Category: Feature

By Shrikant Shitole, Chief Executive Officer, iValue InfoSolutions As of July 1, businesses in India must comply with new regulations set forth by the country’s Computer Emergency Response Team of India (CERT-In) organization and the Ministry of Electronics and Information Technology (MeitY). These new directives require businesses to report any cyber incident within 6 hours – one of the shortest cybersecurity incident reporting windows. The recent directives from the Computer Emergency Response Team of India (CERT-In) have caused quite a stir in the security community. Apart from mandatory reporting of cybersecurity-related events, organizations must sync server time stamps, maintain 180 days log back-up, and customer details of virtual private network (VPN) services for a period of five years. The rules [PDF] mention 20 cyber incidents to be reported, including data breaches, ransomware, and fake mobile apps. The new guidelines will come into effect from June end and will also be applicable to cloud service providers and virtual private server providers. What does it mean for businesses? CERT-In’s directive is a cause for concern for businesses in India. Domestic and global industry bodies like ITI are voicing their concern and the potential impact on every business. Impact on VPN providers During the pandemic, a paramount cybersecurity tool has been a Virtual Private Network (VPN). According to a report by Atlas VPN, VPN usage in India exploded with a growth of 671% in 2020, totalling 348.7 million users by the first quarter of 2021. The growth is mainly attributed to the Indian governments growing restrictions on internet usage. India joins a handful of countries, like Belarus, China, Iraq, North Korea, Oman, Russia, and the United Arab Emirates, that heavily regulate or outright ban VPN services. The new guidelines are a severe pushback to VPN providers in India. For many, it goes against their core USP of privacy, strict no-log policies, and their main selling point of anonymity. Companies like NordVPN and SurfShark are considering moving out in light of the guidelines. While CERT-In is said to issue a clarification on the April 28 directives, we are yet to see any shift in their stance on VPN privacy. Impact on crypto wallets Joining the league of financial service regulators, CERT-In now requires virtual asset service, exchange, and wallet providers to maintain Know Your Customer (KYC) and financial transactions for five years. Experts suggest that these directives will form the foundation for crypto regulation in India. This follows the recent Union Budget announcement of a flat 30 percent tax on gains from cryptocurrencies and a 1 percent TDS on all crypto transactions. Organizations must start syncing their system clocks with ICT systems and connect to the Network Time Protocol (NTP) server of the National Informatics Centre (NIC) or National Physical Laboratory (NPL). Syncing timestamps with distant servers raises latency issues. Large data centres would prefer a server that is nearby and trustworthy public NTP servers (like Google) over time sync servers of NIC and NPL. How will CERT-In create dedicated server time? We are yet to get clarification. The cost, time, and resources to implement the change Making changes in organizational security in just 60 days is challenging. The number of resources required to sustain the new changes is questionable on either side. Would CERT-In be able to handle the load? Organizations must maintain logs of ICT systems for a rolling period of 180 days and retain personal data such as names, addresses, phone numbers, emails, and IP addresses of subscribers for a minimum of five years. This could be a potential violation of GDPR norms. Companies would also need to maintain log servers or invest in services of Security Information and Event Management (SIEM). While SIEM is a valued option, the cost of implementing these changes would be hefty for small to medium organizations. The failure to comply with CERT-in directives would attract a fine of up to Rs.1,00,000 or imprisonment for up to a year under Section 70-B(7) of the IT Act. The bottom line? We are eagerly anticipating clarity in certain places, especially whether additional infrastructure has to be created to store the data. Or whether they are allowed to outsource the storage of data to third-party data storage, retention, and localization service providers. While India’s move to strengthen the digital ecosystem is a welcome initiate, in the long run a pragmatic approach would gain better coverage, keeping a fine balance between national security, public surveillance, business priorities, and netizen’s privacy.  

In a new world where healthcare systems need to be of the highest order, the processes have taken a strong momentum to improve infrastructure and amenities following the pandemic years. The policies are rapidly resurfacing as they have become crucial for the citizens of a country. Hospital Security involves securing patients, staff, visitors, and physical infrastructure. Hospitals have multiple access points and witness huge crowds daily. Most hospitals are considered ‘soft targets’ as they are high-density locations including crowded areas such as schools, shopping malls, and schools. They commonly have many access points with limited security guards. Even the threats of theft, violence and other crimes are real risks for hospitals. These are some of the common reasons why we may be more vulnerable to certain types of security risks in the coming future if left unattended. In the face of a pandemic, risks are heightened, and the need for stricter security norms looms large. The role of hospital security is to ensure the safety, security, and welfare of all patients, staff, and visitors to their full capacity. Apart from people, it is also important to secure medical equipment, operating rooms, facilities, and sensitive information. Without adequate safety and security measures, hospitals can become easy targets for intrusion and unwarranted activities. Statistics There are a total of 18,99,228 hospital beds in India, out of which 11,85,242 are in the private sector, and the remaining 7,13,986 are in the government sector. 59,262 ICU beds are in the private sector and 35,699 beds in the public sector. (April 2020, analysis by the Center for Disease Dynamics, Economics & Policy). The Union Budget of 2022-23 allocated INR86,200 Cr. to the Ministry of Health and Family Welfare, a nearly 16% increase in comparison to FY 2020-21. By 2036, the population of India is expected to increase to 151.8 crores (approx.) at the rate of 1.0 percent annually. Calls for better infrastructural facilities. Types of Hospital Safety Patient and child safety, emergency services, contract staff, catering establishments, parking traffic, pharmacy control, clinical safety, equipment protection, fire safety, and evacuation. Risks & Security Threats The healthcare industry is widely regarded as having a weak security system. The main challenges that arise in hospital security are: Deficiency in manpower and infrastructure. Unchecked visitors due to heavy traffic at the entry and exit gates is one of the probable risks. The parking area is a hot spot that needs immediate attention for threat control, as the damages may result in an expensive disaster. Healthcare data breaches and cyber-attacks expose highly sensitive and valuable information of patients. In 2016, a kidney trafficking racket was wedged in Mumbai’s hospital meanwhile Delhi faced an incident that includes the swapping of newborn babies due to gender biases in 2017. The year 2022 recorded an unpleasant episode where some of the relatives ransacked a private hospital in Nagpur and further assaulted a doctor after the patient’s death. These are some of the issues that are confronted by hospitals every day, and the number of such incidents per year is increasing. If we tighten our security systems, it may reduce the scope of these cases significantly. Together with manned guarding, vigilance, surveillance, and electronic security can such threats be addressed better. Safety Measures Maintenance of the records and medical history of all patients as credible National Health Data is important for the govt, and stakeholders, and to also maintain transparency with the democratic citizens of this country. Provisions by regulatory authorities, planned strategy, patrolling and reporting, quick response teams (QRTs), protection of high-value laboratories, allotting of investigation officers, more organized and categorically strict ‘entry & exit’ systems, easing out language barriers, and reduction of cues, monitoring, and checking of cue reduction besides registration of all visitors. Electronic access systems for physical security needs like printing photo ID access cards and face recognition systems for the authorized staff, and visitors. Biometric authentication such as fingerprints, upgraded software integrations, high-speed internet access, 24×7 control room regulation, and automatic door controllers with a magnetic locking system. Disease control/ prevention, administrative security, and safeguarding of dormitories having high-risk equipment and inflammable tools. Reliable and latest information on healthcare resources and their deployment can address problems with real-time solutions. To further ensure a district-level electronic database of information on health system components. Hospital staff & security coordination training, fire training, and security guards training to counter any mishaps for real-time action control. Verification of IDs and badges to make sure the doctors, patients, and visitors are at their assigned wards. Furthermore, contactless access card readers for easy access. Effective communication amongst security officers, quick monitorization of strategically positioned CCTV cameras. Metal detectors and screening tests of all visitors. Handling the patient’s and their relative’s emotions in cases of serious medical issues. Besides the doctor, a skilled healthcare security officer can maintain composure and tactically handle the emotions of the deceased/ injured. Patrolling by the trained security officers for potential fire threats due to sparks generated via electrical equipment or combustible materials. Regularly examine the expiration dates of the fire extinguishers. Further reporting the issue to the firefighters. Abduction of infants, inmate escapes, drug theft, and even gun violence are some of the crimes committed in hospitals. These crimes can be avoided by a strong and effective security system to avoid these crimes. Establish integrated health information Exchanges, architecture, and national health information networks. The year 2020 recorded the concentration of most ventilators and hospital beds in India and found seven states that topped the charts. Uttar Pradesh, Karnataka, Maharashtra, Tamil Nadu, West Bengal, Telangana, and Kerala. Amongst which the highest number was recorded in UP (as shown in the previous page). Although the dynamics have changed now with an increase in the number of hospital beds and ventilators over the years. Besides taking these necessary steps; the latest tools and technology are the requirement of the emerging healthcare sector. To detect and protect people from waste, and acquired infections, systematic management systems, information systems, establishing hospital committees, planned…

Prashanth G J, CEO of TechnoBind Today, almost everything you need to run and manage in an organization is stored online. From digitally preserved company processes, customer, client and partnership data, to your website, login credentials, company emails, team messages, saved conference calls, social media accounts, advertising campaigns, product and service manuals, and every other byte of data that is generated within your organization is your digital asset. Investors value digital assets because they increase a company’s overall worth. Companies can claim expenses and tax deductions against their digital assets because they can be sold separately. They are just as valuable to a company as physical assets, and businesses must take the same precautions to protect digital assets as they would for physical assets. Client and partnership information, login details, business emails, digital chat messages, recorded conference calls, email lists, social media profiles, website content, and more are all considered as digital assets. By 2024, the worldwide digital asset management industry will have grown to $8.1 billion. To preserve their critical information and brand, businesses must ensure that their digital assets are safe and secure. Where to start Protecting digital assets starts by studying the company and creating a thorough inventory of what they possess – and what they might have – they should not ignore something that could be a valuable asset! Start by identifying all of the digital assets the company owns. This stage is crucial because many business owners are unaware of what their company’s digital assets include. Organizations will be able to develop a robust system to secure their digital assets after going through all of these processes and having a comprehensive grasp of their company’s digital assets and intrinsic value. Here are a few steps and practices that enterprises can adopt to protect their digital assets: Locate and list: Although not all forms of data are vital. Organizations need to segregate and prioritize their data. A data asset is something that a business can use to create revenue in the future. Images, digital content, social media, apps, proprietary processes, customer databases, proprietary information, and any organization material or intellectual property protected by copyright, trademark, or patent are all examples of digital assets. Among these digital properties such as customer databases, proprietary information, transactions and interactions etc. are crucial and the ones which help a company to generate income. Organizations can begin by making a comprehensive list of all of these assets. Segregating the data assets on the basis of which would you want or consider valuable if you were buying this company? For example, think of anything that the company has online or on its business’ server that could be valuable. They should be looking for things that are proprietary things that are important for the company to run. Consider these digital assets as crucial items. Protect your network and stay updated: Most firms today rely heavily on their networks. To secure the safety of the company’s digital assets, you must adopt professional network security measures. The most prevalent approach for hackers to obtain access to a company’s digital assets is through security flaws and vulnerabilities. Ensure that the firewall is turned on and that the firmware and software are up to date. Companies should make a habit of updating their operating system and other programmes. Limit access and use secure authentication: Not everyone in an organization requires complete access to all digital assets and applications. Limit application access to only those team members who require it. Organizations can also choose who can see, edit, or download digital assets by setting permissions in certain programmes. For remote workforces, organizations can use a password manager programme to store encrypted passwords online to keep such applications secure. Organizations can use secure authentication, such as two-factor authentication, to offer an extra degree of security in addition to limiting and restricting access (2FA). If a hacker gains access to an employee’s password, the hacker will be unable to access the company’s digital assets. After entering the password, the user is asked to answer a question or enter a second one-time password, which is often given by text message, to validate the user’s identity. Educating employees: Employee education is also important for safeguarding your company’s digital assets. Ensure your employees are familiar with cybersecurity best practices, such as what to do and what not to do when using public Wi-Fi, utilizing their devices, and accessing specific applications. Data backup & data encryption: Copying files and data to a secondary location is known as data backup. A robust disaster recovery plan relies heavily on data backup. Companies who do not take data backup are often at jeopardy from software or hardware errors, data corruption, malicious hacking, user negligence, natural disasters, or other unpredictable circumstances. Backups allow you to recover files that have been lost, erased, or rewritten. Backups can be archived locally on hard drives or storage devices, remotely at another physical location, or on the cloud. This cloud infrastructure could be public, private, or hybrid. Irrespective of the state whether the data is in transit or at rest, it is always vulnerable. To keep data safe while in transit, encrypt it before uploading it. Authenticate the endpoints before decrypting and verifying them at their destination. You must use security access policies to secure data at rest. Control who has access to the data, what data is accessible, and where it is stored safely. Taking cyber insurance into consideration: Cyber insurance can help businesses safeguard their digital assets from cyber threats. It can help companies cover the cost of disaster management and legal expenses, along with the amount spent retrieving the network on the occasion of ransomware attacks. When it comes to recovering from a hack, cyber insurance might make all the difference. When it comes to recovering from a hack, cyber insurance might make all the difference. Addressing the bottom-line Knowing how to safeguard digital assets in the short and long term is critical to your company’s overall value…

To help customers maximize security at night and in other low-light environments, Hikvision has taken ColorVu technology further, combining it with other advanced technologies, like panoramic, varifocal, 4K, AI and more. As a result, homeowners, business owners, security teams, and ARCs can make smarter decisions, react faster to security events, reduce false alarms, and take their security capabilities to the next level. When it comes to ensuring security and safety, seeing every detail is critical – especially in low light conditions. Hikvision developed its ColorVu technology – which provides high-resolution, full-color video imaging in light conditions down to 0.0005 lux, to help homeowners, business owners, and security teams to see exactly what’s happening. But different security scenarios require different points of view, various angles, and AI capabilities. That’s why Hikvision has now combined ColorVu with other technologies – panoramic, varifocal, 4K, AI – which we call ‘ColorVu + X,’ for a broad range of security needs and scenarios – from apartment buildings, residences, offices, and warehouses, to large outdoor spaces such as parking lots. Five ColorVu + X offerings for improved security, safety, and efficiency In the following sections, we outline how ‘ColorVu + X’ works to help customers take their site security and safety to the next level. ColorVu + Panoramic: The whole scene in vivid color Large areas can be very difficult to secure, often requiring multiple cameras to provide full coverage. With traditional cameras, monitoring these kinds of areas can also be difficult, or even impossible in low light conditions, or at night. To address all of these challenges, Hikvision has integrated ColorVu into its industry-leading panoramic cameras, which use the image fusion technologies to stitch together images from two side-by-side lenses for a seamless, 180-degree view. The results are reduced equipment requirements (with fewer cameras needed to cover large areas); improved situational awareness based on a single, wide-angle image and no blind spots; and the ability to capture every detail in full color – even in the dark. ColorVu + Varifocal: Zoom in with vivid color Cameras with zoom capabilities are more flexible to adapt to various installation environments, making product selection and installation easier. The challenge here is that this process can reduce the amount of light entering the lens, reducing the clarity or color of images. Hikvision has addressed this by integrating ColorVu technology into its varifocal (zoom) cameras. By combining ColorVu with a fixed F1.0 large aperture in the camera, Hikvision guarantees image brightness and full color as the camera zooms in and out. ColorVu + 4K: Capture richer, more colorful details Traditional cameras may lack the resolution to provide clear, full-color video images in lower light conditions. Hikvision overcame this challenge by integrating ColorVu technology into advanced 4K cameras. The results are clear, crisp imaging, fluid footage previews and playback, and enhanced color imaging in low light conditions, or at night. ColorVu + Live Guard: Deter trespassers and intruders from causing harm While most security systems can detect intrusions and other security incidents, goods and property can still be lost or damaged before teams can respond. Hikvision tackles this issue by integrating ColorVu technology and Live Guard sound and light alarms into selected camera ranges. While ColorVu technology captures detailed video footage of security incidents in high resolution and full color, Live Guard sirens and strobe light alarms let trespassers know they have been detected, deterring them from entering a site or building. Notifications of intrusions and other events can also be sent to homeowners, business owners, or security teams in real time, supporting faster, more effective responses. ColorVu + Deep Learning: Smarter security detection 24×7 Often, security systems are unable to differentiate between moving objects – such as falling leaves, heavy rain, and moving animals, and real security threats – such as people breaching a site perimeter. To overcome this, Hikvision has integrated ColorVu into its AI-powered cameras with AcuSense. These reliably identify real security threats, such as people and vehicles, and send alerts to security teams in real time. At the same time, false alarms are minimized, reducing workloads and costs, and increasing efficiency. With ColorVu and AcuSense together, customers get intelligent, proactive security, with high-resolution, full-color video imaging.  

“What Identity and Access Management (IAM) means for businesses in today’s complex digital world “ Matthew Lewis Director of Product Marketing & Identity and Access Management, HID Global In today’s competitive and dynamic markets, organizations face numerous difficulties, such as adjusting to regulatory requirements, securing organizational needs, and implementing stronger security models. The expansive role of digitisation and rise of remote work has further pushed the need to adopt a holistic approach to securing identities while accessing data, infrastructure, and applications. This can range from zero-day threats bypassing conventional security models to the expansive role of digitization and rise of remote work. Propelled by COVID-19, the global workforce had to relook at how remote work models function, thereby normalising distant work and adding a new dimension to professional engagement. According to a Frost & Sullivan analysis, organizations will not return to pre-pandemic operating models and will continue to adjust the remote and hybrid work model over time. Organizations are facing an increased requirement to implement new rules for securing work resources and secure data access points as this technology proves to be a game changer. Several enterprises have seen a significant change in how they conduct business as a result of the global pandemic. In particular, technological implementations that were originally planned to take three to five years to complete are now commonly being adopted almost overnight. The cloud is one of the major factors responsible behind the developments, with businesses increasingly recognising its importance in its technology infrastructure. However, as more businesses move to the cloud, the danger of malware assaults and data leaks increases, as well as new difficulties in achieving compliance. The traditional security model has lost relevance over the past two year. Now, an organization’s security fence extends beyond on-premises networks with SaaS applications being leveraged for business, IoT devices being installed everywhere, and employees accessing corporate resources from various locations and networks. So, what does it take for a corporation to migrate to the cloud while maintaining a secure foundation? Perhaps the most serious threat to organizational security is related to identity, necessitating the establishment of policies governing user authentication and validation. This helps in cases where users with higher privileges or dormant accounts become easy targets for infiltrating or launching a malicious attack into an organization. Identity and Access Management (IAM), a critical component of a Zero Trust strategy, is designed to assist organizations in authenticating devices, technologies, and network infrastructure. This framework is based on features such as Multi-Factor Authentication (MFA), Single Sign-on (SSO), and granular permissions, which establishes data access privileges, secures access for cloud services, and protects critical login/entry points. One of the most significant challenges in establishing Zero Trust is putting it into practice. This is because legacy security models often impede the transition to supporting remote work, making it difficult to retain legacy IT security tools and architecture. To implement Zero Trust, organizations must assess workflows and business processes, as well as identify patterns in how users interact with those flows. This should lead to the implementation of appropriate controls in accordance with the identified risks to help secure the organization. As a result, it is critical to consider the user experience throughout the planning and implementation process. In today’s world, users expect quick, easy access to applications, whether on their mobile devices or work systems. Another important point to remember is that a mismatch between an employee and a company’s critical systems can result in compromised security due to neglect, wrongful behaviour, or violations. To determine implementation sequences and tools in line with the company’s risk profile, Zero Trust must be established based on organizational requirements and its industry. In 2022, cybersecurity will play a significant and growing role in boardroom agendas, with a focus on identity and authorization. Establishing identity-centric and minimal privilege access control, for example, may be preferable to micro-segmenting networks or enforcing Zero Trust network access across managed and unmanaged devices. Faced with the complexity of managing identities in globally distributed companies, Zero Trust remains a lofty goal. Creating a planned roadmap that takes into account the risks posed to your organization is a great first step. Partnership with vendors, whether for affiliating current technology with future goals or addressing multiple requirements at once, can also greatly simplify your journey. According to a Gartner report, 30% of large organizations will have publicly shared their environmental, social, and governance (ESG) goals with a focus on cybersecurity by 2026, up from less than 2 percent in 2021. The goal is to improve security, but ultimately, companies want to deliver better business results, and Identity and Access Management (IAM) planning and governance is a big step along the way.  

Alexey Parfentiev, Senior Business Analyst, SearchInform Once we’ve conducted a research, which aimed to obtain, if employees in various companies are acknowledged with information security rules. Among others, there was the following question – “would you share your login/ password with colleagues while you are on a vacation?” Only 6% of respondents answered in the affirmative. This number seems encouraging, but it’s important to understand, that usually people tend to give ‘correct’ answers in the test in order to seem a bit ‘better,’ than they are in the real life. So, what’s the situation like in real life? In fact, people often are not only ready to share their passwords, but they sometimes make notes, in which they write down all the information on a paper beforehand and leave these notes in places, where these papers will be definitely found. The reason for that is very simple and understandable: people just want to be left alone during a vacation. isky. On the contrary, this is believed to be a responsible approach – employee has thought about partners and clients in advance. But in fact, it’s only self-deception. There are lots of cases in our clients’ practice, when such kind of ‘generosity’ has lead to disclosure of information. What’s more, less frequently, but still not so rare, access to other peoples’ accounts is used for real ‘setups.’ In order to avoid such situations some information security specialists prefer to react in a radical manner. With the help of special software they block all processes on employee’s computer during the vacation time, in case the person, who logs into the account, isn’t the account owner. This method in modern business-circumstances is too strict, that’s why it’s better to control, than to block. The question arises, what is required to do, before employee may start a vacation? Case study Information security specialists detected suspicious activity on the computer of employee, who was on a vacation at that moment. It was found out that before the vacation, the employee gave access to his account to his colleague ‘just in case.’ According to company’s internal regulations such ‘password transmission’ was strictly prohibited. Some confidential data was stored on the employee’s computer, and in case of leakage, there was a high probability, that company would have experienced serious financial and reputational losses. Luckily, data leak incident didn’t occur, and the careless employee had to face a serious conversation. Make sure, that access system is configured appropriately ‘ Appropriately’ means, that some particular employee can obtain info only in his/ her part of information disk, CRM base and tasks, line manager – his/ her own and department employees,’ CEO – all employees.’ In this situation employee simply doesn’t have to share account info with colleagues. All employees, who may need this particular employee’s documents, and who, at the same time, have enough powers to work with them, have access to the documents. This piece of advice may seem obvious, but in fact, access hierarchy is not set up appropriately in many companies. This results into arise of emergency calls with the request to ‘urgently send login/ password.’ Make sure, that employee hasn’t ‘shared’ information in advance In order to be able to work remotely, many workaholics try to provide themselves with all necessary information and accesses. The tricky moment is that public cloud and free private email, as well as flash drives, which are the most popular storages of transferred information, don’t provide secure way of data retention. ‘Timely’ storages are usually forgotten quickly, and confidential data may be stored in the clouds for ages without real necessity and without appropriate level of security esurance. What’s more, users often even forget to block public access to them, don’t care about data encryption. This situation was depicted with the incident with massive leak from Google.docs, which took place last summer. Internal instructions, documents, containing passwords and reports (including ones of very well-known brands) were published on the Internet. So, any form of corporate posture in public services should be prohibited in the company, and info, addressing this forbiddance, should be explained to the staff. Facts of deliberate leaks are easily detected by well-developed DLP-systems. Ensure security, if employee has to work with corporate info using unverified Wi-Fi hotspots Some employees have to take a corporate laptop with them during a vacation. It’s crucial to ensure, that the employee won’t have to worry about internet-connection security. In order to deal with this task, use VPN. IT-service staff should be ready to set up VPN, thus, employee will have the opportunity to work outside the office without risk of exposing data to danger. Make sure, that no one logs into employee’s account This may be implemented in different ways. First of all, IT-specialists may block employee’s account during the vacation time in active directory. This way has one drawback – even legal access will be banned too. Some say, there are companies, which organize vacation for the whole team during the period of summer decrease in business activities. However, this is a really exotic situation. Most companies can hardly stand pause in business-processes for such a long term. Another option, which is more efficient, is to set two-factor authentication, when apart from usual ‘login + password’ system requires something else, for example, code from SMS. Nowadays, two-factor authentication function may be added to practically all modern services, including CRM. This measure helps to be more sure, that the account owner is the one who logins in the account. In case this employee has a temporary deputy (we mean that deputy is in charge during his chief’s vacation), deputy’s phone number may be added to the CRM-system. In case something suspicious or illegal happens, it will be possible to identify the violator by monitoring of ‘logs in.’ Still, it’s not a 100% guarantee, because employee may be very creative. In this relation, more advanced software product – DLP-system may help. This system may be configured the way it takes photoshoots…

Retention marketing has taken the e-commerce world by storm. This school of marketing aims to maximize the value of existing customers and retain them. It varies from the traditional methods of acquisition-based marketing as the goal is not to get more customers, but to encourage repeat purchases and increased product usage from existing customers. We can increase the Customer Lifetime Value (CLV) which aids in long-term profitability by delivering engaging and relevant content to the active customers. The customers are plausible to churn if we make customer acquisition our basis which additionally affects revenue and profit margins. For retention marketing in the E-commerce sector, encourage customers to revisit your website, and return to your app (if any) to keep making high-value purchases repeatedly. In the case of Subscription, stimulate users to keep the subscription active or upgrade them to a more advanced/premium plan. Retention marketing strategies are aimed at current, active, or retained customers. Researchers state that 10% of your loyal customers spend 3 times more per order/subscription than the other 90%, and the top 1% of your customers spend 5 times more than the other 99%. Existing customers know your brand well and the chances of selling to them are higher as you’ve already established a relationship with them. The success rate of selling to a new customer is comparatively low. Statistics have repeatedly concluded the nature of retention marketing to be more feasible & profitable. Customer retention can boost revenue. There is a high possibility of spending in the 30+ months of the customer-engaged relationship as compared to the first 6 months. A customer makes multiple purchases than a first-time visitor, in e-commerce alone. The retention marketing strategy also depends upon the nature of the business. For example, a brand selling clothes needs to invest more heavily in retention marketing than a brand selling sanitaryware. Clothes are bought repeatedly but sanitary fittings are once-a-decade things. The retention marketing mix thus will vary from business to business. Retention Marketing Approach Personalization – It is the key to winning a customer. Addressing the customer by their names in emails or messages, sending messages/pop-ups based on their purchase history can delight the customers. According to a survey in the US, UK, and Canada of 3000 consumers, more than 60% of customers expect personalization when being sent special offers, to be a standard procedure. Offers and Discounts – It is a sure-shot way of retaining existing customers and boosting sales. With discounts and offers, customers tend to stick, and their purchase frequency increases. Email Marketing – A newsletter works as a constant reminder and aids in brand recall. The launch of a new range or an upcoming sale can be communicated through the newsletter. Email strategies like welcome mail and cart abandonment help in keeping a customer engaged. Loyalty Program Business Model – This strategy is a mutually beneficial one. It offers valuable rewards and special perks to the customers subscribed under the loyalty program of your choice. These users will be less inclined to switch to competitors, and it adds up to the customer’s lifetime value. These loyalty programs will assure you about the customer’s willingness to stay connected with your brand. Customers tend to leave when they think you’re indifferent to them or the content is not relatable. Customer Progress – Make a customer-friendly UX/UI interface for users to easily slide through. Existing users are familiar with the onboarding process and have built trust around it. In this process, monitor the progress of your customers and notify them about the positive progress they have made on your portal/app. It could be educational, health-centric, crypto news, or as simple as a notification of your shopping cart. Over the past years, the cost of customer acquisition has risen for both B2C and B2B companies. Adobe’s CEO Shantanu Narayen in an Ad News interview said that too many companies are chasing customer acquisition when the real value lies in driving product usage and understanding high-value actions from customers. Customer Retention More reasonable to acquire repeat customers than to find new customers Recurring customers are more loyal to your brand Minimum product onboarding/information required by repeat customers Retention Marketing is the new catalyst for growth. Here’s how. According to Harvard Business Review, it is more expensive to acquire a new customer than it is to retain an existing one. Existing customers understand the value proposition of your organization, so making an advertising pitch to them is not a budget-friendly move. Due to an established relationship with your existing customers, you have a 60-70% chance of selling to them. The success rate is less than 20% in the case of new customers. Money invested on retention is more effective than money disbursed on acquisition. Data shows that improving your lifetime value or retention is more impactful than improving your acquisition. This will ensure a larger return on investment on your marketing budget to engage current customers. Retention fuels acquisition. It is a proven product with the primary goal of retaining and not bringing in new users. The best acquisition strategy to retain your satisfied customers is through referrals and word-of-mouth marketing, something that more than 90% of the consumers trust more than any other form of advertisement. Customers have more chances to give a referral if they return to your business. The average new user may refer your shopping app to 2-3 people. While after regular purchases, the shopper will most expectedly refer it to approx. more than 5 people. According to Neilsen’s Global Consumer Study Report in 2019, customer “disloyalty” is on the rise. Today, nearly half of the global consumers are more likely to try new brands that they’ve never tried before when compared to their willingness five years ago. Consumers can now download new apps in seconds and set up an account in merely 3 simple steps. Brands need a dedicated team of professionals to counteract the fact that customers are in line when shifting costs are inherently low. Retention strategies are no longer pleasant to have for digital businesses. The ability…

Ramesh Umashankar, CEO – International Business, iValue InfoSolutions In recent years, the Asia-Pacific (APAC) region has become increasingly attractive to cybercriminals. According to IBM X-Force Threat Intelligence Index 2022, Asia was the most attacked region in 2021, receiving 26 percent of the global attacks. India tops the list of the most attacked country in Asia. Various reports highlight a significant shift in cyberattacks from North America and Europe to Asia. The rise in cyberattacks in APAC is credited to the region’s rapid digitalization coupled with low cybersecurity awareness, training, and regulations. This regional focus marks an emerging opportunity for business leaders in the APAC to consider how they can improve their cybersecurity postures and be aware of the latest cybersecurity trends. Here are the top 4 cybersecurity trends for APAC companies in 2022: 1. A renewed focus on data privacy and security The impact of GDPR laws on data protection has inspired APAC governments to introduce cybersecurity bills on data protection. Bangladesh is well on its path to introducing the first of its kind draft cybersecurity strategy that aims at creating safer cyberspace. While India is inching toward the final approval for its Personal Data Protection (PDP) bill. But the biggest impact for companies in APAC is the widespread introduction of mandatory data breach notification laws. For instance, Singapore’s new Cybersecurity Act requires organizations from 11 key industry sectors to report any breach of critical information infrastructures to the Singapore Cyber Security Agency. Under its Personal Data Protection Commission (PDPC), organizations are to notify of any cyber incident within three days of the event. The shift from voluntary to mandatory reporting, in a time-limited setting, would require companies to focus on improving their privacy compliance and security strategies or risk paying hefty fines. iValue Recommends: Set up an incident response team and create a template data breach notification. Your team would be responsible for planning a response to a breach and notifying employees, partners, vendors, regulatory bodies, and other stakeholders. 2. Combating Ransomware-as-aService According to the 2022 Thales Data Threat Report, 1 in 5 businesses have paid or would pay a ransom for their data. Organizations in APAC are attacked 51 times per week on average. Indian companies are prime targets for ransomware, with 1 in 4 companies reporting a ransomware attack in 2021. Adding to the alarming statistics are reports that APAC organizations are more likely to pay the ransom sometimes as high as $USD 1 million. APAC’s vulnerability to ransomware, fuelled by Ransomware-as-a-Service (RaaS), is a push for leaders to devise ransomware defense plans. The aim is to prioritize building cyber resilience by implementing new technologies and providing cybersecurity training to employees. iValue recommends: The biggest element for cyberattacks is human error. Invest in training your staff in best practices of cybersecurity and maintaining basic security hygiene. Have advanced threat hunting solutions in place to weed out trojans (Trickbot, Emotet, Dridex, CobaltStrik) and ransomware infections from your network. 3. Rise in collaborative cybersecurity efforts Given that threat actors target companies with multiple locations, there is a need for an increased collaborative effort between governments, companies, vendors to strengthen the cybersecurity landscape. In light of the increasing threats and challenges, many companies and governments are working together to share information and best practices and develop new cybersecurity solutions. Through initiatives such as information sharing platforms and incident response exercises, organizations in the Asia Pacific region are working together to address cyber threats and accelerate public-private partnerships in cybersecurity. For example, Philippine bankers are learning cybersecurity best practices from the United Kingdom. According to FIT Country Director Richard Colley, the initiative aims to help forge relationships and build connections between the UK and the Philippines and work together in addressing cyber security risks. Meanwhile, Microsoft is on a mission to unite APAC governments and state agencies with the cybersecurity council. The Asia-pacific Public Sector Cyber Security Executive Council is a growing group of government leaders, policymakers, regulators, and industry stakeholders from Singapore, Indonesia, South Korea, Malaysia, Thailand, Brunei, and the Philippines. The council meets every quarter to maintain a continuous exchange of information on cyber threats and cybersecurity solutions. iValue recommends: Look for security management platforms that offer automation at scale, customized threat intelligence, and leverage AI. 4. Cybersecurity Education A dearth of cybersecurity experts and skillsets is the bane of the cybersecurity industry. Despite reskilling and up skilling efforts, organizations are finding it increasingly difficult to find and retain qualified talent. According to the 2021 World Economic Forum (WEF) report, the APAC region accounts for 66 percent or 2.045 million of the global cybersecurity talent shortage. To address the cybersecurity workforce gap, organizations, institutions, and governments are working on specialized cybersecurity training programs. For instance, The Asia Pacific University of Technology and Innovation (APU) in Malaysia offers specialized graduate courses in collaboration with industry experts, a state-of-the-art infrastructure learning space (CyberSecurity Talent Zone), a full-fledged Cyber Threats Simulation and Response Center (or Cyber Range), and a Security Operations Center (SOC) with military-grade real-time cybersecurity monitoring systems, research centers, and simulation infrastructure. Whereas, giant tech corporations like IBM and Microsoft are investing in cybersecurity hubs in APAC regions to deliver immersive training programs. iValue recommends: Cybersecurity is a necessity for every company. Organizations must recognize that investing in skilled cybersecurity professionals and building a team is essential for long-term success. Expand your team’s capabilities, skillsets, and geographies by hiring remote workers across the globe.  

Satish Kumar V, CEO, EverestIMS Technologies Losing credibility is equivalent to losing your standing in the increasingly competitive market, and it will directly impact your business. Therefore, it is essential to adopt a robust security strategy to maintain its sterling reputation as a reliable and trustworthy enterprise. Enterprises that adopt a Zero Trust philosophy can confidently offer new business models and enhanced and secure user experience to their customers. Evolved business models and satisfying customer experience impact the bottom line empowering businesses to be future-ready without fear of security threats. From an enterprises standpoint a Zero Trust Network Access (ZTNA) perspective has to be embedded within the access and security layers that they adopt. What is Zero Trust? At its core, Zero Trust is about verifying every user, validating every device, and limiting access intelligently. Instead of relying on Single-Sign-on (SSO) and multi-factor authentication alone, AI/ ML helps enterprises with behaviour-based access i.e. tracking user behaviour patterns and detecting any deviation from that baseline. It enables the verify-first practice. Almost all our devices are linked. Therefore, we need to employ device management solutions with the context and policies to ensure safer access. Access to the workforce in any enterprise is based on their roles and tasks. Unfortunately, changes in roles do not always change access rights soon enough. Therefore, privileges need to change as quickly as changing roles or employees leave the enterprise. It can only be done through integrated real-time applications that cause zero delays on access-based decisions. Zero Trust Network Access (ZTNA) offers a model where trust is never implicit and enforces policies that are granular, adaptive, and context-aware. A ZTNA strategy for enterprises Enterprises committed to adopting Zero Trust must keep in mind the following key factors: Micro-segmentation: Enterprise security will use granular controls to handle user controls over networks, data usage, SaaS applications, and endpoint applications. Enforced policies everywhere: Security must be persistent and not limited to a file-access approach. It must involve uncompromising security at all times from everywhere – across different applications and file types. Greater visibility through automation: Log all behaviour, suspicious or not. Enterprises can detect potential threats while ensuring compliance through frequent audits. Benefits of ZTNA implementation Enterprises en route to digital transformation aim to be future-ready. But, as businesses grow, so do cyber threats. The ZTNA (zero trust network access) ensures controlled access to the network. And the Zero Trust advantage for network security is that it reduces surface area from cyber-attacks. This control prevents direct exposure of your applications to the internet. With the advent of ZTNA, enterprises can phase out their previous dependence on VPNs for remote access. While access to applications was through intermediaries such as VPNs before, it is a cloud service now, either self-hosted or from a third party. ZTNA technologies enable application access without going through the network. It starts with Zero Trust, even before allowing connectivity, and is purely based on identities and devices, with authorization coming first and foremost. Typically, enterprises are challenged by certain limitations i.e., they have not been able to limit the incident to one identity without compromising others or contain the incident before it turns into a data breach. The Zero Trust model offers intelligent responses with more authentication methods and controls to ward off cyber threats. Moreover, zero trust enables risk-adaptive security control and customizes enforcement based on user actions. Working from anywhere on any device has altered the way businesses operate irrevocably. It is estimated that over 50% of the workforce will continue to work remotely in the next few years. The new working model means vast amounts of data flow through various devices and out of a secure office facility. Moreover, employees log in and out between office laptops and personal devices or use a public Wi-Fi network or a shared family system. Hackers find enterprises in these circumstances an easy target. Clearly defined policies and stipulations of the devices, data access, and data encryption in a Zero Trust model alone can ensure total compliance. A word to the wise It is vital that enterprises, small, medium, or large, understand the evolving cyber landscape, risk perceptions, and the connection between them to prioritize risk mitigation based on threat analysis. With ZTNA, enterprises control data usage, with unified data security policies across the board – cloud, networks, endpoints, and SaaS applications. Therefore, the time to implement ZTNA is now.