www.securityfocusafrica.com |
Vol 39 No 7 JULY 2021
The official industry journal for professional risk practitioners: security, safety, health, environment and quality assurance
Farm security in South Africa
Are you ready for hybrid working? In conversation with Ernst Roets
CYBERSECURITY • Social media in rioting • SMEs & ransomware • Multi-platform malware
BATTLE ZOOM FATIGUE Update from SASA | Concourt orders and arrest
S
SINE
S
O
N FO R
B
U
PE
securityfocusafrica.com Security Focus Africa has been marketing suppliers to buyers in Africa since 1980, and is the official industry journal of the Security Association of South Africa. Our readers form the core of Southern Africa’s buyers and decision-makers in the security products and services industry. Our digital platforms have a highly-focused readership of people at the very heart of the security industry. Our news is distributed via website, digital magazine, and social media. Our annual Security Focus Africa Buyers Guide is searchable in our online directory, with over 760 businesses and branches throughout Africa. Need to find a service or supplier? We will help you find exactly what you need.
PO Box 414, Kloof 3640, South Africa Tel: +27 31 764 6977 | Fax: 086 762 1867 Email: contact@contactpub.co.za
Security Focus AFRICA w w w. s e c u r i t y f o c u s a f r i c a . c o m
The official industry journal for professional risk practitioners: security, safety, health, environment and quality assurance
KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
DIGITAL BUYERS GUIDE
to security services & products Promote your business
Attract customers
Increase your sales
Claim your listing on www.securityfocusafrica.com/buyersguide
2 for 1 offer The print listings now mirror our online directory style with basic and premium listings. In fact, upgrading a basic listing in print to premium will include an upgrade to premium on the website and vice versa. The same information online is printed in the print directory.
Security Focus Africa is known for having the most comprehensive directory of service providers in Africa. We have been a trusted source of information for more than 38 years, and now offer this valuable resource online.
The market is tough out there. What makes your business different from any other? For starters, be more accessible on the internet. Online searches are now the preferred method of finding information and contact details, so the better your online presence, the more business you will get.
BENEFITS OF LISTING YOUR BUSINESS:
• By claiming your listing, you can keep your company’s information up to date at your own convenience • Upgrade your listing online at any time to maximise your brand exposure • Improve your SEO and online presence • We provide a targeted audience for your business • See your stats – know how many people are seeing your listing • Increase traffic to your website with a link from the directory
Security
For as little as R2 400, you can get the edge over your competitors by providing indispensable information to your customers on our online directory.
Affordable advertising is just a click away.
Focus
AFRICA
BUYERS GUIDE
www.securityfocusafrica.com/buyersguide KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
Security Focus Africa: Serving the South African security industry for 41 years
CONTENTS www.securityfocusafrica.com The official industry journal for
|
VOL 39 NO 7 JULY 2021
Vol 39 No 7 JULY 2021
professional risk practitioners:
nt and quality assurance
security, safety, health, environme
Farm secu rity in South Africa
Are you ready for hybrid working? In conversation with Ernst Roets
CYBERSECURITY • Social media in rioting • SMEs & ransomware • Multi-platform malware
12
BATTLE ZOOM FATIGUE Update from SASA | Concourt
orders and arrest
COVER STORY FARM SECURITY IN SOUTH AFRICA 12 An update on the deadly scourge that’s killing and maiming the country’s farmers. 14 The inkblot strategy and other solutions.
17
2
SECURITY FOCUS AFRICA JULY 2021
securityfocusafrica.com
Official Journal of the Security Association of South Africa
4
Published by Contact Publications (Pty) Ltd (Reg No. 1981/011920/07)
Vol 39 No 7
TEL: (031) 764 6977 FAX: 086 762 1867 MANAGING DIRECTOR: Malcolm King malcolm@contactpub.co.za
EDITOR:
REGULARS EDITOR’S COMMENT 4 Adaptability versus bad news, opinions and conspiracy theories.
ASSOCIATION NEWS 6 Update from SASA. NEWS IN BRIEF 8 News snippets from around the world.
NEWS 11 One Linkage launches campaign for corporates to support SMMEs affected by unrest.
INDUSTRY OPINION 17 Should we ban cryptocurrency to stop ransomware?
NEWS 18 Cybercrimes Act: South Africa finally joins the big boy table.
WHITE PAPER 19 Today your colleague, tomorrow your captor.
ON THE MARKET 20 A way to battle zoom fatigue. 21 Innovation is allowing citizens to claim back their safety.
INDUSTRY OPINION 22 Your employees are ready for
PERSONALITY PROFILE 26 In conversation with Ernst Roets.
CYBER SECURITY 28 Social media, riots and consequences.
30 What SMEs need to know
about Ransomware attacks. 31 WildPressure’s multi-platform malware hits macOS in the Middle East.
NEWS 32 New appointment at
Networks Unlimited underscores the importance of governance and compliance.
Ingrid Olivier ingrid@securityfocusafrica.com
SENIOR GRAPHIC DESIGNER: Vincent Goode vincent@contactpub.co.za
DISTRIBUTION MANAGER: Jackie Goosen jackie@contactpub.co.za
POSTAL ADDRESS: PO Box 414, Kloof 3640, South Africa
PUBLICATION DETAILS: Security Focus Africa has 12 issues a year and is published monthly, with the annual Buyers’ Guide in December. Due to the Covid-19 crisis, we will only be publishing digitally, until further notice.
33 CONTRIBUTORS AND ADVERTISERS INDEX
Editorial contributions are welcome.
THE LAST WORD 34 Concourt orders and arrest.
editorial@securityfocusafrica.co.za.
36 DIRECTORY
26
EDITORIAL CONTRIBUTIONS: For details please email
ADVERTISING ENQUIRIES: Malcolm King Email: malcolm@contactpub.co.za
Security Focus Africa is a member of
hybrid working. Are you?
OPINION PIECE 24 Consolidated workloads need
intelligent storage architecture to ensure high availability and reduce the fault domain.
securityfocusafrica.com
www.securityfocusafrica.com 3
EDITOR’S COMMENT
Adaptability versus bad news, opinions and conspiracy theories Just like every other month in South Africa, and this July in particular, there’s no shortage of news. The country is literally bursting at the seams with all the goings-on, not least of these being the pandemic, incidents of violent unrest and looting, the incarceration of ex-president Jacob Zuma and the POPI Act.
A
nd, news just in: loadshedding is starting again, according to my trusty app. Everyone has an opinion, and the conspiracists are having a ball. There’s one particular quote about current circumstances by Douglas Adams in The Hitchhiker’s Guide to the Galaxy that pops up in my head from time to time and always makes me laugh out loud, and while I won’t share it here, there’s something to be said for a good chuckle even in the toughest times. Far more useful is this quote by Louisiana State University business professor and author Leon C. Megginson: “It is not the strongest or the most
4
SECURITY FOCUS AFRICA JULY 2021
intelligent who will survive but those who can best manage change.” That we’re living in a changed world is indisputable. So much of what was familiar is gone – for now at least. What interests me is how some of us are not only surviving but thriving, and I’m not lying when I say that the word ‘adaptability’ has been buzzing around in my head for the last couple of days. So, I was delighted to find an article ‘3 ways to be more adaptable in difficult times’, published on LinkedIn1 by Heidi Hanna, author, researcher and speaker, who talks about the importance of adaptability: “in times like these, where we face daily uncertainty and elevated levels of stress, discomfort, and disorder.”
She goes on to discuss the need to reframe the way in which we look at challenges, along with the importance of being flexible. Who among us South Africans is doing this, I wondered while reading her article? I turned to Google then, as one does, and it seems like quite a few people and companies are turning chaos into opportunity. Some have started new businesses in areas as diverse as social media, food, cleaning services, tutoring and even insurance. Fairly new start-up Naked Insurance has taken on the traditional insurance giants, telling Business Insider2 that “The people that were going to meet the changing
securityfocusafrica.com
EDITOR’S COMMENT
consumer needs were going to be new players.” The article quotes Naked co-founder Alex Thomson, further: “We haven’t sold a single policy over the phone, made a single outbound call, and haven’t sent a single sales SMS... And, in a year when insurance companies were the worst offenders when it came to spam phone calls in South Africa, Naked has instead grown “more than three times” this year alone, in a more organic fashion – via word-of-mouth, and with an Uber-like incentive scheme for getting your friends on board.” Doing business in a new way is proving fundamental to current and long-term success. Yebo Fresh3 was a new start-up when Covid-19 hit South Africa. Committed to supplying township families and other clients with food, simply and safely, the company focused on partnering with NGOs (non-governmental organisations) and community action networks, with the result that its volumes reportedly grew by “thirty times, almost overnight”. Attributing its success in part to mobile technology, smart backend systems, extensive data analysis and a constant drive to optimise its performance, its business model may be extrapolated to other sectors, security included. Winner of the Aim Virtual Startup Pitch Competition 2020, Kudoti was launched as a tech-driven platform to add value to South Africa’s ‘untapped’ waste and recycling sector. Co-founder Gift Lubele, as quoted in VentureBurn4 says that the company uses hardware and software technology to collect data, improve logistics and processing in an industry where the main challenges include highly inefficient paper-based processes and wasted manual resources that could easily be automated. While the businesses differ enormously in terms of what they do, there are some common threads such as using technology to streamline processes, reduce costs and improve efficiency. It may not seem like the ideal time to start a new business, says The Workspace5, but entrepreneurs see
securityfocusafrica.com
the “environment of rapid change, uncertainty and new needs” as an opportunity for innovation to come to the fore. “That’s where entrepreneurs thrive!” it avers. To wrap, I want to share these do-able steps from an article written by Mike Anderson, founder and CEO of South Africa’s National Small Business Chamber (NSBC) and published on BizTrends6 • Keep up with business trends which will put you in a stronger position to boost sales, operate more effectively, reduce expenses, market to your target audience, elevate your customers’ experience and build a loyal customer base. • Have a professional online presence. Pay if you have to for a website, and utilise social media platforms such as Facebook, LinkedIn and Twitter. Also ensure you have a professional email signature (all in compliance with the newly implemented POPI Act, of course). • If you sell products, you need to add an ecommerce component to your business – people aren’t going into stores in the numbers they used to as we all know. • Accept that remote work – or at least a hybridised new work model – is the way of the future and restructure if you have to. (You could end up saving a lot of money on rent and traveling time.) • Embrace mobile communication, which must be responsive from a client’s viewing and engagement point of view and a key tool for connecting with your work-from-home employees at the same time. • Make it possible and easy for people to do digital payments – there’s more and
more talk of a cashless future. • Business continuity: cut out unnecessary spending and reduce debt, so you can weather the next storm while building a sustainable legacy if that’s important to you. Last bit of advice: go easy on the bad news. I’ve figured out that checking the news in the morning, the afternoon and then a quick last-check before I finish work for the day is a lot better for my state of mind than being constantly connected. Wishing you success and safety. Be safe.
Ingrid Olivier, Editor ingridolivier@idotwrite.co.za
1. https://www.linkedin.com/business/learning/blog/ career-success-tips/3-ways-to-be-more-adaptableduring-difficult-times 2. https://www.businessinsider.co.za/how-nakedplans-to-disrupt-the-insurance-industry-withoutspam-and-call-centre-tricks-2020-12 3. https://www.yebofresh.co.za/about/ 4. ˇhttps://ventureburn.com/2020/07/kudoti-crownedsas-startup-champion-for-2020/ 5 https://www.theworkspace.co.za/blog/12-southafrican-entrepreneurs-to-watch-in-2021/ 6. https://www.thesmallbusinesssite. co.za/2021/01/11/biztrends2021-6-key-trends-forsmall-businesses-in-2021-and-beyond/
SECURITY FOCUS AFRICA JULY 2021
5
ASSOCIATION NEWS
SASA UPDATE
Update from SASA Every month is eventful in South African, and July has been no exception! Here’s a round-up of the main events – which in one way or another – affect the country’s security sector. From the desk of Tony Botes, SASA National Administrator.
M
ass protests and looting Following his sentencing by the Constitutional Court for contempt of court, ex-president Jacob Zuma was subsequently incarcerated. This led to mass action, predominantly in KwaZulu-Natal (KZN) and then Gauteng, with protests hijacked by a criminal element that looted and destroyed shops, businesses and other entities, with damage and losses in the billions of rand. The South African Police Service (SAPS) was caught napping (although some maintain that the intelligence structures had prior knowledge of the planned mass action), and they were obliged to obtain support from the South African
6
SECURITY FOCUS AFRICA JULY 2021
National Defence Force (SANDF), who are actually not trained, we believe, for ‘urban conflict’. Despite directives from both SAPS and PSIRA (Private Security Industry Regulatory Authority) saying that security companies were not permitted to perform “police functions”, a number of private security companies DID enter the fray, by providing additional manpower for their clients, escorting vehicles on the main routes and supporting communities against the looters. Unfortunately, it seems as though some of these companies, or their employees, overstepped the mark, which actions are currently under investigation by SAPS and PSIRA.
Covid-19 Following the easing of covid-19 restrictions to adjusted level 3 by the president on Sunday 25 July, we’re hoping that it impacts positively in terms of the economic challenges facing both businesses and individuals. Key going forward though, if we’re to avert another wave, is for people to all wear masks and take the required precautions. SASA has been in contact with PSIRA, which supports our view that security officers be prioritised in the vaccination process. According to PSIRA, this has been approved by the Minister of Police, and they are now waiting for the approval from the Minister of Health and the President. PSIRA has also requested that those
securityfocusafrica.com
ASSOCIATION NEWS
security companies who have space and facilities (such as currently unutilised training centres) to make them available as vaccination centres for their own and any other security officers. We have communicated this to our members and I am pleased to confirm that we have received overwhelming support for this initiative. We have been shocked to hear of the numbers of people, at all levels, who have succumbed from Covid-19 and extend our sincere condolences to their families and colleagues. NBCPSS The National Bargaining Council for the Private Security Sector (NBCPSS) has already scheduled the first few noncompliance hearings for next month and a much larger number for September and October. However, with probably more than 4 000 complaints already having been received and more being received daily, it will take a while to catch up. We wish them well in this challenge! Non-compliance by security service providers seems to be growing by the day, with many security companies resorting to illegal and/or unethical practices to meet the push-back by consumers wanting to pay less but for the same level of service. Consumers should realise that ‘you get what you pay for’ and that it is all but impossible to expect a premium and effective level of security if you are demanding bargain basement prices! Non-compliance includes but isn’t limited to the following: • Using unregistered security officers (often undocumented foreigners) • Using unregistered learners on sites (very seldom under the direct supervision of an assessor) • Using independent contractors, also referred to as self-employed security officers • Blatantly ignoring minimum statutory salary levels • Failing to pay premiums for overtime, Sundays and public holidays • Failing to pay the statutory Security Officer Premium Allowance • Failing to participate in the statutory Private Security Sector Provident Fund, sometimes even deducting the employees’ contribution but not paying same over • Failing to participate in the new statutory medical scheme • Failing to register with and/or pay over the Bargaining Council monthly levies
securityfocusafrica.com
We are currently in discussions with the insurance association about the hazards associated with hiring cheap and/or inferior security operators. Hopefully insurers will delve deeper into the quality and compliance level of the security service providers when assessing claims, as underpaid and overworked security officers most probably cannot and will not perform their duties to the high levels expected of them. Hopefully the NBCPSS and PSIRA will begin working together, sooner rather than later, to share intelligence on non-compliance. PSIRA may prosecute, fine, suspend and/or deregister a non-compliant security service provider, but without powers of restitution, it cannot legally enforce payment of any unpaid or short-paid amounts to guards. On the other hand, the NBCPSS may issue compliance orders against such companies, going back as far as three years. Should the employer not comply with the claim award and, after following due process, this may be made an order of court and the Sheriff of the High Court may, with a warrant of attachment, attach the company assets, to be placed on auction, and use the income from the auctioned goods to settle such claims. International reciprocal agreements As mentioned in previous editions, we have already concluded agreements with security associations in Namibia and India, with Singapore just busy finalising their agreement. Further agreements are being planned with associations in Ghana, USA, and the UK.
Membership benefits We are working on expanding membership benefits, which will be communicated to all members once finalised. Currently, these include: • A strictly applied Code of Ethics. • Representation at national and local government level. • Industry exposure in the media as well as at major shows and exhibitions. • Contacts and networking opportunities. • Discounted training courses, events and seminars. • Access to a security library managed by the University of South Africa (UNISA). • Updates on new legislation and other industry-relevant information. • Access to security-related and affiliated associations in South Africa and overseas. • The SASA national website. • A central administration office. • Free digital subscription to Security Focus Africa magazine, official journal of SASA. • A mentorship programme which is designed to guide and assist start-up security companies with attaining the compliance standards required to qualify for Gold Membership. For more information about what SASA does and how it can help you and your company, or to report any wrongdoings or concerns, please contact Tony Botes, SASA National Administrator, at: Tel: 0861 100 680 / 083 650 4981 Cell: 083 272 1373 Email: info@sasecurity.co.za / tony@sasecurity.co.za Website: www.sasecurity.co.za
SECURITY FOCUS AFRICA JULY 2021
7
ASSOCIATION NEWS
News snippets from around the world Zuma slapped with summons to pay back R18m in legal fees The Jacob Zuma Foundation on Thursday confirmed the receipt of a summons that the former president pays back R18 million used to fund his personal legal costs. Zuma lost an appeal at the Supreme Court of Appeal (SCA) back in April and was ordered to pay back the money. www.citizen.co.za
Government can’t borrow R70bn to increase public servants’ salaries
South Africa’s security sector is in crisis – immediate reform is needed to ensure national stability As the dust settles on insurrection, government must acknowledge the urgent need to repurpose a failing security system. The attempted insurrection of the past week affirms the extent to which South Africa suffers from debilitating political, social and economic pathologies. With high unemployment, inequality, poverty, xenophobia and racism, the country will face internal security problems for years to come. Add to this declining regional stability due to the insurgency in Mozambique’s Cabo Delgado province and events in Eswatini, and it’s clear that South Africa’s security system must urgently be repurposed for the tasks at hand. First published by ISS Today and then www.dailymaverick.co.za
World’s leading ransomware gangs have created a cybercrime “cartel” Several of Russia’s largest ransomware cybercriminal gangs have partnered up and are sharing hacking techniques, purloined data-breach information, malware code and technology
8
SECURITY FOCUS AFRICA JULY 2021
infrastructure. The most active collaborators are four groups known as Wizard Spider, Twisted Spider, Viking Spider and LockBit. The gangs in this cluster jointly control access to illicit data leak sites and custom ransomware code. They also associate with the larger criminal ransomware ecosystem, exert influence over smaller gangs and license their tools to affiliates, said Jon DiMaggio, chief security strategist at Analyst1. The groups do not appear to share profits from criminal activity. “They’re not a cartel in the traditional sense, like oil companies that have a lock on the supply of crude,” DiMaggio explained. “But they do have technology infrastructure, and some are big enough to have their own [ransomware] code.” www.cbsnews.com
Fake news uptick aimed at South Africa’s judiciary South Africa’s judiciary has been hit by a flurry of fake news reports, which has forced it to clarify the wave of disinformation in the past two weeks. The latest is a list circulating on social media, purportedly containing judges shortlisted for judicial vacancies by the Judicial Service Commission (JSC). www.iol.co.za
Public Service and Administration Minister Senzo Mchunu has warned that the government would have to borrow over R70 billion to comply with the agreement to increase public servants’ salaries it failed to honour last year. Mchunu filed his written submissions ahead of next month’s Constitutional Court battle between unions representing state employees and the government over the failure to increase their salaries in 2020. The agreement reached at the Public Service Co-ordinating Bargaining Council (PSCBC) in 2018 would have seen salaries increase by between 4.4% and 5.4% agreed with effect from 1 April 2020. www.iol.co.za
Transport MEC Daylin Mitchell closes Route B97 between Paarl and Bellville MEC of Transport and Public Works has decided to close route B97 between Paarl and Bellville, currently the cause of conflict between taxi associations Cata and Codeta, who both claim to have the right to operate on the route. The decision follows his publication of notice in the Government Gazette dated 9 July (Government Notice 416 of 2021) that Bellville and Paarl are areas in respect of which extraordinary measures in terms of Section 91 may be made. Over 80 people have died since the start of the year due to the conflict over the route. Thousands of commuters were left stranded after minibus taxis pulled and buses followed suit after the violence spilt over. Now buses
securityfocusafrica.com
NEWS IN BRIEF
that are running a limited service have to be escorted by law enforcement when transporting commuters. www.iol.co.za
South Africa unrest death toll jumps to more than 330 The recent rioting in South Africa has claimed 337 lives, the government said last week. “The South African Police Services has revised the total number of deaths in Gauteng [province] to 79 and KwaZulu-Natal to 258 as related to the unrest,” said Khumbudzo Ntshavheni, a minister in the president’s office. www.aljazeera.com
SA State Capture Inquiry update The state capture commission will resume its hearings into law enforcement agencies, hearing evidence from legal representatives of implicated prosecutors in the National Prosecuting Agency (NPA). The commission will also hear evidence from former police commissioner Khomotso Phahlane, said the commission’s spokesperson Mbuyiselo Stemela. Phahlane has previously featured in testimonies by former head of Independent Police Investigative Directorate (Ipid) Robert McBride. McBride has told the commission that the SAPS was run on a patronage system whereby junior officers were promoted to carry out their seniors’ bidding. www.iol.co.za
French person among 6 held over plot to kill Madagascar president A French citizen is among six suspects arrested over a failed plot to murder Madagascar’s President Andry Rajoelina and other top political figures in the Indian Ocean island nation, according to officials. “One of the arrested people is French, two of them are bi-national: Malagasy and French. The three others are Malagasy,” Rodellys Fanomezantsoa Randrianarison, the public security minister, said last week. www.aljazeera.com
Warning against dye-stained banknotes The South African Reserve Bank (SARB) on Wednesday advised the public to be aware and cautious of accepting banknotes that have been stained with traces of blue or green ink. This comes in the wake of the looting and vandalism of shopping malls and other stores, including ATMs, last week in KwaZulu-Natal and Gauteng that
securityfocusafrica.com
government has since characterised as part of a ‘failed insurrection’. www.citizen.co.za
42 cases of murder opened in Gauteng, 171 in KZN following unrest Following the unrest that swept through parts of Gauteng and KwaZulu-Natal last week, acting Minister in the Presidency Khumbudzo Ntshavheni said that police had opened 42 cases of murder and 37 inquest dockets in Gauteng, while 171 cases of murder were opened in KwaZuluNatal and 87 inquest dockets. www.ewn.co.za
Shootings in Washington spotlight growing problem US mass shootings, in which four or more people were shot, make national – and international – headlines. But stories involving smaller-scale attacks often remain on the pages of local newspapers. The spree of violence in the nation’s capital last weekend is one more point in a larger, worrying, trend. According to Washington DC crime statistics, the rate of assaults committed with a firearm has risen each year since 2018. So far, 455 assaults with a firearm have been reported in 2021. This time last year, there had been 422. Across major US cities, rates of homicides and shootings are up, says University of Pennsylvania Professor David Abrams, who created the website City Crime Stats last summer to track how the pandemic has affected crime. “Homicides are, in most of these cities, outpacing – and in some cases by a lot – rates that we’ve seen for the last several years,” says Prof Abrams. “It’s
pretty widespread. This is not just a DC phenomenon. It’s not just a Chicago phenomenon.” www.bbc.com
How last week’s violence differed from SA’s typical service delivery protests Looting was a dominant feature in the recent unrest in KwaZulu-Natal and Gauteng, which stands in stark contrast to what usually happens during service delivery protests in SA. This is according to Municipal IQ, a local government data and intelligence organisation that collects information on service delivery protests staged against municipalities to quantify and better understand the nature and trends of such events. “While recent civil unrest and looting were not directed directly against municipalities, Municipal IQ has databased major incidents (using media reports) to allow for a comparison of last week’s events against service delivery protests,” said Municipal IQ. According to the organisation, while service delivery protests in any given month are spread across SA, the vast majority of recent unrest took place in KZN and Gauteng (66% and 33%, respectively), and in metros (66%). “As of the end of June, 22% of 2021’s service delivery protests took place in KwaZulu-Natal, and 46% were in metros spread around the country. This is in sharp contrast with the concentration of unrest in KwaZulu-Natal and in particular eThekwini, Johannesburg, Ekurhuleni, Msunduzi and uMhlathuze, which together accounted for 75% of incidents,” said Kevin Allan, MD of Municipal IQ. www.sowetanlive.co.za
SECURITY FOCUS AFRICA JULY 2021
9
NEWS IN BRIEF Life Esidimeni inquest postponed to August The Life Esidimeni inquest has been postponed once again, this time to next month to allow for all parties involved to ensure that they are legally represented. The hearings into the deaths of at least 144 mentally ill patients after they were moved to illegal NGOs by the Gauteng Health Department began earlier last week. www.ewn.co.za
SA ‘knows’ where the famous blue sofa is — but who is going to get it back? A Durban furniture store is closer to recovering its now famous blue couch that was stolen when its showroom was looted earlier this month. The San Pablo Corner Sofa, a genuine leather sectional with ‘elegantly sloped armrests and supportive headrests’, is at an informal settlement near Quarry Road in Durban. This is according to social media users, who responded to Leather Gallery’s call for information on the whereabouts of the couch. The couch, which is priced from R67,999, was the subject of a meme when it was photographed at an informal settlement hours after it had been stolen from the Springfield showroom during unrest which swept through Durban. www.sowetanlive.co.za
Transnet cyber-attack: ‘The economic implications cannot be understated’ With speculation mounting that a cyber-attack that led to the total shutdown of Transnet operations last Thursday is linked to the violent riots and looting that took place in KwaZulu-Natal and Gauteng earlier this month, Public Enterprises Minister Pravin Gordhan has been called to set the record straight. The Democratic Alliance said – last Friday – that the implication of Transnet being forced to shut down its critical logistical operations “cannot be understated”, with the parastatal still reeling from this month’s unrest and trying to ease a backlog of shipments at some of the country’s largest ports. www.thesouthafrican.com
10
Mmamoloko Kubayi-Ngubane. The acting minister and deputy, Dr Joe Phaala, briefed the nation on 23 July, on the government’s response to Covid-19. The latest government briefing on the Covid-19 crisis was bittersweet. KubayiNgubane said that it appears that the worst of South Africa’s third wave of infections has passed and that cases are declining, however, she also added that 47 500 potentially lifesaving vaccines were lost and120 pharmacies were damaged during the unrest in KwaZulu-Natal and Gauteng. www.thesouthafrican.com
California sues Activision Blizzard alleging harassment, sexism Video game giant Activision Blizzard is being hit with a slew of allegations of sexism, discrimination and harassment of female employees in a lawsuit filed by a California state agency. The state’s Department of Fair Employment and Housing filed a civil complaint last Wednesday claiming that the maker of Call of Duty and World of Warcraft violated state laws by allowing a ‘pervasive frat boy workplace culture.’ Similar allegations have been made against France-based video game giant Ubisoft as well as US-based Riot Games, maker of League of Legends. www.thesouthafrican.com
Covid-19: ‘We have passed the peak of the third wave,’ says Kubayi-Ngubane
Two in court for possession of 19 rhino horns worth millions
South Africa has seen the worst of its third wave of coronavirus infections, according to Acting Minister of Health
The two men, caught with nineteen rhino horns in their possession, appeared in the Nelspruit Magistrate’s Court on Thursday.
SECURITY FOCUS AFRICA JULY 2021
The Hawks’ Col Katlego Mogale said Schalk Steyn (48) and Johannes Groenewald (53) appeared in court after they were arrested while transporting 19 rhino horns in two bakkies. She said that they face charges for the illegal possession and selling of rhino horns. “The pair was arrested during a multi-disciplinary operation conducted on 21 July 2021.” The operation was conducted by the Directorate for Priority Crime Investigation (Hawks), Wildlife Trafficking Counter-Intelligence and private sector to curb wildlife trafficking. “During their arrest, they were found with nineteen rhino horns with an estimated value of R2,6 million.” www.thesouthafrican.com
Basic Income Grant for SA ‘will be worth over three times more’ than R350 grant Calls for a Basic Income Grant of R1 268 have intensified. Three civil society organisations, including the Poverty and Inequality Institute, have demanded South Africa’s government provide a universal Basic Income Grant in order to assist over 13 million people living under the poverty line. The country had been providing a R350 Social Relief of Distress grant at the beginning of the Covid-19 pandemic. The SRD payments bridged a gap for citizens who remain ineligible for other SASSA grants. However, after many extensions from the initial deadline, the grant was discontinued. Many argued that the discontinuation left millions of vulnerable people – who have come to depend on the grant to provide for their needs – in the lurch. www.thesouthafrican.com
securityfocusafrica.com
NEWS
One Linkage launches campaign for corporates to support SMMEs affected by unrest One Linkage, a women-owned technology company, is putting its weight behind efforts to help small South African businesses recover from the spate of unrest that affected parts of the country in recent days.
A
week of looting and rioting has seen the destruction of thousands of businesses in the Gauteng and KwaZulu-Natal provinces, with many of these being Small, Medium and Micro Enterprises (SMMEs) that are likely to struggle to get up and running again. To assist these businesses, on which tens of thousands of South Africans depend to earn a living, One Linkage has launched the #RiseUpSA Campaign, which aims to enable corporates to connect with and “adopt” SMMEs that need support. One Linkage CEO and co-founder Hepsy Mkhungo says corporate South Africa is invited to join the cause and help SMMEs affected by the riots to rebuild and restart their businesses. Some large corporates, such as Sasol, have already committed to the cause. Sasol’s Chief Procurement officer, Lebelo Lukhele explains, “The recent civil unrest coupled with the impact of the COVID-19 pandemic has been catastrophic for many South African businesses. As a corporate rooted in our South African heritage, we must remain agile in our response to the needs of our SMEs to ensure they remain sustainable. We are proud to partner with One Linkage as part of the #RiseUpSA campaign in responding to the immediate needs of small businesses. This partnership allows us to demonstrate the ‘spirit of ubuntu’ along with the power of digital platforms and innovation in the face of adversity.” Adds Mkhungo, “The initiative is designed to make it easy for corporates to lend support to affected SMMEs. As a small tech start-up, we know the devastating impact any disruption can have on small businesses. We are leveraging our cloud-based platform, designed to connect business opportunities, and make
securityfocusafrica.com
it easy for SMMEs and corporates to work together.” Seamless collaboration The Linkage platform is an integrated, cloud-based digital tool that facilitates seamless collaboration and transparency between stakeholders to achieve supplier diversity and small business development. For the campaign, Mkhungo explains that One Linkage is opening the onboarding component of its platform to the public at no cost to corporates and SMMEs. “To participate in the campaign, SMMEs can register and upload required compliance documents, proof of being an existing business, and evidence of how they have been affected by the recent unrest. These documents will be used to vet and authenticate the claim,” she says. The platform will be open to both formal and informal business. “Once a complete profile has been submitted, a high-level vetting processes will be conducted by our sister company, Zevoli, at no cost to any party, to minimise the exposure of corporates to unscrupulous claims.” The SMMEs will then be categorised by industry, size, location, and number of employees to provide useful data for a corporate match. Registration is open to all small businesses with revenue of less than R50 million a year. Although BBBEE compliance will be requested, it will be for the purposes of recording rather than a pre-requisite for participation. “Similarly, corporates are requested to register their interest to support SMMEs on the Linkage platform. They will need to provide general corporate information, contact details and indicate the type of support they would prefer to offer,” says Mkhungo.
One Linkage CEO and co-founder Hepsy Mkhungo.
Direct relationship When a match is made, a direct relationship is established between the corporate and SMME. Corporates are free to select an SMME according to their preferred criteria. Some might select only businesses in their value chain, while others might prioritise a small business based on the number of employees, its location or how it has been affected. “The platform provides corporates with suggested ideas for support, based on the individual requirements per SMME. These could include infrastructure support, funding, mentorship or even psychological support. However, any additional support not specified can be offered by the corporate. Ideally, the participating corporate should take the SMME under their wing and provide endto-end support to ensure the company can get up and running again.” Mkhungo notes that one of the benefits for corporates is the support they lend can be aligned to either Corporate Social Responsibility (CSR) initiatives or Enterprise and Supplier Development (ESD) initiatives. The platform will simply provide another means to source program participants. “The broader benefit is helping the economy to recover from the setbacks caused by the unrest. The sustainability of any big business depends on its value chain. Unfortunately, the unrest has destabilised most value chains in South Africa, so this initiative is aimed to rebuild the industry.” Registration will be open from 21 July to 23 September 2021. In support of Nelson Mandela month, it will remain open for 67 days. Both corporates and SMMEs may register here: https://www. linkage.co.za/riseupsa/
SECURITY FOCUS AFRICA JULY 2021
11
FARM SECURITY
Farm security in SA: An update on the deadly scourge that’s killing and maiming the country’s farmers
Tied up, stabbed, strangled, shot, bludgeoned, tortured… their names appear on the Geni website, along with the details of their murders. Sibonelo, Johanna, Goberdhan, Renee, Themba, Adam, Jeremias… all with family and friends and among the 59 people murdered on South Africa’s farms and smallholdings since April 2020. According to civil rights organisation AfriForum, 64% of the victims in the almost 400 attacks recorded during this period were over the age of 50 and, in at least six incidents, nothing was even stolen1.
A
lthough there was a decline in the number of farm attacks in the 2020/2021 financial year compared to the previous financial year, says Ernst Roets, Head of Policy and Action in civil rights organisation AfriForum, there was an ominous increase in farm murders. During the past year, 59 people were murdered on farms in South Africa, compared to 41 in the previous year.
12
SECURITY FOCUS AFRICA JULY 2021
Who or what’s behind this particularly heinous crime? Benedict Weaver of the Zero Foundation Africa says: “Recent research suggests that foreign nationals are among those behind farm attacks, which have increased in Limpopo Province and near the border areas of both eSwatini and Lesotho. The results are as intended: increased anxiety within the community, demand for safety and self-defence training, emigration to
the urban areas and a disincentive for new and younger farmers.” As happened in Kenya, Rhodesia and then Zimbabwe, he continues, attacks on farmers and their herds or crops were largely motivated by a desire to redistribute land. The same scenario has unfolded in South Africa, with increasing demand for land redistribution and exacerbated by an unclear governmental policy regarding land reclamation.
securityfocusafrica.com
FARM SECURITY
While there are those who refuse to believe that there is racial motivation involved, Weaver says that one of the alternative explanations – that of financial gain – is also flawed, not least of all because the majority of victims are white farmers and also because the attacks are far more brutal than those in urban areas. Laurence Palmer, a retired Lt. Col. in the South African Defence Force, headed up the Oribi Commando in Port Shepstone on the lower South Coast of KwaZuluNatal for 12 years. During this period, the Commando played a major role in keeping the farmers safe along with the support of the SAPS. “Farm attacks were minimal in those days,” he says. A large percentage of farm attacks that have taken place in the last decade, however, have been committed by people from within the inner circles, he continues, citing employees, service providers, friends and even family members who enjoy close and trusted access to the properties. “Some of the perpetrators have or had personal grudges against the farmers, others were coerced into facilitating attacks by outsiders, and while opportunist attacks were and are possible, in most instances they are carefully planned and carried out with military precision.” Bill Sandham, Commercial Manager (responder) for Daytona Electronics, believes that farm attacks are motivated by an array of motives including need, envy, opportunity, land rights, racial tension, the need for cash to support substance abuse, and anger around working conditions and wages. Shelley Scheepers, Verifier’s National Operations Director Statistics, agrees. “Motives range from inside jobs, disgruntled employees and opportunistic criminals to poachers of both endangered species and red meat.” The challenges During his time on the South Coast, Laurence Palmer worked very closely with the farming community, helping to develop plans and strategies to keep them safe. “The Commando played a big role in this, and, with the support of the SAPS (South African Police Service), we were able to keep the farmers, their families and their property safe to a very large degree.” “When the Commando system was disbanded,” he continues, the police were supposed to take over the farm protection role – which never happened. The police do not have the resources, nor does its
securityfocusafrica.com
“Motives range from inside jobs, disgruntled employees and opportunistic criminals to poachers of both endangered species and red meat.” reactive culture fit in with the proactivity required, he maintains, whereas the Commando system worked because it was a formal structure with commandand-control support, resources, and a dedicated focus – farmers protecting farmers. “I don’t understand why the farmers didn’t group together and continue with the structures that existed under the Commando system,” he says, “but they did not, and now they are unprepared to meet attacks head-on and to successfully defend themselves.” Prevention before Reaction Palmer, who was recently approached by concerned farmers on the South Coast for advice, says his overriding philosophy is and has always been ‘Prevention before Reaction’. “Obviously, reaction is required to try to apprehend the attackers, gather evidence and provide medical and other support. But it is far better to be prepared and able to repel and survive an attack.” Farmers are often caught unaware, with the criminals already in the yard or the house before they realise what’s happening, he says. “On average there are two to four assailants, so the farmer doesn’t stand a chance in hand-to-hand combat. He therefore has to ensure that he has enough time and space to proactively respond to an attack.” Despite the promulgation of the National Rural Security Strategy in 2019, intended to address rural safety as an integrated day-to-day policing approach, it’s not working very well in reality, avers Ben Weaver. In part, the strategy encompasses a state-sponsored response to acts of terror, as previously witnessed in Kenya during the Mau-Mau insurgency (1952-1960), Rhodesia (during the 1970s) and Zimbabwe (in the early 2000s),” he explains. “In these countries, the security response to farm attacks and stock theft had been a case of ‘too little too late’. Rural safety and development is desperately under-resourced, says Scheepers, and the massive amount of land between farmhouses makes it even more difficult to secure areas from the furthest point of their boundaries to their homesteads. “Crime scenes are not being attended to timeously (if at all) due to police limitations or inefficiencies (no
vehicles, no staff, no interest), and to employ permanent security is too costly for many farmers who are already feeling the economic crunch. They just cannot afford to deploy sufficient manpower to keep themselves, their families, and their farm workers safe.” For Sandham, it has always been about the total lack of ‘legal’ consequences: no capture at the scene of the crime, few, if any, arrests, no incarceration, no fasttracking of investigations and a police service unable to deliver the most basic service much of the time. “It’s almost impossible to cover these size areas with one piece of tech,” says Scheepers. “The issue we see most of the time is that farmers are inundated with salespeople trying to sell them the ‘silver bullet in technology’. Most farmers will buy into these schemes once, at a big cost, and then, when the technology fails, they become sceptical of technology in general. This then becomes a harder sell for independent consultants who have done their homework and know which technology works where.” Attackers aren’t fools Adds Palmer: “Farmers need to accept that they are responsible for their own safety, they must be ever-alert and prepared for the unexpected. The attackers are not fools: they observe, they plan, they are determined and, above all, they have nothing to lose. Human life has no value, and the normal values and deterrents that most people live by means nothing to them. Also important is for farmers to avoid disputes at all costs, to maintain effective communication with their workers and to solve problems before they escalate into out-of-control situations.” BEE Something else that needs to be considered, in the interests of reducing farm violence, believes Edwin Wakefield, MD of Mimic Components, is a BEEnegotiated handover of some properties, accompanied by a ten-year training period and a fair payment to the retiring farmer in return for the training. 1. https://afriforum.co.za/en/farmmurders-on-the-increase-again/
SECURITY FOCUS AFRICA JULY 2021
13
FARM SECURITY
Farm security: The inkblot strategy and other solutions For Benedict Weaver of Zero Foundation Africa, farm security needs to be intelligence-driven in a three-phased approach that utilises a classic counter-terrorism technique known as the “inkblot strategy”.
H
e explains: “Security stakeholders may use the inkblot strategy to connect the dots and deploy concentrated resources, in focused areas, on a roving basis. Once one area has been ring-fenced and mapped, other selected areas may then be ring-fenced utilising the flexibility of the PIS (predictive intelligence system). In this way, specific ring leaders will be identified, their online communications monitored, their planned attacks anticipated, and security resources may be allocated more effectively.” Based on his extensive experience in the anti-poaching and conservation sectors, Weaver advocates the implementation of a three-phased approach that encompasses historical incidents and security breaches, the names of suspects, and keywords and slang or local language phrases. Phase One • Conduct local research and profile suspects online.
14
SECURITY FOCUS AFRICA JULY 2021
• Configure a secured server with an alert system to advise when certain keywords have been activated, know what social media platforms are being regularly used and identify the communications pathways between known suspects, previously unidentified ring leaders and second tier operators on the ground. • Continue with the 24 hour monitoring of the information being retrieved and then analysed. Phase Two • Manage the information gathered and provide intelligence alerts on a regular basis, whether hourly, daily, weekly or monthly. • Assess these intelligence alerts and look for patterns of activity and intentions within a ring-fenced area. • Distribute text messages or posts in the vernacular and create a heat map for review purposes. • Analyse the heat map to identify communications traffic chokepoints and
determine who is communicating more regularly and in greater volume with whom and when. Phase Three Source feedback from the security stakeholders and users of the predictive intelligence system (PIS) to determine the following: • Results achieved • Challenges faced • Successes and failures • Recommendations Farm Watches Prior to the establishment of the Commando System, farmers had Rifle Associations to keep in touch with and protect themselves, says Laurence Palmer. “The Farm Watch concept may fulfil the same role today – it just requires buy-in from all of the farmers in an area, and a formal structure to ensure that the plans and support protocols are in place and work.”
securityfocusafrica.com
FARM SECURITY
For them to succeed, Farm Watches need to include farms in a naturally defined area: in a valley, a grouping of farms in-between two main roads, between a river and a main road, or even just a grouping of like-minded individuals, he says. “A well trained and well-run Farm Watch is a huge asset,” agrees Shelley Scheepers, Verifier’s National Operations Director Statistics. “We have worked with many Farm Watches across the country. The very best of them are non-political, work hand-in-hand with the SAPS, have the required training for crime scene management, legal parameters, emergency response procedures etc. In a well-coordinated Farm Watch environment, farmers may receive assistance from at least four other members within minutes. The rest of the team is able to cordon off areas, effectively leaving nowhere for the suspects to run. All of this being said, Farm Watches need a very close relationship with their SAPS members in order to work in line with the law.” “Security equipment is expensive,” agrees Palmer, “but modern technology is such that small budgets may still provide what is needed for adequate protection. At the very least, farmers need an early warning system that gives them time and space to prepare and respond effectively to an imminent attack, and an effective, reliable communication system to summon timeous response.”
securityfocusafrica.com
Start with the house Scheepers suggests that the starting point is to secure the farmhouse, which may be done with cameras using AI (artificial intelligence) at a relatively minimal cost. “A mixture of technology will go a long way,” she says, “from securing the roads outside their boundaries with License Plate Recognition technology, to thermal cameras powered by AI on the boundary fence lines. Dependent on the landscape, radar technology may be cost effective, owing to its ability to cover a huge area, with the added benefit of integrating cameras, animal tagging, visitor management and the like into the device. Automatic drone deployment is also a great option – however, as with all of the above, it will inevitably come down to budget.” Teeth that bite back Daytona Electronics’ Bill Sandham has compiled a list of ‘teeth that bite back’. “When seconds matter, early warning technology that verifies humans (not birds/cats etc.) prior to breaching physical barriers/virtual perimeters is first prize. Plus adding small dogs in the house to act as warnings, bunkers, lighting triggered by motion with a beep, electrified fencing in tight zones i.e. the immediate garden, beams, manned guards, CCTV (closed circuit television) with UPS (uninterrupted power supply), solar functionality and OSVM (off site video monitoring). Add to
this video verification, PA (public address) systems to ‘shout’ at intruders, early warning sirens (minimum 130 decibels), fog or gas – provided it’s located away from humans and animals – and a compliant police force that operates within a fast, motivated legal system with real consequences, which hurts the transgressors EVERY time.” “Everyone’s default is to go for CCTV, whether analogue, digital or thermal, says Sandham, “and surveillance definitely has huge benefits. However, each case is different and requires a brief derived from a threat analysis as per the chart above. He continues: “Every measure and counter-measure that acts against lawlessness is very welcome and in desperate need. Delegate all threats to a body/force/service provider who takes responsibility for negative outcomes and thus makes them accountable for inferior, non-acceptable levels of protection to the very clients which they take the money from. Also, the Agri industry could subsidise some of the technology and create monthly payment/rentals (not CapEx though) to fast-track the deployment of sec-tech which could include innovations such as a localised thermal drone force that has the ability to intercept intruders at the earliest point.” In agreement with the above, Palmer also advocates intelligent perimeter beams that are linked to automatic flood lights and cell phones, the creation of a safe space containing effective communications
SECURITY FOCUS AFRICA JULY 2021
15
FARM SECURITY
to keep the family safe while calling and waiting for assistance, panic buttons and double vacuum gates. Edwin Wakefield, MD of Mimic Components, says that a basic system comprising an enclosure around the house with fence alarms and motionsensing solar lights pointing outwards and positioned on the house fence, is a good start and sometimes better than the more expensive solutions if it is used together with an active, on-the-ball Farm Watch. In addition, he continues, is creating a ‘nearest neighbour assistance plan’ supported by a long-range multitone sounder. “The sounder may help to ward off intruders and get the quickest response from the surrounding area. Whilst neighbours should not be expected to engage with armed intruders, the sounder will alert them to danger while also hopefully chasing the criminals away – preferably in a prearranged direction that will assist the security company to trap them. Each group will need to appoint a training officer and, if possible, maybe though Afriforum, funds could be raised to pay for the employment of coordinators and to help develop a national strategy. It could work along the lines of local WhatsApp groups, and it would need to have a backup if internet reception is poor in the area. The police will have to be involved in each area, but the driving will have to be done by the coordinators.” Take back the element of surprise Wolfgang Kirsch, Senior Developer at Classic Systems, believes the surprise element – currently in favour of attackers – needs to be taken back by farmers and responders. This may be achieved, in part, through the use of good, easy-to-use security systems together with trained first responders. The fear of new technology may be a drawback – it’s daunting to have to re-skill – and communication infrastructure could also be a challenge when or where internet and telephone coverage is limited, but great strides have been made in accessibility and coverage in the last few years with wireless long-range equipment. Farmers, he continues, need training in situational observation and prevention, too. “As a control room software provider, we are not directly involved in the ground responses, but I would like to say this: The perpetrators work in groups and are highly organised in their attacks, which suggests that syndicates are involved.”
16
SECURITY FOCUS AFRICA JULY 2021
The number of commercial farms in South Africa has decreased alarmingly from 120,000 in 1994 to about 35,000 today, warns Weaver. “A similar decline in commercial farming was witnessed in Kenya post-Mau-Mau insurgency and in Rhodesia following independence. Both of those countries were agriculturally rich before these events but became net importers of food afterwards. South Africa will go the same way unless a new strategy for farm security is adopted. If we ignore the problem for too long, South Africa will be unable to feed its population, and this will result in a whole different basket of socio-economic problems.” Wolfgang Kirsch of Classic Systems concurs, saying, “Farmers are essential to the country’s sustainability. The government should be providing tax incentives to companies and to farmers actively working to make farming communities safer.” Contributors: • AfriForum / Ernst Roets Phone: 086 10 200 30 / 012 644 4485 Email: ernst@afriforum.co.za Website: https://afriforum.co.za/en/ farm-murders-on-the-increase-again/ • Daytona Electronics / Bill Sandham Phone: 084 886 0000 Email: bill@de24hr.co.za Website: www.DE24HR.co.za • Zero Foundation Africa / Ben Weaver Phone: 27 21 712 3024 Email: weaver@zerofoundationafrica. com Website: https://www. zerofoundationafrica.com/ • Laurence Palmer Phone: 073 954 4450 Email: unicornnlpconsulting@gmail.com • Mimic Components / Edwin Wakefield Phone: 060 012 3456 Email: edwin@mimiccomponents.co.za Website: https://mimiccomponents.co. za/ • Classic Systems / Wolfgang Kirsch Phone: 010 500 9300 / 011 084 7900 Email: info@intelligent-monitoring.com Website: http://www.intelligentmonitoring.com • Verifier Off-Site Monitoring / Shelley Scheepers Phone: 086 111 6023 Email: stevenv@verifier.co.za Website: https://www.verifier.co.za/ • Willy de Jong Phone: 041 368 6184 / 076 717 8646 Email: willydj@axxess.co.za
Veteran security electronics advisor Willy de Jong makes the following points: • Farms and smallholdings are often located in isolated areas, making them very vulnerable to attack, as security backup is a long distance away. The criminals thus have time on their hands to commit their foul deeds before security back-up arrives. • Farms usually have firearms and cash on hand, which are attractions for criminals. • Typically, security weaknesses include occupants not being security-aware. They often leave doors and gates unlocked, valuables lying around in the open and so on. • It is critical for farmers to know who their workers are and to have copies of their ID books, to know where they live, and to keep communication channels open. • Key security elements include a secure fence with razor wire around the home area, security gates and burglar bars. Add to this communication with the outside world per cell phone and/or two-way radio system to security patrols or back up organisations. And a safe area where those under attack may seek refuge until help arrives. • If budget permits, a CCTV (closed circuit TV) system that senses movement and is backed up by guards on the premises is money well-spent, as is a good two-way radio system and microwave beams inside the perimeter fence and at vulnerable points.
securityfocusafrica.com
INDUSTRY OPINION
Should we ban cryptocurrency to stop ransomware? By Brendan Kotze, Chief Development Officer, Performanta.
M
any people have been weighing in on the issue and talking about possible solutions. We’ve reached the stage where some suggestions are pretty radical. Ransomware locks your data with encryption and then extorts a cryptocurrency fee to get the unlock code. Cryptocurrencies primarily operate outside of financial systems and their paper trails, and are easier to launder into hard currency. Recently, publications such as The Wall Street Journal and The Verge mulled the idea of banning cryptocurrencies, as they are the payment of choice for ransom demands. But that is too drastic an action, and I doubt it will make a real difference. If we step back, the problem isn’t ransomware but weak security and the low risk associated with cybercrime. You may ban crypto, but criminals will find other techniques and payment systems to get their way. They may just do what cybercriminals are known for: steal your data and sell it to the highest bidder. Canning cryptocurrencies won’t stop that. The idea is also flawed because it tackles a symptom, not the causes. And there is one cause that few people talk about: the
securityfocusafrica.com
security poverty line. Analysts have coined this term to designate companies that cannot afford proper cybersecurity, and note that the vast majority of businesses fall under this threshold. The math is obvious: if the vast majority of companies (predominantly SMEs) cannot afford decent cybersecurity, a sharp jump in successful attacks is the outcome. In the current market, you need to spend a lot to get genuinely robust security. JPMorgan Chase spends about $600 million annually and employs 3,000 security staff. The cybersecurity market caters primarily for such customers. If you are a small or medium enterprise, or an individual, and with limited or no access to security skills, there isn’t much out there to secure you. Yet, the answer doesn’t start with buying technology. It starts with awareness. Fixing this problem won’t be easy, but we may start by talking about it. People should know more about their individual security risks. If we spend as much attention on security hygiene as we complain about our data on Facebook, it will be harder for cybercriminals to succeed. We should also stop framing this problem as primarily one involving
nation-states. Yes, they play a role, but most attacks are launched by unsophisticated criminal gangs. While security vendors develop a new impressive technology, cybercriminals dip into old attacks that we’ve forgotten about. Some of the most dangerous malware out there today first emerged over a decade ago. Sensationalism and apathy are letting individuals off the hook and allowing the cybersecurity industry to focus on the big companies, not the little guy. Yet most attacks target small companies, and most attackers get through because an individual didn’t scrutinise a phishing mail. These are easy to solve problems. They require a change in attitude among people, security vendors, and the media. People need to understand they are the target, security vendors must help lower the security poverty line, and the media should look beyond sensationalism and treat cybercrime as a pandemic. If we could promote security hygiene the way that we push masks and social distancing, the risk-reward ratio of cybercrime will diminish substantially. Or we could ban cryptocurrencies and see what new trick the bad guys come up with next, which they will.
SECURITY FOCUS AFRICA JULY 2021
17
NEWS
Cybercrimes Act: South Africa finally joins the big boy table President Cyril Ramaphosa has just signed the Cybercrimes Bill, which seeks to bring South Africa’s cybersecurity laws in line with the rest of the world, into law. By Ahmore Burger-Smidt, Director and Head of Data Privacy Practice and member of Competition Law Practice; and Nyiko Mathebula, Candidate Attorney.
T
his Bill, which is now an Act of Parliament, creates offences for and criminalises, amongst others, the disclosure of data messages which are harmful. Examples of such data messages include: • those which incite violence or damage to property; • those which threaten persons with violence or damage to property; and • those which contain an intimate image. Other offences include cyber fraud, forgery, extortion and theft of incorporeal property. The unlawful and intentional access of a computer system or computer data storage medium is also considered an offence along with the unlawful interception of, or interference with data. This creates a broad ambit for the application of the Cybercrimes Act which defines ‘data’ as electronic representations of information in any form. It is interesting to note that the Act does not define ‘cybercrime’ but rather creates a number of offences such as those canvassed above. There is no doubt that the Cybercrimes Act will be of particular importance to electronic communications service providers and financial institutes as it imposes obligations upon them to assist in the investigation of cybercrimes, for example, by furnishing a court with
18
SECURITY FOCUS AFRICA JULY 2021
certain particulars which may involve the handing over of data or even hardware on application. There is also a reporting duty on electronic communications service providers and financial institutions to report, without undue delay and where feasible, cyber offences within 72 hours of becoming aware of them. A failure to do so may lead to the imposition of a fine not exceeding R50,000. A person who is convicted of an offence under the Cybercrimes Act is liable to a fine or to imprisonment for a period of up to fifteen years or to both a fine and such imprisonment as may be ordered in terms of the offence. It is further interesting to note the impact that this act will have on businesses, especially considering its overlap with the Protection of Personal Information Act 4 of 2013 (POPIA), amongst other regulatory codes and pieces of legislation. POPIA, which deals with personal information, aims to give effect to the right to privacy by protecting persons against the unlawful processing of personal information. One of the conditions for lawful processing in terms of POPIA is security safeguards which prescribes that the integrity and confidentiality of personal information must be secured by a person in control
of that information. This is prescribed by POPIA in order to prevent loss, damage or unauthorised access to or destruction of personal information. POPIA also creates a reporting duty on persons responsible for processing personal information whereby they must report any unlawful access to personal information (data breach) to the Information Regulator within a reasonable period of time. In light of the above, companies should be cognisant of their practices, especially in dealing with data or information. The value of data as an asset, the oil of the new economy, cannot be understated. To quote the CEO of Apple, Tim Cook: “We shouldn’t ask our customers to make a trade-off between privacy and security. We need to offer them the best of both. Ultimately, protecting someone else’s data protects all of us.” Read more on the major cyber security risks to your business here: https://www. werksmans.com/legal-updates-andopinions/the-major-cyber-securityrisks-to-your-business/
securityfocusafrica.com
WHITE PAPER
Today your colleague, tomorrow your captor How well do you know the people in your department? Do you know, and understand, if they have personal problems? By Dr Gerhard Schoeman, Industrial Psychologist.
I
magine the following scenario: “Early one morning, a man walks into his office building armed with a handgun, a shotgun and enough ammunition to start his own small war. He has had enough, in his opinion, of being mistreated by his colleagues and supervisor and has decided to show them what he is capable of, which includes taking his whole department and his supervisor hostage. “His emotional decline began two months prior when his wife left him and then the quality of his work started to deteriorate. His supervisor didn’t listen to his side of the story and threatened to fire him if he did not improve his performance. His colleagues called him a no-good crazy nut, and he felt increasingly that no one supported him. He submitted numerous requests for leave to sort out his life but they were turned down every time. When he was fired, nothing seemed to matter anymore by way of his reasoning.” Most of us assume that being taken hostage will happen to other people but never to ourselves. There is, however, a tendency for some people to become violent when trying unsuccessfully to deal with their problems: just look at the increase in assault, road rage, murder, and even hostage-taking incidents of late. People seem to be taking the law into their own hands. Taking people hostage is a serious crime, yet more and more people are turning to it as a means of trying to solve their problems due to their acute levels of frustration. Hostage taking is a political act for
securityfocusafrica.com
terrorists, and an emotional (feeling?) act for people who believe that they have been wronged in some sense. Hostage taking is normally done in order to gain a specific end result. There are different types of hostage situations, too: a barricade situation, like in the above scenario, is where hostages are kept within a confined space. There are also different kinds of hostage takers. Some plan a hostage taking well in advance, while others take hostages on the spur of the moment. The hostage taker in the scenario above is called a ‘wronged person’. The wronged person is motivated by a sense of grievance resulting from some experience with society. They feel that they were not treated fairly. The grievance may be due to a single event or a series of events. These captors may display violent rage if provoked. If the hostages or authorities do not listen to them they might become violent and even kill hostages. Have you ever heard that after a bad incident, like the scenario above, people will normally say something like: “He was such a nice guy. Who would ever have thought that he would do something like this?” or “He was always a quiet and reserved person… I wouldn’t have seen him as the violent type.” What could you do to prevent a scenario like the one mentioned or be prepared should something similar happen? With hostage taking, the old saying of prevention is better than cure, is a wise option so here is some advice:
• HR should ensure that all their processes are always in place, and these need to include providing assistance to people experiencing personal problems, financial problems or work-related problems. • Make time to get to know your employees/colleagues better and really listen if they want to tell you something. This way, you will know when they’re struggling with something, whether in their personal or work environments. • If an employee’s or colleague’s behaviour changes suddenly, try to find out why. Changes to note include withdrawing from other people, the quality of their work begins to deteriorate, they start coming late to work, etc. Aside from offering them your support or professional help if needed, HR/Management should have an Employee Assistance Programme in place too. • Be emotionally prepared for dealing with a crisis situation. Anything could happen at any time, whether at work or home. • If you ever feel that life is becoming too much for you to deal with, do not take the law into your own hands! Speak to somebody who may help you. It might be a close friend, the minister at your church, a doctor or anybody that you trust. Help is always available. If you do find yourself in a hostage situation, you can do the following: • Do not argue with the hostage taker, since this will only further provoke him or her. • Listen to all their instructions and follow them. • Do not try to be a hero. • Do not tell the person what to do – it will be the last thing he or she would like to hear. • Treat the captor with respect. Respect works both ways: if you respect them, they might start to respect you as a person. • Display non-threatening behaviour. Keep your hands clear and do not make any sudden movements. • Have faith that you will survive and be rescued. As soon as you start losing your faith, you lose the battle. Any type of violent crime may be very traumatic and may have an effect on your personal and work life. It is very important to go for debriefing or counselling after such an incident.
SECURITY FOCUS AFRICA JULY 2021
19
ON THE MARKET
A way to battle zoom fatigue
The corporate world is currently experiencing a mix of office-bound employees and remote employees. It may be difficult, mentally, for some employees to get those personal interactions and water cooler chats when at home or working from another office.
A
survey done by Achievers1 in the UK has shown that at least a third of the workforce feels disconnected from company culture2. Video Window3 has created a software to combat the feeling of being disconnected. Stefan Mayer, Managing Director of Corporate AV Integration4, explains that “we have too many scheduled video meetings, especially over the Covid period. We miss the office banter and social interactions and Video Window enables this and so much more”. What is video window? Video Window is a video conferencing software platform with a yearly subscription model. For the software to function at optimum capability, the system would require a video bar such as a Logitech Meetup5 with a 55 inch touch screen and a small form factor PC. Ideally, the screen should be touchscreen as it allows for touch interaction such as knocking and white boarding. Whiteboarding allows two people in two locations to have a chat and then pull up a whiteboard in an opaque screen, allowing them to draw on the screen and still see themselves. It’s like drawing on seethrough paper. Should a touch screen not be available or too costly, then a mouse may be used to operate the software with a slightly less immersive input. Depending on the requirements for the company, it is suggested that the screen be
20
SECURITY FOCUS AFRICA JULY 2021
displayed in a common area and that it should be placed vertically to allow for a better human interaction. This allows the workforce to see more than just the heads and shoulders of their colleagues. The software may also be used by remote employees on their tablets, where they may join in on the call during the office’s lunchbreak to be part of the conversation and to stay involved. How does it work? Video Window is ideal for use between two offices, usually of the same company, in common areas such as lunchrooms. It has a 24-hour or a scheduled video stream. At any time during the day an employee may walk up to the screen and knock on it to alert the person on the other side that they would like to have a chat. The stream is automatically muted, but a knock from the first user will alert the second and give them the opportunity to unmute the screen to begin the conversation. The stream may also be between more than one office or even for use by remote employees. The remote employees may download the application on their tablets and also join in on the conversation. How it combats Zoom fatigue Since the start of the pandemic and over the course of the last year, the workforce has experienced an increase in Zoom fatigue6 cases. The digitisation of the workforce,
accelerated by the pandemic, has made communication between offices at remote locations much easier, except that it still lacks human interaction. With the Video Window, the feeling of human interaction may be recovered. Because of the orientation of the screen and the unscheduled calling, it makes the conversations that stem from these interactions more natural. It takes away the Zoom fatigue since the interactions aren’t forced, they do not have to follow Zoom etiquette, and may disconnect from the call at any time. It creates the feeling of a more personal interaction, and it helps to combat the feeling of being remote or distant from your colleagues. “I think that we are all missing out on real social connections. We have online interaction with our colleagues, but they are all scheduled and mostly work related. Video Window takes the meeting aspect out of video conferencing and becomes a tool for spontaneous connection in the workplace. When a team has the ability to have these spontaneous interactions, it alleviates the feeling of being disconnected – helping teams grow and be more productive,” concludes Mayer. About Corporate AV Integration Corporate AV Integration (PTY) Ltd was founded in 2011 to provide corporate audiovisual (AV) solutions that help our clients maximise their return on investment in these complex and potentially expensive technologies. Our vision is to become Africa’s leading provider, implementer, and integrator of corporate AV solutions. Our mission is to elevate professional standards in the corporate AV market by providing qualified skills and leading products that help our clients to derive the maximum benefit from their AV solutions. 1. https://www.achievers.com/gb/ 2. https://workplaceinsight.net/a-third-of-britishworkers-left-feeling-disconnected-fromcompany-culture-and-colleagues-duringcovid-19/ 3. https://videowindow.com/ 4. https://www.corporateav.biz/ 5. https://www.corporateav.biz/post/productreview-logitech-meetup 6. https://www.healthline.com/health/zoomfatigue
securityfocusafrica.com
ON THE MARKET
Innovation is allowing citizens to claim back their safety In a bid to provide South Africans with convenient and affordable access to private safety and safekeeping, a security guard company is arming citizens with the power to protect themselves by simply shaking or dropping their phone to activate the distress feature.
“B
eing safe is a basic human right and should be treated as such. However, in the past, only an exceptionally small amount of our population had access to private security services. This is especially true for women who are often subjected to gender-based violence. With the help of the latest technology, previously underutilised private security resources are now available to more communities within South Africa because the journey to making South Africa safe is a long one and this is our way of contributing to our ever-growing society,” says Michael Brown from iFearLESS. The smartphone bodyguard app, iFearLESS, launched this month across all app stores and was created with women’s safety in mind, provides subscribers access to a multitude of effective and reliable private armed response companies, emergency medical services, legal assistance as well as trauma assistance. The app alert is activated by simply shaking or dropping your smartphone or by pushing the activation button.
securityfocusafrica.com
As soon as the app is activated, a 20-second audio/video recording starts and is automatically sent to the cloud for safekeeping, which may later be used to assist in the apprehension and conviction of suspects. The app is location-driven via the GPS on your smartphone and therefore the location accuracy of the originating signal is impeccable. The app uses cutting-edge technology, much like ride e-hailing apps, therefore, autonomously connecting the user with the five nearest armed response vehicles. It simultaneously also sends an SMS with the user’s location to their pre-selected emergency contacts to inform them that their loved one is in danger. The Institute for Security Studies (ISS) cites approaches to safety and security that use ‘tough on crime’ tactics that make little to no impact on safety. Calls for ‘declaring a war on crime’ and having opinions on ‘zero tolerance for persons in conflict with the law, in fact, often ignore human rights, do not deter crime, and most importantly, do not make people feel ‘safe’.
Statistics gathered by the South African Police Service (SAPS) from January 2020 to March 2021 indicate that robbery at residential premises increased by 7,6%, while carjackings were 4,9% higher on the period under review. But perhaps the most daunting figures are those of murder and attempted murder clocking in at 8,4% and 8,7% respectfully. There were also 9,518 incidents of reported rape during the same period. “Unfortunately, as the recent outbursts of violence that broke out in KwaZuluNatal and Gauteng indicated, citizens cannot always solemnly rely on the police to come to their aid when their lives or property are at risk. And, in light of the large numbers of violent incidents against women, citizens also need to equip themselves with something more personal and reliable. This is the gap that security companies such as iFearLESS are bridging, using innovation to equip residents with the immediate power to protect themselves and take back their safety,” concludes Brown. Website: https://ifearless.co.za/
SECURITY FOCUS AFRICA JULY 2021
21
INDUSTRY OPINION
Your employees are ready for hybrid working. Are you? The past year has redefined work so that it is now much more about ‘what you do’ and much less about ‘where you go.’ As it becomes feasible for us to meet one another again, leaders are having to think about what the office is really for and how best to use the space. By Wendy Mars, Senior Vice President, President - Cisco EMEAR. Used with the permission of https://newsroom.cisco.com/
W
hile some businesses are preparing to return to the office full-time and others are letting people work from home indefinitely, most are looking at hybrid options. Employees want flexibility and choice. According to Cisco’s research1, 87% of workers surveyed in EMEAR want the ability to decide whether they work in the office or at home – or even in coffee shops, co-working spaces, customers’ or suppliers’ sites, hotels and other hospitality environments that are rethinking their own business models in light of changing working practices. A permanent move to a hybrid way of working is a monumental change for any business and how leaders manage that
22
SECURITY FOCUS AFRICA JULY 2021
change is a defining moment. Five topics that need to be on every leader’s mind Exactly what the new way of working looks like will be different from one business to the next. Working this out will be a big undertaking, but an important one. Leaders and managers need to look at every team and every role to see what’s right for them, assessing the type of work they do and who they need to collaborate with. While each business will have its own model that best matches its needs, there are certain considerations that should be on every leadership team’s agenda right now.
Here are five thought-starters for the big conversations that are now underway. 1. The leadership mindset has to change. The leadership style of 2019 is out of date in today’s environment. Gone are the days when a manager could look out from a glass corner office and see their team getting on with their work. To succeed in this new environment, we need to rethink how we measure performance, how we motivate our teams, and how we plan work. We will need to focus much more on culture, purpose and wellbeing to help people better manage their time, their working
securityfocusafrica.com
INDUSTRY OPINION
relationships and their mental health. 2. The company culture of the future is built on inclusion and trust. After all the promises and commitments of 2020, remote working presents an opportunity to give real meaning to diversity and inclusion. Geography is no longer a barrier to hiring, opening up a whole world of talent. Remote-working technologies are increasingly focused on creating more equal and inclusive experiences. Real-time translation means that you may join a meeting and speak your own language. Noise cancellation means that no one needs to worry about their barking dog anymore. With the right culture and technology in place, everyone may have an equal voice and remote attendees may participate as fully as in-person attendees. Remote working presents challenges, too. For example, our EMEAR research2 showed that one in six employees don’t feel trusted to do their job from home without extensive oversight. With more people working remotely, leaders will need to let go of the notion that good management is time management and begin to measure performance in results and outcomes, not hours. Employees will also have to adapt and ensure that they earn their managers’ trust when they work away from the office and we all have to learn to respect each other’s time and mental health. This culture of ‘always on’ is simply not sustainable. 3. The office still serves a purpose, but that purpose is changing. Many people are saying they’ve felt more productive working at home. So, if your employees aren’t coming in to sit at a bank of desks and work through a to-do list from 9 to 5, what’s the office for? Your people and teams will have different priorities and it will be important to listen to them and use their feedback and insights to design the best possible environment – whether that’s for team brainstorms, client meetings, innovation, socialising, or mental wellbeing. With 98% of future meetings expected to have at least one person dialling in3, we need to give just as much thought to the out-of-office experience as the in-office one.
securityfocusafrica.com
4. Security needs to be top of mind. Remote working at scale has opened up new opportunities for security threats. Your security architecture needs to be designed for this new IT environment. Traditional security approaches have assumed that anything inside the corporate network may be trusted but that’s no longer enough as employees work from anywhere, use their own devices to access the network, depend increasingly on cloud-based applications and collaborate with people wherever they are. A zero-trust model treats all resources as external and continuously verifies trust before granting only the required access. This makes it harder for attackers to collect what they need (e.g. user credentials and network access). Access now happens at all levels, so all types of access requests (workforce, workplace and workload) need to be secure. 5. Data may help you keep your employees safe. Even as some countries are lifting Covid restrictions, your employees and visitors need to feel safe coming to your office. Facial recognition, contact tracing, no-touch devices, voice commands and social distancing alerts are all coming into play as businesses step up their health and safety. The data provided will help you update working patterns and adapt your office capacity as needed, so that you may respond quickly to changing
regulations and address your employees’ concerns. A defining moment for leaders If all of that seems like a lot to achieve in the next 12 months, just think back to March 2020 and all the changes that we managed to make, virtually overnight. Now we have the opportunity to build on everything we’ve learned since then as we plan for a new future. This is a defining moment for leaders, let’s make it count. 1. https://ebooks.cisco.com/story/workforce-ofthe-future/page/3/2 2. https://ebooks.cisco.com/story/workforce-ofthe-future/page/5/1 3. https://www.cisco.com/c/dam/en/us/products/ collaboration-endpoints/workforce-surveyinfographic.pdf References • Workforce of the Future Survey 2020 https://ebooks.cisco.com/story/ workforce-of-the-future/ • Cisco Global Workforce survey, October 2020 https://www.cisco.com/c/en/us/ products/collaboration-endpoints/ workforce-survey-2020.html#~surveyhighlights • Where does work go from here? (Infographic) https://www.cisco.com/c/dam/en/us/ products/collaboration-endpoints/ workforce-survey-infographic.pdf
SECURITY FOCUS AFRICA JULY 2021
23
SPECIAL OPINION FEATURE PIECE
Consolidated workloads need intelligent storage architecture to ensure high availability and reduce the fault domain Consolidating workloads is a tried and tested approach to improving operational efficiency. A successful consolidation strategy may have both economic and administrative benefits. However, it could also increase the size of the fault domain, which is the collection of workloads that have a single point of failure. By Hayden Sadler, Country Manager for South Africa at Infinidat.
T
he more workloads that are consolidated, the bigger the benefits but also the larger the impact of a failure. To mitigate this risk, the underlying storage architecture needs to be addressed with an intelligent approach, to ensure 100% guaranteed data availability along with other benefits. The ever-present efficiency challenge The IT industry is constantly juggling the challenge of making infrastructure as
24
SECURITY FOCUS AFRICA JULY 2021
efficient and cost effective as possible, while also ensuring that performance, availability and agility needs are met. Workload consolidation is one strategy that many enterprises have adopted in order to achieve this, and according to IDC, it potentially offers a host of benefits. These include more efficient data sharing, centralised management leading to higher productivity, and a simplified environment with fewer storage vendors to manage. In addition, as economies of scale kick in through denser infrastructure, costs are reduced,
both directly and indirectly through lower energy consumption and reduced storage footprint. However, legacy architecture frequently does not support a consolidated workload strategy, which may negatively impact performance. In such an environment, if one workload requirement spikes, other workloads could be affected. Furthermore, maintenance and upgrades could cause downtime, which means that service requirements cannot be met. Finally, the larger and more densely consolidated a
securityfocusafrica.com
SPECIAL OPINION FEATURE PIECE
system, the larger the impact of a failure, and the longer it takes to recover. Catastrophic failure could potentially take down an entire system or data centre. An intelligent architecture is the answer Traditional storage typically deploys N+1 architecture, which is the live component plus one redundant system for failover. This is problematic for consolidated workloads for several reasons. Such an architecture leaves organisations exposed when their component infrastructure is offline for any reason. For example, during an upgrade. If, during such a time, a component failure occurs on the redundant system, or any such other unforeseen event, access to data is lost. The cost implications of such a failure are massive, not to mention lost revenue and reputational damage resulting from downtime. Organisations need to deploy an N+2 architecture, which features triple redundancy to dramatically reduce the risk of outright failure. In a triple redundancy environment, there is always a redundant backup, even if one system is offline. However, simply implementing an additional redundant system is not
securityfocusafrica.com
sufficient. Recovery time is critical, so enterprises need automatic failover and fail back. Active-active clusters are also critical, so that redundant systems are always online, allowing for seamless transition between systems without disrupting data access. Effectively maintaining a dense workload consolidation environment While consolidated workloads typically have lower failure rates, they have larger fault domains. The more workloads brought together, the greater the impact when a failure occurs. The final consideration is to leverage a system that guarantees 100% data availability and uptime. Importantly, it should also enable non-disruptive upgrades. A software-defined approach to storage design may assist with accommodating evolving technology such as consolidated workloads, while maintaining cost efficiency through elastic pricing, a flexible financial model that combines CapEx and OpEx, and industry-standard hardware. This is where intelligence comes in to deliver high performance on commodity hardware. Solutions need to offer consistent
performance against varying Input/ Output (I/O) profiles, with multi-tenant management to ensure consistent quality of service for all workloads regardless of their capabilities. This is critical to maximising performance across all areas. Out with the old To leverage storage workload consolidation effectively, enterprises need a vendor with a proven track record of delivering intelligent, cost effective storage at multi-petabyte scale. They also need to ensure they implement a solution that enables elastic pricing, where costs are not directly linked to the storage media. Consolidated workloads bring together multiple legacy storage arrays on a single platform. This has many benefits, as discussed above. However, there are specific considerations that organisations need to bear in mind, as the capabilities of the storage architecture are of the utmost importance. This includes performance, availability, functionality, and affordability requirements, to costeffectively consolidate different types of workloads with different I/O profiles onto a single system.
SECURITY FOCUS AFRICA JULY 2021
25
PERSONALITY COMPLIANCY PROFILE
In conversation with…
Ernst Roets
“Some of my happiest memories growing up involve farms – as well as some of my worst.” Ernst Roets, Head of Policy and Action at AfriForum.
T
he public face of civil rights organisation AfriForum, Ernst has to deal with human tragedy on a daily basis, and yet somehow he manages to keep upbeat, his trademark sense of humour perhaps the antidote to the serious side of his life. Born in Pretoria, a very small Ernst and his family moved to Tzaneen, where he went to kindergarten, primary school and high school. His was a sentimental childhood, he says, a great childhood lived by what he laughingly refers to as a weird kid! “I enjoyed doing funny things in front of people and making them laugh. And I had wonderful friends.” He loved school, too, proudly matriculating from Merensky High School in 2003 with the idea of pursuing a career in community work. This leaning was the result of living in fear of farm murders and going out at night with his grandfather to catch those stealing telephone cables – experiences that he admits had a big impact on his life. Your early years I wasn’t sure what profession to choose when I was in high school. I considered
26
SECURITY FOCUS AFRICA JULY 2021
psychology first, before eventually deciding to study law. After I had attained my LLB, I did my articles as a candidate attorney at Hurter Spies, AfriForum’s go-to law firm. Though I qualified as an attorney, I did not end up working as one, instead accepting a fulltime position at AfriForum, where I had long been involved on a voluntary basis as national chairperson of AfriForum Youth. Tell us more about AfriForum and what you do AfriForum works according to a civil rights charter, committed to playing a role in a well-functioning democracy where minorities are included, and their rights protected, in conjunction – where possible – with NGOs (non-governmental organisations) and other civil society organisations. Kallie Kriel, AfriForum’s CEO, started AfriForum – before then he worked in Solidarity’s marketing department. And Alana Bailey also played a leading role in getting the organisation up and running. Their intention was to create a platform for minorities that
would allow their voices to be heard in the post-1994 political dispensation. In 2011, I was promoted to Deputy CEO of AfriForum. Then, in 2019, we decided to do away with the ‘Deputy CEO’ job titles (there were four of us) and to make those job titles more descriptive of what we actually do. My job title was then changed to Head of Policy and Action. Is there such a thing as a typical workday for you? No! AfriForum currently has close to 200 full-time employees, more than 150 branches and in excess of 150 community safety structures across South Africa. Further, more than 12 000 people are involved, as volunteers, through the various safety structures. There’s always something big happening that sort of disrupts one’s schedule. On Mondays I am usually booked for meetings for the entire day. Other than that, my days are usually filled with a combination of planning meetings for campaigns, time in the studio to do video recordings, press and other conferences, joining networking meetings, going to court and attending
securityfocusafrica.com
PERSONALITY PROFILE
events. I also spend a lot of time reading and writing. WhatsApp and emails take up much more of my time than I would like, but they come with the job. I try not to spend too much time on social media, but it’s also an important part of my job. I drink a lot of coffee and there are days when it’s so hectic that I don’t eat anything at all – possibly why I’m not overweight! A new favourite motto Recently, when I was in Hungary, we had a meeting with some senior government representatives with which we discussed the challenges that we were experiencing. One of them said to us: “There are no challenges, only tasks.” It’s been one of my favourite mottos since then. The rewards For me, one of the greatest rewards is the sense of fulfilment which I get from doing something that really matters, and that makes a difference. Who were and are your heroes? Growing up, definitely my father and my grandfather… my family as a whole, actually. In my work environment, my mentors include Kallie Kriel, CEO of AfriForum, Dirk Hermann and Flip Buys, people that I am privileged to know personally. Among the academics I admire most are Professor Koos Malan – I did my LLB dissertation and my LLM thesis under him, and I’m now doing my doctorate under him, too – and Professor Danie Goosen. Kallie Kriel has a fantastic natural sense of what to do, how to do it and how to frame an argument. He’s also incredible with people and a great leader – he’s the reason AfriForum has more than 280 000 members today. Dirk Hermann is also a wonderful leader with an impressive instinct for activism and I’ve learned a lot from him over the years. Flip Buys is one of the wisest people I know; Koos Malan is not only an expert in constitutional law, he also understands politics and current affairs and has an incredible ability to make sense of what’s happening. Danie Goosen is a philosopher who doesn’t focus on abstract theories about how the world should be but rather on understanding the world as it is. Do you have a bucket list? My wife has a never-ending bucket list, and she often encourages me to draft one of my own! I actually did so a few years
securityfocusafrica.com
ago and most of the things on it are done, including writing a book, playing in a band (again), publishing a music album and owning a PRS guitar. My next bucket list will include finishing my LLD, visiting Japan and Greece, seeing Dream Theatre perform live and writing more books. Five important things in your life: My work with AfriForum, spending time with my wife and children, playing guitar, reading books and exercising. I almost never spend time on anything that isn’t one of these five. I read a lot – this year I’ve managed to read a book virtually every week. I enjoy political theory and history, only reading fiction when there is an important underlying political message, such as in the works of Aldous Huxley, George Orwell and Albert Camus. Your thoughts on South Africa as it is now: I do not think that South Africa, as we know it, is sustainable. The system is too centralised and may too easily be taken over by whoever wins the election, to enforce their views on the whole society. The country needs a more decentralised system where local communities have more authority to make decisions that are important to them and in which different cultural communities may live in mutual recognition and respect. One of my biggest concerns is the misdiagnosis of the current crisis in South Africa, attributing it to corruption or crime or Zuma’s presidency, or unemployment. These are symptoms of an underlying problem, not the problem itself. If people mistake the symptoms for the problem, they are going to work towards unsustainable solutions, which is a waste
of time and energy. My father contracted malaria when I was about eight years old. His illness was misdiagnosed and, despite the treatment meted out by the doctors, he became sicker and sicker to the point where he nearly died. This is why I am so emphatic about diagnosing and treating problems – what happened to my father had a lasting effect on me. Advice to your younger self I would tell my younger self a lot: not to try to be an expert in everything, for one thing. It is okay to admit when you are wrong and to stick to your area of expertise. I believe that people who cannot do this are generally untrustworthy. Also, don’t expect everyone in the team to think and be like you – rather make an effort to understand what they’re good at and allow them to capitalise on their strengths. Then, while it’s sometimes good to work alone, isolation is dangerous. And when it comes to succeeding, good arguments aren’t going to win the day – action weighs much more than arguments. Every single thing that you do comes with an opportunity and a cost, so when you decide to do something, you are, in essence, choosing not to do something else. My approach to life is generally theoretical. When I was younger, I loved skateboarding. I would study the tricks with a very technical approach. This is why I enjoy playing lead guitar, too. I usually don’t learn songs – rather I focus on finger exercises and studying the theory. Those are just my hobbies, but they summarise my approach to life as well – which is probably why I like debating so much, too!
SECURITY FOCUS AFRICA JULY 2021
27
CYBER SECURITY
reprimanded for their online conduct. But the issue isn’t about personalities, politics or privilege. It is about responsibility and consequences for behaviour online. As more of us apply our right to freedom of expression through social media, we must be aware of our responsibilities and the real-world consequences of abusing them.
Social media, riots and consequences Fomenting violence online is illegal in SA – social media use during the latest violence makes digital literacy a priority. By Karen Allen, ISS Consultant. Original article: https://issafrica.org/iss-today/social-mediariots-and-consequences. Used with permission.
T
he role of social media in the ongoing looting and destruction of property in South Africa’s Gauteng and KwaZulu-Natal provinces is hard to determine in the heat of the moment. However the instigators of what started at the weekend as a campaign of politically motivated economic sabotage have demonstrated1 how social media can be weaponised, with devastating consequences. At the time of writing, the official2 death toll was 117 people. Over 1 400 have been arrested, and 12 ring leaders are under investigation. The cost to the economy3 is expected to run into billions of rand, adding to the substantial burden already faced, especially by small and medium-sized enterprises, due to Covid-19. A dangerous information gap has been allowed to develop by the lack of timely, accurate public information from government sources. The traditional media’s ability to access unrest sites has also been limited, with journalists sometimes in danger. Social media platforms are filling that void, often with unverifiable content, much of it false. For a worried public desperate for news, the result can be an inflated reality shared via self-selected, trusted social media networks. How reality becomes distorted is evident when comparing officially confirmed incidents in a few
28
SECURITY FOCUS AFRICA JULY 2021
days in Gauteng with social media reports (see diagram). The pictures presented by the two sources don’t correspond. Images and videos (many fake or taken out of context) of burning infrastructure, fences torn down or other acts of civil disobedience generate their own momentum. They have arguably provoked further violence and threats of racialised and militia-like counter-attacks. In times of crisis, the need for information is normal, and social media contact provides a degree of comfort and connection to those affected. But the mix of fact, experience and fiction that emerges on these digital platforms may also cause anxiety, fear and panic-buying among the public, and has inflamed racial mistrust and hatred. The effect threatens South Africa’s already fragile social contract. A social media-consuming public may add fuel to the fire by resharing content that is inflammatory or simply untrue. These actions have consequences. The African National Congress’s (ANC) announcement4 that it will hold former president Jacob Zuma’s daughter Duduzile Zuma-Sambudla accountable for her tweets shows that the governing party has woken up to the power of cyberspace. Her posts included embedded video and calls to ‘let it burn’. Four other ANC members are being
A dangerous information gap was allowed to develop by government, and social media filled the void Weaponising social media is a crime. Malicious communications on social media platforms are offences5 under South Africa’s new Cybercrimes Act, which has just been signed into law. Part II of the act makes it an offence to incite damage to property or threaten to damage property or persons. Furthermore, if tweets, messages or conversations are peppered with fake or deliberately manipulated images, the offences may amount to cyber forgery and uttering. Simply resharing deliberately manipulated content that is malicious could make any one of us unwittingly assistants in committing a crime. It’s estimated that over 22 million people in South Africa use social media platforms, and the number is rapidly rising as more acquire smartphones. During riots, protests or looting, the power of social media for good and ill is thrown into sharp focus. For professional journalists, the police, military and emergency responders, platforms such as Twitter, Facebook and WhatsApp may provide real-time intelligence of events on the ground. By using open-source investigative techniques6 to verify images and video placed in the public domain on social media, police and prosecutors may identify offenders. A social media-consuming public can fuel the fire by resharing content that’s inflammatory or untrue For security services, social media could inform where and how they deploy. It is a vehicle for transmitting public safety announcements, like urging people to avoid areas where violence has erupted. For journalists, social media offers unfiltered snapshots from the ‘front line’ and an immediacy that’s hard to match in an era of round-the-clock news.
securityfocusafrica.com
CYBER SECURITY
Social media has also become a powerful tool to hold public officials accountable. From the perspective of protesters exercising their constitutional rights, online platforms provide a check on those who police our streets. It allows people to capture and report real-time abuses or other examples of executive overreach, and a megaphone to demand consequences for transgressions. But social media during civil unrest is a double-edged sword. Institute for Security Studies research7 has shown how messages or tweets, images and videos that generate outrage are amplified through powerful algorithms and artificial intelligence, enabling messages to reach more people faster. South Africa’s crime intelligence must be equipped to identify unrest patterns on social media before they happen by tracking trending issues and potential influencers during times of tension. This will require resources and time. Investigators and prosecutors need to be better versed in applying the new law on cybercrime and malicious communications effectively to translate laws into action. And public awareness campaigns aimed at responsible digital use could help mitigate the unintended consequences of our social media age. A failure to prosecute the worst transgressors risks turning social media into a free for all These are medium-term solutions. As the looting and destruction of property continue, South Africa’s leaders should use their own social media feeds to warn against abuses. Traditional media must remain vigilant, exercising the founding principles of journalism by verifying news sources. As the public, we must take responsibility for what we post or face the consequences in court. Social media platforms are also under pressure to play a part in de-escalating tensions. Recently, Economic Freedom Fighters leader Julius Malema briefly experienced restricted access to his Twitter account after the platform’s controllers argued that he had broken their rules. Nigerian President Muhammadu Buhari experienced similar restrictions recently after tweets from an account in his name were taken down. His response was to ban8 Twitter in Nigeria – a trend we may expect to see elsewhere in Africa as political leaders rub up against
securityfocusafrica.com
Source: ISS Crime Hub
technological realities that define our age. The recent unrest and apparent fomenting of violence online underscore the need for digital literacy in South Africa. A failure to investigate and prosecute the worst transgressors risks turning the platforms into an anarchical free-for-all. This may push the government to restrict social media use altogether or usher in punitive laws that constrain the democratic space. 1. https://www.dailymaverick.co.za/article/202107-14-under-investigation-twelvemasterminds-planned-and-executedinsurrection-on-social-media-then-lostcontrol-after-looting-spree/ 2. https://www.youtube.com/
watch?v=vE2PGHLjhP8 3. https://www.iol.co.za/business-report/ companies/counting-the-costs-sa-businesseswrecked-by-unrest-e0e49e51-b86e-56198e6e-f9f69cc10fc5 4. https://www.timeslive.co.za/politics/2021-0712-she-will-have-to-explain-her-tweets-ancto-hold-zumas-daughter-accountable-fortwitter-posts/ 5. https://issafrica.org/iss-today/south-africalays-down-the-law-on-cybercrime 6. https://issafrica.org/iss-today/using-digitaltools-against-financial-crime-and-corruption 7. https://enactafrica.org/research/researchpapers/digital-vigilantism-social-media-andcyber-criminality 8. https://issafrica.org/iss-today/social-mediaand-the-state-challenging-the-rules-ofengagement
SECURITY FOCUS AFRICA JULY 2021
29
CYBER SECURITY
What SMEs need to know about Ransomware attacks Ransomware attacks are on the rise and malicious cybercriminals are always fine-tuning their strategies. Business leaders need to realise that their tactics include disrupting critical business operations across all industry verticals and businesses of all sizes, including small to midsize enterprises (SMEs). By Brandon Rochat, Cybereason sales director for Africa.
W
ith most of the recent headline-making ransomware attacks against larger organisations who are likely to be more financially capable of meeting exceedingly large ransom demands, the findings around the targeting of smaller businesses, with fewer resources, raises the question as to why ransomware operators are going after SMEs in the first place. The frequency and severity of successful ransomware attacks have a tremendous impact on victim organisations and their ability to conduct business. This was highlighted in a recent Cybereason report titled Ransomware: The True Cost to Business1. A case of misplaced confidence One of the central drivers of SMEs’ vulnerability to ransomware is misplaced confidence, by the organisations themselves. The National Cyber Security Alliance got it right when it said that at least some SMEs simply think they’re too small to be of interest to attackers. In a 2019 survey covered by CSO, for instance, 18% of SME decision makers said that digital security was their lowest priority. Two-thirds of respondents justified this stance by saying that a ransomware attack against them was unlikely—despite 67% of SMBs having suffered a ransomware attack.
30
SECURITY FOCUS AFRICA JULY 2021
Such overconfidence creates a culture where a weak security posture and poor security hygiene by SMEs may actually make them more attractive to ransomware attackers. Going back to the study by Cybereason, a significant number of SMEs indicated that they do not have a specific plan or people with the right skill sets in place to address the risk posed by a ransomware attack. A ransomware reality check for SMEs Additionally, many SMEs are not as concerned about ransomware attacks because they also feel that their information is less valuable than that of larger organisations, but that’s simply not true – if it were, attackers wouldn’t see a financial incentive for targeting SMEs. In fact, the 2021 Data Breach Investigations Report (DBIR) confirmed that financial gain was the central motive for threat actors who target SMEs, both small (fewer than 1,000 employees) and large (more than 1,000 employees). Notwithstanding those findings, there are plenty of SMEs that fail to pursue the essential security measures that could prevent ransomware and other attacks from being successful. And the notion that an organisation may simply pay a ransom demand and easily regain access to their systems and data in
lieu of investing in more robust security to prevent a ransomware attack is uninformed, as is the idea that cyber insurance will cover the aggregated losses following an attack. For instance, about half of the SMEs who participated in the Cybereason study indicated they did not have any endpoint protection or antivirus solutions deployed on their systems, despite the fact that these solutions are readily available and are not cost-prohibitive for smaller organisations, especially when compared to ransom demands averaging between $350,000$1.4 million. In addition, of the organisations who were the victim of a ransomware attack and opted to pay the ransom demand in exchange for the decryption tool to recover their encrypted data, nearly half reported that some or all of the data was corrupted during the recovery process. And, of the respondents who suffered ransomware attacks and had cyber insurance, about half indicated that the policies only covered a portion of the costs or none at all. Costs associated with a successful ransomware attack typically include loss of revenue, damage to the organisation’s brand, unplanned workforce reductions, closure of the business for a period or permanently, and more. These findings underscore why it does not pay to pay ransomware attackers, and that businesses should focus on early detection and prevention strategies to end ransomware attacks at the earliest stages, before critical systems and data are put in jeopardy. Ransomware attacks are a major concern for businesses across the globe, often causing massive business disruptions, including the loss of income and valuable human resources as a direct result. Paying a ransom demand does not guarantee a successful recovery, does not prevent the attackers from hitting the victim organisation again and, in the end, only exacerbates the problem by encouraging more attacks. Getting in front of the threat by adopting a prevention-first strategy for early detection will allow businesses to stop disruptive ransomware before they may hurt the business. The full report may be found here: Ransomware: The True Cost to Business1. 1. https://www.cybereason.com/ebookransomware-the-true-cost-to-business
securityfocusafrica.com
CYBER SECURITY
WildPressure’s multi-platform malware hits macOS in the Middle East
Kaspersky has been tracking Milum – a malicious Trojan used by WildPressure, an advanced persistent threat (APT) actor active in the Middle East – since August 20191. While investigating one of the latest attacks by the actor on what seems to be the industrial sector, Kaspersky researchers discovered newer versions of the malware written in different programming languages. One of the versions is able to infect and run on both Windows and macOS systems.
I
n threat hunting, many discoveries unravel from a small clue, and this campaign is no exception. Often, once a device is infected by a Trojan, the malware sends a beacon to the attackers’ servers, which contains information about the device, network settings, user name and other relevant information. This helps the attackers determine whether an infected device is of any interest. However, in the case of Milum, it also sent information about the programming language in which it was written. When first investigating the campaign in 2020, Kaspersky researchers suspected that this pointed to the existence of different versions of this Trojan in different languages. Now this theory has been confirmed. In the European Spring 2021, Kaspersky identified a new attack by WildPressure, which was carried out with a set of newer versions of the Milum malware. The files discovered contained the Milum Trojan written in C++ and a corresponding Visual Basic Script (VBScript) variant. Further investigation into this attack uncovered another version of the malware written in Python, which was developed for both Windows and macOS operating systems. All three versions of the Trojan were able to download and execute commands from the operator, collect information, and upgrade themselves to a newer version. Multi-platform malware capable of infecting devices that run on macOS is rare.
securityfocusafrica.com
This particular specimen was delivered in a package, which included the malware, Python library and a script named ‘Guard’. This enabled the malware to launch both on Windows and macOS with little additional efforts. Once infecting the device, the malware runs operating system-dependent code for persistence and data gathering. On Windows, the script is bundled into an executable with a PyInstaller. The Python Trojan is also capable of checking whether security solutions are being run on a device. “WildPressure operators retain their interest in the same geographical area. Malware authors developed multiple versions of similar Trojans, and they have a versioning system for them. The reason behind the development of similar malware in multiple languages is most probably to decrease the likelihood of detection. This strategy is not unique among APT actors, but we rarely see malware that is adapted to run on two systems at once, even in the form of a Python script. Another curious feature is that one of the targeted operating systems is macOS, which is a surprising target given the geographical interest of the actor,” comments Denis Legezo, senior security researcher at GReAT, Kaspersky. Read more about the new WildPressure samples on Securelist2. Watch a workshop on how to reverseengineer WildPressure samples in a video by Denis Legezo here3.
To avoid becoming a victim of a targeted attack, Kaspersky experts recommend: • Don’t consider a less common operating system as shield from threats; it’s not. Using a reliable security solution is a must, regardless of the system and devices you rely on. • Make sure that you update all software used in your organisation on a regular basis, particularly whenever a new security patch is released. Security products with Vulnerability Assessment and Patch Management capabilities may help to automate these processes. • Choose a proven security solution, such as Kaspersky Endpoint Security4, that is equipped with behaviour-based detection capabilities for effective protection against known and unknown threats, including exploits. • In addition to adopting essential endpoint protection, implement a corporate-grade security solution that detects advanced threats on the network level at an early stage, such as Kaspersky Anti Targeted Attack Platform5. • Ensure that your staff understands basic cybersecurity hygiene training, as many targeted attacks start with phishing or other social engineering techniques. • Make sure your security team has access to the most recent cyber threat intelligence. Private reports on the latest developments in the threat landscape are available to customers of Kaspersky APT Intelligence Reporting6. • Upskill your SOC team to tackle the latest targeted threats with Kaspersky reverse engineering online training7, developed by GReAT experts. 1. https://securelist.com/wildpressure-targetsindustrial-in-the-middle-east/96360/ 2. https://securelist.com/wildpressure-targetsmacos/103072/ 3. https://youtu.be/1v79QRhi1HM 4. https://www.kaspersky.co.za/small-to-mediumbusiness-security/endpoint-windows 5. https://www.kaspersky.co.za/enterprisesecurity/anti-targeted-attack-platform 6. https://www.kaspersky.co.za/enterprisesecurity/apt-intelligence-reporting 7. https://xtraining.kaspersky.com/?utm_ source=pr-media&utm_medium=partner&utm_ campaign=gl_xtr-wildpressure_je0066&utm_ content=sm-post&utm_term=gl_pr-media_org anic_66jpzgkgnjbgdrn&redef=1&THRU&reselle r=gl_xtr-wildpressure_acq_ona_smm__onl_ b2b_pr-media_post_______
SECURITY FOCUS AFRICA JULY 2021
31
NEWS
New appointment at Networks Unlimited underscores the importance of governance and compliance Networks Unlimited has recently appointed a new Risk and Compliance Officer, Siphokazi Mato, to ensure that the company functions in a legal and ethical manner while meeting its business goals. Compliance is a crucially important aspect of a business, referring to the practice and processes of how a company adheres to established guidelines and legal specifications.
M
ato explains, “Compliance is necessary to ensure that Networks Unlimited conducts its business in compliance with all national and international laws and regulations, as well as professional standards relating to the company’s particular business arena. The penalties and imprisonment for non-compliance could have disastrous effects on an organisation, which makes it critically important for doing business. “Compliance has become significantly important all over the globe, particularly in Europe and some countries in North America that South Africa does business with. It thus became imperative for companies in Africa to follow suit. The Protection of Personal Information Act (POPIA), which came into force on 1 July this year, is going to play a critical role in terms of compliance requirements in South Africa.” Mato says that POPIA is a win for all involved, as it allows a data subject to have ownership of their personal information as well as to monitor its transfer. However, this means that organisations will need to have more stringent measures in place to ensure that all the personal information held is done so with the requisite consent, and used only for the purpose for which it was intended. “Furthermore,” she explains, “the Act requires organisations to educate their employees about POPIA, as well as ensure that the necessary measures are in place to ensure legal compliance. This piece of legislation requires ongoing monitoring of the controls in place. “In addition to the POPI Act, there are numerous other laws, regulations, standards and practices with which we need to adhere for compliance. When
32
SECURITY FOCUS AFRICA JULY 2021
we speak of Data Privacy Laws, the most common ones are the European Union’s General Data Protection Regulation (GDPR), the US Privacy Act, the UK’s Data Protection Act and the Malabo Convention in Africa, to name a few.” Mato adds that compliance officers are responsible for developing compliance programmes, reviewing company policies, and advising management on possible risks, and thereafter, for ensuring that the organisation adheres to policies and procedures, especially regulatory and ethical standards. They perform regular audits, design control systems and help to design and implement company policies. Having graduated with a Bachelor of Arts (BA Law) and Bachelor of Laws (L.L.B.) degrees, she notes that there are many legal requirements in the compliance arena that constantly need to be considered, and that a legal background helps the incumbent to better manage the demands of the role. “Preparing a compliance risk assessment requires an in-depth study of the relevant legislation, regulations, directives and policies in order to effectively apply these to the organisation, as well as assess whether the relevant controls we have in place are adequate to address the risk involved,” she explains. “Furthermore, having an attorney in the role means that you have a compliance officer who may provide legal opinions on how the relevant legislation will affect the organisation.” “We are very pleased to welcome Siphokazi to the management team,” adds CEO Anton Jacobsz. “Her two primary levels of responsibility include, firstly, compliance with the external rules that are imposed on our organisation as a whole,
and secondly, compliance with internal systems of control that are imposed to achieve compliance with the externally imposed rules. “Her appointment is a further reflection of the ongoing evolution of our business, and we know that having a compliance officer as part of our organisation will improve and mature Networks Unlimited’s business practices further.” About Networks Unlimited Networks Unlimited is a value-added distributor, committed to empowering African businesses through innovative technology solutions. Our focus includes the world’s leading security, networking, storage, enterprise system management (ESM) and cloud technologies. As a company, we are dedicated to taking our partner ecosystem to new heights. We support our partners through operational excellence, a competitive pricing strategy and strong focus on education, with the view of investing in long-term relationships. We work with competitive, resilient businesses, who are leaders in their field of excellence. Our offerings include a portfolio of products highly regarded by Gartner, such as Altaro, Attivo Networks, Cofense, Fortinet, F5, Hitachi Vantara, NETSCOUT, NVIDIA, ProLabs, RSA, Rubrik, SentinelOne, SevOne, Silver Peak, Tenable, Tintri and Uplogix. Contacts Networks Unlimited, Shamini SchaafHardwick , +27 (0) 11 202 8400, shamini@nu.co.za icomm, Vivienne Fouché, +27 (0) 82 602 1635, vivienne@pr.co.za, www.icomm-pr.co.za
securityfocusafrica.com
ON THE INDEX MARKET
Contributors and advertisers index ENTITY
PAGE WEBSITE
Achievers 20 www.achievers.com/gb/ AfriForum
26 www.afriforum.co.za
Cisco
22 www.cisco.com
Cybereason South Africa
30
Dr Gerhard Schoeman
19
Icomm
32 www.icomm-pr.co.za
iFearless
21 https://ifearless.co.za/
Infinidat
24 www.infinidat.com
Institute for Security Studies
28
Kaspersky
31 www.kaspersky.com
Networks Unlimited
32
https://networksunlimited.africa/
One Linkage
11
www.linkage.co.za/riseupsa/
Performanta
17 www.performanta.com
Peter Bagshawe
34
Security Association of South Africa
6, IBC
www.sasecurity.co.za
Werksmans Advisory Services
18
www.werksmans.com
securityfocusafrica.com
www.cybereason.com
https://issafrica.org
SECURITY FOCUS AFRICA JULY 2021
33
THE LAST NEWS WORD
CONCOURT ORDERS AND ARREST In the previous article, ‘The Rule of Law’, reference was made to the necessity for the protection of The Rule of Law for the functioning of our legal system to protect the integrity of the Constitution and the court’s integral role in this. The Rule of Law was encapsulated as follows: “For this mechanism to work it is essential that measures are in place to ensure adherence to the principles of supremacy of law, equality before the law, accountability to the law, fairness in the application of the law, separation of powers, participation in decision-making, legal certainty and avoidance of arbitrary actions with procedural and legal transparency.” By Peter Bagshawe
I
n the matter of Secretary of the Judicial Commission of Inquiry into Allegations of State Capture, Corruption and Fraud in the Public Sector including Organs of State v Zuma and Others [2021] ZACC 18 the Constitutional Court considered the application of the Secretary of the Zondo Commission for an order of imprisonment for Jacob Zuma following
34
SECURITY FOCUS AFRICA JULY 2021
his refusal to comply with the previously issued Constitutional Court order requiring Zuma to appear before the Commission. In this matter the Zondo Commission Secretariat elected to directly approach the Constitutional Court (instead of an inferior court) and the Court accepted jurisdiction, as it was a Constitutional Court order that Zuma was defying, and also recognised the exceptional and urgent circumstances. The
majority decision of the Court delivered by then Acting Chief Justice Sisi Khampepe was boldly stated and clear in its intention and is notable particularly in that this is the first time that the Constitutional Court has imposed a direct custodial sentence. Due to limited space, the following extracts from the judgment are intended to give an overview of the judgment and do not go into particular detail.
securityfocusafrica.com
THE LAST NEWS WORD
Justice Khampepe stated “I pen this judgement in response to the precarious position in which this court finds itself on account of a series of direct assaults, as well as calculated and insidious efforts launched by former president Jacob Gedleyihlekisa Zuma, to corrode its legitimacy and authority.” This is amplified by her words “Never before has this court’s authority and legitimacy been subjected to the kinds of attacks Zuma has elected to launch against it and its members. Never before has the judicial process been so threatened.” Additionally Justice Khampepe said “It is disturbing that he, who twice swore allegiance to the republic, its laws and its constitution, has sought to ignore, undermine and, in many ways, destroy the rule of law altogether.” Turning from this to the sanction imposed the judgment made it clear that a noncustodial sentence was considered. However, the Court would have been “naïve” to believe that a suspended sentence, requiring him to appear at the Commission to testify for the sentence to be stopped, would do anything other than extend the period of Zuma’s defiance. The Court sentenced Zuma to 15 months imprisonment and ordered that he surrender himself to the South African Police Services at either Nkandla or Johannesburg Police Station by midnight on Sunday 4 July 2021. In the event that Zuma failed to comply with this, the Minister of Police and the National Commissioner of Police were instructed to, within 3 days, take the necessary steps to ensure that Zuma is handed to Correctional Services to begin his sentence. The minority judgment of Justices Theron and Jafta broadly held that Zuma had not been treated exceptionally has been seized on by Zuma’s defence team. Normal circumstances would dictate that Zuma would have handed himself over to the authorities in compliance with an order of the apex court. This was not the case and a new twist has been added. Jacob Zuma refused to surrender himself and launched a further attack on the judiciary as well as an application for a stay of his arrest in the Pietermaritzburg High Court and an application for rescission of judgment to the Constitutional Court. The former hearing took place on 6 July with the decision to be delivered on 9 July and the rescission hearing was scheduled for 12 July 2021. The decision to approach the Pietermaritzburg High Count is of interest
securityfocusafrica.com
“Never before has this court’s authority and legitimacy been subjected to the kinds of attacks Zuma has elected to launch against it and its members. Never before has the judicial process been so threatened.” – Justice Khampepe in that it is an inferior court to the Constitutional Court and the point of argument put forward by Advocate Dali Mpofu put forward that the High Court had jurisdiction as a fundamental right would be breached by depriving Jacob Zuma of his freedom prior to his rescission hearing. Additionally, Mpofu argued that his client had been sentenced without an opportunity to appear before the Constitutional Court. The counter to this, and pointed out by Justice Mnguni, was that jurisdiction would need to be established. It appears from court papers that Zuma will, in the Constitutional Court advance arguments that imprisonment should not be imposed given his age, medical condition and the pandemic which would collectively place him at increased risk of exposure to illness and potentially death. It is also apparent that the failure to appear at the Commission of enquiry will be justified on the basis of Commission Chair Zondo declining to recuse himself, alleged bias on the part of Zondo, a misunderstanding between his legal team and the Commission when Zuma left proceedings without permission, the mechanism of appointment of the Commission Chair and Thuli Madonselsa’s report as then Public Protector. A further point of interest is the advice, via a letter from the State Attorney, by Minister of Police Bheki Cele and National Police Commissioner Khehla Sithole to Acting Chief Justice Raymond Zondo that the police will not act in terms of the Constitutional Court order to arrest Jacob Zuma until his rescission hearing has been completed or unless directly instructed otherwise by the Court. Simplistically stated this means that the Minister and Commissioner are in defiance of a court order. This appears to open them to sanction. Turning back to the judgment due to be delivered by Justice Jerome Nguni, the delay does not in any way mitigate against the exposure
of the Police Commissioner and Minister. This course of action has been criticised by the Zondo Commission Secretariat which have justified its stance. Additionally the police have been criticised for refusing to act against supporters of Jacob Zuma who have gathered an Nkandla to protect Jacob Zuma from arrest and are in defiance of Covid-19 lockdown Level 4 regulations that ban gatherings, and mandate the wearing of masks. This is patently at odds with the arrest of 465,098 persons charged with breaching lockdown regulations with previous police action, in some instances, being heavy handed. The presence of elements of Umkhonto weSizwe Military Veterans Association and statements attributed to their command structure have been noted as indicative of friction within factions of the African National Congress that has been highlighted by the presence of senior members of the party at Nkandla offering support to Zuma including currently suspended Secretary General Ace Magashule. The majority decision given by Justice Khampepe is clear in its ambit and the processes that should have followed. Zuma’s refusal to hand himself to the authorities, events at Nkandla and subsequent veiled references to potential civil disorder or Marikana-like events, the referral of the arrest procedure by the Minister of Police and National Police Commissioner to Acting Chief Justice Zondo and the rescission application to the Constitutional Court have substantially clouded the issues. In the interim, and pending court decisions, The Rule of Law and its application remain exposed. PETER BAGSHAWE holds a Bachelor of Law degree from the former University of Rhodesia and a Bachelor of Laws degree from the University of the Witwatersrand.
SECURITY FOCUS AFRICA JULY 2021
35
DIRECTORY
SECURITY ASSOCIATION OF SOUTH AFRICA (SASA) ADMINISTRATION Suite 4, Blake Bester Building, 18 Mimosa Street (cnr CR Swart Road), Wilro Park, Roodepoort Suite 147, Postnet X 2, Helderkruin 1733 National Administrator: Tony Botes t: 0861 100 680 | e: tony@sasecurity.co.za c: 083 272 1373 | f: 0866 709 209 Membership, accounts & enquiries: Sharrin Naidoo t: 0861 100 680 | e: admin@sasecurity.co.za c: 083 650 4981
SASA OFFICE BEARERS
REGIONAL OFFICE BEARERS
National President: Marchél Coetzee c: 084 440 0087 e: marchelcoetzee@omegasol.com
Gauteng: Gary Tintinger c: 084 429 4245 e: gary.tintinger@cwexcellerate.com
National Chairperson: Franz Verhufen c: 082 377 0651 | e: fverhufen@thorburn.co.za
KwaZulu-Natal: Clint Phipps c: 082 498 4749 e: clint.phipps@cwexcellerate.com
National Deputy Chairperson: Louis Mkhethoni c: 082 553 7370 e: louis.mkhethoni@securitas-rsa.co.za
Western Cape: Koos van Rooyen c: 082 891 2351 | e: koos@wolfgroup.co.za
SECURITY AND RELATED ASSOCIATIONS AND ORGANISATIONS PSIRA (Private Security Industry Regulatory Authority) Eco Park, Centurion t: +27 (0)12 003 0500/1 | Independent hotline: 0800 220 918 | e: info@psira. co.za | Director: Manabela Chauke | Chairperson: T Bopela | Vice chairperson: Z Holtzman | Council members: Advocate A Wiid | Commissioner A Dramat APPISA (Association for Professional Private Investigators SA) Bertie Meyer Crescent, Minnebron, Brakpan | e: info@appelcryn.co.za | www.appelcryn. co.za | c: +27 (0)73 371 7854 / +27 (0)72 367 8207 | Chairperson: Ken Appelcryn ASIS International Johannesburg Chapter No. 155. Box 99742, Garsfontein East 0060 | t: +27 (0)11 652 2569 | www.asis155jhb.webs.com | President/chairperson: Johan Hurter | Secretary: Chris Cray ASIS International (Chapter 203: Cape Town – South African Security Professionals) President/ chairperson: Yann A Mouret, CPP Secretary: Eva Nolle | t: +27 (0)21 785 7093 | f: +27 (0)21 785 5089 | e: info@aepn.co.za | www.asis203.org.za BAC (Business Against Crime) Box 784061, Sandton 2146 | t: +27 (0)11 883 0717 | f: +27 (0)11 883 1679 | e: info@bac.org.za CAMPROSA (Campus Protection Society of Southern Africa) President: Des Ayob | e: 27149706@nwu.ac.za Executive Secretary: Derek Huebsch | e: huebsch. derek@gmail.com | www.camprosa.co.za CISA (Cape Insurance Surveyors Association) Shahid Sonday t: +27 (0)21 402 8196 | f: +27 (0)21 419 1844 | e: shahid.sonday@saeagle.co.za | Mike Genard t: +27 (0)21 557 8414 | e: mikeg@yebo.co.za DRA (Disaster Recovery Association of Southern Africa) Box 405, Saxonwold 2132 | Chairperson: Grahame Wright | t: +27 (0)11 486 0677 | f: (011) 646 5587 | Secretary/treasurer: Charles Lourens t: +27 (0)11 639 2346 | f: +27 (0)11 834 6881 EFCMA (Electric Fencing and Components Manufacturers Association) Box 411164, Craighall 2024 | t: +27 (0)11 326 4157 | f: +27 (0)11 493 6835 | Chairperson: Cliff Cawood c: +27 (0)83 744 2159 | Deputy chairperson: John Mostert | c: +27 (0)82 444 9759 | Secretary: Andre Botha c: +27 (0)83 680 8574 ESDA (Electronic Security Distributors Association) Box 17103, Benoni West 1503 | t: (011) 845 4870 | f: +27 (0)11 845 4850 | Chairperson: Leonie Mangold | Vice chairperson: David Shapiro | www.esda.org.za ESIA (Electronic Security Industry Alliance) Box 62436, Marshalltown 2107 | t: +27 (0)11 498 7468 | f: 086 570 8837 | c: 082 773 9308 | e: info@esia.co.za | www.esia.co.za FDIA (Fire Detection Installers Association) Postnet Suite 86, Private Bag X10020, Edenvale, 1610 | t: +27 (0)72 580 7318 | f: 086 518 4376 | e: fdia@fdia. co.za | www.fdia.co.za | President/chairperson: Clive Foord | Secretary: Jolene van der Westhuizen FFETA The Fire Fighting Equipment Traders Association) Postnet Suite 86, Private Bag X10020,
Edenvale 1610 | Chairperson: Belinda van der Merwe Administration manager: Rosemary Cowan | t: +27 (0)11 455 3157 | e: rosemary@saqccfire.co.za | www.ffeta.co.za FPASA (Fire Protection Association of Southern Africa) Box 15467, Impala Park 1472 | t: +27 (0)11 397 1618 | f: +27 (0)11 397 1160 | e: library@fpasa.co.za | www.fpasa.co.za | General manager: David Poxon GFA (Gate & Fence Association) Box 1338, Jhb 2000 | t: +27 (0)11 298 9400 | f: +27 (0)11 838 1522 | Administrator: Theresa Botha HSA (Helderberg Security Association) Box 12857, N1 City Parow 7463 | t: +27 (0)21 511 5109 | f: +27 (0)21 511 5277 | e: info@command.co.za | www. command.co.za | Chairperson: Stephen van Diggele IFE (Institution of Fire Engineers (SA) Treasurer: Andrew Greig | President: Mike Webber | Administrator: Jennifer Maritz | PO Box 1033, Houghton 2041 | t: +27 (0)11 788 4329 | f: +27 (0)11 880 6286 | e: adminstaff@ife.org.za | www.ife.org.za ISA (Insurance Surveyors Association) Box 405, Saxonwold 2132 | Chairperson: Graham Wright | t: +27 (0)11 486 0677 | Vice chairperson: Alan Ventress | Secretary: Alex dos Santos LASA (Locksmiths Association of South Africa) Box 4007, Randburg 2125 | t: +27 (0)11 782 1404 | f: +27 (0)11 782 3699 | e: lasa@global.co.za | www.lasa.co.za | President/chairperson: Alan Jurrius | Secretary: Dora Ryan NaFETI (National Firearms Education and Training Institute) Box 181067, Dalbridge 4014 | Chairperson: MS Mitten | Vice chairperson: Ken Rightford | t: +27 (0)33 345 1669 | c: +27 (0)84 659 1142 NaFTA (National Firearms Training Association of SA) Box 8723, Edenglen 1613 | National chairperson: Peter Bagshawe | t: +27 (0)11 979 1200 | f: +27 (0)11 979 1816 | e: nafta@lantic.net POLSA (Policing Association of Southern Africa) t: +27 (0)12 429 6003 | f: +27 (0)12 429 6609 | Chairperson: Anusha Govender | c: +27 (0)82 655 8759 PSSPF (Private Security Sector Provident Fund) Jackson Simon c: +27 (0)72 356 6358 | e: jackson@psspfund.co.za | www.psspfund.co.za SAESI (Southern African Emergency Services Institute) Box 613, Krugersdorp 1740 | t: +27 (0)11 660 5672 | f: +27 (0)11 660 1887 | President: DN Naidoo | Secretary: SG Moolman | e:info@saesi.com SAFDA (South African Fire Development Association) | 45 Oxford Road, Forest Town, Jhb | e: info@safda.net | t: 083 402 4002 SAIA (South African Insurance Association) Box 30619, Braamfontein 2017 | Chief executive officer: Viviene Pearson | Chairperson: Lizé Lambrechts | t: +27 (0)11 726 5381 | f: +27 (0)11 726 5351 | e: info@saia.co.za
SAIDSA (South African Intruder Detection Services Association) Association House, PO Box 17103, Benoni West 1503 | t: +27 (0)11 845 4870 f: +27 (0)11 845 4850 | e: saidsa@mweb.co.za www.saidsa.co.za | Chairperson: Johan Booysen Secretary: Cheryl Ogle SAIS (South African Institute of Security) Postnet Suite 86, Private Bag X10020, Edenvale, 1610 Chairperson: Dave Dodge | Administration manager: John Baker | t: +27 (0)63 782 7642 | e: info@ instituteofsecurity.co.za | www.instituteofsecurity.co.za SAN (Security Association of Namibia) Box 1926, Windhoek, Namibia | Administrator: André van Zyl | t: +264 81 304 5623 | e: adminsan@iway.na SANSEA (South African National Security Employers’ Association) Box 62436, Marshalltown 2107 | Administrators: SIA t: +27 (0)11 498 7468 | f: 086 570 8837 | e: galen@sansea.co.za SAPFED (Southern African Polygraph Federation) President: Flip Vorster | c: +27 (0)82 455 1459 | e: info@sapfed.org | Secretary: Anrich Gouws | e: admin@sapfed.org | www.sapfed.org SAQCC FIRE (South African Qualification Certification Committee) Postnet Suite 86, Private Bag X10020, Edenvale 1610 | t: +27 (0)11 455 3157 | www.saqccfire. co.za Executive Committee: Chairperson: Duncan Boyes Vice chairperson: Tom Dreyer 1475 Committee: Chairperson: Lizl Davel Vice chairperson: John Caird D&GS Committee: Chairperson: Nichola Allan; Vice chairperson: Clive Foord General Manager: Rosemary Cowan | e: rosemary@saqccfire.co.za SARPA (South African Revenue Protection Association) Box 868, Ferndale 2160 | t: +27 (0)11 789 1384 | f: +27 (0)11 789 1385 | President: Naas du Preez | Secretariat: Mr J. Venter, Van der Walt & Co SIA (Security Industry Alliance) Box 62436, Marshalltown 2107 | t: +27 (0)11 498 7468 | Chief executive officer: Steve Conradie | www.securityalliance.co.za SKZNSA (Southern KwaZulu-Natal Security Association) t: +27 (0)39 315 7448 | f: +27 (0)39 315 7324 | Chairperson: Anton Verster c: +27 (0)82 371 0820 VESA (The Motor Vehicle Security Association of South Africa) Box 1468, Halfway House 1685 | t: (011) 315 3588/3655 | f: +27 (0)11 315 3617 | General manager: Adri Smit VIPPASA (VIP Protection Association of SA) Box 41669, Craighall 2024 | t: +27 (0)82 749 0063 | f: 086 625 1192 | e: info@vippasa.co.za | www.vippasa.co.za | Enquiries: Chris Rootman c: +27 (0)82 749 0063 | e: vippasa@protectour.co.za
* Every attempt has been made to keep this information up to date. If you would like to amend your organisation’s details, please email jackie @contactpub.co.za 36
SECURITY FOCUS AFRICA JULY 2021
securityfocusafrica.com
DRIVING COMPLIANCE in South Africa’s Private Security Industry
With a five decade legacy, SASA is the greatest advocate of industry compliance, serving as resource for its members, an educational platform for consumers of security services, and an essential link between the private security industry and government. The Security Association of South Africa (SASA) is nationally recognised by the Government, South African Police Service and all Municipalities as having members with a proven track record within the industry and a Code of Ethics by which members must abide. SASA Gold Membership promotes compliance not only to the industry role-players, but to the end-users of security services as well. Join SASA today and find out more about how we can fight the scourge of non-compliance, promoting SASA Gold Membership as an essential requirement for all security service providers, ensuring industry excellence for the private security industry.
For more information, contact the SASA Administrator on admin@sasecurity.co.za Postal Address: Suite 147, Postnet X2 Helderkruin, 1733. Tel: 0861 100 680 Fax: 086 670 9209
www.sasecurity.co.za
DIGITAL BUYERS GUIDE
to security services & products Promote your business
Attract customers
Increase your sales
Claim your listing on www.securityfocusafrica.com/buyersguide
2 for 1 offer The print listings now mirror our online directory style with basic and premium listings. In fact, upgrading a basic listing in print to premium will include an upgrade to premium on the website and vice versa. The same information online is printed in the print directory.
Security Focus Africa is known for having the most comprehensive directory of service providers in Africa. We have been a trusted source of information for more than 38 years, and now offer this valuable resource online.
The market is tough out there. What makes your business different from any other? For starters, be more accessible on the internet. Online searches are now the preferred method of finding information and contact details, so the better your online presence, the more business you will get.
BENEFITS OF LISTING YOUR BUSINESS:
• By claiming your listing, you can keep your company’s information up to date at your own convenience • Upgrade your listing online at any time to maximise your brand exposure • Improve your SEO and online presence • We provide a targeted audience for your business • See your stats – know how many people are seeing your listing • Increase traffic to your website with a link from the directory
Security
For as little as R2 400, you can get the edge over your competitors by providing indispensable information to your customers on our online directory.
Affordable advertising is just a click away.
Focus
AFRICA
BUYERS GUIDE
www.securityfocusafrica.com/buyersguide KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
