Category: Feature

Navneet Daga, Sales Director – Cloud Security Services, Radware The closest imitation of humans and their tasks is done currently by a software application – Bots. They are mostly being used to give human-like experiences in customer services and other interactive vectors like – chatbots, shopbots, knowbots, spiders or crawlers, monitoring bots etc. For this reason, tech experts call this ‘the age of bots.’ The best example of this disruptive tech tool is ChatGPT, a chatbot. Businesses need to understand that this is the right time for them to invest in bot management solutions because these are times when bots are overpowering businesses. What is bot management and how unique is Radware bot management? Bot management refers to blocking undesired or malicious internet bot traffic while still allowing useful bots to access web properties. Bot management accomplishes this by detecting bot activity and it is necessary because their traffic causes websites to slow down. Malicious bots can erase or download content from a website, steal user credentials, rapidly spread spam content and lead to other cyberattacks. Radware Bot Manager provides specialized enterprise-grade defence against sophisticated bots that carry out malicious attacks. It offers an array of mitigation options on the market including a unique Crypto Challenge that enables legit users to browse CATPCHA-free. It is understood that bot management is needed to help manage bot traffic – good and bad. But what is a good bot and what is a bad bot? More such questions need to be answered to get a deeper insight into why bot management is a necessary and important inclusion. The good, the bad and the unknown side of bots By definition, good bots are internet bots that don’t cause any harm or provide benefits and value to their owner or users. On the other hand, bad bots are internet bots made with malicious intent behind them. Bad bots can create fake social media accounts to spam users and businesses with negative or inappropriate comments and even spread fake news. A website trying to block or mitigate bot traffic must do so without stopping any of the good bots, which perform a range of useful functions. Here’s a list of bots to help organizations understand what types of bots exist and give organizations an understanding of why bot management is necessary: Types of good bots Monitoring Bots: Monitors the uptime and system health of the websites. Backlink Checker Bots: Checks the inbound URLs a website is getting so that marketers and SEO specialists can derive insights and optimize their site accordingly. Social Network Bots: Bots that are run by social networking websites giving visibility to websites and driving engagements on their platforms. Partner Bots: Useful to websites and carry out tasks, transactions and provide essential business services. Aggregator/ Feed Fetcher Bots: Collate information from websites and keeps users or subscribers updated on news, events or blog posts. Search Engine Crawler Bots: These bots or spiders crawl and index web pages to make them available on search engines. Types of bad bots Scraper Bots: These bots are programmed to steal content such as prices and product information so that they can undermine the pricing strategies of the target website. Spam Bots: They primarily target community portals, blog comment sections and lead collection forms. They interfere with user conversations, troll users, and insert unwanted advertisements, links and banners. Scalper Bots: These bots target ticketing websites to purchase hundreds of tickets as soon as bookings open and sell them to reseller websites at many times the original cost of the ticket. Account Takeover: Account takeovers include credential stuffing, password spraying, and brute force attacks that are used to gain unauthorized access to a targeted account. Credential stuffing and password spraying are two popular techniques used today. Once hackers gain access to an account, they can begin additional stages of infection, data exfiltration or fraud. Scraping: Scraping is the process of extracting data or information from a website and publishing it elsewhere. Content price and inventory scraping is also used to gain a competitive advantage. These scrape bots crawl your web pages for specific information about your products. Typically, scrapers steal the entire content from websites or mobile applications and publish it to gain traffic. Inventory Exhaustion: Inventory exhaustion is when a bot is used to add hundreds of items to a cart and later, abandon them to prevent real shoppers from buying the products. Inventory Scalping: Hackers deploy retail bots to gain an advantage to buy goods and tickets during a flash sale, and then resell them later at a much higher price. Carding: Carders deploy bots on checkout pages to validate stolen-card details, and to crack gift cards. Skewed Analytics: Automated invalid traffic directed at your e-commerce portal can skews metrics and misleads decision-making when applied to advertisement budgets and other business decisions. Bots pollute metrics, disrupt funnel analysis, and inhibit KPI tracking. Application DoS: Application DoS attacks slow down e-commerce portals by exhausting web servers resources, 3rd party APIs, inventory databases and other critical resources to the point that they are unavailable for legitimate users. Ad Fraud: Bad bots are used to generate Invalid traffic designed to create false impressions and generate illegitimate clicks on websites and mobile apps. Account Creation: Bots are used to create fake accounts on a massive scale for content spamming, SEO and skewing analytics. If a malicious bot targets an online business, it will be impacted in one way or another when it comes to website performance, sales conversions, competitive advantages, analytics or user experience. The good news is organizations can take action against bot activity in real time, but first, they need to understand their own risk before considering a solution. E-Commerce: The e-commerce industry faces bot attacks that include account takeovers, scraping, inventory exhaustion, scalping, carding, skewed analytics, application DoS, Ad fraud, and account creation. Media: Digital publishers are vulnerable to automated attacks such as Ad fraud, scraping, skewed analytics, and form spam. Travel: The travel industries mainly deal…

The physical security industry has been changing quickly in recent years. Developments and applications of cutting-edge technologies in this ever-evolving industry such as AI, machine perception, and IoT, are breaking boundaries all the time. We have seen security systems become deeply integrated and more comprehensive, expanding with capabilities that are now shouldering more intelligent tasks to improve efficiency in security as well as other operational functions. And all this is happening across many different industries and types of organizations. As we step into 2023, Hikvision would like to share some insights into seven key trends coming to the fore in the security industry. AI applications are diversified, requiring more open ecosystems We have seen more diversified AI products and applications that help solve intricate problems daily and meet customers’ fragmented needs. AI’s acoustic and textual capabilities are also being explored by the industry, beginning with visual AI. For example, AI-powered audio anomaly detection is being used to detect equipment failures in industrial environments for heightened levels of worker safety. Furthermore, AI technology itself is evolving to the stage of self-learning with training and optimizing itself much faster than supervised learning. All of these require more ecosystems with open technologies, open resources, and even open protocols, for collaborations in the industry. Open technologies such as container technology and virtualization technology, have significant potential for our industry, which are making hardware products more open. AIoT continues to bridge physical and digital worlds Taking artificial intelligence further, we believe the combination of AI and IoT (AIoT) will continue to be a major trend for 2023, reshaping the scope of the security industry. More AIoT solutions have been introduced that will not only provide intelligent protections but also help advance the efficiency of operations in a multitude of industries and organizations. AIoT will create an important path for boosting digital transformation across several industries. This can be done by creating a digital twin, bridging the physical and digital worlds. For example, in industrial park management, virtual sites can be created by applying 3D modeling, using VR and AR technologies to represent and reflect the real ones, empowering them with the dynamic insight to act quickly to make the whole site run smoothly. Visual experiences improve with 24/7 imaging technologies Capturing security imaging with sharp clarity and color around the clock is a core demand for users of video security, but dim light at night has always been the biggest challenge to achieving this. Now, with the development of several new imaging technologies, we are seeing these challenges removed. Bi-spectrum image fusion technology that employs two sensors is being used to combine IR and visible-light imaging to reproduce vivid colors in dim lighting conditions. Artificial Intelligence-based image signal processing (AI-ISP) technology leverages deep-learning algorithms to radically improve visual noise reduction for nighttime image optimization. Perception capabilities extend to a wider range For security applications, perception capabilities are going far beyond visible light, extending out along the electromagnetic spectrum to expand capabilities of perceiving the physical world in new ways. For instance, hyperspectral imaging technology has been used in analyzing optical irradiance characteristics and eutrophication to record water quality trends in rivers and lakes. In the millimeter-wave band, radar products are assisting the measurement of vehicle speeds and distances. The X-ray band has been applied widely in security inspections, now extending its applications in industrial equipment flaw detection. And these multi-dimensional perception capabilities also converge to create innovative solutions that can accomplish a multitude of new operations such as radar assisted video systems for perimeter protection, integration solutions of video and sonar arrays for traffic management, and alarm systems with a wide range of detectors for smart home applications. More focus on usability of devices and systems Usability of devices and systems impacts the daily life of security professionals, which has generated more focus now in light of workforce shortages and labor cost increases across our industry. This trend is requiring manufacturers to optimize their products with an easier configuration process, make better use of interactive experiences that will reduce installation time, and lower the costs of equipment maintenance and skill building. For example, we see more installers preferring to use mobile applications over PCs in device installation and maintenance where that interactive and simplified process comes across best. The industry moves to greener, lowercarbon operations for sustainability Trends in green manufacturing and low-carbon initiatives in the security industry are very inspiring. Security manufacturers are rolling out products featuring longer life expectancies, recyclable materials and packaging, and renewable energy usage. Each of these initiatives reduces waste and emissions. For example, the solar-powered camera demand continues to increase due to its well-established effectiveness at using the sun’s limitless clean energy. And in daily manufacturing and operations, more companies in the industry have set medium-to-long-term goals for environmental management, spanning from lower carbon production, efficient energy use, and waste and chemical management, to greener office environments. Zero Trust continues to become the go-to cybersecurity strategy Cybersecurity remains a very important and challenging issue for all parties in our industry, as customers and regulators get more concerned about the security of their data and privacy, and have set higher standards and demands on this issue. We see the value in highlighting the idea of Zero Trust for everyone to consider when making cybersecurity strategies. Zero Trust is a strategic initiative that was developed to prevent data breaches by eliminating the concept of trust from an organization’s network architecture. In cybersecurity, trust becomes a vulnerability. Zero Trust is an approach to cybersecurity that dictates our connected systems must ‘never trust; always verify.’  

Prakash Prabhu – Chief Business Officer & Co-Founder, VisionBot In this feature, we will navigate how automated visual inspection, content analysis and deep learning methodologies can save significant time and effort for organized retail and warehousing enterprises. Computer Vision Driven Automated Video Content Monitoring For Retail Augmented computer vision is a game-changer for the retail industry. By adding layers of digital information to the real world, retailers can create engaging and personalized experiences for their customers, resulting in increased sales and customer loyalty. Computer vision is a type of technology that is revolutionizing the way that we think about retail. By using machine learning algorithms, computer vision is able to ‘see’ the world around us and make sense of it in ways that were previously impossible. With its ability for automated visual monitoring in real-time, it provides insights into customer behaviour, shelf management, merchandising, inventory & visitor analytics to name a few, and has become an essential tool for retailers who want to understand their customers better, deliver a more personalized shopping experience and bring more efficiency in their operations. In this editorial, we will explore some of the most promising use cases of computer vision in retail, and how they are already transforming the industry. Smart shelves One of the most exciting applications of computer vision in retail is the development of smart shelves. These shelves are monitored by cameras that can detect when products are running low and automatically raise an alert to reorder them. This not only saves time and resources, but it also ensures that customers always find what they are looking for. Smart shelves can also be used to analyse customer behaviour. By tracking which products are most frequently picked up or put down, retailers can gain valuable insights into what customers are looking for and adjust their inventory accordingly. This kind of real-time data can be used to optimize product placement, pricing, and promotions. In-store navigation Navigating a large store can be a daunting task, especially for customers who are not familiar with the layout. Computer vision technology can help with this problem by providing real-time maps and product locators that help customers find the products they are looking for quickly and easily. In-store navigation also offers opportunities for retailers to personalize the shopping experience. By tracking a customer’s movements through the store and analysing dwell times, retailers can make targeted recommendations about products that they might be interested in through instore promotions. Real-time analytics Perhaps the most significant advantage of computer vision technology in retail is its ability to provide real-time analytics. By analysing customer behaviour and preferences in real-time, retailers can make data-driven decisions about pricing, product placement, and marketing. Computer vision can be used to collect valuable data on customer behavior such as which products they are looking at, how long they spend in the store, and which displays they interact with the most. This data can be used to make informed decisions on store layout, product placement and promotions. Retailers can also use computer vision to analyze customer demographics such as age and gender, to better tailor their products and services to their target market. Checkout & payment The checkout process is often a pain point for both customers and retailers. Long lines and slow checkout times can lead to frustrated customers and lost sales. Pilferages can be reduced at the self-checkout counters, by flagging suspicious transactions. Inventory management Managing inventory is a crucial aspect of retail operations. Computer vision can help retailers track inventory levels and identify which products are running low or out of stock. By using cameras installed in the store, computer vision algorithms can detect which products are being picked up by customers and which shelves are running low. This information can be used to automate the reordering process, ensuring that the store always has sufficient inventory levels. Security Security is a major concern for retailers, and computer vision can help improve safety and prevent theft. Cameras equipped with computer vision algorithms can detect suspicious behavior such as someone trying to remove a security tag or hiding a product in their bag. This information can be sent to store personnel in real-time, allowing them to take appropriate action to prevent theft. Computer Vision Driven Automated Video Content Monitoring For Warehousing Warehousing and logistics are essential components of the supply chain for any industry. The rapid growth of e-commerce has led to an increased demand for faster, more efficient, and cost-effective warehousing and logistics solutions. Computer vision technology is playing a significant role in transforming the industry by enhancing operational efficiency, reducing costs, and improving customer satisfaction. In this editorial, we will explore some of the key use cases of computer vision in warehousing and logistics. Monitored picking and sorting Picking and sorting products is a critical process in the warehousing and logistics industry. Computer vision can be used to automate this process, reducing labour costs and improving efficiency. With cameras and machine learning algorithms, computer vision can detect and identify products, sort them, and place them in the appropriate storage location. This technology can also be used to optimize the picking process by identifying the fastest route to collect items and reducing errors. Inventory management Inventory management is a critical aspect of warehousing and logistics. Accurate inventory management ensures that the right products are available at the right time, reducing delays and improving customer satisfaction. Computer vision can help automate inventory management by scanning barcodes or using image recognition to identify products, track their location, and monitor their quantity. This technology can also be used to optimize storage space, ensuring that products are stored in the most efficient way possible. Quality control Quality control is an essential aspect of the warehousing and logistics industry. Computer vision can be used to detect defects or damage to products, ensuring that only high-quality products are shipped to customers. With cameras and machine learning algorithms, computer vision can identify flaws or inconsistencies in products, and alert workers to take…

Iqbal Singh, Founder, Forces Network Introduction With increasing digitization and automation the surface area for attack for cyber criminals has increased exponentially. Cybercrime is on the rise and jobs in digital or computer forensics are in great demand. It is a branch of digital forensic science. Using technology and investigative techniques, digital forensics helps identify, collect, and store evidence from an electronic device. Digital forensics can be used by law enforcement agencies in a court of law, or by businesses and individuals to recover lost or damaged data. The goal of computer forensics is to perform a structured investigation and maintain a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. It essentially involves data recovery with legal compliance guidelines to make the information admissible in legal proceedings. The terms digital forensics and cyber forensics are often used as synonyms for computer forensics. Digital forensics starts with the collection of information in a way that maintains its integrity. Investigators then analyze the data or system to determine if it was changed, how it was changed and who made the changes. The use of computer forensics isn’t always tied to a crime. The forensic process is also used as part of data recovery processes to gather data from a crashed server, failed drive, reformatted operating system (OS) or other situation where a system has unexpectedly stopped working. Businesses also use computer forensics to track information related to a system or network compromise, which can be used to identify and prosecute cyber attackers. Businesses can also use digital forensic experts and processes to help them with data recovery in the event of a system or network failure caused by a natural or other disaster. Typically they investigate security breaches on a computer system, network, website, or database to find out how they occurred, endeavour to retrieve lost files, and repair damaged data while strengthening the security system to prevent reoccurrence. Where Do They Work?  Many computer forensic investigators work within the law enforcement industry, whether directly for law enforcement agencies or for private firms hired by agencies to manage digital evidence. It’s also possible to work as a forensic analyst for a private company. In this case, you’re likely to be tasked with identifying vulnerabilities, investigating breaches, and attempting to retrieve data from damaged or compromised digital storage devices. Some digital forensic investigator jobs require you to be on call to respond to incidents that might not occur during regular business hours. You can also work as a freelancer in this domain. See the profiles of typical freelancers billing in a range from $20- $200 per hour. Salary. Digital forensic analysts in the US make an average base salary of $74,575, according to Glassdoor, as of December 2022. Job sites ZipRecruiter and CyberSeek report salaries of $73,271 (computer forensic investigator) and $100,000 (cyber crime analyst), respectively.\\ Job openings. To get a feel of the kind of job openings, take a look at indeed website for such roles. Types of Digital Forensics There are various types of computer/ digital forensic examinations. Each deals with a specific aspect of information technology. Some of the main types include the following: Database Forensics.The examination of information contained in databases, both data and related metadata. Email Forensics.The recovery and analysis of emails and other information contained in email platforms, such as schedules and contacts. Malware Forensics.Sifting through code to identify possible malicious programs and analyzing their payload. Such programs may include Trojan horses, ransomware or various viruses. Memory Forensics. Collecting information stored in a computer’s random access memory (RAM) and cache. Mobile Forensics. The examination of mobile devices to retrieve and analyze the information they contain, including contacts, incoming and outgoing text messages, pictures and video files. Network Forensics. Looking for evidence by monitoring network traffic, using tools such as a firewall or intrusion detection system. How Does Computer Forensics Work? Forensic investigators typically follow standard procedures, which vary depending on the context of the forensic investigation, the device being investigated or the information investigators are looking for. In general, these procedures include the following three steps: Data Collection. Electronically stored information must be collected in a way that maintains its integrity. This often involves physically isolating the device under investigation to ensure it cannot be accidentally contaminated or tampered with. Examiners make a digital copy, also called a forensic image, of the device’s storage media, and then they lock the original device in a safe or other secure facility to maintain its pristine condition. The investigation is conducted on the digital copy. In other cases, publicly available information may be used for forensic purposes such as Facebook posts or public Venmo charges for purchasing illegal products or services displayed on the Vicemo website. Analysis. Investigators analyze digital copies of storage media in a sterile environment to gather the information for a case. Various tools are used to assist in this process, including Basis Technology’s Autopsy for hard drive investigations and the Wireshark network protocol analyzer. A mouse jiggler is useful when examining a computer to keep it from falling asleep and losing volatile memory data that is lost when the computer goes to sleep or loses power. Presentation. The forensic investigators present their findings in a legal proceeding, where a judge or jury uses them to help determine the result of a lawsuit. In a data recovery situation, forensic investigators present what they were able to recover from a compromised system. Often, multiple tools are used in computer forensic investigations. A researcher at Kaspersky Lab in Asia created an open source forensics tool for remotely collecting malware evidence without compromising system integrity. Techniques Used By Forensic Investigators Investigators use a variety of techniques and proprietary forensic applications to examine the copy they’ve made of a compromised device. They search hidden folders and unallocated disk space for copies of deleted, encrypted or damaged files. Any evidence found on the digital copy is carefully documented in a finding report and verified with the original device in preparation for legal proceedings that involve…

Colonel B S Nagial (Retd) Human security means the safety of people from both violent and non-violent threats. This world is insecure and poses various threats and challenges to people worldwide. These threats could be natural disasters, violent conflicts, poverty, epidemic, economic hardships, social exclusions etc., threatening human security and undermining their safety, security, and sustainable development. Such problems are very complex and need the urgent attention of the authorities. They could pose exponential threats if they are not resolved in time and overlapped.Human security is a concept in international relations that emphasises protecting and promoting individual freedoms, human rights, and well-being. It differs from traditional security concepts focusing mainly on protecting states and their territorial integrity. The human security approach seeks to address a wide range of threats to individuals including economic insecurity, poverty, hunger, disease, political violence, and other forms of violence and exploitation. The concept of human security recognises that individuals are not only threatened by conflict and violence but also by a range of non-military threats such as poverty, disease, and environmental degradation. Human security focuses on the empowerment and protection of individuals rather than the state’s safety. This approach seeks to create a safer and more secure world for all individuals, regardless of where they live or their nationality. There are many different threats to human security, some of which include: Political violence: This includes conflict, civil war, state repression, and human rights abuses. Political violence can result in the displacement of people, loss of life, and damage to infrastructure and institutions. Poverty and economic insecurity: Lack of access to basic needs such as food, water, shelter, and health care can undermine human security and lead to chronic poverty, unemployment, and food insecurity. Disease: Outbreaks of infectious diseases, such as HIV/AIDS, Ebola, and COVID-19, can devastate human security, especially in countries with weak healthcare systems. Environmental degradation: Climate change, deforestation, and other forms of environmental degradation can lead to water scarcity, displacement, and decreased food production, all of which pose threats to human security. Disasters: Natural disasters, such as hurricanes, earthquakes, and tsunamis, can have a catastrophic impact on human security, causing loss of life, injury, and displacement. Terrorism: Acts of terrorism can cause widespread fear, injury, and death and can have lasting impacts on economies and societies. Cyberattacks: Cyberattacks on critical infrastructure, such as power grids, financial systems, and communication networks, can significantly impact human security, especially in digital dependence. These are just a few examples of the many threats to human security. It’s essential to address these threats comprehensively and broadly, considering the interconnected nature of these challenges. The state of human security worldwide is complex and varies significantly from region to region and country to country. In some parts of the world, there have been significant improvements in human security in recent years, while the situation has deteriorated in others. In some countries, poverty and hunger remain persistent problems, and access to essential services such as health care and education remains limited. The COVID-19 pandemic has exacerbated these issues, leading to economic instability, job losses, and increased poverty in many countries. However, there have also been some positive developments in human security. For example, there have been improvements in the protection of human rights in some countries, and some states have made progress in reducing conflict and promoting peace. The international community has also significantly tackled global challenges such as poverty, disease, and environmental degradation. Overall, while the state of human security worldwide is mixed, there is still much work to be done to ensure that individuals everywhere have access to the fundamental freedom and protection they need to lead safe, secure, and fulfilling lives. There are many countries around the world where human security is badly affected due to various factors, such as conflict, poverty, disease, and political repression. Some examples include: Syria: The ongoing conflict in Syria has had a devastating impact on human security, with widespread loss of life, displacement, and widespread human rights abuses. Yemen: The ongoing conflict in Yemen has led to widespread food insecurity, disease outbreaks, and displacement of people. The situation has been described as one of the world’s worst humanitarian crises. Venezuela: The political and economic crisis in Venezuela has led to widespread poverty, food insecurity, and shortages of essential goods and services, including health care. Afghanistan: The ongoing conflict in Afghanistan has led to widespread displacement, loss of life, and human rights abuses, as well as significant challenges in areas such as health care and education. Sudan: The ongoing conflict and political instability in Sudan have led to widespread displacement, loss of life, and human rights abuses, as well as food insecurity and disease outbreaks. These are just a few examples of the many countries where human security is badly affected. It’s important to note that human security is not only affected by conflict and violence but also by a wide range of non-military threats, such as poverty, disease, and environmental degradation. In many countries, a combination of these factors exacerbates the challenges to human security. How can we ensure human security? Ensuring human security requires a multi-faceted approach that addresses many threats and challenges. Some key steps that can be taken to ensure human security include: Promoting peace and stability: By reducing conflict and promoting peace, governments and the international community can create a safer and more secure environment for individuals. Protecting human rights: Governments and the international community must take steps to protect the rights and freedoms of individuals, including freedom of expression, assembly, and religion. Reducing poverty and promoting economic growth: By reducing poverty and fostering economic growth, governments can ensure that individuals have access to the basic needs and services they need to lead secure and fulfilling lives. Combating disease: Governments and the international community must work to prevent and control the spread of infectious diseases, such as HIV/AIDS, Ebola, and COVID-19. Addressing environmental degradation: By addressing environmental degradation, governments and the international community can help ensure a…

Nikhil Korgaonkar Regional Director, Arcserve India & SAARC In September, Australian telecoms giant Optus said hackers accessed current and former customer data following a cyberattack on its systems. Optus said in a press release that an unspecified number of customer names, dates of birth, phone numbers, email addresses, home addresses, and identity document numbers such as driver’s licenses or passport numbers were taken in the breach. Optus is far from being the only telecoms victim. In the United States, T-Mobile disclosed its seventh network breach earlier this year after hackers with the Lapsus$ cybercrime group stole the telco’s source code. Last year, the second largest cell carrier in the U.S. said at least 47 million customers had personal information stolen by hackers. The threat of ransomware is keeping many telecom company execs up at night. In this digitalised world, cyber-attacks are the weapon of choice in bringing down companies, and cyber-criminals are becoming increasingly sophisticated. For example, criminals spreading the Noberus ransomware are adding weapons to their malware to steal data and credentials from compromised networks. Historically, telecom security officers have focused on building a moat around the castle through firewalls, antivirus solutions, multifactor authentication, intrusion detection and prevention, and more. But these barriers are no longer good enough because most organisational data now resides outside the castle. Even after deploying layers and layers of defence, organisations are finding that they are still vulnerable to cyberattacks and that their data is still getting compromised. A 360-degree view of IT security is required to help telecom companies protect their data. That means expanding the focus to include data backup and recovery solutions and immutable storage that, until now, have not been a key focus. Companies can no longer afford to treat these solutions as an afterthought. Instead, they must be a critical component of every cybersecurity strategy. Backup and recovery, together with immutable storage, are the last critical line of defence. Indeed, a solid data protection plan can safeguard an organisation’s mission-critical data and help secure it against disruptions and cyberattacks, thus minimising damage to operations. That’s why there is a need to rebalance the overall approach to data security. There needs to be a better way to manage risk while at the same time optimising the ability to recover data in the event of a disaster. Here are the top three steps to balance the equation and integrate data protection into your cybersecurity plans. 1. Make sure you have a recovery plan The first step in any cybersecurity strategy should be backing up critical data. But data backup alone is not enough. It would be best if you also had a robust plan to recover your data quickly and cost-effectively in the event of a cyberattack. The truth is that without a well-thought-out recovery plan in place, you may be unable to properly restore the exact version of a file or folder following a data loss. Here’s one way to think about data backup and recovery. Attempting to restore data without a solid recovery plan is like putting together a jigsaw puzzle after half the pieces have gone missing. It’s a recipe for disaster, especially during a crisis when you’re scrambling to save your data now – because tomorrow could be too late. A good recovery plan can help you locate all the pieces and swiftly put them together at a time when every minute is vital, and you don’t have a moment to lose. 2. Choose an immutable storage solution A robust and reliable backup and recovery plan allow you to safeguard your data even if a cyberattack victimises you. A vital component of any such strategy is a storage solution that continually protects your data by taking snapshots every 90 seconds. These snapshots make it possible for you to go back to specific points in time before an attack and recover entire file systems in a matter of minutes. As a result, even if a cyberattack is successful, your information will be quickly and easily recoverable to a very recent point in time. Because your backup data is immutable – your data can’t be altered in any way, not by your administrators and not by ransomware – there will always be a series of recovery points, ensuring your data remains protected. This immutability can also bridge the security and the operational infrastructure teams, which have traditionally been siloed. That means these two groups can speak the same language and work together in the face of cyber threats. 3. Get a one-click recovery It would help if you did everything possible to minimise downtime in a cyberattack. That’s why looking for a data protection system that is easy to deploy, simple to manage, and rocksteady even under the most harrowing circumstances is imperative. Your data protection system should also deliver orchestrated recovery with a single click. In a cyberattack, you should be able to recover confidently by safely spinning up copies of physical and virtual systems onsite and offsite in minutes – not hours or days. An ideal data protection system will also use analytics to identify frequently used data that a business should always back up and less vital data that doesn’t have to be. This system gives you an intelligent, tiered data architecture that provides rapid access to mission-critical information. It also saves you money on data storage while keeping essential data safe from catastrophe. Conclusion With cyber-attacks showing no sign of abating, telecom companies must adopt a robust cybersecurity plan – their lifesaver when an attack strikes. Backup and recovery are a critical part of a cybersecurity plan – and the only reliable way to reverse or mitigate the damage of a cyber-attack. Your data is your most important asset. If compromised by ransomware, you’re dead in the water. That’s why you need to make data protection a crucial part of any cybersecurity strategy. With the right approach, your data will be quickly and easily recoverable even after an attack, and you’ll be able to…

By Colonel B. S. Nagial (Retd.) Cyberterrorism is a global phenomenon but not much recognised in India. However, India ranks second highest user of the Internet after China. It is estimated that about 20% of the Indian population uses Internet facilities. In contrast, in the US and UK, 90% of people use the Internet. And people who use the Internet facilities are also called ‘Netizens.’ The over-dependence on the Internet increases susceptibilities & weaknesses. Sometimes the feelings of aggression are transformed into anger and revenge, which turns them into criminals. Most people in India aren’t sensitive to cyber threats posed by the virtual world. Information Technology (IT) has opened a plethora of opportunities for the world to develop its financial infrastructures and other e-commerce facilities. Cyber crimes are increasing daily. The ‘netizens’ are ignorant and in denial that their activities are safe and secure. We usually share our important & sensitive data & information inadvertently on social media. The momentous growth of the cyber world has further posed the threat of cyberterrorism. Cyber attacks depict lethal and non-lethal psychological problems faced by people. Cyberterrorism is typically considered a tool that only affects the national security system. But in fact, it also affects the psyche of the people. Cyber terrorists have increased the employment of cyber attacks dramatically in the past few years. It has caused mass destruction & damage to various facilities such as health, energy, nuclear, and critical command & control facilities. Cyber professionals are at work to reinforce capacity-building measures to restrain cyber attacks on critical systems in India. What is Cyberterrorism? As per the dictionary, cyber-terrorism is ‘the motivated use of computers and information technology to cause extreme interruption or extensive fear in society.’ Dorothy Denning, a professor of computer science, has given the most notable definition of cyberterrorism. He has put forward an admirably unambiguous definition in numerous articles and in her testimony before the US House Armed Services Committee in May 2000 – Cyberterrorism is the conjunction of cyberspace and terrorism. It denotes illicit attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people. Also, to qualify as cyberterrorism, an attack must cause violence against persons or property or inflict sufficient harm to cause fear. Attacks which cause death or bodily injury, explosions, or severe economic loss are a few examples. Grave attacks against critical infrastructures could be acts of cyberterrorism, depending on their impact. Cyberterrorism is a deliberate attempt, which is a politically, socially or religiously inspired attack against information systems, programs and data. The definition is occasionally expanded to include any cyber attack that intimidates or generates fear in the target population. Attackers often do this by inflicting damage or disruption to critical infrastructure. Cyberterrorism is also known by terms such as electronic terrorism, electronic jihad, information warfare or cyber warfare. The fact is that cyberterrorism threats can come from so many different sources, and sometimes it would seem impossible actually to defend ourselves from them. Objectives of Cyberterrorism The fundamental objective of a cyber-attack is hacking, generally to satisfy the ego of hackers by creating terror. Sometimes it seems too similar or overlapping, like cyber attacks and cyberterrorism. The objective of cyberterrorism is to instil feelings of terror in the mind of cyber victims. Cyberterrorism also threatens the most vulnerable points covering physical and virtual worlds. It includes the commission of acts of destruction, alteration, acquisition and acts of transmission against the following: Defence forces. Internal security system. Health care system. Financial infrastructure. Other important civilians networks. Destructions of supervisory control and data acquisition system of smart cities. Information and Communication Technology (ICT) may be used to help the commission of terrorist-related offences. It can be promoted to use, promote, support, facilitate, and engage in acts of terrorism such as spreading propaganda, recruitment, radicalisation, incitement to terrorism, terror financing, training planning and execution of terrorist attacks. Modus Operandi of Cyberterrorism Cyberterrorism is gaining far-fetched attention due to extensive reporting by the media and numerous other institutions, both from the public as well as private sectors. They accept that cyberterrorism is capable of rendering catastrophic impacts. Thus, it is imperative to share awareness among the general public to alleviate cyberterrorism threats effectively. Most cyberterrorism cases have numerous common traits. It is essential to clearly define what a cyberterrorism attack looks like to avoid misunderstandings leading to confusion later on. Usually, the victims of cyberterrorism attacks are specifically targeted by the attacker(s) for predetermined reasons. There have been random cases of cyberattacks carried out in the past, such as releasing harmful viruses and worms through the Internet. However, in reality, the targets were arranged by cyber terrorists. This is because if the attacks are more focused and intended towards an explicit target, there are better chances of inflicting severe damage on the target chosen. The most common objective of cyberterrorism is to inflict damage or destroy completely a particular target which may be an organisation, industry, sector, or economy, or to impact particular targets. These types of attacks are becoming popular. Thus, specific countermeasures will be required to prevent the targeted entities from falling victim to such attacks. One more common feature of cyber terrorism is the resolve which is to further the terrorist or terrorist groups’ own goals, such as to inflict heavy damages on the former employer due to unsettled disputes or to create chaos among the general public. Cyber terrorists deploy various types of cyberterrorism attacks. As per the Center for the Study of Terrorism and Irregular Warfare at the Naval Postgraduate School in Monterey, California, USA, cyber terrorism capabilities can be grouped into three main categories; simple unstructured, advanced-structured and complex-coordinated. Simple-unstructured This is the fundamental capability to conduct hacks against individual systems employing tools created by others. This type of organisation possesses little target analysis, command and control skills, and limited learning capability. Advanced-structured This is the advanced competence to conduct more experienced attacks…

Artificial Intelligence is no longer just a cliched topic in the entertainment world. AI today has developed into a ‘must-have’ for every vertical from the government to basic applications on our gadgets. The use and dependency of AI especially in businesses have increased multifold, be it for understanding the customers or developing new products to suit the needs of the users. While the use of AI is opening up never-seen-before opportunities and possibilities for organizations across verticals, it also brings in incredible responsibility to safeguard the data and ensure transparency. Ethics seem to play a bigger part in ensuring that organizations take up a responsible path in using AI for their businesses. Data breaches, irresponsible use of the data collected and its processing using AI, and irresponsible use of AI to an extent of violating ethics have become the main concern for the people, government and businesses. A brand’s image is now connected to how responsibly they use AI which is at its disposal without breaching the trust of its customers. In February 2021, NITI Aayog released an approach document on ‘Principles for Responsible AI’ under the hashtag #AIFORALL. The document spoke about ethics, legal, social and technology, surrounding AI. While the Indian government is slowly approaching the subject, keeping in mind the need for AI and its impact on business, society and legal standpoint, the US and EU nations too have started working now on how to bring the responsible use of AI as part of the governance. Until there is an actual policy, which can be brought in regarding the responsible use of AI, the onus is on industry leaders and their organizations to ensure the safe and responsible use of AI in their businesses. So, what is responsible AI in businesses mean? F rench writer Voltaire said – with great power comes great responsibility, and AI is a power which many believe is only in its 1st leg of being discovered. The understand ing of what can be achieved by delving deeper into AI is only something that is being understood now. The veterans of the AI industry believe that ‘responsible’ means ethical and democratized use of AI – a tool, which is now available to any person, who has access to the technology. To elaborate, it is the practice of designing, developing and deploying AI with the intention to empower employees and businesses. Responsible AI’s target is to deliver trust, transparency and an unbiased approach to customers or users in the work environment. Organizations deploying AI should follow important practices and the right AI techniques that are compliant with new and pending guidelines and regulations of AI governance. This will help to deliver a trustworthy and transparent deployment. One might ask, why is AI needed for businesses when the risks and ethical dilemmas outweigh the uses as of today? The answer is simple – with AI, businesses have an edge in developing more robust and user-friendly products that help them stay a step ahead of their competition. The data collected helps businesses understand what exactly their customers are looking for and how they can deliver it. Today’s customer service is heavily dependent on AI and good customer service is what makes a brand successful. These are just a few instances of how AI can help businesses stay ahead during times when technology is the knight in shining armour. This is why one needs to understand the principles of Responsible AI that revolve around minimizing unintended bias, ensuring AI transparency, protecting data privacy and security, and benefiting clients and markets. Organizations deploying AI systems should keep these in mind and put them into practice to attain the desired deployment which is more ethical in compliance with Responsible AI. An eye on the following key facts for reaping the benefits of Responsible AI Data security has been and should be the top priority, so organizations deploying AI should use top-of-the-line data encryption practices. Use approved techniques such as customer lockboxes and data masking to protect the data from unauthorized access by other software. The AI-based products should have a human-centric design and once it is developed and deployed, they should go through regular operational routines for maintaining the whole idea of it being designed to be human-centric. The AI system should be developed to anonymize sensitive data of clientele and automatically delete the data after the purpose is fulfilled. Restricted data transfers between different stakeholders It is very important to put in place an explicit approval system for data access during service operations. A good amount of incident management training and Strict data usage policies can help in times of crises. Keep a check on risks and threats by performing regular audits and vulnerability assessments. Considering the above factors during AI system deployment will not only help in addressing the principles of Responsible AI but also help businesses develop ethically bound AI applications for their work operations.  

By Johan Paulsson, CTO, Axis Communications The fact that technology has become pervasive in our personal and work lives is not news. This is largely due to the benefits that new technologies bring to business and citizens around the world in delivering new, more effective, and increasingly efficient services. However, the depth of technology’s integration into our lives, advances in its capabilities, and heightened awareness of its implications in society are also greater than ever and continue to accelerate. Given this, many of the broad macro trends around the globe – spanning geopolitical issues, economic uncertainty, environmental concerns, and human rights – have implications for all technology sectors, the security industry included. Ours is a sector making use of increasingly intelligent technology, one inherently involved in collecting sensitive data, and as impacted by geopolitical issues affecting international trade as any. Yet we’re still resolute in our view that our innovations will create a smarter, safer world. These are the six key technology trends that we believe will affect the security sector in 2023. A move towards actionable insights The increasing application of AI and machine learning have seen a focus on the opportunity for advanced analytics in recent years. Moving forward, the shift in focus will move from the analytics themselves, to the actionable insights they deliver in specific use cases. It’s less about telling you something is wrong, and more about helping you decide what action to take. A key driver for employing analytics to deliver actionable insights is the huge increase in data being generated by surveillance cameras, along with other sensors integrated into a solution. The data (and metadata) being created would be impossible for human operators to interpret and act upon quickly enough, even with huge and costly increases in resources. The use of analytics can drive real-time actions which support safety, security, and operational efficiency. From prompts to call emergency services in the case of incidents, to redirecting traffic in cities to alleviate jams, to redeploying staff in busy retail outlets, to saving energy in buildings through more efficient lighting and heating, analytics are recommending, prompting, and even starting to take the actions that support human operators. Beyond ‘live’ actionable insights, analytics can support in forensic analysis post-incident. Again, given the vast amount of data being created by surveillance cameras, finding the relevant views of a scene can take significant time. This can hinder investigations and reduce the likelihood of suspects being found. Assisted search addresses this issue, helping operators quickly find individuals and objects of interest among hours of footage. Finally, proposed actions promoted by analytics are increasingly forward-looking. Downtime in industrial sites and factories can be costly. A combination of sensors allows intelligent analytics to propose preventative maintenance ahead of outright failure. ‘From analytics to action’ will become a mantra for 2023. Use case-defined hybrid architectures As we’ve highlighted in previous technology trends posts, it’s now commonly accepted that a hybrid technology architecture is best-suited for security systems, mixing on-premise servers, cloud-based compute, and powerful edge devices. No one architecture fits all scenarios, however. But here lies the solution – first assess what needs to be addressed in your specific use case, and then define the hybrid solution that will meet your needs. A number of factors need to be considered. Undoubtedly the advantages of advanced analytics embedded in surveillance cameras on the edge of the network are clear to see. Analysis of the highest-quality images the instant they are captured gives organizations the best chance to react in real-time. Equally, the data generated by surveillance cameras is now useful beyond the real-time view. Analysis of trends over time can deliver insights leading to operational efficiencies. This analysis often demands the processing power found in on-premise servers or the cloud. And of course, there are the requirements – often defined by regulation – around data privacy and storage that vary from country-to-country and region-to-region. These can define the difference between on-premise storage and the use of the cloud. What’s essential is not to tie yourself to a single architecture. Remain open, give yourself the flexibility to create the hybrid architecture best suited to your specific needs. The emergence of cybersecurity sub-trends The importance of cybersecurity is also highlighted through the requirement to remain compliant. For instance, the proposed European Commission’s Cyber Resilience Act will place greater demands on producers of hardware and software across all sectors to ensure the cybersecurity of their products, through fewer vulnerabilities at launch, and better cybersecurity management throughout the products’ lifecycles. The security and surveillance sector will, of course, be included. The Act demonstrates both the importance and the complexity of cybersecurity. No longer can it be seen as one subject, but rather several interlinked areas. Some of these are well established, but others are emerging. In the video surveillance sector, cybersecurity measures that ensure the authenticity and safety of data as it is captured and transferred from camera to cloud to server will be essential to maintain trust in its value. We will see a more proactive approach by technology vendors in identifying vulnerabilities, with ‘bug bounty’ programs becoming commonplace to incentivize external parties. And customers will expect transparency regarding the cybersecurity of security solutions, with a Software Bill of Materials becoming standard in assessing software security and risk management. Beyond security One of the most significant trends for the security sector, and with it an equally-significant opportunity, is the move beyond security. Surveillance cameras have become powerful sensors. The quality of video information they capture, in all conditions, has increased year-on-year for decades. Today, through advanced analytics, they also create metadata – information about the video data – which adds another layer of information and value. This of course improves and enhances their ability to support safety and operational efficiency use cases in addition to security. The opportunity now exists to combine the data created by surveillance cameras with that from other sensors – monitoring temperature, noise, air and water quality, vibration, weather, and more…

In 2022, cybercrime is ever-increasing, and the number of attacks and bad actors continues to increase exponentially. As soon as we’ve learned to eliminate a threat, perpetrators are creating new ways to breach networks. It can feel like a never-ending cycle. And it is no surprise because successful attacks on Medibank, the Colonial Pipeline, and SolarWinds demonstrate the significant need for cybersecurity efforts that act differently than traditional practices. A holistic approach must be defined and expanded to cover applications and workloads during runtime wherever they may reside to protect our enterprise systems better. This is the only way to ensure that the correct code and processes can execute and nothing else, regardless of the threat environment. Cybercrime’s threat to individuals and organizations leaves them feeling anxious, thinking about the possibilities that can take place without appropriate security practices or solutions. In response to this increasing threat, we as an industry must commit to being as proactive as possible by educating, training, and staying updated on security-leading practices. As you can imagine, our cybersecurity strategies have undergone immense changes over the years, and significant strides have been made by security teams across the globe. Since its introduction in October 2003, Cybersecurity Awareness Month (CSAM) has brought greater awareness to this global issue. Leaders and employees have been more aware of their role in mitigating threats, while ISOs and CISOs worldwide are now developing greater Security Education Training and Awareness (SETA) programs. The bottom line is that security knowledge should be focused on awareness for all, training employees with key roles, and educating cybersecurity specialists. SETA programs are not a one size fits all, and many now include phishing exercises, tabletop security incidents rehearsal, and simulated attacks with Red and Blue teams. The theme of this year’s CSAM campaign is ‘See Yourself in Cyber,’ demonstrating that while cybersecurity might seem complex, it is all about teamwork. ACRE recognizes that all members of an organization play a role in defending our organization’s data, assets, and employees. We also all play a part in protecting personal data in our day-to-day life. Currently, employees need to keep a mindset of security in all tasks that they complete, whether cyber or physical. Supporting this initiative is our SETA program, which is designed to promote cybersecurity awareness. Additionally, our team has developed other campaigns to enhance our employee’s overall security knowledge through workshops, assessments, and security incident scenario rehearsal to help reduce our security risks. Regarding our security solutions, ACRE strives to balance our security strategy with our core product pillars of identifying, protecting, detecting, responding, and recovering. Adhering to cybersecurity best practices, we actively train our specialists to be conscious of security and data protection in every step of the product lifecycle from the initial concept through retirement. In a world where ever-evolving technology produces incredible innovations, it raises threats more than ever before. We believe that one factor contributing to this is the risk of complacency. Any organization that believes it is doing enough or becomes too negligent in security strategies could be heading down a dangerous path. Organizations must stay engaged and vigilant and remain dedicated to keeping their employees, suppliers, and customers informed. After all, security is and will always be a team effort.