Category: Feature

Prakash Prabhu – Chief Business Officer & Co-Founder, VisionBot In an ever-evolving world with new security challenges emerging regularly, the need for innovative and advanced security equipment has never been greater. As we step into 2023, the security industry continues to push the boundaries of technology to enhance safety measures. In this blog, we’ll explore the latest advances in security equipment technology for 2023, covering everything from surveillance cameras and access control systems to biometrics and AI-powered analytics The Evolving Landscape of Security Security concerns have expanded beyond traditional physical threats to include cyberattacks, public health emergencies, and the need for contactless solutions. To address these challenges, security equipment manufacturers are constantly innovating. Here are some of the latest advancements shaping the security landscape in 2023: Artificial Intelligence (AI) and Machine Learning: AI and machine learning are transforming security by enabling intelligent analysis of vast amounts of data in real-time. AI-powered analytics can detect anomalies, recognize faces, and identify suspicious behavior, making security systems more proactive and effective. Integration and Interoperability: Security equipment is becoming more interconnected, allowing different systems to work together seamlessly. Integrated solutions enable a holistic approach to security, where information from various sources such as cameras, sensors, and access control systems, is consolidated for a more comprehensive view. Contactless Access Control: The COVID-19 pandemic accelerated the adoption of contactless technologies for access control. Solutions like facial recognition, mobile credentials, and touchless biometric systems are gaining traction to minimize physical contact and enhance security. Enhanced Biometrics: Biometric authentication methods are becoming more sophisticated and accurate. Advancements in facial recognition, fingerprint scanning, and iris recognition are making access control systems more secure and user-friendly. IoT and Sensors: The Internet of Things (IoT) has enabled the deployment of a wide range of sensors that can monitor environmental conditions, detect intrusions, and track assets. These sensors provide valuable data for security analysis and decision-making. Cloud-Based Solutions: Cloud-based security systems offer scalability, flexibility, and remote management capabilities. They are particularly attractive for businesses with multiple locations and a need for centralized control. Video Analytics: Video analytics technology is becoming more sophisticated. It can analyze video feeds in real-time to detect specific events or objects such as unauthorized access, suspicious packages, or loitering, improving overall security awareness. Now, let’s delve into specific areas of security equipment technology and explore the latest innovations in each category. Surveillance Cameras: More Than Meets the Eye Surveillance cameras have come a long way from their analog predecessors. The latest innovations in surveillance camera technology are focused on improving image quality, reducing false alarms, and enhancing analytics capabilities. 4K and 8K Resolution Cameras: High-resolution cameras with 4K and even 8K capabilities offer superior image clarity, enabling users to zoom in on details without losing image quality. This is particularly valuable in applications where visual evidence is crucial. Thermal Imaging Cameras: Thermal cameras can detect heat signatures, allowing them to capture images in complete darkness and adverse weather conditions. These cameras are valuable for perimeter security and search-and-rescue operations. 360-Degree and Panoramic Cameras: 360-degree and panoramic cameras provide a complete view of an area without blind spots. These cameras are ideal for large spaces like warehouses and parking lots. Advanced Analytics: Surveillance cameras are equipped with AI-driven analytics that can recognize objects, detect motion patterns, and send alerts for specific events. This reduces false alarms and enhances security response. Facial Recognition: Facial recognition technology has become more accurate and reliable, making it a valuable tool for access control and identification. Privacy concerns are being addressed with stricter regulations and ethical considerations. Access Control: Beyond the Keycard Access control systems are evolving to provide more secure and convenient ways of managing who can enter a facility or access sensitive areas. Mobile Credentials: Mobile apps can turn smartphones into access control credentials, allowing users to unlock doors with their devices. This technology is convenient and enhances security by enabling remote access management. Touchless Biometrics: Biometric access control methods, such as facial recognition and iris scanning, eliminate the need for physical contact with devices, reducing the risk of germ transmission. Behavioral Biometrics: Some access control systems use behavioral biometrics, such as keystroke dynamics and gait analysis, to verify users’ identities based on their unique behaviors. Two-Factor Authentication (2FA): To enhance security, access control systems increasingly incorporate 2FA, requiring users to provide two different types of authentication such as a fingerprint and a PIN code. AI-Powered Access Policies: AI algorithms can analyze access patterns and automatically adjust security policies based on user behavior, helping to detect anomalies and prevent unauthorized access. Intrusion Detection: Keeping Unauthorized Parties Out Intrusion detection systems are becoming smarter and more capable of identifying threats and vulnerabilities. Smart Sensors and IoT Integration: A coordinated security response is enabled by real-time communication between intrusion detection sensors and other devices. AI for Anomaly Detection: AI-driven algorithms can analyze sensor data and identify abnormal patterns, raising alerts for potential intrusions or breaches. Drones for Surveillance: Some security systems incorporate drones equipped with cameras and sensors to provide real-time aerial surveillance, especially useful for large outdoor areas. Acoustic and Vibration Sensors: These sensors can detect subtle sounds or vibrations associated with unauthorized access attempts, even in challenging environments. Cybersecurity: Protecting Digital Assets As the world becomes increasingly digital, cybersecurity is a paramount concern. Innovations in this field aim to safeguard data and networks from cyber threats. Zero Trust Architecture: Zero Trust security assumes that no one, whether inside or outside the organization, can be trusted. It requires strict authentication and authorization for all users and devices trying to access resources. AI-Enhanced Threat Detection: AI and machine learning are used to analyze network traffic and detect abnormal behavior indicative of cyber threats. These systems can respond quickly to potential breaches. Blockchain for Security: Blockchain technology is being explored for its potential in enhancing the security of data storage and transactions by providing immutable records and decentralized control. Quantum-Safe Encryption: As quantum computing poses a potential threat to current encryption methods, quantum-safe encryption…

Milind Borkar – Expert Security Consultant This article is the sequel to the article that came out in the October issue of SecurityLinkIndia. Here is a different way to describe similar information which is extremely useful to the tech guys in Air ports Authority of India (AAI). The specs below are based on Transport Security Administration (TSA) guidelines & requirements that are used in the aviation industry. These are A&E CSI-format Spec 28 23 00 that was prepared for the General Authority of Civil Aviation (GACA), Directorate General of Civil Aviation (DGCA), & General Civil Aviation Authority (GCAA). This will help AAI going forward. Recap: An often-overlooked critical component in video surveillance systems is the lens. The security industry has moved steadily toward providing cameras with integrated lenses taking out the ‘guess work’ for integrators. Given the increased competitive pressures, it is understandable that cameras companies make trade-offs in lens performance to meet budgetary price targets for dome and bullet offerings. This can result in less-than-ideal solutions to specific imaging tasks. Most camera companies still offer traditional box cameras that come without a lens or with the ability to remove the accompanying lens and replace it with a better, more tailored solution. Being able to select a compatible high-performance lens can ensure the investment in a high resolution system is not wasted. 1.CAMERAS A.General Provide material of types, sizes, capacities and electrical characteristics indicated. Except as otherwise indicated, provide manufacturer’s VSS components as indicated by their published product information, designed and constructed as recommended by manufacturer. The design intent is that all cameras, both fixed and PTZ, be provided from the same manufacturer for ease of servicing. The design intent is that all camera housings shall be provided from the same manufacturer so that a fixed dome housing will have the same look/ style as that of a PTZ housing. Surveillance Requirements: The figures listed next page are indicative and are provided to assist the contractor in choosing the required resolution and field coverage of CCTV cameras at specific locations. Metrics for the performance of each video camera are to be expressed by pixel density, expressed as pixels per meter (PPM), where ‘pixels’ is the number of horizontal camera detector pixels displayed across the scene being viewed at a specified distance from the camera. These relationships are shown in Figure 1 and values are shown in Table 1. PPM metrics yield a range of performance values for targets at different distances in the field-of-view. These performance values decrease as the distance from camera to target increases. PPM does not account for variations in site conditions, such as differences between day and night lighting; or target variables such as contrast and reflectivity; or the non-linear response characteristics of camera detectors. The camera representation of an object should be as follows: For identification purposes: The image of the figure in the camera field of view target area should have a resolution of at least 400 pixels per meter (500 pixels per meter for challenging environments). For recognition purposes: The image of the figure in the camera field of view target area should have a resolution of at least 180 pixels per meter. For observation purposes: The image of the figure in the camera field of view target area should have a resolution of at least 80 pixels per meter. For detection purposes: The image of the figure in the camera field of view target area should have a resolution of at least 40 pixels per meter. For monitoring purposes: The image of the figure in the camera field of view target area should have a resolution of at least 16 pixels per meter. B.2 Megapixel Interior-grade Fixed Cameras Provide a 2 megapixel camera (1920 by 1080 resolution). This interior-grade camera system shall provide two simultaneous video streams, auto iris, and varifocal lens capabilities. The network camera system shall possess the following primary characteristics: 264 High, Main or Base profiles; and MJPEG compression. Up to 3 megapixels. Dual streaming minimum (two independent IP video streams). Day/ night operation with IR cut filter. Wide Dynamic Range (WDR): 130dB. PoE (IEEE 802.3af, Class 3), 24V AC, 12V DC. 264 Smart Compression Technology. Multicast and unicast capable with unlimited H.264 viewers. Unicast capable with up to 20 simultaneous viewers. Local storage via SD/ SDHC/ SDXC. Audio input and output. Alarm input and output. . IP66 and IK10. 16 window blanks to conceal user-defined privacy areas that cannot be viewed by an operator. User and group settings to assign permissions and access levels to the camera. The camera shall provide local management where the camera manages the access levels or remote mode where the camera authenticates the user through a Lightweight Directory Access Protocol (LDAP) server. Support of server-based video analytics with the ability to provide hardware and software alarms based on the analytic behaviors. C.2 Megapixel Exterior-grade Fixed Cameras Provide a 2 megapixel camera (1920 by 1080 resolution), providing the interior-grade camera system that shall provide two simultaneous video streams, auto iris, and varifocal lens capabilities. The network camera system shall possess the following primary characteristics: 264 High, Main or Base profiles; and MJPEG compression. Up to 3 megapixels. Dual streaming minimum (two independent IP video streams). Day/ night operation with IR cut filter. Wide Dynamic Range (WDR): 130dB. PoE (IEEE 802.3af, Class 3), 24V AC, 12V DC. 264 Smart Compression Technology. Multicast and unicast capable with unlimited H.264 viewers. Unicast capable with up to 20 simultaneous viewers. Local storage via SD/ SDHC/ SDXC. Audio input and output. Alarm input and output. IP66 and IK10. Autofocus options based upon a manual trigger, day/ night transition upon every 10-degree C temperature change, and once every 24 hours to ensure focus. 16 window blanks to conceal user-defined privacy areas that cannot be viewed by an operator. User and Group settings to assign permissions and access levels to the camera. The camera shall provide local management where the camera manages the access levels or remote mode where the…

How eDVRs Deliver Stable Performance and Sustainable Value to Customers Stability is about delivering reliable and lasting performance – and that’s exactly what Hikvision’s new eDVR range does. With enduring storage and extremely low failure rates; the ability to withstand shocks and intense vibrations; and resilience in harsh environments, Hikvision eDVRs offer great long-term performance, maximized RoI, and sustainable value for customers. In recent years, there’re lots of discussions on what and how we produce and consume goods to ensure sustainable consumption and minimize the impact on the environment. One way of achieving this is to foster greener technologies, increase product durability, and extend product life, as stable-performing and long-lasting products can reduce the volume of raw materials used to produce goods, as well as decrease emissions from production and transportation. To create greener and more sustainable products, Hikvision ensures that all products are built on the guiding principles of stability. This also applies to the eDVR series, which provides unrivalled durability and sustainability for years and years of smooth performance. Here are the three key factors that ensure the long-term stability and resilience of Hikvision’s new eDVR range. Product longevity based on ‘enduring storage’ The eDVRs use eSSD chips instead of HDDs, which have multiple moving parts, such as rotating platters, spindles, and actuator arms. By eliminating mechanical moving parts from the storage drive, eSSD technology reduces internal wear and tear in the eDVR, and extends the product’s life cycle. This ensures that customers can maximize returns on their technology investments, and reduces carbon emissions related to replacing end-of-life equipment. Product resilience through strict quality control To ensure product quality, we make sure that the raw materials that make up the eSSDs are of high and stable quality. Aside from this, meticulous product design and strict testing standards also help to ensure excellent performance of the product in different application scenarios, year-after-year. To test and assure the stability and durability of the eDVRs, Hikvision submitted the eSSD chips that power them for testing and accreditation by the JEDEC Solid State Technology Association. During the JEDEC evaluation, the eSSD chips were tested for resilience during transport. They were also repeatedly cycled between temperature extremes (-55 to 125°C), and they were placed in an environment of 130°C with 85% relative humidity to test their moisture resistance in high temperatures. The stability of the chips was also tested at a consistently high temperature (150°C). The eSSD chips passed all of the demanding JEDEC tests, demonstrating their resilience and extensive lifespan. A new industry benchmark for shock and vibration resistance Traditional DVR hard disks can become unstable or corrupted in the event of intense shocks and vibrations – increasing the risk of unplanned downtime and video data loss. Hikvision’s new eDVRs, and the highly stable eSSD storage chips that power them, minimize these risks based on their ability to continue functioning normally in the event of drops and vibrations. In fact, Hikvision’s lab tests, conducted using a piece of equipment called a vibration table, show that the eDVRs were able to continue recording and showing video at an extremely high vibration intensity of 15Gs, at which point the experiment was ceased. This lab result shows sturdiness of at least 15 times more than some traditional DVR units with HDD storage, which typically withstand vibration intensity of up to around 1G. Thanks to its stability and durability, the eDVRs have set a new benchmark for the shock and vibration resilience of storage devices.  

Prashanth GJ, CEO, TechnoBind Solutions In today’s era of technological advancements, artificial intelligence (AI) has emerged as a game-changer for businesses across various industries. One of the most promising and rapidly evolving branches of AI is generative AI. This innovative technology enables machines to create and generate new content, whether it’s images, music, text, or even entire virtual worlds. These AI models, fueled by deep learning techniques like Generative Adversarial Networks (GANs) and Transformers, have the potential to revolutionize various industries, from entertainment and design to healthcare and robotics. The potential benefits of generative AI for businesses are vast, ranging from enhancing creativity and innovation to streamlining operations and customer engagement. One-third of annual McKinsey Global survey respondents say that they are using Gen AI tools in at least one business function. 40% of respondents say their organizations will increase their investment in AI overall because of advances in gen AI. The most commonly reported business functions using these newer tools are the same as those in which AI use is most common overall – marketing and sales, product and service development, and service operations such as customer care and back-office support. While generative AI has enormous potential to be utilized by organizations, this has also opened the floodgate of cyber threats and breaches against its users. 21% of the annual McKinsey Global survey respondents say their organizations have established policies governing employees’ use of gen AI technologies in their work. A recent report by cybersecurity firm Group-IB revealed that over 100,000 ChatGPT accounts have been compromised and their data is being illicitly traded on the dark web, with India alone accounting for 12,632 stolen credentials. Many companies have forbidden their employees from using any generative AI-powered bots. However, the percentage of Gen AI users worrying about AI’s cybersecurity concerns has reduced from last year’s 51% to 38% says McKinsey Global survey. It is the unknown that has made users skeptical about readily utilizing generative AI Research by PA Consulting found that 69% of individuals are afraid of AI and 72% say they don’t know enough about AI to trust it. According to a survey among 200 enterprise security officials, a staggering 91% of companies reported experiencing API-related security issues in the past year. As organizations are looking forward to leveraging LLP APIs, their lack of trust and knowledge about generative AI and news about security breaches pose a challenge in readily adopting it. The open-source code in generative AI is considered a double-edged sword by many. While cost-effectiveness, transparency and easy availability are a plus, open-source code also leaves users vulnerable to attacks. OpenAI’s ethical policy prevents LLMs from aiding the threat actors with malicious information. However, the threat actors can bypass these restrictions using various malicious techniques, such as – jailbreaking, reverse psychology, prompt injection attacks and ChatGPT-4 model escaping. Apart from API and open-source threats, generative AI leaves room to create various other threats: Deepfake Threats: One of the most prominent concerns stemming from generative AI is the rise of deepfake technology. Deepfakes utilize generative AI to manipulate and fabricate realistic videos or images that convincingly mimic real people or events. This can have severe consequences such as political disinformation, impersonation, and reputational damage. Phishing Attacks: Cybercriminals can exploit generative AI to enhance the sophistication of phishing attacks. By generating hyper-realistic emails, websites, or user interfaces, hackers can deceive individuals into revealing sensitive information or unknowingly downloading malware. Malware Generation: Generative AI can be used to develop novel strains of malware that are harder to detect and eradicate. By continuously evolving their code and behavior, AI-powered malware can evade traditional security measures, potentially causing significant damage to computer networks and systems. Polymorphic malware is one such example of malicious software that continuously modifies its code to evade antivirus detection. Automated Social Engineering: Generative AI can be leveraged to automate social engineering attacks, such as personalized spear-phishing campaigns. By analyzing vast amounts of data, AI can craft persuasive messages that target specific individuals or groups, increasing the chances of success for cybercriminals. Challenges in combating and mitigating these threats Effective defense against generative AI threats requires access to vast amounts of training data to understand and detect malicious patterns. However, obtaining labelled data that covers the diverse landscape of potential attacks can be challenging due to privacy concerns and legal limitations. Cybersecurity professionals face a continuous battle to keep up with the evolving sophistication of generative AI. As AI techniques progress, adversaries can quickly adapt and develop new attack vectors, necessitating constant vigilance and proactive measures to mitigate emerging threats. Generative AI models are often regarded as black boxes, making it difficult to ascertain their decision-making process. When malicious content is generated, attributing responsibility to the perpetrators becomes challenging. This hampers effective countermeasures and legal actions. As organizations strive to combat generative AI threats, they must navigate the delicate balance between security measures and privacy concerns. Mitigation efforts should avoid unnecessary invasions of privacy while still protecting individuals and organizations from potential harm. These challenges can be mitigated using advanced detection techniques, collaboration between researchers, industry experts, and policymakers and a robust legal framework. Ethical consideration along with bias and fairness are the foundation of building and utilizing generative AI. Organizations currently seem to be mostly preoccupied with the cost-benefits and the strong support a generative AI provides. There is always a threat looming around the adoption of technologies that haven’t been tried and tested for loopholes. While some may argue that generative AI is an advantageous tool in combating cyber threats, the lack of knowledge about the tool and its possible misuse by threat actors should be a bigger concern. Generative AI holds immense potential to revolutionize various industries and foster innovation. However, the challenges it presents such as ethical concerns, bias, misuse, transparency, and human-AI collaboration, cannot be overlooked. As generative AI continues to advance, it is imperative for researchers, developers, policymakers, and society at large to work collaboratively to address these challenges, ensuring responsible…

Joanne Weng Director of the International Business Department, Synology In the ever-evolving digital landscape, businesses face increasing challenges in ensuring the safety and continuity of their data. A string of disruptions experienced by major corporations has only heightened the need for robust backup and recovery mechanisms. At the heart of modern businesses lies data, and its security and risk management play a pivotal role in ensuring business continuity. However, while the importance of backups and disaster recovery plans is universally acknowledged, executing them can become prohibitively expensive. This financial challenge underscores the necessity of prioritization and the ability to architect a lean yet resilient IT infrastructure. A clear checklist is required While the causes, impacts, and solutions of data-related incidents may vary, the overarching principles remain consistent. Your organization likely already has some backups to counter ransomware or equipment failure. So answer this – What recovery point objectives (RPOs) and recovery time objectives (RTO) can you achieve with your current backup plan if your production servers or cloud instances suddenly vanish? Put another way, how much money will that downtime cost the business if you need to perform a complete disaster recovery process? If that makes you feel uneasy, and you’re in a position that should know this, it might be time to review your backup and disaster recovery (DR) plans. Starting with the fundamentals, businesses need to map out and identify which systems are responsible for which real-world ‘work.’ While some companies may use siloed infrastructure per department, there are likely countless dependencies that need to be mapped out. For example, it’s obvious that a directory server disruption will knock out authenticating with any services or endpoint (which is huge but expected), but what about your internal ERP system? If you don’t already have a map of your IT infrastructure, get it done. Ensure that system dependencies are clearly documented and well understood. Next, list the primary real-world processes based on your business (e.g., product manufacturing, e-commerce, logistics) and most importantly, stack-rank them based on their financial impact if disruptions happen. Each business will have vastly different requirements based on its structure and technology stack. However, there will always be a cost that can be associated with downtime. This process needs to be routinely reviewed and kept up to date. Building solid foundations Building a dependable and resilient IT infrastructure isn’t easy, but it’s also not difficult once we break it down into multiple components. High availability (HA) for production environments: In the event of a server failure, the HA system should automatically take over, minimizing downtime. For companies that self-host their systems, this is usually done through HA hypervisor clusters paired with similarly HA-clustered storage systems. Cloud deployments can likewise leverage load balancers and self-monitoring tools to ensure services remain online. On-site and off-site backups: Regular backup schedules for critical operational tools like file servers, DBs, ERP systems, core service virtual machines, and offline servers should be documented. Depending on the importance of the operational service, appropriate Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) need to be carefully defined. An out-of-date database backup is better than nothing but will still cause a significant headache. Finally, off-site backups and disaster recovery (DR) capacity shouldn’t be an afterthought. To keep costs in check, retention policies and the scale of the DR equipment or cloud instances can be lowered. Restoring shouldn’t be stressful In the unfortunate event of a disruption, a three-tier restoration process can ensure business continuity: Automatic failover: HA clusters should be designed to automatically failover, ensuring that there’s no manual intervention required during critical moments. This should be enough to take care of simple equipment failures. Restore from snapshots or failover to backup systems: Local snapshots and similar technology allow servers to quickly roll back an unintended change extremely quickly. If the problem persists or the problem stems from a larger issue (e.g., the entire cluster is down), full restores or failovers to another system should be considered. Restore from remote backups or failover to the DR site: In case of major disruptions like natural disasters, remote backup solutions come into play. Businesses can restore from these backups or, if necessary, failover to a DR site to resume operations. Stay ahead of the curve Effective monitoring is the backbone of a resilient infrastructure. The approach should focus on: Filtering out the noise: Monitoring solutions need to ensure that only critical notifications are sent out, preventing information overload and ensuring that the right people are alerted promptly when critical events inevitably happen. Acting quickly and decisively: Time is of the essence during disruptions. IT, DevOps, SIRT, and even PR teams need to be well coordinated for various types of events. From security breaches to data center fires or even just mundane equipment failures, anything that might result in customer or operation disruptions will involve cross-team communications and collaboration. The only way to get better at handling these is to have documentation on what should be done, a clear chain of command, and practice drills. In conclusion, a comprehensive backup and recovery strategy is essential for businesses aiming for uninterrupted operations. While there are many solutions available in the market, it’s crucial to find one that aligns with your business needs. Over the years, companies like Synology have demonstrated expertise in storage and data protection, with numerous success stories that attest to their capabilities. *Views expressed in the article are solely of the Author  

Sergio Bertoni, The Leading Analyst at SearchInform Social engineering techniques are as old as the hills, because human beings’ weaknesses are everlasting. The term social engineering is relatively new, it was adopted in the digital era. Even though the mass media regularly report about some new method of fraud being discovered, basically these methods are just new variations on old tricks. However, they don’t become less efficient as time goes by. In this article we will find out why Let’s start with refreshing of some basics. Social engineering is the set of techniques and methods which make a person act in favor of a fraudster – expose information, follow links, transfer money etc. There are numerous variations existing, however, all of them are based on some specific methods, such as: Perceptual errors (phishing, Quid pro quo method). Curiosity (Trojan horse, road apple). Self-interest (reverse social engineering) and others. You can easily obtain data on all of these methods, they’re precisely described in specialized publications, in scientific articles and in Wikipedia as well. I would like to discuss another question – why, despite the fact that social engineering techniques are precisely examined and well known, do people still fall victim to attackers so easily? Glad to be deceived The first reason why social engineering techniques’ are so successful is that there are always some people who easily fall victims to any kind of fraudster. Sometimes, when looking through a spam letter you may ask yourself, who can believe in what the authors write? Nevertheless, it works. For instance, there is the popular Nigerian prince scam. Fraudsters deliberately target users who believe in most impossible things and don’t try to find out, whether some fact is true or not. Among millions of users there are always some people who believe in such scam and respond to the messages. Greed and curiosity makes people take the bait. The right people in right place and at right time Even if a person is skeptical, this does not mean that his/ her chances to fall intruders’ victim are significantly lower. For instance, due to lack of time a person may not recheck some data. What’s more, inattentiveness, lack of competencies in information security related issues, neglect of information, fear and, of course, combination of all these factors often lead to negative outcomes. There was once a case that was quite illustrative: the experts from antivirus company Eset described an attack that focused on MasterCard users around the world. The fraudsters sent e-mails containing notifications about updates and warned that the new security system had been implemented and that there was a chance that accounts would be deactivated. The fraudsters suggested users to follow the link and fill out some forms, so users were forced to share their personal data, login, password and other important data. To trick the user, the attackers even imitated the verification process on a fake website. Even though the email address did not correspond to any official Mastercard email address, the browser considered the opened pages as safe because the attackers used the SSL certificate. That’s how intruders managed to obtain required data, which enabled them to gain access to victims’ accounts and steal their money. One of the most successful and dangerous type of social engineering attacks, targeting companies is the so-called BEC-attacks, compromise of corporate email. According to the Internet Crime Report 2021 by FBI, BEC/ AEC attacks resulted in $2,395,953,296 losses. Thus, BEC attacks turn out to be one of the most efficient malicious technique. And it should be also noticed, that there is a step change taking place in the amount of attacks. Even largest companies such as Facebook and Google become victims of cyber attacks. For instance, there was a case when they were billed by a fake counterparty. Accountants didn’t recognize the trait as the name of the fake counterparty remained the name of the real one. It’s impossible not to be deceived As it can be seen, even if a person is very skeptical, it’s very difficult for him/ her to recognize some types of attacks, as they are prepared extremely precise – sites are forged qualitatively, security certificate are used etc. It’s crucial to remember about arising deep-fake related risks (deepfakes are convincing images, audios and videos generated by AI forgery of audio or video. Currently, there is plenty of cases of successful deepfakes usage reported globally. I’ll share details on a few of them. For instance, such an incident happened with a Japanese woman who transferred about $30.000 to a fraudster. The victim of social engineering thought that she corresponded with an ‘astronaut.’ The intruder promised to come to Japan and marry the woman. The so-called astronaut told that he needed money to return to Earth. That’s why he asked the gullible lady to cover his expenses for returning home, including the rocket flight. Another case happened when fraudster impersonated Mark Ruffalo, tricked a Japanese artist and managed to illicitly gain $500.000. A veteran manga artist Chikae Ide told that once a user, who impersonated the famous Hollywood actor, well-known for his role of Hulk, added her to friends on social networks. As a result, they had been in contact for a few years. During this time the artist even had videocalls with ‘Mark.’ However, it turned out that the fraudster used deepfake technologies to enhance the credibility. What’s more, the Japanese artist and fake Hollywood artist nearly got ‘unofficially married.’ Then, the intruder made the woman transfer large sums to him. The artist had to go into debt to financially help the impersonator. All in all, the woman transferred $500.000 to the intruder. Sometimes, intruders complement social engineering techniques with deepfake technologies. There was a case when a Lloyds Bank customer managed to access his account using AI. The user was able to trick the voice ID to log into the account by generating his voice. At the same time, technologies become a norm and some companies yet offer their…

Prakash Prabhu – Chief Business Officer & Co-Founder, VisionBot The use of cloud is rising across the globe as more organizations look to reap the benefits of a flexible and scalable service-based business model. The growth of cloudbased business functions and increase within the cloud services market is making way for Surveillance-as-a-service (SaaS) options that typically have been unavailable up to this point – especially for growing small to medium-sized businesses (SMBs). Not all physical security industry cloud offerings are true cloud systems A true cloud system’s architecture makes maximum use of modern cloud computing technology, its reliability and scalability, through a ‘pay per use’ subscription model. A true cloud system affordably and securely provides scalable capabilities that can’t possibly be achieved in client-server on-premises systems. VisionBot cloud NVR (CNVR) is the true cloud platform and artificial intelligence (AI) to dramatically transform your video surveillance system into an even more powerful tool. Features of Cloud NVR VisionBot cloud NVR is a flexibly scalable enterprise-grade platform, allowing to eliminate the need for redundant, complex on-site hardware gateways and NVRs. Connect your cameras directly to the cloud for failsafe surveillance. Scale without additional hardware, software and enable quick and easy plug & play connection. Allow authorized viewers to access multi-site surveillance from web clients or on an APP. Get the freedom to choose multi product cameras, setup without single vendor lock-in. Leverage the cloud services for centralized remote administration of users, cameras, alerts, roles and monitor events in real-time. Centralize camera footage from different locations into one platform –transforming even the most basic of systems into an intelligent, cloud-based system. Architechture of Cloud NVR New installations – No computer hardware required on site Existing installation- Existing Hardware can be repurposed as local storage or removed altogether Benefits of Cloud NVR Compatible with any camera: Connect any stream source such as IP, webcam and NVR to the cloudNVR platform. Plug and Play Setup: Eliminate the complicated network setup and connect IP cameras and NVRs to the cloud quickly. Ideal for Multi-Site & Multi Brand hardware: Centralize the management of multiple surveillance locations to be able to troubleshoot and control settings remotely. True Cloud Security and Reliability: Get a secure 99.9999% uptime promise by Industry standard cloud. Modern video infrastructure: H.264 video streams from any camera as input, Recorded video can be accessed instantly from any web browser on any device. Advantages of VisionBot Cloud NVR Easily scale on a camera-by-camera basis. Freedom from Gateways and other hardware modules. No binding to the MAC ID of devices allows easy interchanging of cameras streams on demand. Subscription model allows customer to Hop ON/Hop OFF at their discretion. Progress to cloud AI analytics. Easily upgrade or migrate from VisionBot cloud NVR to use Cloud-based AI-driven analytical models that enable maximum resource utilization. Transform your business with the VisionBot Visual AI Operations Cloud. Connect with our experts to understand how companies are using VisionBot™ AI driven Computer Vision to strengthen security, safety and streamline operations. https://Visionbot.com/contactus We welcome Technology Integrators and sector specific VAR’s to become a VisionBot™ channel partner, and discover the opportunity to offer a cutting-edge AI-powered computer vision solution to your customers. https://Visionbot.com/partnering *Views expressed in the article are solely of the Author  

Milind Borkar – Expert Security Consultant An often-overlooked critical component in video surveillance systems is the lens. The security industry has moved steadily toward providing cameras with integrated lenses taking out the ‘guess work’ for integrators. Given the increased competitive pressures, it is understandable that cameras companies make trade-offs in lens performance to meet budgetary price targets for dome and bullet offerings. This can result in less-than-ideal solutions to specific imaging tasks. Most camera companies still offer traditional box cameras that come without a lens or with the ability to remove the accompanying lens and replace it with a better, more tailored solution. Being able to select a compatible high-performance lens can ensure the investment in a high resolution system is not wasted. The following two case studies tell a story of lens selection gone wrong, and right. Through this story we will illustrate some of the most important considerations in lens selection. Both cases are from the public school sector. Both schools had defined goals, both did research, evaluation and testing of the selected lenses before installation. Yet one project failed, while the other was a success. What made the difference? Case study 1 New Jersey High School The school described their problem as a safety issue. They had unacceptable aggressive student physical behavior they did not want to escalate into violence, as well as some limited theft. They thought that an improved video surveillance system would help with deterrence as well as post event response. Their existing video surveillance system was composed of analog cameras they considered ‘high resolution,’ but not high enough resolution for use with wide angle lenses that they felt would cost effectively meet their coverage needs. They did not have or wish to have PTZ cameras as they had limited staff and would not have enough time to control and monitor such equipment. The goals they identified included having forensic quality identification at entry and exit points, people recognition in parking lots, and forensic quality identification in an unusually shaped hexagonal central hallway. The school security staff conducted an extensive online search for products to meet their needs. They felt that upgrading to megapixel cameras would provide them higher image resolution and still allow them to use wide angle lenses to cover wide areas. They looked for megapixel cameras and did a comparison of numerous camera brands, models, and features. They discovered that not all megapixel cameras could meet their needs. In addition, they researched wide angle lenses looking for coverage of their wide areas; they consulted local integrators for advice. They evaluated lens samples from 4 manufacturers. They found most wide-angle lenses they tested presented a severe fisheye effect. And to their surprise they found that some of the lenses tested resulted in a fuzzy, or ‘blurry image,’ even when using a 5 megapixel camera. After the research and evaluation, they selected two 8-megapixel, 360-degree multi-sensor cameras, one for the cafeteria and another for the computer lab. They also selected thirty-four 5-megapixel cameras, 11 of which were outdoor domes, 6 were indoor domes, and another 17 were 5” indoor domes. They chose eighteen 25-degree horizontal field of view lenses, and eight 90-degree lenses. In addition, they selected twelve 135-degree horizontal field of view, low fisheye distortion lenses from Theia Technologies – six to cover their hexagonal hallway, two to cover the parking lot and an open field area, two covering the corners of building wings, one covering the front entry, and one more covering 2 temporary buildings. They achieved the results expected when the project came in 30% under budget, they were able to achieve what they considered great resolution with the selected equipment in the designated placements, with excellent image fluidity, and fast response time. The administration was fully satisfied and planned to upgrade other schools in the district as well. The unique hexagonal hallway in the New Jersey school was a challenge. According to the school district project manager, “Every installer we contacted said the angles were way too aggressive in the ring and wanted us to double our cameras and halve the angles at the very least. The same for the parking lots. We did the math, and we knew the new 5-megapixel camera could pull it off, we just had to find a lens that could prove them all wrong. We went searching and the only thing that met our specs was the Theia lens. Jaws dropped when they saw the pictures. Not only did we get the massively wide angles we needed, but we did it without the fisheye everyone told us was impossible to avoid, and every single dot in the 5.1million pixel image is fully utilized and warp-free. The combination of the 5-megapixel cameras and the 5-megapixel Theia lenses provided the resolution they expected. You can tell if someone is holding a pencil.” Case study 2 Southern California High School Similar to the problems outlined in the New Jersey high school, the safety of students and staff was the primary concern for the administration at the California high school. Their existing video surveillance system consisted of 170 analog cameras. The system did not provide enough resolution for wide angle lenses and a legally acceptable description of individuals. They also suffered from poor system reliability, with frequent breakdowns and down time. In addition, the system was complex and costly to maintain and monitor. As to be expected, the administration’s goals were to achieve greater spatial coverage than with their existing analog system, improved image clarity, increased system uptime, and a more manageable system size. With a new system they expected to be able to zoom in to get legally acceptable descriptions of individuals from 60 to 70 feet away and have wide and continuous coverage; they also did not want any PTZ cameras. Their approach was a little different. The school district hired a consultant to design a system to meet their needs. The consultant met with the school to understand their needs, selected the equipment,…

Dr. Rajiv Mathur, Regional Advisor Asia, OSPAs India’s roadways, often described as a bustling symphony of chaos and courage, present an intricate tapestry of challenges and contradictions. From heart-stopping traffic snarls to jaw-dropping acts of road rage, the nation’s road safety woes have been well-documented. In this expansive exploration, we’ll delve deeper into the harrowing statistics, dissect the weird irregularities of Indian road culture, and shed light on potential remedies. Buckle up, for this rollercoaster ride is equal parts shocking, amusing, and ultimately, a call to action The Road Safety Odyssey: India’s Worrying Statistics To truly grasp the perplexing nature of India’s road safety crisis, let’s take a closer look at the numbers and dive into some hair-raising examples from various cities across the nation. Accidents Unleashed: A Multitude of Mishaps As per the last Road Safety Report of Ministry of Road Transport & Highways (MoRTH), Government of India, in the year 2021 alone, India reported a staggering 4,12,432 road accidents. This translates to an average of 1130 accidents every day. But what do these numbers mean in the context of real-life incidents? Mumbai’s Traffic Squeeze: Mumbai, the city that never sleeps, witnessed an astounding 29,442 road accidents in 2021. That’s like having an accident every 18 minutes. Delhi’s Dismal Distinction: The national capital, Delhi, is no stranger to gridlock, recording 17,939 accidents in 2021. To put it in perspective, there was an accident every 29 minutes. Fatalities: Lives Interrupted In the same year, 1,53,972 lives were claimed by these accidents, averaging 422 deaths every day. The grim statistics are more than just numbers; they are lives abruptly cut short. Kolkata’s Perilous Pedestrians: Kolkata saw 4,654 lives lost on its roads in 2021. That’s like losing an entire community every week. Chennai’s Challenging Crossings: Chennai, known for its sweltering heat and dosas, recorded 4,157 fatalities. That’s as many lives lost as the number of dosas served in a bustling eatery. Injuries: The Unseen Suffering Road accidents also resulted in injuries to 3,84,448 people in 2021, illustrating the hidden trauma that survivors endure. Bengaluru’s Bruised Bikers: Bengaluru, the Silicon Valley of India, had 11,347 injuries in 2021. Imagine a room filled with injured individuals, each one battling their own road to recovery, every day. Hyderabad’s Hurt Hikers: Hyderabad had 7,899 injuries, enough to fill a small sized stadium with people nursing their wounds. The Eccentricities of Indian Road Culture India’s roadways are an arena where the bizarre, the chaotic, and the audacious intersect. Let’s dissect some of these quirks and qualms that make driving in India an experience unlike any other. Aggression on the Road: The Battle for Dominance In the chaotic realm of Indian roads, the unspoken motto, opposite to the old Lucknowi culture of pehle aap, appears to be ‘me first.’ It’s a world where the law of the jungle reigns supreme, where the strong assert their right of way. Northern Bravado: In the northern regions of India, a peculiar brand of bravado prevails. The phrase ‘Tu Janta Hai Mera Baap Kaun Hai?’ (Do you know who my father is?) is the trump card of choice when it comes to asserting dominance. It’s a unique form of assertiveness that can be heard echoing through the streets, often used to leave others in no doubt about one’s lineage. Mumbai’s Bhai: In the bustling streets of Mumbai, the term ‘Bhai’ (brother) is tossed around like a secret code, and nobody’s quite sure who’s who. Each vehicle seems to carry a sense of mystery, leaving you to wonder if that stern-looking gentleman in the SUV is, in fact, some bhai or just another commuter. It’s a city where the lines between real-life bhai and everyday people blur into a web of ambiguity. Rajni’s Effect: Head down south, and you’ll encounter a phenomenon of an entirely different kind. It’s as if the spirit of Rajnikanth, the legendary actor known for his fearless on-screen persona, infects every road user. No matter the vehicle they’re in, drivers and pedestrians alike exude an invincible attitude. It’s not just about confidence; it’s about embracing the Rajnikanth-like aura, navigating the roads with an air of fearlessness, as if they’re the ultimate road warriors. Traffic Violations: Rules, What Rules? Traffic rules in India often seem like mere suggestions, with drivers taking it upon themselves to rewrite the road code. Dash through Red Lights: In almost all the bustling streets cities of this vast country, the act of running red lights has been elevated to nothing short of a daring sport. Here, traffic signals often appear as mere decorations, their authority overshadowed by a collective rush to cross the intersection. It’s a mesmerizing yet heart-pounding spectacle, where drivers flirt with the boundary between safety and audacity. The red signal might indicate a halt, but for many, it’s an invitation to test their mettle in the race against time. Wrong-side Warriors: Across India, the practice of wrong-side driving is not merely a deviation from traffic norms; it’s an art form. It’s an exhibition to the road user’s audacious belief that it’s not about choosing the right lane; it’s about taking the lane that feels right at that precise moment. Whether it’s a shortcut to evade congestion, a faster route to reach a destination, or a sheer disregard for conventional rules, wrongside warriors navigate the road with a flair for the unconventional. It’s a driving dance where the choreography is anything but predictable. Honking: India’s Unending Symphony In India, honking isn’t a mere form of communication; it’s an intricate symphony composed by a flock of impatient souls. At any given junction, in the heart of the road, or while awaiting the changing of a traffic signal, the air resonates with a disharmony of horns. It’s as if drivers participate in a collective belief that the volume of their honk directly correlates with the speed at which they’ll reach their desired destination. This deafening orchestra of horns, often akin to a well-rehearsed ensemble, plays on, day and night. Honk Happy Habits: At…

Nikhil Karan Taneja, Vice President and Managing Director for India, SAARC and the Middle East, Radware As a result of recent shifts in global Distributed Denial-of-Service (DDoS) attack patterns, healthcare providers globally are facing a mounting number of cyber threats. Historically, healthcare providers have been the target of financially motivated ransomware attacks aimed at extracting monetary payments from their victims. More recently, however, they have found themselves in the crosshairs of state-actors and hacktivist groups that are waging global DDoS campaigns for political and religious reasons. For example, in March and April of this year, hospitals in India were targeted by pro-Russian groups and Islamist hacktivist groups that brought down the websites of several hospitals in the Hyderabad area as well as the Indian Ministry of Health. Regardless of the motivation behind the attacks, the end result is the same – the healthcare industry suffers. Patient care is disrupted. Availability of mission critical systems is threatened. And sensitive private data is exposed for the world to see. To defend against bad actors who are getting smarter and attacks that are ever more sophisticated, healthcare providers need to rethink their cyber security strategies. Investing in a comprehensive DDoS protection solution built to adapt to a shifting cyber landscape is now imperative for healthcare’s front lines. The risks to infrastructure, care, and reputation The seamless operation of healthcare applications and services has become mission critical as patient care increasingly relies on technology and data accessibility. Gone unchecked, the rise of DDoS attacks poses a variety of threats to this balance. Disruption of critical patient services: Healthcare institutions rely heavily on electronic health record systems, patient portals, and communication platforms for critical functions like patient care, scheduling appointments and accessing medical records. Any disruption to this digital infrastructure can hinder patient services. Risk to patient safety: In healthcare, timely access to medical information and services is crucial for patient safety. DDoS attacks that disrupt access to patient records or medical devices can delay vital treatments and procedures, potentially endangering patients’ lives. Data breaches: Some DDoS attacks serve as a smokescreen to divert attention while hackers attempt to breach an institution’s security and access sensitive patient data. These attacks can lead to data breaches and expose private patient information, resulting in legal and regulatory consequences, financial penalties, and damage to an institution’s reputation. Financial losses: The costs associated with mitigating a DDoS attack, restoring services, and implementing additional security measures can be substantial. Moreover, the loss of revenue due to service disruptions and potential patient churn can further impact an institution’s bottom line. Brand reputation damage: A successful DDoS attack on a healthcare institution can erode the trust and confidence of patients and partners. The negative publicity and perception of compromised data security may lead patients to seek care from competitors, impacting the institution’s reputation and market standing. Compliance violations: Healthcare institutions are bound by strict regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR). A DDoS attack that results in data breaches can lead to compliance violations and severe penalties, including fines and legal actions. A get-well plan for healthcare Healthcare institutions face serious challenges when it comes to protecting their digital infrastructure. To ensure networks and services remain accessible and resilient, here are a few best practices for defending against DDoS attacks: Select DDoS protection with behavior-based detection: As network-layer and encrypted application-layer DDoS attacks get more sophisticated, it is getting increasingly difficult for security teams to discern between legitimate and attack traffic. Traditional DDoS defenses that typically rely on brute force mitigation mechanisms, such as volumetric detection, rate limiting and geo-blocking, are no longer sufficient protection as they are prone to high levels of false positives and will block legitimate users. Defending against emerging generations of DDoS threats requires automated solutions that can adapt in real time, scale by a magnitude higher than any on-prem solution, and surgically block the attacks without blocking legitimate traffic. This approach focuses not only on traffic volumes but also on the behavioral characteristics of the incoming requests so healthcare providers can more accurately distinguish between malicious and legitimate users and deliver better protection with lower false positives. As attackers increasingly leverage application-layer (L7) attack vectors, web DDoS protections, in particular, are important for healthcare providers because of the need to protect the availability of patient-facing web assets such as patient portals, information sharing, mobile applications, APIs, and other outbound-facing web assets. Deploy always-on cloud DDoS protection: Look for an always-on cloud DDoS protection solution that routes network and application traffic through a security provider’s scrubbing center or point of presence. This ensures that incoming connections are inspected to prevent malicious requests from reaching a protected network or application and that critical patient care systems are always available. Weigh the advantages of a hybrid solution: Healthcare providers handle patients’ protected health information (PHI), which is regulated by a variety of compliance requirements, including HIPAA, PHIPA, GDPR, and state and domestics laws. Because the stake in securing this data is so high, many healthcare organizations are very reluctant to share the SSL/ TLS encryption keys used to protect it with third-party vendors. An on-premises DDoS mitigation appliance can help address these concerns. When deployed within the healthcare organization’s network, an on-premises appliance can mitigate encrypted DDoS attacks while keeping the SSL/ TLS keys in-house and out of the hands of third-party cloud vendors. While cloud services are often recommended because of the scale their cloud scrubbing networks offer, combining them with an on-premises appliance is a good solution for larger organizations with specific needs. Use a managed security service: Often the size of internal security and IT teams that support healthcare organizations are small, with primary staff and resources being focused on patient care. As a result, many healthcare providers lack the experience and personnel to deal with massive DDoS attacks, particularly those targeted at complex application-layer vectors. Utilizing a managed security service as part of a…