Category: International

Every day, advertisements for medicines invade the Internet, posted on social media networks or other websites. However, behind this slick marketing often lies fraudulent products that threaten consumers’ health instead of healing them. The global trade in illicit pharmaceuticals is a vast and lucrative crime area – valued at US$ 4.4 billion – which attracts the involvement of organized crime groups around the world. Over just one week (23-30 June), 94 INTERPOL member countries representing every continent launched a coordinated crackdown on illicit online pharmacies in Operation Pangea XV. Globally, law enforcement made more than 7,800 seizures of illicit and misbranded medicines and healthcare products, totaling more than 3 million individual units. During the week, law enforcement: Investigated more than 4,000 web links, mainly from social media platforms and messaging apps. Shut down or removed more than 4,000 web links containing adverts for illicit products. Inspected nearly 3,000 packages and 280 postal hubs at airports, borders and mail distribution or cargo mail centres. Opened more than 600 new investigations and issued more than 200 search warrants. While results are still coming in from countries, enforcement actions have already disrupted the activities of at least 36 organized crime groups. “Selling counterfeit or illicit medicines online may seem like a low-level offence, but the consequences for victims are potentially life-threatening,” said INTERPOL Secretary General Jürgen Stock, “The illicit supply chains and business models behind the counterfeit medicine trade are inherently international, meaning that law enforcement has to work together across borders in order to effectively protect consumers.” Cross-border crimes Nearly half (48 per cent) of the packages inspected by law enforcement during the operation were found to contain either illicit or falsified medicines. Counterfeit or unauthorized erectile dysfunction medicines comprised roughly 40 percent of all products seized. Law enforcement in Australia, Argentina, Malaysia and the United States also seized more than 317,000 unauthorized COVID-19 test kits. The US seizures alone are estimated to be worth nearly US$ 3 million. The trade in illicit medicines extends far beyond any one country’s borders and is a significant global threat. Often, products are manufactured in one country and shipped to another, while advertisements for the medicines are hosted on websites based in many different countries. In Malaysia alone, law enforcement identified more than 2,000 websites selling or advertising counterfeit or illegally-obtained pharmaceuticals. Social media networks and messaging apps are also used to advertise counterfeit and illicit medicines, with Operation Pangea XV identifying more than 1,200 such ads across all major platforms. “Two decades worth of experience has shown criminals will stop at nothing to make a profit, including selling counterfeit pharmaceuticals and medical devices despite dangers they cause,” said Jim Mancuso, Director of the National Intellectual Property Rights Coordination Center in the United States, “The US is committed to working closely with our international law enforcement partners and the private sector to keep counterfeit pharmaceuticals and medical devices out of the global supply chain, as well as taking down transnational criminal organizations who profit from these scams. The results of Operation Pangea XV are a warning to transnational criminal organizations that law enforcement agencies around the world will do whatever it takes to protect public health and safety.” Within the framework of Operation Pangea XV, INTERPOL was supported by Europol, the UNODC-WCO Container Control Programme, health regulatory agencies and the Pharmaceutical Security Institute. INTERPOL’s Illicit Goods and Global Health Programme works with partners to dismantle criminal networks and reduce the risk that fake and illicit pharmaceuticals pose to public health.  

Hikvision announced that its network camera product series, DS-2CD5, DS-2CD7 and PTZ version 1.1 (nearly a hundred product models), have achieved the Certificate of Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) with assurance type EAL3 augmented with ALC_FLR.2 (EAL3+). The Common Criteria certification is mainly applicable to evaluating security and reliability of information technology products or solutions, but it also focuses on the protection of private information. The CC EAL3+ Certificate represents the highest level of security certification granted to products in the video security category. As one of the most widely recognized international standards (ISO/ IEC 15408) in information technology security, the Common Criteria certification is recognized by the National Information Assurance Partnership (NIAP) under the Department of Defense in the United States. Government organizations or agencies from 31 countries, including the US, the UK, and Canada, have participated in the Common Criteria Recognition Arrangement (CCRA). Therefore, it serves as an important basis for evaluating security of information technology. As part of the required process to achieve the Common Criteria certificate, Hikvision successfully passed the rigorous evaluation performed by the globally-recognized evaluation institution SGS Brightsight laboratory. SGS Brightsight Chief Operation Officer Asia, Kai-Fan CHANG said, “We were pleased to carry out continuous Common Criteria security evaluation cooperation from EAL2 to EAL3 with Hikvision, which we started in 2018. The EAL3 certification of large-scale product models not only fully demonstrates that Hikvision’s technical expertise in the field of information security is widely recognized by the international community, but also marks that Hikvision has the ability to manage the supply chain to ensure the daily use of information security and provide customers with more secure services.” Hikvision has always attached great importance to security and has proactively taken measures to improve the security of its products and systems. The company is committed to enabling its customers to secure their personal information with cutting-edge technology in security and privacy protection, and protecting user data through a holistic range of approaches. Visit the Cybersecurity Center for more information about Hikvision’s cybersecurity strategy and practices.  

Intercom products address a crucial part of the security, communications and convenience needs in both residential and business sectors. They have evolved over time alongside the ‘leapfrog’ development in technologies created for better and safer living environments The transition from analog to IP technologies The intercom market is witnessing a significant transition from analog to IP. Traditional analog systems feature relatively poor audio and image quality and limited functionality. For example, they cannot be accessed using a mobile app or networked management systems. Although analog systems are often a more economical option, more manufacturers and installers have recommended their customers shift to IP-based intercoms for their wider range of capabilities – including higher image resolution, mobile control, remote operation, and a series of smart functions. According to Allied Market Research1 , the IP intercom market is projected to experience robust growth. The global IP Intercom industry generated $2.2 billion in 2020, and is anticipated to generate $4.9 billion by 2030, witnessing a CAGR of 8.5% from 2021 to 2030. IP intercoms bring a new level of convenience Mobile control: IP intercoms let owners receive calls, play video, and open locks from anywhere through just a simple touch. For example, people often receive calls on their mobile devices for package deliveries or other services when they’re not at home. IP intercoms, however, allow users to give temporary access remotely to those who need it, just using a simple mobile application. This is more convenient and much safer than manually giving out passwords or key cards. User-friendly interfaces: IP intercoms commonly provide a user-friendly screen with a clearly visible interface, simple touch interaction, intuitive operation, and multi-functional information display (e.g., weather, news, announcements, etc.). These easy-to-use features help get modern consumers accustomed to using IP intercoms since they operate very similarly to mobile phones. High image quality: Compared to purely analog solutions, IP intercoms provide excellent imaging with higher resolutions and wider field of view. Wide Dynamic Range (WDR) and night vision are also supported to help users see clearly despite challenging light conditions, such as direct sunlight or high contrast environments during the day and darkness in the evening and night time. IP intercoms provide excellent imaging with higher resolutions and wider field of view. Intelligent authentication: IP intercoms also support multiple access methods, from ID cards and PIN codes to biometric recognition. Additionally, following recent trends in contactless solutions, IP intercoms simplify the action of opening doors while addressing common concerns about bacteria and viruses introduced by physical touch. All-in-one management: IP intercoms also offer opportunities for integration with other security systems, such as video and alarms. A unified control center ensures all-in-one linkage among various devices and systems and facilitates convenient device operation and management, improving security for businesses and home owners. Enter Hikvision Hikvision’s IP intercoms serve a wide range of scenarios including apartment buildings, single-family homes, and SMB offices. In residential applications, these advanced intercoms combine a better user experience with elegant design to suit any decor, as well as a touch-friendly screen for easy operation. Users can remotely open doors and talk to visitors by simply tapping the Hik-Connect mobile app on their smartphone or tablet. For Business applications, Hikvision’s IP intercoms enhance safety levels and management efficiency with strong integration capabilities. Hikvision’s All-in-One Indoor Station Series controls and manages all Hikvision access control, video security, and alarm devices through the built-in Hik-Connect app. The product series can also be converged with third-party applications to satisfy customized or personalized needs. Also Read:-Integration Streamlines in-Home Peace of Mind

Businesses are losing the battle when it comes to defending against ransomware attacks, according to the Veeam® 2022 Ransomware Trends Report, which found that 72% of organizations had partial or complete attacks on their backup repositories, dramatically impacting the ability to recover data without paying the ransom. Veeam Software, the leading company in backup, recovery and data management solutions that deliver Modern Data Protection, found that 80% of successful attacks targeted known vulnerabilities – reinforcing the importance of patching and upgrading software. Almost all attackers attempted to destroy backup repositories to disable the victim’s ability to recover without paying the ransom. The Veeam 2022 Ransomware Trends Report reveals the results of an independent research firm that surveyed 1,000 IT leaders whose organizations had been successfully attacked by ransomware at least once during the past 12 months, making it one of the largest reports of its kind. The first of its kind study examines the key learnings from these incidents, their impact on IT environments and the steps taken to implement Modern Data Protection strategies that ensure business continuity moving forward. The research project specifically surveyed four IT persona (CISOs, Security Professionals, Backup Administrators and IT Operations) to understand cyber-preparedness alignment across organizations. “Ransomware has democratized data theft and requires a collaborative doubling down from organizations across every industry to maximize their ability to remediate and recover without paying the ransom,” said Danny Allan, CTO at Veeam, “Paying cybercriminals to restore data is not a data protection strategy. There is no guarantee of recovering data, the risks of reputational damage and loss of customer confidence are high, and most importantly, this feeds a self-fulfilling prophecy that rewards criminal activity.” Paying the ransom is not a recovery strategy Of the organizations surveyed, the majority (76%) of cyber-victims paid the ransom to end an attack and recover data. Unfortunately, while 52% paid the ransom and were able to recover data, 24% paid the ransom but were still not able to recover data – resulting in a one out of three chance that paying the ransom still leads to no data. It is notable that 19% of organizations did not pay the ransom because they were able to recover their own data. This is what the remaining 81% of cyber-victims must aspire to – recovering data without paying the ransom. “One of the hallmarks of a strong Modern Data Protection strategy is a commitment to a clear policy that the organization will never pay the ransom, but do everything in its power to prevent, remediate and recover from attacks,” added Allan, “Despite the pervasive and inevitable threat of ransomware, the narrative that businesses are helpless in the face of it is not an accurate one. Educate employees and ensure they practice impeccable digital hygiene; regularly conduct rigorous tests of your data protection solutions and protocols; and create detailed business continuity plans that prepare key stakeholders for worst-case scenarios.” Prevention requires diligence from both IT and users The ‘attack surface’ for criminals is diverse. Cyber-villains most often first gained access to production environments through errant users clicking malicious links, visiting unsecure websites or engaging with phishing emails – again exposing the avoidable nature of many incidents. After having successfully gained access to the environment, there was very little difference in the infection rates between data center servers, remote office platforms and cloud-hosted servers. In most cases, the intruders took advantage of known vulnerabilities, including common operating systems and hypervisors, as well as NAS platforms and database servers, leaving no stone unturned and exploiting any unpatched or outdated software that they can find. It is notable that significantly higher infection rates were reported by Security Professionals and Backup Administrators, compared with IT Operations or CISOs, implying that “those closer to the problem see even more of the issues.” Remediation starts with immutability Respondents to the survey confirmed that 94% of attackers attempted to destroy backup repositories and in 72% of cases this strategy was at least partially successful. This removal of an organization’s recovery lifeline is a popular attack strategy as it increases the likelihood that victims would have no other choice than to pay the ransom. The only way to protect against this scenario is to have at least one immutable or air-gapped tier within the data protection framework – which 95% of those we surveyed stated they now have. In fact, many organizations reported having some level of immutability or air-gap media in more than one tier of their disk, cloud and tape strategy. Other key findings from the Veeam 2022 Ransomware Trends Report include: Orchestration matters: To proactively ensure recoverability of their systems, one in six (16%) IT teams automate the validation and recoverability of their backups to ensure their servers are restorable. Then, during remediation of a ransomware attack, 46% of respondents use an isolated ‘sandbox’ or staging/ test area to ensure their restored data is clean prior to reintroducing the systems into production. Organization alignment must unify: 81% believe their organizations’ cyber and business continuity/disaster recovery strategies are aligned. However, 52% of respondents believe the interactions between these teams requires improvement. Diversifying the repositories holds the key: Nearly all (95%) organizations have at least one immutable or air-gapped data protection tier, 74% use cloud repositories that offer immutability; 67% use on-premises disk repositories with immutability or locking; and 22% use tape that is air-gapped. Immutable or not, organizations noted that in addition to disk repositories, 45% of production data is still stored on tape and 62% goes into a cloud at some point in their data lifecycle.  

A vulnerable spot in global commerce is the supply chain: It enables technology developers and vendors to create and deliver innovative products but can leave businesses, their finished wares, and ultimately their consumers open to cyberattacks. A new update to the National Institute of Standards and Technology’s (NIST’s) foundational cybersecurity supply chain risk management (C-SCRM) guidance aims to help organizations protect themselves as they acquire and use technology products and services. The revised publication, formally titled Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations (NIST Special Publication 800-161 Revision 1), provides guidance on identifying, assessing and responding to cybersecurity risks throughout the supply chain at all levels of an organization. It forms part of NIST’s response to Executive Order 14028: Improving the Nation’s Cybersecurity, specifically Sections 4 (c) and (d), which concern enhancing the security of the software supply chain. Released today after a multiyear development process that included two draft versions, the publication now offers key practices for organizations to adopt as they develop their capability to manage cybersecurity risks within and across their supply chains. It encourages organizations to consider the vulnerabilities not only of a finished product they are considering using, but also of its components – which may have been developed elsewhere – and the journey those components took to reach their destination. “Managing the cybersecurity of the supply chain is a need that is here to stay,” said NIST’s Jon Boyens, one of the Publication’s Authors, “If your agency or organization hasn’t started on it, this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately.” Modern products and services depend on their supply chains, which connect a worldwide network of manufacturers, software developers and other service providers. Though they enable the global economy, supply chains also place companies and consumers at risk because of the many sources of components and software that often compose a finished product. A device may have been designed in one country and built in another using multiple components from various parts of the world that have themselves been assembled of parts from disparate manufacturers. Not only might the resulting product contain malicious software or be susceptible to cyberattack, but the vulnerability of the supply chain itself can affect a company’s bottom line. “A manufacturer might experience a supply disruption for critical manufacturing components due to a ransomware attack at one of its suppliers, or a retail chain might experience a data breach because the company that maintains its air conditioning systems has access to the store’s data sharing portal,” Boyens said. The primary audience for the revised publication is acquirers and end users of products, software and services. The guidance helps organizations build cybersecurity supply chain risk considerations and requirements into their acquisition processes and highlights the importance of monitoring for risks. Because cybersecurity risks can arise at any point in the life cycle or any link in the supply chain, the guidance now considers potential vulnerabilities such as the sources of code within a product, for example, or retailers that carry it. “If your agency or organization hasn’t started on (C-SCRM), this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately,” said NIST’s Jon Boyens “It has to do with trust and confidence,” said NIST’s Angela Smith, an Information Security Specialist and one of the Publication’s Authors, “Organizations need to have greater assurance that what they are purchasing and using is trustworthy. This new guidance can help you understand what risks to look for and what actions to consider taking in response.” Before providing specific guidance – called cybersecurity controls – the publication offers help to the varied groups in its intended audience, which ranges from cybersecurity specialists and risk managers to systems engineers and procurement officials. Each group is offered a ‘user profile’ in Section 1.4, which advises what parts of the publication are most relevant to the group. The publication’s Sections 1.6 and 1.7 specify how it integrates guidance promoted within other NIST publications and tailors that guidance for C-SCRM. These other publications include NIST’s Cybersecurity Framework and Risk Management Framework, as well as Security and Privacy Controls for Information Systems and Organizations, or SP 800-53 Rev. 5, its flagship catalog of information system safeguards. Organizations that are already using SP 800-53 Rev. 5’s safeguards may find useful perspective in Appendix B, which details how SP 800-161 Rev. 1’s cybersecurity controls map onto them. Organizations seeking to implement C-SCRM in accordance with Executive Order 14028 should visit NIST’s dedicated web-based portal, as Appendix F now indicates. This information has been moved online, in part to reflect evolving guidance without directly affecting the published version of SP 800-161 Rev. 1. In part because of the complexity of the subject, the authors are planning a quick-start guide to help readers who may be just beginning their organization’s C-SCRM effort. Boyens said they also plan to offer the main publication as a user-friendly webpage. “We plan to augment the document’s current PDF format with a clickable web version,” he said, “Depending on what group of users you fall into, it will allow you to click on a link and find the sections you need.”  

Global security company, Gallagher has recently announced they have achieved ISO 27001 accreditation, the leading international standard focused on information security. The ISO 27001 standard ensures organizations protect their information in a systematic and efficient way, through the adaptation of a robust and comprehensive Information Security Management System (ISMS). “Achieving this certification further demonstrates to our Channel Partners and customers around the world that we are committed to ensuring the delivery of robust and industry-leading security solutions which protect and safeguard the data of each and every one of them,” said Greg Barclay, Chief Operating Officer at Gallagher. The certification verifies Gallagher’s outstanding safeguards in three critical areas, including confidentiality, integrity, and authorized availability of all key data and information. Achieving the standard is a detailed and comprehensive process that requires a dedicated approach to all aspects of an organization’s processes in and around their ISMS. The ISO 27001 certification is the latest in a long list of key accreditations Gallagher has achieved in recent years. As Greg goes on to note, “We are proud to deliver solutions that meet government and industry compliance standards and certifications around the world. This is an essential part of our customer offering and commitment to protect what matters most.”  

An INTERPOL-coordinated operation targeting migrant smuggling and human trafficking has triggered 121 arrests across 25 countries, prompting 193 new investigations. Operation Storm Makers (21-25 March 2022) saw authorities carry out enforcement actions against organized crime groups believed to be facilitating the travel of Asian men, women and children across borders for exploitation and/ or profit. In total, authorities rescued 80 human trafficking victims and identified some 3,400 irregular migrants. Operational coordination units were set up in Hanoi (Vietnam) and Abu Dhabi (United Arab Emirates), helping assess intelligence and facilitating enforcement actions between participating countries. Smart electronic gates, connected to INTERPOL’s databases, were activated at airports across the United Arab Emirates (UAE) to boost passport checks and help detect forged documents. Globally, some 15 million checks were carried out against INTERPOL’s databases at air, land and sea borders, generating ‘hits’ or alerts for fraudulent travel documents, as well as INTERPOL Notices against individuals wanted on various charges, including murder and fraud. Organ trafficking, forced labour, sexual exploitation uncovered In Turkey, police arrested four people, dismantling a suspected international organ trafficking ring. The criminal network, originating in India, is accused of targeting vulnerable Indonesian nationals and facilitating kidney transplants in Turkey. The suspects went as far as staging wedding photos and falsifying documents in order to establish fake family relationships between recipients and donors. With each kidney fetching USD37,000 on the black market, the organ donor would receive USD15,000, with the remainder split among members of the network. Police in Malaysia and Cambodia worked closely on a case involving 15 men and one woman lured to Cambodia on the promise of a lucrative salary to work in a call centre. On arrival, however, they were locked up and forced to work 14-hour days as scammers. Authorities in both countries believe there are more victims of the criminal group and the ongoing investigation is being supported by INTERPOL’s Human Trafficking and Smuggling of Migrants unit. Additional operational highlights The Philippines rescued 32 victims of human trafficking and arrested eight suspects on charges of trafficking, child exploitation and child abuse. Authorities in Greece intercepted a car carrying five irregular migrants from Afghanistan and Syria, who had each paid EUR 4,000 to a smuggler in Turkey for transport to Thessaloniki. Vietnamese migrants were intercepted on the Hungary-Romania border, on their way to Germany. Their smugglers, also of Vietnamese origin, had coordinated all aspects of their illegal journey via social media platforms. In the UAE, a 17-year old girl was rescued from sexual exploitation. Brought to the UAE from Pakistan when she was just 13, the girl had been forced into prostitution by a family member. In the Maldives, intelligence led authorities to a possible brothel operating as a salon and spa, where they believe trafficked Thai women had been forced into prostitution. Authorities liaised with the women to ensure their safe return to Thailand and are working via the INTERPOL National Central Bureau in Bangkok to investigate the organized crime group behind their recruitment and exploitation. INTERPOL’s Secretary General, Jürgen Stock, said, “In just one week, this operation generated nearly 200 new investigations, revealing the sheer scale of these crimes. It is a huge responsibility for law enforcement, particularly when you know that the victims are in abusive or life-threatening situations. INTERPOL will continue to help authorities close the gaps and ensure the offenders behind these appalling activities are brought to justice.” Working together Participating countries received support from INTERPOL’s Specialized Operational Network against migrant smuggling, as well as its Human Trafficking Experts Group. AIRCOP, Homeland Security Investigations, the International Organization Migration and the Regional Support Office for The Bali Process delivered pre operational training. EUROPOL actively supported the operational phase by cross-checking information against its databases. Participating countries Australia, Bangladesh, Brunei, Cambodia, China, France, Germany, Greece, India, Indonesia, Laos, Malaysia, Maldives, Myanmar, Pakistan, Philippines, Portugal, Qatar, Romania, Singapore, Spain, Turkey, UAE, UK, Vietnam. Operation Storm makers was funded by the INTERPOL Foundation for a safer world.  

Dahua Technology, a world-leading video-centric smart IoT solution and service provider, just launched its Thermal Monocular Camera Series – M Series. They are handheld cameras tailored for outdoor scenarios such as hiking, wildlife conservation, search and rescue missions, hunting, etc. M Series provides three model options (M20, M40 and M60) based on the image resolution of the cameras, while each of them includes multiple models with different lenses to meet diverse customer needs. With an industry-leading 12μm Vox sensor, the maximum resolution can reach 640×512. This innovative series could be the handiest high-quality device for thermal imaging-related tasks in the field, and here are the reasons. Reliable under tough outdoor conditions The ergonomic design of the M Series realizes the comfortable handheld experience and convenient operation. These cameras meet the IP67 standard of Ingress Protection Rating, pass the 2 meter drop test, and function under temperatures of -20° to 55°, which means they can work steadily in tough environments. Even under harsh weather, the M Series is able to capture sharp thermal images at a smooth and stable frame rate and produce clear and detailed visuals of running targets and moving vehicles. Thanks to advanced thermal imaging technology, the series can detect animals and objects in complete darkness, haze, or through glaring light. M Series’s weight ranges from 350g to 500g. Its internal lithium battery supports up to 9 hours of battery life (tested at 25°C) and a USB cable power supply. These make the Dahua Thermal Monocular Camera Series ideal for outdoor applications and easy to be recharged in the field. Advanced intelligence to meet various needs M Series offers a choice of four color palettes to meet users’ observation needs in different scenarios. ‘White Hot’ is suitable for observing active targets, ‘Iron Red’ can improve the comfort of long-term observation under night conditions, ‘Rainbow’ is convenient for users to quickly identify targets, and ‘Alarm’ helps to quickly detect the emergence of high-temperature targets. As thermal imaging cameras, the M Series also has a crucial function of automatic fire detection up to 1km (Fire size: 2mx2m). Forest management personnel can use it to conduct inspections to quickly find fires and arrange for firefighters to deal with the fire in time. ghters to deal with the fire in time. In addition, the M Series supports distance measurement. By selecting the measurement target type (e.g., wolf, rabbit, human, custom) and placing the measurement line on the top and bottom of the target, the approximate distance of the target can be obtained. For networking, the M Series is equipped with a builtin Wi-Fi hotspot module. By connecting the cameras to the smartphone via Wi-Fi hotspot, users can transmit real-time images, set up cameras, store pictures and videos, and browse history files on the DH Thermal APP. Moreover, videos and pictures can be exported and shared via a USB cable connected to a computer. Outstanding features for a better user experience With the built-in video recorder and display, Dahua Thermal Monocular Camera Series can present great views to users and take pictures and videos at any time. Apart from the Micro USB ports, the camera series also has CVBS ports for connecting to an external display screen to realize a better visual experience. In addition, the series has an SD card slot that supports a maximum of 256 GB of storage space, which can significantly expand the storage capacity of the cameras. A built-in distance sensor can detect whether the device is being used. If no one is within a certain distance for a set period, the device will automatically turn on to standby mode. The display will be turned off to preserve battery life while other functions are still online. Users can re-start operating by stepping closer to the device or pressing the power button. Dahua never stops innovating for better products, solutions and services to meet customers’ needs. The highlighted functions not only differentiate Dahua’s products from others but also attract consumers around the world.  

A new study from Juniper Research has found that the value of cross-border eCommerce will exceed $2.1 trillion in 2023, from $1.9 trillion in 2022. This growth of over 13% in a single year reflects the increasing success of marketplaces which offer goods across borders, as well as the rising viability of cross-border sales as an eCommerce model. The new research, Cross-border eCommerce – Emerging Opportunities, Future Challenges & Market Forecasts 2022-2026, found that as eCommerce models diversify, including models such as buy now pay later and click and collect, cross-border options must also keep pace, by agreeing local distribution and payment partnerships. The research recommends that cross-border eCommerce vendors offer localised eCommerce models, or they will lose out to options that better serve consumer appetites. Marketplace model critical to cross-border growth The research found that the marketplace model, where large vendors, such as Amazon or Wish.com, sell goods to users on behalf of cross-border vendors, will be critical to growth. This model represents an easy way to access a large audience, while ensuring that accepting payments and other logistical issues are seamlessly handled. Research co-author Nick Maynard elaborated, “The marketplace model within eCommerce takes the complexity away, meaning that cross-border merchants can provide a localised service. As such, marketplaces are an excellent way to gain immediate access to an existing user base, albeit one that can be restrictive compared with having a direct-to-consumer relationship.” Physical goods dominating cross-border eCommerce spend The research found that physical goods will account for over 97% of cross-border eCommerce spend in 2023, with digital goods making up the remainder. It identified the maturity of cross border export of physical goods as a business model as a major factor in this difference, as well as increasingly cost conscious end users. The research recommends that payments vendors support a wide range of local payment methods, in order to capitalise on this sizeable opportunity. Juniper Research provides research and analytical services to the global hitech communications sector, providing consultancy, analyst reports and industry commentary.  

As wireless networks transition to 5G technology, they could enable a host of new capabilities ranging from autonomous vehicles to surgery performed at a distance – but they also will place new cybersecurity demands on industry. A new draft publication from the National Institute of Standards and Technology (NIST) is designed to help network operators navigate the demands while delivering the new features 5G is designed to provide. The publication describes a standalone 5G network that NIST’s National Cybersecurity Center of Excellence (NCCoE) is constructing, largely for the purpose of demonstrating 5G cybersecurity capabilities in different situations. The network, which the NCCoE team is constructing from off-theshelf commercial technology, is currently being deployed, and the team is seeking comments on the publication in part to ensure the finished network will allow the researchers to develop practical guidance that the wireless security community will find useful. The publication, titled 5G Cybersecurity Volume B: Approach, Architecture and Security Characteristics (NIST Special Publication 1800-33B), describes the cybersecurity capabilities that their example 5G network will enable. It also provides a risk analysis for the security capabilities that the network will demonstrate. Its authors, who characterize it as a preliminary draft, plan to develop it to include actionable guidance on using standards and recommended practices for multiple use case scenarios. “The information contained in the document highlights security features that 5G offers,” said Jeff Cichonski, a NIST Information Technology Specialist and one of the publication’s authors, “Understanding what’s available can be critical to help operators and users of 5G understand and manage their cybersecurity risk when it comes to 5G.” One advantage of 5G will be greater customization of a network to fit its purpose. A large company might want its own 5G network for communication at its headquarters building, while a hospital might want one to enable telemedicine. These different use cases might well have varied cybersecurity demands that the network can be configured to provide appropriately – by activating some available security features rather than others, for example. A potential issue, however, is the current lack of 5G standards that specify how to deploy cybersecurity protections onto the underlying components that support and operate the 5G system. One difference between 5G and previous-generation cellular networks is 5G’s use of cloud-based technology, which is similar to that used for many internet applications. 5G systems can leverage the robust security features available in cloud computing architectures to protect 5G data and communications. As these features may be unfamiliar to some in the industry, Cichonski said, the publication is designed to help clarify how the cloud-infrastructure-focused security capabilities can help secure a 5G network. “The first phase of the project will also showcase how 5G can help address known security challenges that existed in previous-generation networks,” Cichonski said, “If we identify gaps in 5G cybersecurity standards, we will let standards development organizations know what we learn. We are hoping this project will help the entire wireless security community.” The publication is intended primarily for commercial mobile network and private 5G network operators, as well as for organizations using and managing 5G-enabled technology. Once completed, the approach will offer several benefits to organizations that implement it, including reduced susceptibility of a 5G network to cyberattack, better protection of 5G communications against eavesdropping and tampering, and increased privacy protections for 5G users. To develop the draft further, the authors are requesting comments that focus on the security capabilities their example 5G solution implements. “We’d like to know if the guide accurately describes technical security capabilities and related threats and vulnerabilities,” Cichonski said, “One major goal is to assist organizations in understanding and managing the cybersecurity capabilities available in 5G and the supporting IT infrastructure, so we want the community to let us know what we can add to make the information more relevant to their organizations.”