Category: Latest

Security & Intelligence Services (India) Limited has recently entered into a strategic partnership with SLV Security Services Private Limited whereby it acquires a stake of 51% in SLV. Headquartered in Gurugram, SLV was founded by Vishal Swara and Shyam Swara and was incorporated in 1986. The company provides physical security, electronic surveillance, event security/ management, and security consulting services. The business currently generates annual revenues of over Rs.240 crores with the majority of them coming from the National Capital Region (NCR). The company has over 650 customers and operates in 1,575 sites. “SLV is a well-recognized brand with a strong franchise in the NCR region and several blue-chip clienteles. We are glad to have SLV in SIS Group and we look forward to leveraging our partnership to become a much more dominant player in the region which will take us closer to our goal of being the No. 1 security services company in India. Our M&A strategy is focussed on becoming the leader in key micro markets and NCR market is one of them.”  Rituraj Sinha Group Managing Director, SIS Group  As per the understanding, Vishal Swara will continue as the Managing Director of SLV to drive the growth of the company further. He will be responsible for the day to day management, and will also determine the strategic directions of the business together with the SLV Board.  Over the next few years, SIS will increase its shareholding in SLV in the mutually agreed manner. This is the first strategic transaction for SIS since its IPO. Last year, the company had notified the stock market about its Rs.1000 crore acquisition/ investment corpus. Mr. Swara said, “SLV has been a well-recognized name in the security services space with several marquee clients being served over the last many years.  With this strategic partnership with SIS, we will enhance our ability to service existing clients through new solutions, as well as increase our presence with new customers and in new geographies.  Together, we believe that we can achieve a higher growth rate and capture a larger share of the huge security market in India.” Rituraj Sinha, Group Managing Director, SIS Group commented on the acquisition, “SLV is a well-recognized brand with a strong franchise in the NCR region and several blue-chip clienteles. We are glad to have SLV in SIS Group and we look forward to leveraging our partnership to become a much more dominant player in the region which will take us closer to our goal of being the No. 1 security services company in India. Our M&A strategy is focussed on becoming the leader in key micro markets and NCR market is one of them.” The Indian security market is estimated to be of the worth of Rs.70, 000 crores, and it is growing at a rate of 20% per annum, as per a Frost & Sullivan Report. The NCR market is growing at a faster clip with the concentration of economic activities, residential developments and infrastructure spend by the Central and State governments. SIS has been looking to consolidate its market share in key geographies like these with an objective to emerge as India’s largest security services provider. Through this strategic partnership, the SIS-SLV combine shall secure the highest market share in the Gurugram- NCR market. Earlier, SIS had launched its first B2C service in Gurugram in 2017, under the brand name vProtect which is a home alarm, monitoring and response solution. The SIS-SLV partnership is also expected to offer valuable synergies in targeting the residential market in Gurugram. KPMG acted as the transaction advisor to SLV for this strategic partnership.    

Dahua Technology, a leading solution provider of the global video surveillance industry organized another series of roadshows in Chennai, Jodhpur, Gwalior and Mumbai. The theme of the roadshows was ‘Partnering To Enable A Safer & Smarter Living.’ These roadshows were successfully organized by Dahua Technology along with its national partner M/s. Aditya Infotech. Commenting on the success of these roadshows, Robbin Shen, Managing Director, Dahua Technology India Pvt. Ltd. said, “I am indeed overwhelmed by the enthusiastic response in all these cities which clearly shows that our technological innovation, quality, and services to clients and customers are well accepted here in India. This encourages and motivates our team to give out their best. More awareness has been created as more customers throng to our security products.” The events were hosted in top-class and easily accessible venues in each city. The first 50 registered visitors were given early bird gifts. There were live demonstrations in all these cities on security products displayed for the benefit of the visitors. The customers were happy to get hands-on experience in operating Dahua products. Dahua officials freely mixed with customers responded to the queries and cleared their doubts. The road shows in these cities created a special bond between the Dahua brand lovers and the company and helped enhance its brand awareness among the people. “Roadshows are very important to us that help accomplish our mission of enabling a safer society and smarter living.” – Robbin Shen Managing Director, Dahua Technology India Pvt. Ltd.  

Hikvision showcased its innovations in AI enabled security solutions at the 4th edition of the Security and Fire Expo (SAFE) South India (28-30 June) held in Hitex Exhibition Center, Hyderabad. SAFE was inaugurated by T V Sashidhar Reddy, IPS, Addl. Director, RBVRR (Telangana State Police Academy) and R Nanda Kumar, President, Electronic Security Association of India among other key dignitaries. The expo brought together internationally renowned exhibitors, consultants, industry experts and key government officials on a single platform from the Indian and the international industries. Commenting on the SAFE 2018, Ashish P Dhakan, MD and CEO, Prama Hikvision India said, “For Hikvision, SAFE 2018 is the gateway to South India’s fast growing market, we expect this platform to grow as a force multiplier for the security industry. Being at the forefront of artificial intelligence and deep learning technologies, Hikvision is committed to offer best-in-class technology and innovations for vertical specific solutions related to smart cities, safe cities, transportation, BFSI, oil & gas, airport & seaport, real estate, education, hospitality, pharma & healthcare.” He further added, “We are hopeful that all our latest products and cuttingedge AI technology applications will add value to the end-users quest for an evolved and intelligent security solution.” Hikvision showcased the vast range of latest products and solutions including AI technology (face recognition/ people tracking/ perimeter protection), command control centre, thermal cameras, video door phone, access control system, intrusion (pyronix), ezviz products, HDTVI 5.0, Easy IP 3.0, intelligent transport solutions, swing barriers, under vehicle surveillance system and transmission solutions. Hikvision’s storage partner SEAGATE also showcased the latest storage solutions at Hikvision’s booth. Hikvision booth at SAFE 2018 witnessed good footfall and relevant visitors including security professionals, dealers, distributors, system integrators, consultants, business experts, key government officials and end users from across all verticals.

How can businesses better protect themselves from the increasing volume and complexity of cyberattacks while preparing for the opportunities of automation and digitalization of industries – this is the burning question of the day and our goal is to raise awareness to help them address it. This article focuses where we see the most significant threats and opportunities emerging, and highlights the implications of the increasingly connected world, how global regulation is responding, the need to inject trust into cybersecurity, ways to protect ourselves from intelligent cyberattacks, and what we should do to close the skills gap in an environment starved for cybersecurity talent, yet overwhelmed by volumes of data. The leading cybersecurity experts from TÜV have forecasted eight challenges that organizations will cope with in coming times. The forcast is based on a survey of TÜV Rheinland’s leading cybersecurity experts where inputs were collected from clients in Europe, North America and Asia. Following are highlights of the 8 cybersecurity trends identified this year: Trend 1: A rising global tide of cyber-regulation increasing the price of privacy Data protection is a critical concern in an increasingly digital world and May 25, 2018 is a turning point for data protection in Europe. It marked the end of the transitional period for the EU General Data Protection Regulation (GDPR) as it becomes enforceable by law. It disrupts data governance and how information is protected for any organisation controlling or processing EU citizen personal data, and leads a growing list of emerging data protection regulations from around the globe. Data protection is a critical concern in an increasingly digital world As business undergoes digital transformation and becomes increasingly connected, cyberattacks continue to grow in both sophistication and volume. Recent highprofile cyberattacks have showed just how vulnerable organisations are. The ransomware WannaCry infected more than 300,000 computers across multiple organisations, countries, and continents in less than 48 hours. 87 million Facebook profiles harvested by political consultancy Cambridge Analytica is being dubbed one of the most consequential data breaches in history, rivalling the breach of financial records from Equifax. These attacks predict a dark future for privacy. GDPR disrupts the data governance and how information should be protected Increasingly, organisations must be able to prove that they are processing personal data in accordance with the legal requirements of this evolving regulatory environment. GDPR introduces a number of key components including extra-territorial reach over EU data, individual right, data privacy officers, notice and consent, restrictions on secondary users, privacy impact assessment, and data breach notification. These requirements are forcing organisations to rethink data governance, systems architecture, documentation and data loss prevention. Failure to comply could result in fines of up to 4% of global turnover The related business risk is material. In the event of noncompliance or contravention, the EU is envisioning sanctions amounting to four percent of the previous year’s turnover, or EUR 20m, whichever is the greater. Weaknesses in technical and organisational data security such as outdated encryption standards leave organisations vulnerable to these fines. Many organisations are underestimating the extent of such requirements Few organisations are going to be ready by the impending deadline. Most, having underestimated the extent of the requirements, are still developing their plan for GDPR compliance. Some have decided not to develop a plan, choosing instead to treat non-conformity as just another operational risk to be managed – perhaps doubting the seriousness with which the EU commission will enforce it. Others are not sure if the regulation applies. As a result, the majority of organisations are starting late with implementation. An emerging list of data protection regulations from around the globe GDPR is leading a global trend as European regulators are not alone in mandating greater accountability at the executive level. The USA, Argentina, Brazil, Switzerland, Africa, India and China – all are revising their data protection regulations. Many share similar concepts like informed user consent and data breach notification obliging organisations to notify the relevant authority and all affected data subjects when a breach occurs – an often costly exercise. Yet this also leads to fragmentation and emerging market barriers driven by territorial requirements for data protection and data flows across borders. For global organisations, this will make international operations an increasingly costly and complex challenge. Trend 2: The Internet of Things drives the convergence of safety, cybersecurity and data privacy Today, product development, time to market considerations, and technical power constraints leave IoT devices exposed by exploitation of critical vulnerabilities. The impact of data breaches now extends far beyond simple data monetization to kinetic threats to health and safety, as devices and systems are directly connected to open networks. It is widely accepted that the state of IoT security is poor and with over 500 connected devices expected to cohabit with us in our homes by 2022, these represent a major risk to safety, cybersecurity and data privacy. Mirai proved that IoT devices can be effectively weaponised as botnets On October 21, 2016 a massive Distributed Denial of Service (DDoS) attack hit DYN Inc. and temporarily disrupted much of the internet on the East Coast of the United States. It affected companies like Twitter, Spotify, Amazon, Netflix, Reddit, the Guardian, CNN, and the New York Times. Formed mainly of hacked IoT devices, the Mirai botnet was a wake-up call about the vulnerability of internet connected things to cyberattacks. Commercial and technical constraints leave IoT devices vulnerable to exploits Many IoT devices are fundamentally insecure, leaving product manufacturers and customers exposed to the inherent risk of cyberattacks. This should not come as a surprise as manufacturers are not in the business of cybersecurity. Instead, they are under increasing pressure to innovate faster than the competition, while protecting their margins. Ensuring devices are easy to produce, functional, connected and secure – while limiting power consumption to extend battery life – is a complex technical challenge leading to difficult trade-offs. Vulnerabilities often reside deep in the product software stack To save time and money, software developers use open source…

Recently, a malware known as VPNFilter was discovered infecting various types of routers. VPNFilter is a modular, multi-stage malware that works mainly on home or small office routers. Since 2016, when the malware was initially introduced, it has compromised more than 500,000 home and small office routers and NAS boxes. Infection of such a large scale could allow the malware’s creators to utilize the affected nodes as a private VPN, making the trace back to the origin of a targeted attack very difficult. Though the infection vector is not yet clear, it is most likely to exploit known vulnerabilities affecting the various routers. There is no indication at present that the exploit of zero-day vulnerabilities is involved in spreading this threat. Some researchers and other US governmental bodies such as the FBI link this attack to the constant cat-and-mouse game between Russia and Ukraine. VPNFilter affected devices Devices infected by the VPNFilter malware include home and small office routers made by Linksys, MikroTik, Netgear and TP-Link, as well as network attached storage devices from QNAP. Magnitude of VPNFilter attack VPNFilter has been active since 2016, affecting some 500,000 devices in more than 54 countries. During May of 2018, two major attacks have been spotted targeting devices located in Ukraine. Threat behind VPNFilter The FBI hints to readers in its post that the VPNFilter malware attack could be the work of Sofacy Group, also referred as APT28, Sandworm, X Agent, Pawn Storm, Fancy Bear and Sednit. They have also seized a key domain that was used to infect home routers. It was also noted by Cisco researchers that the pattern of the attack indicates that the malware is part of a state-backed effort to create a versatile and effective botnet or data harvesting campaign, and shows the hallmarks of previous Eastern European malware efforts. Additionally, parts of this malware overlap code from the BlackEnergy malware which was responsible for multiple large-scale attacks that targeted devices in Ukraine, which was also attributed to a Russian government backed threat actor. VPNFilter infection process McAfee has provided a write-up on VPNFilter’s three-stage infection process: Stage 1 – completes the persistence on the system and uses multiple control mechanisms to find and connect the Stage 2 deployment server. Stage 2 – focuses on file collection, command execution, data extraction, and device management. Some versions possess a self-destruct capability to render itself unusable. Stage 3 – includes two known modules, possibly there are more to come: A traffic sniffer to steal website credentials and monitor Modbus SCADA protocols. Tor to communicate with anonymous addresses. How to prevent VPNFilter attack on the router Steps to protect against this malware are very generic and include the following: Reboot your device; if the device is infected with VPNFilter, rebooting will temporarily remove the destructive elements (outlined in stages 2 and 3 above). Perform a hard reset of the device, restoring factory settings to wipe it clean (removes elements from stage 1 above). Make sure you have the latest firmware installed. How Skybox Security can help defend your network Skybox Security can help identify vulnerability on a network quickly and provide recommendations for patching or other forms of mitigation – based on security controls such as firewalls and intrusion prevention systems (IPS). For this purpose, information about the vulnerability is analyzed in the Skybox Research Lab. A team of security analysts scours dozens of public and private safety data sources every day and investigates websites on the dark web. This allows Skybox to provide validated and up-to-date threat information. The Research Lab also provides vulnerability information regarding exploitability levels, exploitation preconditions and effects, and configures attack patterns to be used in Skybox’s patented attack simulations. By means of a vulnerability assessment without an active scan, the existence of vulnerability in a customer environment is to be derived. Vulnerabilities are then integrated into an attack surface model that includes the network topology, security controls and resources. The model performs attack simulations using information feed data to identify vulnerable assets directly or indirectly exposed to a potential attack. With Skybox, customers can quickly respond to threats such as theVPNFilter malware. Instead of focusing solely on the severity of the vulnerability, Skybox analyzes more factors than any other solution to determine the risk of attack. This can prevent an exploit like this from becoming a risk for companies. By Marina Kidron – Director, Threat Intelligence, Skybox Research Lab  

The Goods and Services Tax in India that is hailed as one of the most successful accomplishments of the current Government turned one year old on 30 June 2018.   The imposition of GST regime has echoed a mixed bearing on the service sector. On one hand, it is beneficial in various aspects such as one country one tax mode, seamless flow of credit, avoidance of multi-taxation etc., on the other it has produced snags in ease of doing business.  The Private Security Industry in particular, which is one of the largest employment generating industries in India making a workforce of over 7 million personnel is not going well along with the GST executions. They have shown utter disappointment with the regime and raised strong objections on the GST implementation.  Amongst others, the major impediment stems from the fact that GST is due to be deposited on the 20th day of every month while private security agencies receive payments for their respective services after 60 to 90 days; in the interim, however, they are mandated to meet the statutory compliances without fail. The gap between the business module of the private security industry and the imposed GST compliance regulations has created an unpleasant state of affairs for the industry. Central Association of Private Security Industry (CAPSI), the preeminent organisation for private security professionals in India have made several representations with the Government to amiably reach out to a rational reconciliation, but they could not fructify well. The CAPSI delegations knocked the doors of the Secretary, GST, CCI and MSME to suggest them to enable the system of reverse charge mechanism for security. Although the delegations at each stage were given a patient hearing, but no assurance towards the rectification of the anomaly has been suggested so far. The industry has decided not to give up and to proceed more pro-actively to counter the indifference. To begin with afresh, CAPSI has recently resolved to stage a nationwide peaceful protest (Dharna) on 18 July 2018 in front of GST offices of the respective states. The basic ethos of the protest is to simultaneously carry out multiple Dharna’s across the country with adequate media coverage in order to make the authorities aware about the seriousness of the issue. In this respect CAPSI State Chapter Presidents will sensitise all the security agencies in their states to participate whole heartedly in the protest. Along with CAPSI members, non-members of the industry are also requested to support the cause and participate in order to ensure adequate strength from the Industry. The participants will wear black T-shirts. CAPSI will also hold a press conference prior to the main event on 16 July at Press Club of India, which will coincide with the scheduled media conference at Delhi by CAPSI. The Dharna envisages an active involvement of APDI as well. APDI State Chapter Presidents are requested to garner the cooperation and indulgence of all the detective agencies operating in the states to actively participate in the Dharna and make it a huge success.