of Old Favorites We’ve been discussing numerous attack trends for years, including in our 2023 threat predictions report, noting how we expect these fan-favorite tactics to evolve in the days ahead. For example, we’ve witnessed advanced persistent cybercrime become more sophisticated and targeted, the rise of more intense turf wars occurring between cybercrime groups, and a shift in how AI is used to support attacks. Below is a look back at some key 2023 predictions and our thoughts regarding how these longstanding trends across the threat landscape will change in 2024 and beyond. A new era of advanced persistent cybercrime For the past several years, we’ve predicted that the growth of new vulnerabilities combined with more pre-attack activity among adversaries would pave the way for the expansion of the CaaS market. Today, as cybercriminals and advanced persistent threat (APT) groups continue working together (there are more on the dark web than ever), it’s safe to say our prediction came true. Unfortunately for security practitioners, it’s only the tip of the iceberg. APT activity is on the rise. In the first half of 2023, we witnessed significant activity among APT groups, with 41 (about 30%) of the 138 groups that MITRE tracks being active during this time. Of those, Turla, StrongPity, Winnti, OceanLotus, and WildNeutron were the most active, according to our FortiGuard Labs malware detections. Looking ahead, we predict that even more of these APT groups will become more active – even beyond the 138 identified by MITRE and those that CISA outlines with active cycles – likely engaging in dual cybercrime and cyber-espionage activities. We also expect to see a trend in which more APT groups will transition to employing even more stealthy, innovative methods to initiate attacks. Techniques such as HTML smuggling are gaining popularity, and we foresee additional novel methods emerging in the coming year. Their tactics, techniques, and procedures (TTPs) continue to evolve, evading security products with outdated analytics. Alongside what’s sure to be a banner year for new Common Vulnerabilities and Exposures (CVEs), we should expect the growth of TTPs and, therefore, the MITRE ATT&CK framework. In addition to the evolution of APT operations, we predict that cybercrime groups will continue diversifying their targets, looking for hidden (and highly lucrative) gems among a long list of already-compromised organizations. For example, in the operational technology (OT) space, the manufacturing industry has historically been the top target among cybercriminals. Going forward, we expect OT attacks to increasingly reach beyond manufacturing, with malicious actors setting their sights on industries such as healthcare, utilities, finance, oil and gas, and transportation. These attacks will also move beyond data encryption and focus primarily on the extortion of their targets. They’ll also continue embracing supply chain attacks, working to disrupt critical services and organizations. In our 2023 threat predictions report, we also said that edge attacks would go mainstream, and we expect to see even more of this activity in the future. Not only did this happen, but we anticipate that attackers will work to diversify their targets beyond what we typically think of as an edge device. With Flipper Zero and other such tools at their fingertips, money or device mules could hack IoT devices in person by cloning RFID cards or hotel key cards and then running arbitrary commands on devices such as phones and laptops. Recently, Flipper Zero made it possible for attackers to avoid plugging in USB devices in a BadUSB attack. It only takes one employee to connect via Bluetooth before malicious commands get executed. With a zero-day exploit, user interaction may not even be required. The bottom line: The sheer breadth of potential targets and more left-hand activity in the attack chain ensures a constant stream of victims and profitable payouts for cybercriminals. Get off my lawn: The cybercrime turf wars intensify We predicted several years ago that we’d see turf wars emerge between cybercrime groups, with multiple adversaries focusing on the same targets. Today, we’re seeing just that, as multiple cybercrime groups try to infiltrate the same target in a short period – sometimes in a matter of 24 hours or less – deploying ransomware variants of AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal in different combinations. Many organizations that experienced this had similar attacks made against them within days, all led by various adversaries. We can assume other cybercriminals closely monitor communications on the dark web and then run the same attack or piggyback off attacks initially executed by rival threat actors. The growth of this emerging trend prompted the FBI to issue a warning to organizations in September 2023, urging security leaders to review and enhance their defenses to guard against ransomware incidents. We saw that roughly two-thirds of all categorized MITRE ATT&CK techniques were actively used in attacks in the first half of this year, with defense evasion being the top tactic and process injection being used across the board for evasion on compromised systems. Stolen credentials are like an all-access pass for bad actors, enabling them to infiltrate your network to launch ransomware and other attacks. Given how valuable stolen credentials are to threat actors, we predict that the emerging trend…

Read More

Standards & Services: Implications for Private Security Industry

ANIL PURI CMD, APS GROUP The globalization has led to adaptation of best practices and standards universally accepted worldwide. Most of the industries in India are in process of transformation or have already evolved and transformed at par with such global standards. As regards to Private Security Industry (PSI) in India, although regulatory framework exists on paper, the same has not been enforced with the speed, energy and intent it needed to be. In the context of the private security industry, ‘Standards and Services’ generally refer to the established norms, guidelines, and practices that govern the conduct and operations of private security firms. This includes both industry-specific standards and the range of services offered by private security companies Generic understanding of the standards Primarily, generic understanding of the standards in the industry parlance is in terms of: Regulatory compliance: Private security firms are often subject to regulations and standards set by government authorities. These standards may cover aspects such as licensing, training requirements, and ethical conduct. Industry best practices: There are also industry-specific best practices that private security companies may follow voluntarily or as part of professional associations. These practices can cover areas such as personnel training, use of force, and technology implementation. Quality assurance: Adhering to standards helps ensure the quality and reliability of services provided by private security firms. Clients often look for companies that comply with recognized standards to ensure a certain level of competence and professionalism. Need for instituting the standards PSI in India is one of the fastest growing industries with growth rate zooming to 25% per annum. It is accredited to be one of the largest employment providers and also the largest tax payer. In 2016 its market size was valued around INR57000/- Crores which now stands approximately at staggering INR1.5 Lakh Crores. Despite all these credentials, we still find 50% of the industry reeling under the unorganized section and majorly responsible for dilution of quality in services delivery, violation of the regulatory framework and compliance metrics. This anomaly is equally attributable to both the segments – end user (Principal Employer), as well as service provider (Security Agency). New guidelines need to be framed to eradicate the ambiguity which is being exploited and misused at both ends and rendering the deterioration of the standards of Indian PSI at global platform. Adoption of globally accepted standards to usher in quality of services is bound to see a quantum jump in demand of Indian Security Personnel as well as Indian MNCs operating abroad, as also domestic players. Standards There isn’t a specific ISO standard dedicated exclusively to services in the private security industry. However, there are broader ISO standards that relate to service management systems and may be applicable to private security services. Here are a few key standards in that context. ISO 9001:2015 – Quality Management Systems: While not specific to services in the private security industry, ISO 9001 sets out criteria for a quality management system. Private security companies can use this standard to ensure that their quality management system is robust, helping to enhance the quality of their services. ISO 18788:2015 – Management System for Private Security Operations: This standard, although not exclusively focused on services, provides a framework for managing private security operations. It covers aspects related to the provision of services, including the planning, execution, and improvement of security operations. ISO 41001:2018 – Facility Management: Private security services often involve facility management aspects. ISO 41001 provides requirements for an effective facility management system, ensuring that services related to facility security are well-managed. ISO 31000:2018 – Risk Management: This standard provides principles and guidelines for effective risk management. Private security agencies may use this standard to assess and manage risks associated with their operations. ISO 22301: 2019 – Societal Security (Business Continuity): Business continuity is crucial in private security industry. This standard provides a framework for establishing, implementing, maintaining, and continually improving a business continuity system. ISO/ IEC 27001:2013 – Information Technology – Security Techniques: Information security is vital in the modern security landscape. ISO/ IEC 27001 provides requirements for establishing, implementing, maintaining, and continually improving an information security management system. ISO 10002:2018 – Quality Management – Customer Satisfaction – Guidelines for Complaints Handling in Organizations: Customer satisfaction is a critical aspect of service provision. This standard provides guidance on handling complaints, which is relevant for private security companies aiming to improve customer satisfaction. Services Services in the security industry can be broadly bracketed into the following: Security guarding: This is a fundamental service where private security personnel are stationed at various locations to deter and respond to security threats. Surveillance and monitoring: Private security companies may offer surveillance ser-vices using technology such as CCTV cameras and monitoring systems to enhance security measures. Event security: Providing security services for events such as concerts, conferences, and private functions. Consulting and risk assessment: Offering expertise in assessing security risks, developing security plans, and advising clients on security measures tailored to their needs. Cybersecurity: With the increasing importance of digital security, some private security firms offer services related to protecting clients’ digital assets. Cash in transit: Cash-in-transit (CIT) services involve the secure transportation of cash and other valuables from one location to another. These services play a crucial role in the financial and retail sectors by ensuring the safe and efficient movement of money between banks, businesses, and other institutions. PSOs (Personal Security Officers): PSOs, or personal security officers, are professionals trained to provide personal security and protection to individuals. They may work for private individuals, celebrities, executives, or anyone who requires personal security. PSOs are trained to assess potential risks, implement security measures, and ensure the safety of their clients. Current regulatory framework PSI in India comes under aegis of the Ministry of Home Affairs (MHA) of Government of India (GoI) and currently functions primarily under framework of PSAR Act 2005 and Central Model Rules (CMR) 2020-21. Both pivot documents by design are generic and lay down only the broad guidelines but specifics…

Read More

Cyberwar – The Game Changer: Demystifying India’s Geopolitical Tussle with its Neighbours and its Cyber Effects

Garima Goswamy, Co-Founder & CEO, DridhG Security International Pvt. Ltd. Cyber Attacks As technology has become an integral part of everyone’s life, threats have moved from the physical space to the virtual space. Within a week in August 2023, the websites of two educational institutes in NOIDA were hacked. We are all aware that in November 2022, Delhi’s All India Institute of Medical Sciences (AIIMS) faced a ransomware attack. Such an attack denies a user or an organization to access its files. In this attack, outpatient and research data were wiped out from AIIMS’ primary and back up servers. The database of the Unique Identification Authority of India (UIDAI) too suffered from intrusion from hacking groups in June and July 2021. Forget singular institutes, the city of Mumbai faced a blackout in October 2020 for 10 to 12 hours. It impacted business continuity, halted local transport, and even was responsible to shut down the stock market. It, too, is believed to be a possible result of a cyber-attack. One thing all these attacks have in common is that these were apparently orchestrated by foreign national cyber criminals, who might be sponsored by India’s neighbouring nation states including China, Pakistan, Bangladesh, to name a few. Associated Geopolitical Tussle Between India & Its Neighbours Just as terrorists from other nations, who may or may not have the backing of their countries, there is an army of cyber terrorists whose mission is to attack India. The ban of several Chinese apps by India’s Ministry of Electronics and Information Technology since the India-Chinese face-off along the Line of Actual Control in 2020 is not a coincidence. India’s Foreign Secretary Vinay Mohan Kwatra did state that the reason to ban some Chinese applications pertaining to betting and loans was to stop the spread of misinformation, the spread of disinformation and fake information. Many might not be privy to the speculation that in April 2022, Chinese attackers strategically targeted as many as seven Indian centers in Ladakh which help in electrical dispatch and grid control near India-China border. There are reports which suggest that the cyber-attack at AIIMS was also orchestrated by the Chinese government aimed to gather data of Very Important Persons (VIPs) of India and Indian celebrities. Similarly, Chinese hackers may be behind the Unique Identification Authority of India (UIDAI) 3 attack, for as per a report, the breaches were doctored through a malware named Winnti, deployed by Chinese Advanced Persistent Threat (APT) groups, known to be state sponsored. Recorded Future, a US based cyber security company, claims that the Mumbai 2020 blackout was the work of multiple malwares deployed by another Chinese group RedEcho. While the Chinese government denies their role in these attacks, there are some foreign national groups of cyber criminals who are very vocal about their involvement of hacking India’s websites as they are motivated by political hate towards our nation. Upon hacking a school website on 10 August 2023, they identified themselves as ‘Muslim Hackers from Bangladesh’ who believe they are freedom fighters as their message read “When liberty is at risk, expect us.” These might be rogue elements from Bangladesh and supposedly became increasingly active since an incident when a Bhartiya Janata Party leader Nupur Sharma had allegedly made some derogatory remarks against the Prophet Muhammad. These are different from cyber criminals who engage in ransomware attacks which strategically attack another nation’s critical infrastructure. Hacktivists are mainly motivated by religion and politics and want to publicize themselves and deface websites to show the loopholes in the targeted country’s cyber security. “Just as terrorists from other nations, who may or may not have the backing of their countries, there is an army of cyber terrorists whose mission is to attack India. The ban of several Chinese apps by India’s Ministry of Electronics and Information Technology since the IndiaChinese face-off along the Line of Actual Control in 2020 is not a coincidence. India’s Foreign Secretary Vinay Mohan Kwatra did state that the reason to ban some Chinese applications pertaining to betting and loans was to stop the spread of misinformation, the spread of disinformation and fake information” Game Changer – Geopolitical Cyberwar A prominent hacktivist group which has carried out several Distributed Denial of service (DDoS) attacks since June 2022 is called ‘Mysterious Team Bangladesh.’ Here hackers flood a website with so much of traffic that legitimate users cannot access it. As per a report published by Group IB, MTB is associated with 750 DDoS attacks and as many as 70 cases of website defacement mainly targeting India’s government, financial and transportation sectors. They also target Israel and other countries. While this particular group might not be state sponsored, an increase in activity by state sponsored hackers is related to the Russia-Ukraine conflict where at least 19 state sponsored groups from Ukraine, Russia, China, Belarus, North Korea and Iran carried out attacks in relation to the conflict. This probably influenced state sponsored groups from other countries not directly involved with the Russia-Ukraine conflict to conduct cyber espionage in their neighbouring countries. In fact, it is noteworthy that now ‘camps’ exist! There is a collaboration between India and Nepal Hacktivists on one side and Pakistan, Bangladesh, Malaysia and Indonesia on the other side. Unlike international ransomware groups which may have targets on occasional events, hacktivists work on a daily basis to weaken their adversaries. Let’s have a look at what are these online hackers from these two camps doing? Defacing websites: Indian Cyber Force defaced the website of Pakistan’s Regional Forensic Science Laboratory Swat. Distributed Denial of Service (DDoS) Attacks: Indonesian GANOSEC targeted Indian sites: kerala.gov.in; incometax.gov.in, and rajpolice. gov.in Data leaks: MTB managed to release internal login information of All India Council of Technical Education (AICTE). Indian Cyber Force and Black Dragon Sec leaked several passport and other government identification information of Pakistani nationals. What should be done? To be aware of such daily attacks is pertinent for government and organizations, so that they can prioritize investing in adequate…

Read More

Should We Be Aiming for Frictionless Access Control?

John Davies, Managing Director of TDSi The idea of ‘Frictionless Access Control’ is not a new one, but in the wake of the COVID pandemic we are all more aware of the need for security systems that operate and rapidly adapt to changing needs, without causing users unnecessary inconvenience. The key issue, and indeed balancing act, with this approach is always ensuring security continues to actually be ‘secure,’ whilst also making life easier for the authorised people that rely on it as part of their daily routine So, have we reached true Frictionless Access Control yet? We need to start by understanding what the concept actually means. What is Frictionless Access Control? Frictionless Access Control refers to a set of technologies and systems designed to provide secure access to physical spaces (such as buildings, offices, or restricted areas) with minimal or no inconvenience to authorised individuals. The goal is to streamline and simplify the process of gaining access while maintaining a high level of security. What Powers Frictionless Access Control? The obvious answer is technology advancements. Over the last decade or so there have been significant advancements in access control technologies, including biometrics (such as fingerprint and facial recognition), contactless card systems (like RFID or NFC), and smartphone-based access control credentials (such as Apple Wallet, Google Wallet, and the introduction of Ultra-Wide Band – UWB – for highly effective short-range communications). These technologies aim to reduce the friction associated with traditional access methods like keys or PINs. Implementation is of course another key factor. The effectiveness of Frictionless Access Control depends on how well it is implemented, be that the close integration of hardware and software, user training, and security protocols, all of which play a crucial role in achieving seamless and secure access control. Sector driven demands are also an important element in driving Frictionless Access Control. For example, the Proptech (property technology) sector uses technology to optimise the way people buy, sell, research, market, and manage a property. This includes looking for ways to deliver a better user experience by improving how people interact with the built environment, so effortless access control technology is very well placed to help with this. Making it Work As we have already discussed, security versus convenience is the crucial question here. There is often a trade-off between security and convenience and achieving higher levels of security may require additional authentication steps or slower access processes, which can introduce some friction. Striking the right balance between security and convenience is essential. This of course depends on the type of security deployment and the value/ vulnerability of the people and property it protects. For example, Frictionless Access Control may work well in certain situations such as corporate environments, where users are familiar with the technology and the access points are well-maintained. However, it may face challenges in more complex or high-security settings such as financial institutions, military installations, or sites with vulnerable people (such as schools and colleges). Potential Stumbling Blocks Careful consideration needs to be paid to how using a frictionless approach could compromise security. For example, biometric technologies used in Frictionless Access Control can raise concerns about privacy and data security (there are many ethical debates over the collection and storage of such personal data). Ensuring that user data is protected and used responsibly is critical and will always need to take precedence over user convenience. Cost is another key consideration. Implementing Frictionless Access Control systems can be expensive, particularly if it involves the deployment of advanced high security biometric or contactless technologies. Organisations need to weigh the cost against the benefits and available budget. The convenience of employees will not always be the prime concern. Is Frictionless Access Control Achievable? The short answer is yes, absolutely. In fact, although it was accelerated by the desire for ‘non-touch’ solutions thanks to COVID, Frictionless Access Control was already a reality well before the pandemic and is quickly transforming the way we, as users, interact with our Access Control Systems. The rapid development and integration of advanced technologies such as Facial Recognition and Smart or Mobile credentials, with traditional access methods, are evolving into seamless, touchless experiences. Although these advanced technologies are often more secure than the traditional card or fob-based credentials, true frictionless access is only as good as the speed and accuracy with which the technology can function – which in the past has often been a limiting factor to its mass adoption. Any organisation considering whether Frictionless Access Control is right for it needs to carefully assess its needs, risks, and resources when considering the adoption of these systems and must ensure that they are deployed and managed with a focus on both security and user experience. *Views expressed in the article are solely of the Author  

Read More

The Role of Insurance Companies in Enforcing Passive Fire Systems & Fire Protection

Dominic K. P., Managing Director, Blue & Gray With booming infrastructures in India, is no stranger to the devastating impacts of fire-related incidents. As urbanization progresses, the risk factors associated with fires in commercial and residential buildings increase. Insurance companies play a pivotal role, not only in providing financial coverage against such tragedies but also in actively promoting the adoption of robust fire systems. Here’s a closer look at their influential role. Mandatory Fire Insurance for Commercial Establishments Many Indian cities have made it mandatory for commercial establishments to have fire insurance. Insurance companies, recognizing the immense risks involved, stipulate that these businesses must have standard fire safety measures in place before they can be insured. This indirectly forces businesses to adopt fire systems and comply with safety norms. Implementing an effective functional Fire Protection system and Passive Fire Protection in a building can significantly contribute to obtaining better insurance premiums. Insurance companies must assess the risks associated with a property when determining premiums. The Role of a Passive Fire Protection in Reducing The Risk A well-designed Passive Fire System plays a crucial role in reducing risks and containing fires within a building. Passive fire protection systems should be an integral part of the building to reduce the risk and containment of fires within a building. Insurance companies must recognize the value of such systems in preserving life and property, and they may reward property owners with better premiums for investing in and maintaining a robust passive fire protection infrastructure. Regular inspections, maintenance, and documentation of these systems are essential to demonstrate an ongoing commitment to safety and risk mitigation. Premium Reduction as an Incentive Insurance companies should offer premium discounts to entities that go above and beyond the minimum fire safety requirements. This not only encourages businesses to invest in advanced fire protection systems but also promotes a culture of safety and preparedness. Regular Audits and Inspections To ensure compliance, insurance companies often conduct routine audits and inspections of the insured properties. These inspections verify the functionality and maintenance of fire safety equipment. Non-compliance or neglect can lead to a cancellation of the policy. Collaborations with Certified Contractors Insurance companies should collaborate with fire protection contractors, offering packages that include both fire protection installers and passive fire applicators. Such collaborations make it financially attractive for businesses and occupants to invest in quality fire safety equipment. Knowledge Dissemination & Training A robust fire system is only as effective as the people operating it. Recognizing this, many insurance companies in India should host workshops, training sessions, and awareness campaigns on fire safety. By educating the insured about the importance and proper use of fire systems, they not only reduce risks but also ensure that in the event of a fire, damage is minimized. Claims and Feedback Loop After any fire-related incident, insurance companies should engage a third-party Fire Risk auditor or Fire experts or Retired Fire Officers to conduct thorough investigations to determine the cause and assess the effectiveness of the installed fire systems. This feedback loop is vital. It helps in understanding any new risks and refining the requirements for future policies. Conclusion As India continues to grow and urbanize, the challenges posed by firerelated risks will only escalate. Insurance companies, by intertwining the need for safety with financial incentives, play a crucial role in ensuring that buildings are well-equipped to combat these threats. Their proactive approach not only safeguards assets and lives but also reinforces the importance of a culture of preparedness and a Fire-Safe India. *Views expressed in the article are solely of the Author  

Read More

Innovation in Safety: The Latest Advances in Security Equipment Technology for 2023

Prakash Prabhu – Chief Business Officer & Co-Founder, VisionBot In an ever-evolving world with new security challenges emerging regularly, the need for innovative and advanced security equipment has never been greater. As we step into 2023, the security industry continues to push the boundaries of technology to enhance safety measures. In this blog, we’ll explore the latest advances in security equipment technology for 2023, covering everything from surveillance cameras and access control systems to biometrics and AI-powered analytics The Evolving Landscape of Security Security concerns have expanded beyond traditional physical threats to include cyberattacks, public health emergencies, and the need for contactless solutions. To address these challenges, security equipment manufacturers are constantly innovating. Here are some of the latest advancements shaping the security landscape in 2023: Artificial Intelligence (AI) and Machine Learning: AI and machine learning are transforming security by enabling intelligent analysis of vast amounts of data in real-time. AI-powered analytics can detect anomalies, recognize faces, and identify suspicious behavior, making security systems more proactive and effective. Integration and Interoperability: Security equipment is becoming more interconnected, allowing different systems to work together seamlessly. Integrated solutions enable a holistic approach to security, where information from various sources such as cameras, sensors, and access control systems, is consolidated for a more comprehensive view. Contactless Access Control: The COVID-19 pandemic accelerated the adoption of contactless technologies for access control. Solutions like facial recognition, mobile credentials, and touchless biometric systems are gaining traction to minimize physical contact and enhance security. Enhanced Biometrics: Biometric authentication methods are becoming more sophisticated and accurate. Advancements in facial recognition, fingerprint scanning, and iris recognition are making access control systems more secure and user-friendly. IoT and Sensors: The Internet of Things (IoT) has enabled the deployment of a wide range of sensors that can monitor environmental conditions, detect intrusions, and track assets. These sensors provide valuable data for security analysis and decision-making. Cloud-Based Solutions: Cloud-based security systems offer scalability, flexibility, and remote management capabilities. They are particularly attractive for businesses with multiple locations and a need for centralized control. Video Analytics: Video analytics technology is becoming more sophisticated. It can analyze video feeds in real-time to detect specific events or objects such as unauthorized access, suspicious packages, or loitering, improving overall security awareness. Now, let’s delve into specific areas of security equipment technology and explore the latest innovations in each category. Surveillance Cameras: More Than Meets the Eye Surveillance cameras have come a long way from their analog predecessors. The latest innovations in surveillance camera technology are focused on improving image quality, reducing false alarms, and enhancing analytics capabilities. 4K and 8K Resolution Cameras: High-resolution cameras with 4K and even 8K capabilities offer superior image clarity, enabling users to zoom in on details without losing image quality. This is particularly valuable in applications where visual evidence is crucial. Thermal Imaging Cameras: Thermal cameras can detect heat signatures, allowing them to capture images in complete darkness and adverse weather conditions. These cameras are valuable for perimeter security and search-and-rescue operations. 360-Degree and Panoramic Cameras: 360-degree and panoramic cameras provide a complete view of an area without blind spots. These cameras are ideal for large spaces like warehouses and parking lots. Advanced Analytics: Surveillance cameras are equipped with AI-driven analytics that can recognize objects, detect motion patterns, and send alerts for specific events. This reduces false alarms and enhances security response. Facial Recognition: Facial recognition technology has become more accurate and reliable, making it a valuable tool for access control and identification. Privacy concerns are being addressed with stricter regulations and ethical considerations. Access Control: Beyond the Keycard Access control systems are evolving to provide more secure and convenient ways of managing who can enter a facility or access sensitive areas. Mobile Credentials: Mobile apps can turn smartphones into access control credentials, allowing users to unlock doors with their devices. This technology is convenient and enhances security by enabling remote access management. Touchless Biometrics: Biometric access control methods, such as facial recognition and iris scanning, eliminate the need for physical contact with devices, reducing the risk of germ transmission. Behavioral Biometrics: Some access control systems use behavioral biometrics, such as keystroke dynamics and gait analysis, to verify users’ identities based on their unique behaviors. Two-Factor Authentication (2FA): To enhance security, access control systems increasingly incorporate 2FA, requiring users to provide two different types of authentication such as a fingerprint and a PIN code. AI-Powered Access Policies: AI algorithms can analyze access patterns and automatically adjust security policies based on user behavior, helping to detect anomalies and prevent unauthorized access. Intrusion Detection: Keeping Unauthorized Parties Out Intrusion detection systems are becoming smarter and more capable of identifying threats and vulnerabilities. Smart Sensors and IoT Integration: A coordinated security response is enabled by real-time communication between intrusion detection sensors and other devices. AI for Anomaly Detection: AI-driven algorithms can analyze sensor data and identify abnormal patterns, raising alerts for potential intrusions or breaches. Drones for Surveillance: Some security systems incorporate drones equipped with cameras and sensors to provide real-time aerial surveillance, especially useful for large outdoor areas. Acoustic and Vibration Sensors: These sensors can detect subtle sounds or vibrations associated with unauthorized access attempts, even in challenging environments. Cybersecurity: Protecting Digital Assets As the world becomes increasingly digital, cybersecurity is a paramount concern. Innovations in this field aim to safeguard data and networks from cyber threats. Zero Trust Architecture: Zero Trust security assumes that no one, whether inside or outside the organization, can be trusted. It requires strict authentication and authorization for all users and devices trying to access resources. AI-Enhanced Threat Detection: AI and machine learning are used to analyze network traffic and detect abnormal behavior indicative of cyber threats. These systems can respond quickly to potential breaches. Blockchain for Security: Blockchain technology is being explored for its potential in enhancing the security of data storage and transactions by providing immutable records and decentralized control. Quantum-Safe Encryption: As quantum computing poses a potential threat to current encryption methods, quantum-safe encryption…

Read More