www.securityfocusafrica.com | Vol 39 No 6 JUNE 2021 The official industry journal for professional risk practitioners: security, safety, health, environment and quality assurance
Security and the Cloud Stay safe from doxing
SASA June update
Benchmarking cyber threats to SA children The Rule of Law | POPI Act implementation date postponed
S
SINE
S
O
N FO R
B
U
PE
securityfocusafrica.com Security Focus Africa has been marketing suppliers to buyers in Africa since 1980, and is the official industry journal of the Security Association of South Africa. Our readers form the core of Southern Africa’s buyers and decision-makers in the security products and services industry. Our digital platforms have a highly-focused readership of people at the very heart of the security industry. Our news is distributed via website, digital magazine, and social media. Our annual Security Focus Africa Buyers Guide is searchable in our online directory, with over 760 businesses and branches throughout Africa. Need to find a service or supplier? We will help you find exactly what you need.
PO Box 414, Kloof 3640, South Africa Tel: +27 31 764 6977 | Fax: 086 762 1867 Email: contact@contactpub.co.za
Security Focus AFRICA w w w. s e c u r i t y f o c u s a f r i c a . c o m
The official industry journal for professional risk practitioners: security, safety, health, environment and quality assurance
KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
DIGITAL BUYERS GUIDE
to security services & products Promote your business
Attract customers
Increase your sales
Claim your listing on www.securityfocusafrica.com/buyersguide
2 for 1 offer The print listings now mirror our online directory style with basic and premium listings. In fact, upgrading a basic listing in print to premium will include an upgrade to premium on the website and vice versa. The same information online is printed in the print directory.
Security Focus Africa is known for having the most comprehensive directory of service providers in Africa. We have been a trusted source of information for more than 40 years, and now offer this valuable resource online.
The market is tough out there. What makes your business different from any other? For starters, be more accessible on the internet. Online searches are now the preferred method of finding information and contact details, so the better your online presence, the more business you will get.
BENEFITS OF LISTING YOUR BUSINESS: • By claiming your listing, you can keep your company’s information up to date at your own convenience • Upgrade your listing online at any time to maximise your brand exposure • Improve your SEO and online presence • We provide a targeted audience for your business • See your stats – know how many people are seeing your listing
Security
For as little as R2 400 , you can get the edge over your competitors by providing indispensable information to your customers on our online directory.
Affordable advertising is just a click away.
Focus
AFRICA
BUYERS GUIDE
www.securityfocusafrica.com/buyersguide KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
Security Focus Africa: Serving the South African security industry for 41 years
CONTENTS www.securityfocusafrica.com
VOL 39 NO 6 JUNE 2021
| Vol 39 No 6 JUNE 2021 al risk practitioners: security, safety,
profession The official industry journal for
health, environment and quality
assurance
Security and the Cloud Stay safe from doxing
SASA June update
Benchmarking cyber threats to SA children The Rule of Law | POPI Act impl
ementation date post poned
Security Focus quarter page October 2020.pdf 1 2020/10/08 14:24:39
12 COVER STORY SECURITY AND THE CLOUD 12 The importance of a zero-trust risk management strategy in 2021 and beyond.
SPECIAL REPORT
22 Benchmarking cyber threats to South African children.
DELIVERING PEACE OF MIND FOR ALL INDUSTRIES Nemtek is a leading global manufacturer and supplier of innovative electric fencing products used by many governments, local authorities and industries to protect their utilities, correctional facilities and defence infrastructures. Mining sites, solar farms, oil refineries and steel industries often need to be protected from intruders, both from a safety and a security point of view. We deliver peace of mind with our range of fencing solutions, modular designed energizers to enable multiple fence zones, and our monitoring technology which allows for advanced warning of any fence breach or tampering. Contact our Head Office for more information on 011 462 8283 or websales@nemtek.co.za 2 SECURITY FOCUS AFRICA JUNE 2021 www.nemtek.com
34 securityfocusafrica.com
Official Journal of the Security Association of South Africa
24
Published by Contact Publications (Pty) Ltd (Reg No. 1981/011920/07)
Vol 39 No 6
TEL: (031) 764 6977 FAX: 086 762 1867 MANAGING DIRECTOR: Malcolm King
REGULARS EDITOR’S COMMENT 4 Trust, balance and upping our battle.
ASSOCIATION NEWS 6 Update from SASA. NEWS IN BRIEF 8 News snippets from around the world.
WHITE PAPER 11 Exposed databases: when it leaks, hackers breach.
CYBER SECURITY 15 The know-how you need:
Kaspersky experts share a guide to staying safe from doxing.
NEWS 16 Gqeberha’s Community
Information Centre looks back on a successful first five years. 17 The vaccination cyberthreat: Kaspersky reports intensified scamming activities around Covid-19 vaccines in Q1 2021. 18 POPI Act implementation date postponed – and its ramifications. 19 Protecting our maritime economy on tight budgets. 20 A challenging, risk driven environment awaits us.
SPECIAL FEATURE 24 Aeroplane safety cards have saved thousands of lives: imagine what they could do for the world’s most vulnerable workers.
PERSONALITY PROFILE 26 In conversation with… Dr Mahlogonolo Thobane.
ON THE MARKET Why off-grid solutions are 28
starting to make more sense to South Africans.
CYBER SECURITY 30 Protecting your ERP system
from cybersecurity breaches.
32 Passwords are 60. Time for them to go.
malcolm@contactpub.co.za
EDITOR: Ingrid Olivier ingrid@securityfocusafrica.com
SENIOR GRAPHIC DESIGNER: Vincent Goode vincent@contactpub.co.za
DISTRIBUTION MANAGER: Jackie Goosen jackie@contactpub.co.za
POSTAL ADDRESS: PO Box 414, Kloof 3640, South Africa
PUBLICATION DETAILS: Security Focus Africa has 12 issues a year and is published monthly, with the annual Buyers’ Guide in December. Due to the Covid-19 crisis, we will only be publishing
33 CONTRIBUTORS AND ADVERTISERS INDEX THE LAST WORD 34 The Rule of Law.
digitally, until further notice.
EDITORIAL CONTRIBUTIONS: Editorial contributions are welcome. For details please email editorial@securityfocusafrica.co.za.
36 DIRECTORY
ADVERTISING ENQUIRIES: Malcolm King Email: malcolm@contactpub.co.za
Security Focus Africa is a member of
4
26 securityfocusafrica.com
www.securityfocusafrica.com 3
EDITOR’S COMMENT
Trust, balance and upping our battle The importance of both zero trust and 100 per cent trust, finding the balance, and adopting a level 5 approach as our Covid-19 battle intensifies. No doubt we’re all keeping a very close eye on the news, which in South Africa seems to change on the hour, if not the minute. The three c’s: corruption, crime and Covid-19 dominate headlines, with a growing list of high-level names and their alleged criminality shocking us every day.
I
, for one, did not see the Dr Zweli Mkhize debacle coming, and I am an avid news hound. And then there is the third wave of Covid-19, which we were warned was coming and which is clocking up new infections at a terrifying rate. Add crime to this – in all its variants – and we run the very real risk of becoming despondent and cynical. Which is why now, more than ever, we need to protect our emotional and mental wellbeing. Good news comes in all sorts of guises – even now, when so-called experts are firing off stats and ‘may be/ could be’ in the opening lines of media articles. Not for a moment do I suggest
4
SECURITY FOCUS AFRICA JUNE 2021
disregarding sensible advice – but I do recommend balance, as well as actively seeking out the opportunities that emerge in times of chaos. Ajay Jain, the CEO of Guardian Life India, in his article1 refers to a quote attributed to Sun Tzu in his book The art of War: “In the midst of chaos, there is also opportunity”. It is a message that Ajay says inspires him to keep going in this time of crisis. “What we are facing today has no precedence, and no groundwork would have matched the kind of crisis management we have done so far to protect ourselves and our business,” he asserts, adding: “While
there is a unified commitment around the world to fight Covid-19, we have encountered a dynamic change in the way that we operate the business today.” That is apparent in our feature article on cloud security in this issue (page ?), a technology being fast-tracked by the pandemic thanks to its many benefits such as lower operating costs, improved efficiency, and the more effective deployment and management of staff, wherever they may be in the world. Add to this cloud’s proven ability to streamline workflows, to store more data than we ever thought possible (as well as access it readily and keep it safe), automatic
securityfocusafrica.com
EDITOR’S COMMENT
software updates and remote maintenance, and this technology deserves a slot high on our list of positives. Like anything, it works best when it’s installed by professionals who pay attention not only to their clients’ short-term requirements and budgets but who also factor in long-term scalability. Forrester says that cloud migrations are a great opportunity to ‘re-platform, reconfigure and re-factor applications to use cloud-native storage, databases, containerization and logging.’ And the comforting thing to remember is that cloud migration and adoption is a marathon, not a sprint, as the Forrester team reminds us. In the interests of keeping things simple, and not being overwhelmed by the plethora of cloud articles and white papers hitting us from all sides, Forrester has broken down the process into bite-size pieces that include starting with a robust cloud governance process; building a repeatable process to ensure that governance is an ongoing benefit to security and not a one-time checkbox compliance exercise; documenting the process and establishing a formal organisational structure to ensure proper coverage and scope (because companies vary in terms of the areas and the infrastructure components they want to cover: on-premises, private, and public clouds, executive support, cost optimisation, budgets, regulatory compliance and threat detection); implementing a true cross-cloud workload security solution with sound inventory and workload elements that will replace manual processes; and focusing on cloud-native security and management solutions that will prevent data sprawl, inadequate data protection, high costs and audit findings. Hayley Elwen, commercial director for digital and access solutions, ASSA ABLOY Africa, also believes that the future of security is in the cloud. Following the release of the Incedo™ Business Cloud, she speaks of a modular platform approach that allows you to choose the security hardware, credentials and management systems that best suit your business. Providing comprehensive, real-time, remote access management, good cloud systems ‘secure and filter access intelligently, to manage the ever-changing movement of people across multiple sites – from anywhere. Your business is not static, and there is no reason why your security should be.’
securityfocusafrica.com
Just be careful about your choice of supplier – as the old saying goes, caveat emptor (let the buyer beware). Likely a major headache for business leaders, and yet not without its merits, is the 1 July 2021 implementation of South Africa’s POPI (Protection of Personal Information) Act and its compliance requirements. Again, if properly implemented, the initial angst and scramble to become compliant will be offset against the benefits of improved data protection, that most coveted target of cybercriminals worldwide. I am also upbeat about our business confidence ticking up, albeit off a low base, hopeful that SAA’s majority sell-out will lessen the fiscal burden on the country and pleased about the increase of the electricity generating licensing threshold to 100mW — “the kind of dramatic interventions needed to get our economy moving,” says BLSA CEO Busi Mavuso. Then, I want to share the importance of embracing two trusts: the hundred percent trust that consumers are increasingly demanding from their suppliers, and the zero trust IT security model recommended by experts. CloudFlare2 puts it succinctly: “Zero trust is a security model based on the principle of maintaining strict access controls and not trusting anyone, by default, even those already inside the network
perimeter.” Contradictory at first glance, these two trust forms are critical for our safety and success going forward. Last, but certainly not least: News24’s Adriaan Basson, in his article If you live in Gauteng, you should be in level 5 lockdown is spot-on. “More people are being infected and dying of Covid-19 in Gauteng than during any of the previous two waves,” he says. So please do not wait for the government to make it official. Remain at home, wear the best medical masks you are able to obtain, sanitise, and avoid crowds. I have personally lost beloved friends to the virus and am praying for the recovery of others who are battling it as I write this.
Ingrid Olivier, Editor ingridolivier@idotwrite.co.za
1. https://www.linkedin.com/pulse/midst-chaos-alsoopportunity-sun-tzu-ajay-jain/ 2. https://www.cloudflare.com/en-gb/learning/security/ glossary/what-is-zero-trust/
SECURITY FOCUS AFRICA JUNE 2021
5
ASSOCIATION NEWS
SASA UPDATE
Update from SASA It has been another month that was, to say the least, interesting and challenging! From the desk of Tony Botes, SASA National Administrator.
T
here are a number of matters currently being handled at high level by the SASA National Executive Committee, including:
PSIRA fees and regulations The PSIRA (Private Security Industry Regulatory Authority) annual fees, as published recently, are – in our opinion – excessive and unacceptable, and we have been interacting with PSIRA in writing and meetings, at management level, for them to reevaluate the gazetted fee structures, which also includes a number of changes to their regulations. We are guardedly hopeful of a successful outcome and will keep our members and
6
SECURITY FOCUS AFRICA JUNE 2021
the readers of Security Focus Africa informed of developments in this regard. PSIRA proposed new training standards The Authority has circulated long overdue training standards, which will be a great improvement on the Grades E to A levels, which have been in existence since the early 1990’s. This could, however, if published as proposed by them, result in extreme logistical, practical and financial challenges to both security service providers and security officers, at all levels. Again, we will continue to interact with them for clarity and with practical proposals.
Firearms legislation The SAPS (South African Police Service) has published the draft Firearms Control Bill, which – if implemented and gazetted in its current form – will have an extreme effect on the entire firearm population and, even more so, on the private security industry. SASA will be submitting our comments, both objections and proposed amendments, very shortly and trust that sanity will prevail in the final gazette. Covid-19 While the private security industry, as a whole, has played a massive and valuable role in assisting to curb the spread of the
securityfocusafrica.com
ASSOCIATION NEWS
pandemic, we should be doing much more in this regard. We are looking into this at the moment and hope to make an announcement shortly. NBCPSS The establishment of the National Bargaining Council for the Private Security Sector (NBCPSS) in 2020 was a result of an exercise that commenced in the mid-1990s and is probably the greatest achievement in our industry, thanks to massive interaction between organised employers (the major employer organisations) and organised labour (the trade unions). At last, we may be the masters of our own destiny, but the challenge is that, although legislated and a statutory requirement, only a fraction of the more than 10 000 security companies have registered with the Council to date and are contributing the levies by both employers and employees. The Council simply cannot operate and fulfil its legal mandate without funding via these levies and, inter alia, has an obligation to handle: • All labour relations disputes in our sector, currently the responsibility of the CCMA. • All remuneration-related complaints, currently the responsibility of the Department of Employment and Labour and the CCMA. • Compliance inspections and payroll audits of security businesses and in-house security employers. • The total enforcement of both the NBCPSS Levies Agreement and the Main Agreement, the latter having replaced the now-defunct Sectoral Determination 6. The NBCPSS infrastructure is still far too small and underfunded to effectively handle all of these matters, but it is of critical importance that all role players come to the party. NBCPSS Main Agreement Exemption The employer parties to the NBCPSS, of which SASA is the largest, applied for and were granted a 12-month exemption in respect of the gazetted increases that became effective on 1 March 2021. This exemption, which applies to only members of the employer organisations who are currently party to the bargaining council, contains: • A 12-month moratorium on the increase in the Security Officer
securityfocusafrica.com
Premium Allowance, which should have increased from R175 to R270 per month. • An application to the Private Security Sector Provident Fund (PSSPF) in terms of which the monthly contributions would, also for a period of 12 months, be reduced from a total of 15%, paid equally by employers and employees, to 5%, which would still grant the employees all of the risk benefits, such as death, disability and funeral cover, but without investment growth. The PSSPF portion of the exemption, once approved, will apply to all participating employers. However, the NBCPSS exemption process makes provision for any employer to apply for an exemption on any aspect of the Main Agreement, but subject to the criteria set out in clause 34 thereof. Breaking news hot off the press The Minister of Employment and Labour has just issued a correction gazette, number 44674, containing a number of corrections and clarifications to the NBCPSS Main Agreement of 2020. The relevant portion of this gazette has been distributed to SASA members, but please contact the SASA office if you require a copy. Compliance This has historically been the greatest challenge facing the private security industry! The use – or abuse – of independent contractors, also referred to as self-employed security officers (SESOs), unregistered learners and cooperatives, to name but a few, has led to gross abuse and exploitation of security officers for many years – especially now during the Covid-19 pandemic period – and client resistance to any cost increases has resulted in a massive increase of these practices. Enforcement of the statutory minimum levels of remuneration, conditions of employment and employee benefits must be stepped up by all statutory bodies and it will require an intensive collaboration by the NBCPSS, PSIRA, DoEL (Department of Employment and Labour), PSSPF and both organised employers and labour to tackle and eradicate non-compliance in our industry. SASA has always demanded of its members, in terms of our constitution, documentary proof of their total
compliance with all statutory requirements, both upon joining and annually thereafter. This is also a condition of our valuable Gold Membership. This process will continue to be enforced and, where necessary, membership of our association will be withdrawn in cases where breaches of our membership criteria have been identified and proven. Mentorship Programme Last year, SASA embarked on a Mentorship Programme to assist startup and micro companies through the PSIRA registration process and registration/ compliance with all statutory requirements. This has proven highly successful, and we are confident that it will grow from strength to strength over time. Benefits of SASA membership: • A strictly applied Code of Ethics. • Representation at national and local government level. • Industry exposure in the media as well as at major shows and exhibitions. • Contacts and networking opportunities. • Discounted training courses, events and seminars. • Access to a security library managed by the University of South Africa (UNISA). • Updates on new legislation and other industry-relevant information. • Access to security-related and affiliated associations in South Africa and overseas. • The SASA national website. • A central administration office. • Free digital subscription to Security Focus Africa magazine, the official journal of SASA. • A mentorship programme which is designed to guide and assist start-up security companies with attaining the compliance standards required to qualify for Gold Membership.
For more information about what SASA does and how it can help you and your company, please contact: Tony Botes, SASA National Administrator, at: Tel: 0861 100 680 / 083 650 4981 Cell: 083 272 1373 Email: info@sasecurity.co.za / tony@sasecurity.co.za Website: www.sasecurity.co.za
SECURITY FOCUS AFRICA JUNE 2021
7
ASSOCIATION NEWS
News snippets from around the world
U.S. recovers $2.3 million in bitcoin paid in the Colonial Pipeline ransom United States law enforcement officials said Monday they were able to recover $2.3 million in bitcoin paid to a criminal cybergroup involved in the crippling ransomware attack on Colonial Pipeline. “Today we turned the tables on DarkSide,” Deputy Attorney General Lisa Monaco said during a press briefing, adding that the money was seized via a court order. At the briefing, FBI Deputy Director Paul Abbate said that agents were able to identify a virtual currency wallet that the DarkSide hackers used to collect payment from Colonial Pipeline. https://www.cnbc.com/
Sport is the antidote for crime among youth of Khayelitsha Cape Town — In an effort to keep young people away from crime, the Khayelitsha Community Policing Forum (CPF) held a sports against crime programme. The programme, which is in the form of sporting games, aims to mobilise communities, especially the youth, to claim sport as a developmental activity, thereby avoiding destructive activities such as drugs and crime. https://www.iol.co.za/
World’s biggest meat producer JBS pays $11m cyber-crime ransom A cyber-attack earlier this month that hit the supply chains of one of the world’s
8
SECURITY FOCUS AFRICA JUNE 2021
largest perishables shippers was ended after Brazilian meat producer JBS paid an $11m ransom in bitcoin to cyber criminals. According to The Guardian, the firm has an annual IT capex of around $200m and employs over 850 tech engineers. It was reportedly told by the FBI the hacking group was likely to be from Russia. https://theloadstar.com/
Equatorial Guinea vicepresident must pay SA businessman R39.8m for illegal detention A SA businessman has scored a R40m victory in court against the playboy vice-president of Equatorial Guinea, Teodorin Nguema Obiang. Daniel Janse van Rensburg has been embroiled in protracted litigation with Obiang over his detention in the central African country. Obiang is the son of the president. Janse van Rensburg was twice held in Equatorial Guinea’s notorious Black Beach prison despite being cleared of allegations of fraud and theft. His ordeal, which included ‘torture, inhumane and degrading treatment’, spanned 549 days of detention, 423 of which were at Black Beach. https://www.sowetanlive.co.za/
Hawks hunt for international fugitive allegedly involved in R400m cocaine bust The Hawks are on the hunt for an international fugitive suspected of smuggling cocaine worth R400 million into the country for global drug cartels.
The Hawks and the South African Narcotics Enforcement Bureau (SANEB) have issued a warrant of arrest for Ahmad Isa, for his alleged involvement in the cocaine shipment which was discovered in Gauteng. Hawks spokesperson Lieutenant Colonel Philani Nkwalas says that on 2 June, the Hawks – along with the FBI and the Australian Federal Police – nabbed Niel Pieter van Zyl, 39, on the N1 highway in Pretoria where he was found towing a 12-foot ski boat, wherein 800kg of pure compressed cocaine, with an estimated street value of R400 million, was found. https://www.iol.co.za/
Ramaphosa places health minister Zweli Mkhize on special leave President Cyril Ramaphosa has placed minister of health Dr Zweli Mkhize on special leave while the Special Investigative Unit (SIU) conducts investigations into allegations of corruption at the health department. Minister of tourism Mmamoloko KubayiNgubane will serve as acting minister of health until further notice. Mkhize has been under scrutiny after the health department awarded a R150 million contract to Digital Vibes, a company controlled by two of Mkhize’s former aides, to help communicate the government’s response to the coronavirus pandemic. https://businesstech.co.za/
O Kae Molao blitz nets over 700 suspects in Gauteng More than 700 people were arrested during a weekend operation by the Gauteng Police for crimes including driving under the influence of alcohol and beaching the Disaster Management Act relating to Covid-19 lockdown regulations. Gauteng acting police commissioner Major General Tommy Mthombeni was joined by Gauteng head of community safety Faith Mazibuko, Ekurhuleni acting district commissioner Brigadier Thembeka Gwebushe and senior officers from various law
securityfocusafrica.com
NEWS IN BRIEF
enforcement agencies as he led operation “O Kae Molao” (where is the law) in Ivory Park in the Ekurhuleni municipality. https://www.iol.co.za/
Treasury warns of municipal governance failures The National Treasury has raised concern at the financial practices of the country’s municipalities, warning that their information was not credible as a large number did not properly use the set systems for financial reporting to control wasteful expenditure and fraud and corruption. The Treasury said in its local government revenue and expenditure report for the third quarter of the 2020/21 financial year this week that most municipalities were not budgeting, transacting and reporting directly in or from their core financial systems. https://www.iol.co.za/
Gauteng at the epicentre of South Africa’s third wave of Covid-19 infections Gauteng is at the epicentre of South Africa’s third wave of Covid-19 infections, with hospitals warning of diminishing bed capacity as active cases escalate. While the provincial health department assures that the situation is under control, private hospitals say that they are running out of space. The country recorded 37,240 new cases over the weekend (Friday to Sunday), almost two thirds of which were in Gauteng. Daily infections in the province have surpassed the numbers seen in the first and second waves. People in the province have been urged to act as if they are in a tighter lockdown than is currently set nationally, to prevent further spread of infection. https://businesstech.co.za/
New police vehicles a big boost in fight against crime The new police vehicles handed over to the police for operational duties in the Western Cape on Thursday, were widely welcomed. More than 50 vehicles were handed over by the provincial acting commissioner of police Major-General Thembisile Patekile as part of the province’s visible policing initiative, to increase police presence. He said the vehicles would be spread across the province to help the fight against crime and some would be used in the incoming and outgoing routes to the province. https://www.iol.co.za/
Midrand police appeal for informers to help combat crime Midrand Constable Tshwarelo Eliot Mabulane confirmed that there is money to be paid out to individuals who share valuable information with police which could lead to the arrest and conviction of suspects. Mabulane added that informers have been paid up to R50 000 for providing information that led to convictions. For further enquiries, contact SAPS Midrand Corporate Communication Services on 079 877 6484 or 011 347 1600. https://midrandreporter.co.za/
Police Scotland launches cyber-enabled crime team in north east Police Scotland has launched a new team in the north east of Scotland to help tackle cyber-enabled crimes. Based in Aberdeen, the ‘cyber-enabled crime team’ will work alongside national units
within Police Scotland to help develop specialist knowledge locally, enhance investigations and develop preventative strategies to help keep our communities safe. Last year the force launched its Cyber Strategy 2020: Keeping people safe in the digital world which sets out its plan to tackle the threat, risk and harm from digitally-enabled crimes, particularly online child sexual abuse, fraud and the sharing of indecent images. In recent years Police Scotland has recorded an increase in cyber-dependent and cyberenabled offences. In June 2020, the single force recorded the highest number of online child sexual abuse crimes on record. https://www.scottishlegal.com/
Without a clear reduction strategy, violent crime is expected to spiral across South Africa First published by ISS Today Despite a year of lockdown restrictions, which saw fewer offences being committed, crime and violence levels in South Africa are again rising. Most crime, but mainly that which is violent and organised, looks likely to worsen if there are no fundamental improvements in policing. An analysis of police data shows that in March 2021 – the most recent month for which crime data is available – overall violent crime levels matched those in previous years. For some categories such as murder, they were higher. This is bad news given that between April and June 2020, violent crime dropped by 37% compared to the previous year. This decrease was probably due to the severe restrictions on
Contractors at the mercy of government and conmen Late payments and demands for protection fees lead to abandoned projects. Delays in the payment of contractors involved in the construction of government housing projects are a major cause of stalling such projects, according to the Black Business Council. Gregory Mofokeng, CEO of the BBC’s Built Environment unit, told the Sowetan that housing construction has less hurdles and is easier than building a mall, a hospital or a 50-storey building... https://www.sowetanlive.co.za/
securityfocusafrica.com
SECURITY FOCUS AFRICA JUNE 2021
9
NEWS IN BRIEF
movement and economic activity under Covid-19 lockdowns. However, as the controls were eased, serious violent crime began to rise. This trend was predicted by the Institute for Security Studies (ISS) in June 2020 because the factors that drive crime in South Africa weren’t being addressed. https://www.dailymaverick.co.za/
Court dismisses Riah Phiyega’s attempt to overturn findings of Marikana Commission Almost 10 years after the massacre of 34 striking miners by police at Marikana in 2012, the Pretoria High Court has dismissed, with costs, disgraced former national commissioner of police Riah Phiyega’s attempt to have the damning findings of the Farlam Commission of Inquiry overturned. https://www.dailymaverick.co.za/
Powership company trails corruption claims in its wake The Turkish company that won a controversial bid to plug the hole in Eskom’s electricity supply has been dogged by corruption accusations abroad. https://www.dailymaverick.co.za/
Once Africa’s promise, Nigeria is heaving under crime, few jobs Policy missteps, entrenched corruption and an over-reliance on oil have pushed the country’s economy to the brink. https://www.aljazeera.com/
Hundreds arrested around the world in huge global organized crime sting The FBI and Australian officials developed an encrypted device company which eventually gave them access to hundreds of criminal networks. A massive international sting involving 16 countries, including the U.S., has netted more than 800 suspects, the seizure of 8 tons of cocaine and more than $48 million, officials said Tuesday. The FBI and Australian law enforcement developed and operated an encrypted device company, called ANOM, which was then used to gain access to organized crime networks in more than 100 countries, according to Europol, the law enforcement agency of the European Union. https://www.nbcnews.com/
10
SECURITY FOCUS AFRICA JUNE 2021
Inside the growing movement to make ecocide an international crime Lawyers will take a major step this month toward putting environmental destruction on the same level as war crimes and genocide. Over roughly a decade, starting in the early 1960s, the United States military sprayed an estimated 19 million gallons of herbicides, including the notorious Agent Orange, in Vietnam, Laos, and Cambodia. The resulting devastation to the environment was so severe that scientists and activists began to use a new word to describe it: ecocide. More recently the term has gained popularity as a way to describe the most egregious cases of environmental destruction. And now a movement to establish ecocide as an official international crime is also building global momentum. Already the European Parliament and political leaders in numerous countries, including France, Belgium, Finland, Spain and Canada, have expressed varying levels of support for the idea. https://www.audubon.org/
Fake Darkside group threatens companies, Darkside affiliate group hits security camera maker, help from Google for software developers and more Is there no honour among thieves? I ask that because some person or group is emailing organisations claiming to be the Darkside ransomware group and have copied their data. That’s according to Trend Micro, which says that energy and food industries in several countries, including Canada and the US, have recently received
these threatening emails. The threat actor claims that they have successfully hacked the victim’s computer network and copied sensitive information. Those documents will be publicly released unless a ransom of 100 bitcoins – which works out to about $4 million – is paid. Trend Micro doubts this is the real gang because Darkside usually shows proof of stolen data by publishing a few documents. Whoever is sending these email messages isn’t offering evidence that they have got the goods. Secondly, no victim’s data has been encrypted, which is another Darkside tactic. So this group is bluffing, so far. No one seems to have been fooled yet. The report notes that, as of 18 June, no one had paid any bitcoin into the attacker’s digital wallet. The lesson is: investigate before giving into a threat. https://www.itworldcanada.com/
Cars, fries and data breaches; hackers get McDonalds and VW McDonald’s in Asia and VW in North America have become the latest corporate victims of significant data breaches, an event that is becoming increasingly common across the global business landscape. McDonald’s suffered a data breach on its network, which exposed the personal information of some customers in South Korea, including names, contact details and addresses in South Korea. At the same time, hackers also stole some employee information in Taiwan. On the same day, Volkswagen also announced a similar data breach from one of its suppliers, which targeted data collected by a seller from 2014-2019, which wasn’t secured. https://which-50.com/
securityfocusafrica.com
WHITE PAPER
Exposed databases: when it leaks, hackers breach Most organisations use databases to store sensitive information. Unfortunately, a large number of databases are left exposed with little to no authentication. These open databases result in organisations of all sizes, unknowingly, leaving back doors to their data open, which may be exploited to devastating effect by hackers. With original research from CybelAngel and ISMG.
I
t is rare indeed, today, to find a company which does not have a database. And, furthermore, chances are that they do not only have one database either. From client information and marketing to finances, these multi-faceted databases are extremely valuable, not only to the entities that create and utilise them, but also to hackers. CybelAngel and ISMG warn in their white paper preamble of Exposed Databases: When It Leaks, Hackers Breach1, saying: “Is your organisation leaking sensitive data? If you have not looked for open databases on your network, then it is likely that you have a breach just waiting to happen, with all the regulatory, legal and reputational costs that entails. A data leak refers to when any private digital data is publicly available without any identification requirement. It becomes a breach when an unauthorised entity accesses your
securityfocusafrica.com
critical data. Therefore, it is imperative to detect and identify any data leaks from internal or external sources before they become data breaches.” “Data breaches are a widespread and serious business risk that must be addressed and mitigated. But how widespread is the problem? In 2020, over 36 billion records were exposed globally. In December of 2020, CybelAngel shared that it had found more than 45 million medical imaging files publicly accessible on the internet (and) 2021 offers no reprieve, with an undisclosed number of customers at Internet of Things (IoT) tech vendor Ubiquiti having their information exposed due to unauthorised access of a database via a third-party cloud provider. In January, right-wing US social media app Parler found seventy terrabytes of data leaked after issues with its technology providers. That same month, an unsecured Elasticsearch database
at Chinese social media management company SocialArks led to the leak of personal information of 200 million Facebook, LinkedIn and Instagram users. 2021 has also seen 1.9 million records leaked from Pixlr, and the records of 83 million users of stock photo site 123RF have been found for sale on the dark web after a breach. Billions of these documents leave an enterprise’s perimeters through unsecured databases, due largely to misconfigured servers. Open databases allowing unauthorised access are reportedly responsible for 86% of all publicly accessible sensitive records. These open databases result in organisations of all sizes, unknowingly, leaving back doors to their data open, which may be exploited to devastating effect by hackers.” 1. https://cybelangel.com/exposed-databaseswhen-it-leaks-hackers-breach/
SECURITY FOCUS AFRICA JUNE 2021
11
CLOUD SECURITY
Security and the Cloud Cloud computing, with its many benefits – including speed, efficiency and scalability – has become the new “tech” normal, fast-tracked by the Covid-19 pandemic. But it does come with huge security challenges, too.
T
hat is according to David Puzas, Product Manager for Cloud Security at CrowdStrikes, in his article How to reap the benefits of going cloud native without compromising cybersecurity1. “The Covid-19 pandemic has accelerated cloud adoption, giving global businesses the flexibility to respond to changing priorities and a distributed workforce. You only need to read IDG’s Cloud Computing Study 2020 report2 to appreciate the impact of cloud computing on enterprise IT. Over 90 per cent of businesses now operate – at least partly – in the cloud,” he notes. “However, with the benefits of access and efficiency come drawbacks in security… the question on business owners’ lips is: how may we reap the rewards of cloud computing without compromising cyber security?” The cloud in the security industry Cloud is not a single solution but rather
12
SECURITY FOCUS AFRICA JUNE 2021
an array of capabilities and value-adds, explains Trish Thompson, Product Strategist at Gallagher. “At its most basic level, cloud is simply hosting applications in someone else’s data centre and leveraging those economies of scale. At this level, it is the removal of the need to manage physical, on-premises IT infrastructure for computing or storage, but the customer still retains management of tasks like application deployment to the cloud, database management and network security.” “At the other end of the spectrum,” she continues, “cloud is a fully managed and native SaaS (software as a service) deployment, which transfers all management of the applications and their availability to the cloud provider. Customers simply purchase the seats they require and use applications delivered over web or mobile that are always up to date. In addition, there are hybrid deployments which have both on-
premise and cloud components.” The security industry may share many of the traditional benefits, drivers, and natural momentum towards cloud, she says further. “In terms of topology, enterprise security systems deploying to the cloud need to think about end-to-end security in new ways. Enterprise security systems are typically deeply embedded and integrated within the organisation’s infrastructure and business processes. Security systems are also innately designed to manage and withstand server outages while continuing to deliver high availability of security controls on the ground, day in, day out. Integrating with systems from on-premise elevators and building automation systems to cloud-based people or visitor management systems, security systems already need to span physical and virtual, on-premise and cloud worlds. De-coupling these components to build a workable cloud topology that is based
securityfocusafrica.com
CLOUD SECURITY
on the current state of cloud maturity within the enterprise may be a complex task. This means that applying a cloud topology to enterprise security is often a journey with way points rather than a single destination.” Pros and cons The pros of the cloud outweigh the cons, believes Shaun Davis, Chief Security Officer of Netsurit, which has headquarters in Johannesburg and New York. “Cloud security offers flexibility and high availability, it allows for easier regulatory compliance and more adaptable protection again attacks such as DDOS,” he says. “Covid forced a global shift to move business services to the cloud simply to offer users and clients easier accessible environments. However, it also provided threat actors with an easier attack surface. Yes, you may secure your cloud presence as well as, or even better, than traditional configurations but, unfortunately, some companies seem to be slow in adopting a zero-trust approach.” Adds Pieter Nel, Regional Head SADC at SOPHOS: “Spinning up new instances in Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP) is simple. The hard part for operations, security, development, and compliance teams is keeping track of the data,
securityfocusafrica.com
workloads, and architecture changes in those environments to keep everything secure. While public cloud providers are responsible for the security of the cloud (the physical datacentres, and the separation of customer environments and data), responsibility for securing the workloads and data that organisations place in the cloud lies firmly with the organisations. Just as businesses need to secure the data stored in their on-premises networks, so they need to secure their cloud environment. Misunderstandings around this distribution of ownership is widespread and the resulting security gaps have made cloud-based workloads the new pot of gold for today’s savvy hackers.” One of the many benefits of the cloud is its ability to manage the physical environment of on-premise servers, says Thompson. From floor space, airconditioning, security and access control to database management and network security, the cloud allows for the better utilisation of an array of resources. “There are inherent economies of scale in one party providing this expertise across many customers. Cloud also mobilises and connects the workforce. Most importantly, as we see cloud solutions really maturing, they will bring the swift feedback mechanisms, the data analytics and eventually the AI (artificial intelligence)
that will move security from a more static, responsive, and rules-based approach to a very fluid and dynamic “sensing” environment that may more effectively predict potential threats before they occur. This is a longer-term journey which will involve many converging technologies, including cloud.” Effective security solutions The secret to effective cybersecurity in the cloud, maintains Nel, is to improve the overall security posture. This means that the architecture needs to be correctly configured and able to provide the necessary visibilities – including who is accessing it. “While this sounds simple,” he says, “the reality is different. The rapid growth of cloud usage has resulted in a fractured distribution of data, with workloads spread across disparate instances and, for some organisations, platforms. The average organisation already runs applications in two public clouds, while experimenting with another 1.8 public clouds. This multi-cloud approach compounds the visibility challenge for IT teams who need to jump from platform to platform to get a complete picture of their cloud-based estates. Lack of visibility into cloud-based workloads leads to both security and compliance risks.”
SECURITY FOCUS AFRICA JUNE 2021
13
CLOUD SECURITY
Seven levers of trust Forrester’s ‘The Trust Imperative’ focuses on the importance of creating trust strategies and the risks of leaving them to chance, saying: “A slew of corporate and governmental scandals, along with an influx of misinformation, have destabilised the public’s trust in many organisations once considered the cornerstone of our economic and social well-being. But society isn’t suffering from a lack of trust; rather, individuals are constantly adjusting their trust. As people lose trust in certain organisations, they redirect that trust to other entities. And that means that trust is up for grabs — with customers, employees, and partners.” To this end, Forrester advocates the adoption of its ‘seven levers of trust’ to ensure that trust becomes an actionable strategy, rather than an inspirational goal (see table, right). Cybercrime such as ransomware is increasing ‘massively’, says Davis, “with state-sponsored threat actors writing zero-day vulnerabilities like never seen before. The good guys have to be on the ball and provide adaptive security that will continuously morph and protect against the latest attacks, which means investing equally with a professional services partner to manage your security.” Cloud is shaping up to deliver very real benefits The importance of managing end-to-end cyber security in the cloud cannot be overstated – it is job zero for any security manufacturer, says Thompson. “Cloud may and should be safer than on-premise installations but it’s not a given. Cyber security design needs to occur at the inception of product design and deliver across every device, end-to-end. The exciting part about this is that cloud offers security manufacturers the opportunity to take and extend their proven expertise in this space while removing a significant burden from the customer (managing the often complex and expensive inhouse cyber security deployments). Couple that with the ability to rapidly deploy new software and firmware from the cloud, including cyber fixes, and cloud is shaping up to deliver very real and tangible cyber benefits.” In closing, she says: “I think that there is always going to be a mix of enterprise and cloud security, as different
14
SECURITY FOCUS AFRICA JUNE 2021
FORRESTER"
The Levers Of Trust Defined The Trust Imperative
Accountability
The confidence that an organisation takes responsibility for what it does and says; provides satisfactory reasons for its words, decisions, and actions; and is ready to bear the potential consequences
Competence
The recognition of an organisation for its expertise and the belief that such expertise enables it to do something successfully or efficiently
Consistency
The expectation that an organisation will always behave or perform in a similar way, so that individuals may confidently rely on the expected behaviour or performance in their own plans, actions, and assumptions
Dependability
The expectation that an organisation will be available, reliable, and able to predict and meet individuals' needs and demands
Empathy
The perception that an organisation is emotionally connected to its customers, employees, and partners and understands and shares their feelings and experiences
Integrity
The belief that an organisation acts honestly and according to values that individuals may easily recognise and that those values permeate the organisation's brand, decisions, and operations
Transparency
The perception that an organisation is doing business in an open way and is making every effort to share information about the business that is based on accurate, verifiable facts
Source: Forrester Research, Inc. Unauthorized reproduction, citation, or distribution prohibited.
deployment types and migration paths suit different parts of the electronic security market. Residential and small business security is most likely to be deployed now as a full cloud-native solution. The security systems within these segments are much less coupled and integrated to other systems, making a smooth and single step transition possible. At the other end of the scale, within the enterprise market, I think that we are more likely to see hybrid solutions for a significant period. These deliver some immediate benefits of cloud
for contained workloads or targeted functions while the customer works through the more complex tasks of decoupling and migrating the myriad internal business systems and processes that typically exchange data with- and between security systems.” 1. https://www.itproportal.com/features/ how-to-reap-the-benefits-of-going-cloudnative-without-compromising-cybersecurity/ 2. https://www.itproportal.com/features/ how-to-reap-the-benefits-of-going-cloudnative-without-compromising-cybersecurity/
securityfocusafrica.com
CYBER SECURITY
The know-how you need: Kaspersky experts share a guide to staying safe from doxing Sharing and geotagging photos, uploading documents to the cloud, installing a new application, and even browsing online retail stores – we deal with personal data management daily, whether we realise it or not.
O
ften, it is not clear what data we share, and most importantly, who are the final recipients of the data that makes us vulnerable. One of the threats that online users of all ages, professions, and backgrounds face is doxing – the practice of gathering personal information with the purpose of publishing it or using it in some other way to harm somebody. To help users take back control of their data and protect from doxing, Kaspersky privacy experts have developed a comprehensive checklist on how to handle one’s private data responsibly1, without it becoming a headache. Kaspersky research shows that looking after private data has finally become a mainstream concern, with 50% of consumers globally claiming they would no longer use an online service provider following a data breach, and 57% expressing worry about their security and privacy being affected by ‘smart’ and Internet connected devices. This concern is justified, because online users face data risks on a daily basis. We are still learning exactly how to build our relationships with technology, so we may better trust it with our personal data, as well as use it more mindfully to avoid potential anxiety or burnout. For example,
securityfocusafrica.com
the innocent photo of a teen with a newly-issued ID may end up in the hands of financial scammers, and emotional message directed to friends – seen and reported by a stranger as radical and offensive. Your photos from the latest party might surface online without approval and your kid’s smartwatch might be broadcasting their live location 24/7. While some of the risks – such as data leaks and ransomware attacks on organisations – are largely beyond a user’s control, other threats, such as doxing, may be tackled by users themselves. Doxing is made possible because there are so many public channels (forums, social media, and application records) where user data gets exposed, but that may be prevented. Digital risks do not mean that users should stop expressing themselves online – and it certainly is not something that most people are willing to do anyway. Technology and innovation should improve lives, and strengthen our mental welfare. As such, digital wellbeing should be a top priority for all, especially during the challenging time we live in. This is why digital citizens need to learn how to treat personal data online responsibly – similarly to how we treat our finances and take care of physical belongings.
Kaspersky privacy experts, with help from external experts, created a short guide that will ease the risks and stress of data loss and diminish doxing potential for a user. The checklist, which is split into three sections, addresses how to treat the data we do and do not control, such as browser activity and application tracking, and other people’s data that you may come across. By providing users with the right knowledge and tools to help navigate the Internet safely, they may become empowered and experience less digital stress, to enjoy technology, worry-free. “With our lives being so intertwined with the digital world, it is no wonder that we face online threats so regularly. Tools for self-expression may also be used against us, with doxing continuing to gain popularity as a way to punish and hurt people. Unfortunately, it is not possible to control everything that exists online about us, but it is definitely a good idea to take some steps towards it. To keep one’s data safe and alleviate the risks, we need to become mindful about who we share our data with and how, and to take certain precautions in order to keep control over it. Luckily, precautions are in part resolved by installing and managing the right privacy tools, such as password managers or privacy-enabling browser extensions. With this checklist, we hope to provide users with a simple, easy-to-grasp way of keeping their personal data safer – and helping their close ones do the same”, comments Anna Larkina, senior security expert at Kaspersky. “Data hygiene is a form of self-care. Accepting the reality that there is risk connecting with people, online or off, is a great first step towards a better digital security plan. When we raise the bar on our own digital privacy and security, we are also doing our part to care for others that we connect with. The more we are able to humanise the digital aspects of our lives, the less daunting those first few steps may be towards raising the bar. This checklist is a great place to start”, says Daly Barnett, staff technologist at the Electronic Frontier Foundation. Learn what doxing is and how to protect yourself and your close ones from it in Kaspersky’s free online course2. Read the Definitive Checklist: how to protect your data online here2. 1. https://www.kaspersky.com/blog/anti-doxingchecklist/ 2. https://education.kaspersky.com/en/lesson/53/ page/291
SECURITY FOCUS AFRICA JUNE 2021
15
NEWS
Gqeberha’s Community Information Centre looks back on a successful first five years It started small, with a very limited area of work that it focused on. But, over the past five years, the Community Information Centre (CIC) has grown in leaps and bounds. Press release. 22 June 2021.
R
yan Britz, Gqeberha branch manager for Fidelity ADT explains: “There has always been a very basic goal in mind with this kind of facility. No matter what kind of assistance a member of the public needs, we wanted to ensure that they may get hold of it by calling this one central point of contact. This is why we first set up the CIC at our offices back in June 2016. “The centre has exceeded our expectations through rapid growth and expansion by which it has served thousands of people throughout our metro. Residents have become familiar with the CIC and choose to report their concerns, no matter the nature of the call, to the CIC team.” The centre’s operators are on duty around the clock, and address all calls by contacting the relevant authorities or private security teams, depending on the concern and the area involved. The CIC also engages and responds to over 150 WhatsApp groups which are communitybased initiatives, including neighbourhood
16
SECURITY FOCUS AFRICA JUNE 2021
watch groups, community policing forums or just general community groups. They assist with anything from municipal service deliveries, to missing persons, medical emergencies, or any type of crime complaint or request for law enforcement assistance. “The CIC does a lot more than just respond to these kinds of calls for help. They also keep an eye on the growing network of CCTV and license plate recognition (LPR) cameras across the region. The coverage footprint for the CIC now also includes the Kouga region of Jeffreys Bay, Humansdorp, and cameras in East London,” says Britz. The CIC monitors over 50 LPR cameras along with 25 community CCTV cameras, across the metro and the Kouga region. It also keeps an eye on more than 135 social media community messaging platforms, while working hand-in-hand with more than 50 neighbourhood watch groups. The area covered is the entire metro and the Kouga region, which is around 150 square kilometres.
There have been many notable events or incidents to which the CIC responded, such as assisting with numerous drownings where prompt action saved lives, assisting missing persons and abandoned babies within the metro, using the LPR cameras to respond to cases of car theft, responding to large fires, and coordinating arrests with colleagues in the various neighbourhood watch groups. Britz believes that this is just the beginning, and that there is still a lot more to come from the CIC. “We firmly believe that this is only the beginning for the CIC and look forward to more growth and success in the future. We are continuously looking for new and innovative ways to improve our service delivery and to enhance the efficiency of the CIC team. We thank the community for all their support as we would not have been able to achieve this without their assistance, trust and commitment.” Residents may contact the CIC directly on 086 12 12 210 or via WhatsApp on 073 766 7447.
securityfocusafrica.com
NEWS
Some examples of fake emails sent on behalf of vaccines producers.
The vaccination cyberthreat: Kaspersky reports intensified scamming activities around Covid-19 vaccines in Q1 2021
S
cammers are constantly searching for new ways to steal users’ data. Last year, a completely new category of opportunity became one of the most profitable scams for fraudsters. They extensively used Covid-19 related spam letters and phishing pages to benefit from the year’s most alarming and high-profile news story. According to a new Kaspersky report, Spam and Phishing in Q1 2021, scammers are continuing to exploit this epidemiological challenge – this time, focusing on the vaccination process. Kaspersky experts discovered various types of phishing pages distributed all over the world. As well as spam letters, recipients are invited to get a vaccine, to take part in a survey, or to diagnose Covid-19. For instance, some users from the UK received an email that appeared to come from the country’s National Health Service. The recipient was invited to be vaccinated, having first confirmed their desire to be vaccinated by following the link. To make a vaccination appointment, the user had to fill in the form with their
securityfocusafrica.com
personal data, including bank card details. As a result, they handed their financial and personal data to the attackers. Another way to gain access to users’ personal data has been through fake vaccination surveys. Scammers sent emails on behalf of large pharmaceutical companies producing Covid-19 vaccines, inviting the recipient to take part in a short survey. All participants were promised a gift for their participation in the survey. After answering the questions, the victim was redirected to a page with the ‘gift’. To receive the prize, users were asked to fill out a detailed form with personal information. In some cases, the attackers asked for payment of a token amount, for delivery. Lastly, Kaspersky experts found spam letters offering services on behalf of Chinese manufacturers. The emails offered products to diagnose and treat the virus, but the emphasis was on the sale of vaccination syringes. “In 2021, we saw a continuation of 2020 trends. Cybercriminals are still
actively using the Covid-19 theme to entice potential victims. As Coronavirus vaccination programs have been rolled out, spammers have adopted the process as bait. It is important to remember that although such offers may look very favourable, the likelihood of a successful outcome is zero. The user may avoid losing data or, in some cases money, if they remain vigilant to the supposed lucrative offers distributed online,” comments Tatyana Shcherbakova, a security expert at Kaspersky. In order to avoid falling victim to a scam, Kaspersky also advises users: • To be skeptical of any unusually generous offers and promotions. • To verify that messages are coming from reliable sources. • Not to follow links from suspicious emails, instant messages or social network communication. • To check the authenticity of websites they visit. • To install a security solution with up-to-date databases that include knowledge of the latest phishing and spam resources.
SECURITY FOCUS AFRICA JUNE 2021
17
NEWS
POPI Act implementation date postponed – and its ramifications With the pending full commencement of the Protection of Personal Information Act (POPIA) on 1 July 2021 (postponed to 1 February 2022 as per Government notice no: 44383 published in Government Gazette No: 297 of 1 April 2021), much of the focus has been on the preparations of businesses to ensure compliance. By Charles Kinnear, Managing Member of Abcorlaw.
H
owever, the Act also has ramifications for everyday South Africans and the processing of personal information on social media platforms. The POPIA aims to protect an individual’s right to privacy by offering protection against the unlawful collection, retention, dissemination and use of personal information. In the event that an individual discovers a post on a social media platform disclosing certain ‘personal information’ – including a photograph – the subject of the post may be considered a data subject and the person who made the post may be considered a ‘responsible party’ as defined in the Act. Posting the personal information on social media would also arguably amount to the dissemination of personal information, as contemplated in the definition of processing in POPIA. Thus, the responsible party may be obliged to comply with the provisions of POPIA. Consequences The consequences of being considered a ‘responsible party’ in terms of the POPIA are substantial and include the requirement for a responsible party to
18
SECURITY FOCUS AFRICA JUNE 2021
comply with the eight conditions of lawful processing of personal information. • The conditions include a requirement to obtain the consent of the data subject prior to posting a photograph or the views of that data subject on a social media platform. The responsible party would also be required to appoint an information officer and publish and comply with a POPIA manual as read with section 51 of the Promotion of Access to Information Act. • Arguably, the application of POPIA in the above circumstances would lead to an absurd result where every individual who posts photos, memes, videos, or the views of another person, is considered a responsible party who must comply with onerous conditions. To prevent the abovementioned situation from arising, section 6(1)(a) of POPIA states that act does not apply to the processing of personal information in the course of a purely personal or household activity. The repercussions of section 6(1)(a) of POPIA are arguably that: • POPIA applies only to business or professional activities; and
• In so far as any pictures or video taken or views shared are disseminated on social media or any other platform in a personal capacity, POPIA arguably does not apply. • POPIA does not define the terms ‘personal activity’ or ‘household activity’. The terms may have to be interpreted not only by the ordinary grammatical meaning of the words but also by taking into account, on a case-by-case basis, what contemplates work as opposed to personal use in respect of the relevant social media user. Disgruntled individuals who find their personal information posted on social media platforms without their consent are, however, not without legal remedy. Our common law, as codified in the Constitution of the Republic of South Africa, 1996, protects the individual’s right to privacy on a professional and personal basis. Thus, social media users who post what may be considered as personal information, should do so, keeping in mind that the subject of the posts, although falling out of the ambit of POPIA, are still protected by the common law in the event that the post breaches the privacy of the subject.
securityfocusafrica.com
NEWS
Protecting our maritime economy on tight budgets The protection of South Africa’s ocean economy – which continues to face an increasing number of challenges – was a central theme discussed at the recent Maritime Security Conference, which was live-streamed from Simon’s Town on 4 June.
T
he summit, which brought together central role players across government, the military and maritime defence, enabled high-level discussions and interactions about the protection and promotion of our seas and oceans. Anthony Green, Specialist in Systems and Solutions at Reutech Radar Systems, a leading developer and supplier of highprecision radar products for defence as well as the mining, industrial and commercial sector, spoke about the challenges of protecting the maritime economy whilst working with tight budgets. Adding to the challenges of budget constraints, Green spoke about limited human and equipment resources, our long and irregular coastline, the vast amount of ocean that South Africa is responsible for as well as the impunity of Exclusive Economic Zone (EEZ) transgressors. After expanding on these challenges, Green said that while we cannot do everything, he proposes trying to follow some kind of 80/20 rule. “We need to spend what we have on that which will make the most difference and also apply technology innovation. We need to focus
securityfocusafrica.com
on the trouble areas, and for that, intelligence is most important,” he says. He suggested the following as a possible solution. “Our earth is spherical, which means that we have limited line-of-sight surveillance due to earth curvature. If we are talking about stealthy maritime surveillance, where we may observe what is happening without anyone knowing, we may use a set of radars that emit lower power levels, which makes the radar difficult to detect by hostile forces whilst retaining the detection capabilities of higher powered radars. We may do this with either fixed installations or by rapid mobile deployment. We may also use low-cost passive receivers able to detect the navigation radar emissions of vessels at sea to augment the coastal radar. These receivers are able to accurately directionfind and analyse navigation radar signals and this could help in detecting vessels hiding their presence by switching off their Automatic Identification System (AIS) transmitters,” he says. He also proposed solutions to avoiding high-cost fixed cameras by using low-cost dependable drones, which are flown to the object of interest, up to twenty
kilometers away. He highlighted the fact that in many cases illegal activities take place close to shore, which means that these drones could serve the desired purpose. Green says that South Africa’s maritime economy was previously protected during World War II, up to 1945, using a network of coastal surveillance radars, which were a combination of South African-built and foreign supplied radar systems. “Presently, we have a declining budget, and the reality is, that it is likely to continue. We have assets that need to be optimally applied. There are affordable technologies that may help, and we need to revisit the creation of a coastal surveillance network with multi-sensor installations. We need to keep the fleet at sea and on patrol, and remember that you cannot control what you cannot patrol. We may apply resources where the problems exist and aim to meet the 80% part of the 80/20 rule,” he says. This event, which was attended by Navy representatives from SADC, other global regions and high-level members of the private sector, enabled facilitation of public-private business networking, potential partnerships and collaboration.
SECURITY FOCUS AFRICA JUNE 2021
19
NEWS
A challenging, risk-driven environment awaits us As many parts of the world deal with the Third Wave of Covid-19 infections, there are growing concerns that South Africa may face harsher lockdown measures in the future as the country ramps up its vaccine rollout program.
T
his will have a telling impact on society and will only accelerate the reliance on ecommerce business models as the public prioritises their health and safety. Unfortunately, this also means that there will be a challenging, risk driven environment ahead of us when it comes to fraud. This was highlighted at the Southern African Fraud Prevention Service (SAFPS) and Insurance Crime Bureau International Fraud Summit which was held virtually on 19 May 2021. Increased Risk “We are really reaching a critical point when it comes to the economy and the extreme measures that criminals will use to perpetrate fraud,” says Manie van Schalkwyk, CEO SAFPS, “The 2020
20
SECURITY FOCUS AFRICA JUNE 2021
statistics that were collected by the SAFPS indicate that there are significant increases in key areas and that there is a long road ahead to address this challenge.” The SAFPS reports that an area which saw a major increase was fraud listings which increased by 62%. In addition, victim listings went up by 54%. Perhaps the most concerning statistic coming out of the recent SAFPS report is that impersonation fraud has increased by 337%. “This is extremely concerning. Impersonation fraud is the act of a criminal impersonating another person by stealing their identity and then opening accounts in their name. The fraudster has details of the victim and attempts to take over their account. The credit provider
will ask the questions normally asked of the account holder. Because of data breaches, this information is available to the fraudster, making it easier to take over the account. They then take over the account and leave the victim with massive amounts of debt that they never took out in the first place,” says Van Schalkwyk who adds that technology has also improved significantly, and it is currently very easy to make a fake application look very legitimate. The importance of biometrics One of the most significant stats from last year is that impersonation fraud has increased by over 300%. This has highlighted the importance of biometrics and the role that it will play in the future fight against fraud.
securityfocusafrica.com
NEWS
technology, tenacity and innovation to fight against fraud to create a trusted way for everyone to use the digital era. With data breaches on the rise, relying on information to prove the authenticity of an individual’s identity is no longer enough. We have to use the unique attributes of an individual to verify that they are who they claim to be. It is for this reason that Secure Citizen uses multi-modal biometrics to close the gap between corporates and consumers, leaving no place for fraud! Only consumers have the right to use their biometrics, it is their birth right. They also have a right to revoke permission for the use thereof and this is the foundation of our business model,” says Deale. Secure Citizen enables consumers to either enrol themselves or they may be digitally enrolled, via corporates, into the Secure Citizen registry. Biometrics are enrolled and verified using Artificial Intelligence and all future interactions are verified by the consumer, through either face, voice or fingerprint.
Dalene Deale is the newly appointed Executive Head of Secure Citizen and delivered an insightful presentation that focused on keeping ahead of fraudsters, using biometrics. “Fraudsters are relentless when it comes to thinking up new ways to steal information and impersonate consumers. They use technology, tenacity and time, as their basic tools. And they only need to get in once to craft a new modus operandi,” says Deale. Legitimate business owners working with clients’ information must get it right every time. So do your consumers – they must know how to protect their data and be proactive about it. “Another thing that fraudsters use to their benefit, is the fact that legitimate businesses don’t share as liberally as they do. It is important to highlight that there are two kinds of victims in an impersonation scam, both the consumer and corporates. We don’t teach enough, speak up enough,or work together enough to find ways to fight against it. Regardless of industry,” says Deale. She adds that fighting fraud is a collaborative effort. “In our business, we have partnered with the trusted custodians of fraud prevention in Southern Africa, and we too use
securityfocusafrica.com
Other factors Mr Van Schalkwyk points out that when it comes to combatting fraud, one needs to use every tool at your disposal to ensure that consumers have adequate protection. “In addition to voice biometrics, facial matching is important because these are important elements when it comes to building the full profile of the consumer. Secure Citizen offers solutions that range from a quick verification of the consumer in a transaction to know-your-customer (KYC) which is something that every company aims to achieve. Especially when it comes to financial institutions,” says Van Schalkwyk. Mike Haley, Chief Executive of Cifas in the United Kingdom provided some insights into facial matching while Vanda Dickson, Executive Head of OneVault, and Brad Scott, cofounder of Onevault Africa and Group Executive: Operations and Product, launched the Imposter Voice Service to SAFPS members at the Summit. Driven by data The reason why fraudsters are so capable of impersonating consumers and representatives of the financial institutions that consumers belong to is that they have access to huge amounts of data which provides the personal information that is required to perpetrate this type of fraud.
The only way to combat this is to beat them at their own game. Key to the success of Secure Citizen, as well as other key services that are offered by the SAFPS, is that they are run by huge amounts of data which is processed in real time and may provide an accurate picture of a consumer that companies may use to ensure that they are dealing with the right person. Portia Matsena, CIO of BankservAfrica, discussed how data is an enabler for artificial intelligence and biometrics at the Summit. Important protection In addition to the risk that consumers face when it comes to fraud, the landscape when it comes to data protection is also currently significantly risk based. In 2020, South Africans faced two major data breaches. “The protection of personal information is becoming a major issue,” says Van Schalkwyk. “Consumers need to know that the information that they hand over to their banks and other financial institutions will be handled in a responsible manner and that the data leaks that we experienced last year cannot be a regular occurrence.” While consumers do face some measure of risk when it comes to this, there is growing protection in the form of the Protection of Private Information Act. Era Gunning, Director of Banking and Finance at ENSafrica discussed this in her presentation at the Summit. A new environment “One of the trends that we have seen during the Covid-19 Pandemic is that there is a definite shift towards online consumerism and that there needs to be a significant adjustment in the shaping of business post Covid-19. This applies not only to consumers, but to companies and those who fight against fraud,” says Van Schalkwyk. There was a key panel discussion covering this topic of a changed future between Mark Brits, Senior General Manager at Prudential, and The Banking Association of South Africa and Johan van Graan, the Chief Risk Officer at Vodacom. “At the end of the day, there is no substitute for awareness and vigilance. As always, the SAFPS urges consumers to be vigilant when it comes to fraud and to remain cognisant of the fact that they face increased risk of becoming victims,” says Van Schalkwyk
SECURITY FOCUS AFRICA JUNE 2021
21
SPECIAL REPORT
Benchmarking cyber threats to South African children Digimune, the digital identity, privacy and social media protection company, surveyed 200 South African parents in February 2021 to gauge their views and concerns around children and digital threats.
T
he results revealed that children in the respondents’ communities have been a victim of the following cyber threats: • 35% of children have been a victim of cyberstalking • 36.5% of children have fallen victim to online shaming • 43.5% of children willingly share their personal information on online platforms • 54% of children have accessed inappropriate content via digital platforms • A staggering 51.5% of children have been cyber bullied More than one out of every two children in the respondents’ communities have been victims of cyberbullying, or have accessed adult or otherwise inappropriate content online. Further, more than two out of five children have shared personal information online, and more than three out of ten have been cyberstalked or been a victim of online shaming or revenge porn. (See tables 1 and 2 for the full results). It is likely that this data is an underrepresentation, due to a combination of children’s reluctance to tell their parents about an attack and the sophistication of cybercrime today. Far from ad hoc, brute
22
SECURITY FOCUS AFRICA JUNE 2021
force attacks, using rudimentary technology and techniques, cyber criminals harness the latest tech, bide their time and are strategic about their activities. The theft of personal information or hacking into social media platforms are good examples of this. Because criminals go on to sell this information on the dark web, it is in their interest for you, or your child, to be oblivious to the theft of information or the hack. Further results from the survey Digital concerns: Parents top five digital concerns for their children are: • Shaming/revenge porn • Cyber bullying • Accessing adult or otherwise inappropriate content • Grooming • Identity theft (See the full results in table 3). Access to devices: The vast majority of children have access to a wide variety of online devices – either shared, or their own device – from a young age. By the age of 10, 30.5% of children have their own smartphone and 41.5% have access to a shared smartphone. But there is also a proportion
of parents who indicated in the survey that their child will never have any access to specific devices. (See tables 4 and 5). “Today, being online and having access to a variety of digital tools and platforms are a must-have, not a not a nice-to-have. From learning, to creating, socialising and exercising, our online life is as important as our analogue life. Unfortunately, this has been weaponised by criminals wanting to profit from and wreak havoc in our, and our children’s, lives,” said Simon CampbellYoung, co-founder and VP global sales at Digimune. “Parents need to protect themselves and their families by harnessing technology as an important early warning system and an effective line of defence.” About Digimune Digimune is a cloud-based platform that provides next-generation digital risk protection. Digimune safeguards individuals, families and businesses from digital threats across all publicly available platforms. About the survey and breakdown of results Digimune surveyed 200 South African parents in February 2021 to gauge their views and concerns around children and digital threats.
securityfocusafrica.com
SPECIAL REPORT
Table 1: Cyber threats the respondents’ children have been a victim of
Yes
No
I don’t know
Access to adult or otherwise inappropriate content
26.5%
62%
11.5%
Sharing personal information
16.5%
68.5%
15%
Being hacked
12.5%
82.5%
5%
Cyberbullying
11.5% 85% 3.5%
Grooming
9.5% 77.5% 13%
Cyber stalking
9.5%
80%
10.5%
Identity theft
6%
91%
3%
Shaming/revenge porn
5%
89%
6%
Doxing
2.5% 83% 14.5%
Table 2: Cyber threats children in the respondents’ communities have been a victim of
Yes
No
I don’t know
Access to adult or otherwise inappropriate content
54%
37%
9%
Cyberbullying
51.5% 41.5% 7%
Sharing personal information
43.5%
43.5%
13%
Being hacked
41.5%
44%
14.5%
Shaming/revenge porn
36.5%
56%
7.5%
Cyber stalking
35%
46.5%
18.5%
Identity theft
26%
61%
13%
Grooming
24% 61% 15%
Doxing
10.5% 66.5% 23%
Table 3: The cyber risks which SA parents are most concerned about Shaming/revenge porn
1
Cyberbullying 2 Access to adult or otherwise inappropriate content
2
Grooming 4 Identity theft
5
Sharing personal information
5
Being hacked
7
Doxing (having their private details shared online by someone else)
8
Cyber stalking
9
Table 4: Ages at which children first have access to shared devices
Smartphone
<5 6-10 11-15 16+ Never
13.5% 28% 35.5% 17% 6%
Table 5: Ages at which children first have access to their own devices
<5 6-10 11-15 16+ Never
Smartphone
8.5% 22% 39.5% 24.5% 5.5%
Tablet
22% 27.5% 20% 22.5% 8%
Tablet
12% 27% 28.5% 23% 9.5%
Computer
14% 28.5% 28.5% 18.5% 10%
Computer
7.5% 25% 28% 31% 8.5%
Online gaming console
13%
Online gaming console
securityfocusafrica.com
28%
21%
18.5%
19%
8%
23.5%
25%
22%
21.5%
SECURITY FOCUS AFRICA JUNE 2021
23
SPECIAL FEATURE
Aeroplane safety cards have saved thousands of lives: imagine what they could do for the world’s most vulnerable workers Of the world’s three billion workers, nearly two billion work in unsafe conditions1, with more than two million dying every year from workplace accidents. What if simple, visually-led communication could change that, making workplaces safer?
W
e already know it does so for one industry: airlines. Using, powerful, simple design that transcends language, plane safety cards have dramatically reduced fatalities2 in crashes. There’s no reason why the same kind of thinking couldn’t be applied to workplaces in industries such as mining, construction, and oil and gas. In all of these industries, workers operate in potentially dangerous settings. In a bid to mitigate these risks many countries have stringent health and safety regulations in place. But in a world where multilingual and multicultural workforces are commonplace, ensuring that everyone sticks to those regulations and operates as safely as possible can be challenging. Overcoming those challenges requires
24
SECURITY FOCUS AFRICA JUNE 2021
a different approach to the conventional one of providing written guidelines about safety issues. Instead, we need clear and concise visually-led communication, using principles similar to the aeroplane safety cards we’re all familiar with. A surprisingly recent innovation While we may all be familiar with aeroplane safety cards today, they’re actually a surprisingly recent innovation. In the early days of air travel, safety cards were essentially viewed as miniature advertisements, designed to sell people on the glamour and safety of flying. What safety information there was usually took the form of hard-to-follow text. By the 1960s, things had improved a little. US carrier Pan Am, for example, created ‘fleet cards’. These were almost
like a booklet that you would pick up, and it would have the safety and emergency instructions for multiple plane models in it, and each set of instructions would be in multiple languages. Of course, the last thing you want to have to do in an emergency is flip through a book, looking for the instructions pertinent to the plane you’re travelling on and in your language! It was only in the late 1960s that we started to get the safety card design we’re all familiar with today. The development came at a time when planes were becoming safer and people were increasingly surviving the impact of a crash. What they weren’t surviving was the smoke from fires on the plane following a crash because they didn’t know how to evacuate. In experiments,
securityfocusafrica.com
SPECIAL FEATURE
it was found that the simpler a safety card was to understand, the more likely people were to evacuate successfully. It took until the late 1970s and a devastating crash at Tenerife3 in the Canary Islands for the safety cards we know today to become standard. Applied to workplace Applying the same logic to the workplace may greatly reduce accidents and increase compliance too. That’s according to Andrew Smith, owner and CEO of Jincom4, a visual safety solutions company that has a client list that includes names as big as Siemens, PetroChina, and ABInbev, and which is backed by Norwegian-funded private equity firm SPEAR Capital. In fact, Smith says, aeroplane safety cards were the inspiration for founding the company after he witnessed how difficult it could be for organisations to explain safety regulations and procedures to their workers. “I watched a supervisor at one of the deepest gold mines in the world explaining safety procedures to a group of young workers,” the Jincom CEO says, “He was trying to read from a 300-word single-page document. He was struggling and nobody was listening - and I thought, ‘There must be a better way to do this.’” “I thought about aeroplane safety cards,” he adds. “A pilot doesn’t know
securityfocusafrica.com
who is in the back, but needs to make sure everybody, irrespective of language or literacy levels, understands the critical safety information.” From there, he found some illustrators and began to try to simplify and illustrate some of the mine’s ‘Golden Rules’. Of course, workplaces may be more dynamic than aeroplane cabins, meaning that safety cards aren’t necessarily enough. Fortunately, technology means that it’s possible to digitally provide up-to-the-minute safety information to workplaces around the world without requiring extensive translation or waiting for printers. Digital safety posters may be posted on screens and simplified technical standards pushed directly to tablets used by supervisors, for example. “Innovations such as e-learning and virtual reality training may also go a long way to ensuring that workers retain crucial safety information,” says Smith. “They’ll also undoubtedly become more commonplace in the future, ultimately saving organisations money on training staff while making workplaces fundamentally safer.” That goal is in line with the UN’s Sustainable Development Goal (SDG) 85 which concerns decent work and economic growth and aims to ‘protect labour rights and promote safe and secure working environments of all workers, including migrant workers’.
According to SPEAR Capital partner Bryan Turner, that made Jincom a natural investment target. “While a good, viable business model is important to our investment decisions,” he says, “we also look for companies that impact the world in positive ways. Jincom fulfills that mandate”. A safer workplace With an estimated 2.3 million6 workplace-related deaths occurring every year (along with 340-million occupational accidents), it’s clear that there’s lots of ground to be made up when it comes to making workplaces safer. The key to making the next big leap forward may well lie in the lessons learned from aeroplane safety cards. 1. https://cdn.ymaws.com/www.saioh.co.za/ resource/resmgr/docs/Fuller_Global_Issues_ SA_0717.pdf 2. https://99percentinvisible.org/episode/ in-the-unlikely-event/ 3. https://en.wikipedia.org/wiki/Tenerife_ airport_disaster 4. https://www.jincom.com/ 5. https://sdgs.un.org/goals/goal8 6. https://www.ilo.org/moscow/areas-of-work/ occupational-safety-and-health/ WCMS_249278/lang--en/index. htm#:~:text=The%20ILO%20estimates%20 that%20some,of%20work%2Drelated%20 illnesses%20annually.
SECURITY FOCUS AFRICA JUNE 2021
25
PERSONALITY COMPLIANCY PROFILE
In conversation with… Dr Mahlogonolo Thobane Dr Mahlogonolo Thobane is the Senior Lecturer in the Department of Criminology and Security Science at the University of South Africa (UNISA) and the first Black President of the Criminological Society of Africa (CRIMSA).
B
orn in the village of GaNkidikitlane in Mokopane, Limpopo Province in South Africa, Mahlogonolo moved to Mpumalanga Province when she was four years old. The only child of a young teenage mother, her maternal grandmother then opened her home to the little girl, where she lived until the age of thirteen. By then, her mother had established herself in Soshanguve, a township to the north of Gauteng, so the now-teenaged Mahlogonolo was able to join her. Warm, open and inspiring, Mahlogonolo shares her personal and career journey here: The early years I remember sitting around the fire with my cousins and listening to my grandmother telling us many beautiful tales. My grandmother, Mantwa Stephina Kwadi-Lepemole, from whom I got my middle name, was and is still one of my favourite human beings. Being raised by her, such a powerful woman, is one of my fondest childhood memories. I was born to a teenage mother, Dikeledi Molewa nee Kwadi, whose boyfriend rejected me before I was born. However, my mother got married in 2007 to a lovely man, Elvis Molewa, who has been nothing short of amazing to me as a father.
The road to success After matriculating from Hillview High School in Mayville, north of Pretoria in 2002, Mahlogonolo enrolled for a Bachelor of Social Science degree at the University of Pretoria. “I’d always wanted to become a clinical psychologist, but then criminology found me! After obtaining my undergraduate qualification I went on to study my Honours Degree in Criminology fulltime at the University of Pretoria.” Her first job was as a post-graduate research assistant at the-then Department of Security Risk Management at the University of South Africa (UNISA). Next, she was employed by ABSA Bank, in its Group Risk Division, Department of Security, where she spent three years before returning to UNISA. From 2012, she worked her way up, through the ‘varsity to her current position, that of Senior Lecturer at UNISA. Mahlogonolo is also a Research Consultant at the University of Cape Town’s Gender and Health Justice Research Unit, and the founder and CEO/ Managing Director of non-profit organisation Mu Duka (212-833 NPO), which means “We are together” or “Re kaofela” in the Hausa language. “The central focus of this organisation is to encourage the nation, regardless of age, gender, race and cultural background, to stand united against
gender-based violence. Mu Duka further promotes holistic and intersectoral approaches (involving various government departments, the private sector and non-government organisations) to prevent the scourge of gender-based violence in South Africa. Mu Duka also reminds victims of gender-based violence that they are not alone.” To this end, Mu Duka’s objectives are as follows: • To improve and generate knowledge on issues relating to gender-based violence through community engagement, advocacy and research output; • To improve support offered to victims of gender violence and prevent secondary victimisation through engagement with community support organisations and continued engagement with the Criminal Justice System (CJS) and processes used to handle cases of victims of genderbased violence;
I dream of a South Africa where women, children and other vulnerable groups are safe and no longer victims of heinous crimes. 26
SECURITY FOCUS AFRICA JUNE 2021
securityfocusafrica.com
PERSONALITY PROFILE
The narrative that South Africa is one of the world’s crime capitals needs to change. • To tackle cultural practices that perpetuate gender-based violence through continued interaction with community and traditional leaders; • To assist in creating a platform where women and men are offered skills development to alleviate poverty, which in turn eliminates the chances of violence caused by dependency and/or frustration; • To motivate young boys and girls and the youth to attain basic and higher education, which may assist in creating career opportunities for them, which in turn reduces and/or prevents violence caused by dependency or a lack of employment. What do you love about your career? That I get to make a tangible impact through my work, be it through imparting knowledge to students whom I teach or making a contribution to the banking and security industries through the research done on CIT (cash-in-transit) heists or to the communities I interact with through my work and research on Gender-Based-Violence (GBV). Also, it may seem like I am doing a lot of things, but everything I do is intertwined and leads to the same purpose, which is making a contribution to the prevention of crime in our country. What are the biggest challenges? Trying to solve the crime problem in South Africa is a big challenge on its own, which makes the job that I do, as a criminologist, not an easy one. Your best advice to the young generation? Always know your why, and chase purpose over money and material. When you do what you love and are living in
securityfocusafrica.com
Qualifications and awards: Dr Mahlogonolo Thobane holds a Bachelor of Social Sciences: Psychology degree from the University of Pretoria (UP); BA (Honours) degrees in Criminology and Psychology from UP and UNISA, respectively. She also holds a Master’s degree in Criminology as well as a Doctor of Literature and Philosophy (DLitt et Phil) in Criminology. She is the first black President (2021-2023) of the Criminological Society of Africa (CRIMSA), the only society for Criminologists and Criminal Justice professionals in South Africa and other African countries. She was the quarterly newsletter editor for CRIMSA from 2014-2019. In 2020, she was appointed to serve on the Assistant Editorial Board for the CRIMSA Journal, Acta Criminologica: African Journal of Criminology and Victimology. In 2018, Dr. Thobane was awarded the UNISA Vision Keepers Prize for the research project titled: An exploration of the impact of sociocultural norms on the surge of gender-based violence in South Africa with the mentorship of the Director of the University of Cape Town (UCT) Gender, Health and Justice Unit (GHJRU). In July 2019, the GHJRU awarded her a Senior Researcher grant for a five-year Local Responses to Improve Gender-Based Violence (GBV) Project led by the Centre for Communication Impact (CCI) and funded by the United States Agency for International Development (USAID). This came on the back of her Vision Keepers project. Dr Thobane is the holder of the UNISA ‘2018 Woman of the Year Award’ under the category, ‘Enhancing Other’s Health and Wellbeing’. She is one of ten young international criminologists who won a research paper award, sponsored by the International Society of Criminology (ISC) as well as the United Nations Office on Drug and Crime (UNDOC), at the 2019 International Congress of Criminology. She is also the Human Science Research Council (HSRC) and Universities South Africa (USAf) 2020 Medal in Social Sciences and Humanities: Emerging Researcher runner up. Her research and personal interests are bank related robberies or violent crimes, critical criminology, indigenous research methods as well as gender based violence. Given her interest in gender based violence issues, she founded a Non-Profit Organisation, Mu Duka (212-833 NPO) in 2018, which promotes holistic and intersectoral approaches (involving various government departments, the private sector and non-government organisations) to combat the scourge of gender based violence in South Africa.
your purpose, money will chase you. Your talent will bring you before queens and kings. Your mentors? I consider anyone whom I have ever come across and who has taught me something, to be a mentor. I am where I am today because many people made valuable contributions to my life. I have – and I still am – been standing on the shoulders of many giants, of which my mother and my grandmother are the main two. Also, not to forget about my supportive husband and number one cheerleader, Modise Thobane. My current career mentor is Professor Lillian Artz from the UCT Gender Healthy and Justice Research Unit.
What do you do to relax? I love reading non-academic material for leisure. I am currently in the middle of These Bones Will Rise Again by Panashe Chigumadzi, and I also write poetry. What are your dreams and hopes, both personal and career-wise? My dream is to make a contribution in terms of decreasing crime in our country. What is your hope for South Africa? I dream of a South Africa where women, children and other vulnerable groups are safe and no longer victims of heinous crimes. The narrative that South Africa is one of the world’s crime capitals needs to change.
SECURITY FOCUS AFRICA JUNE 2021
27
ON THE MARKET
Why off-grid solutions are starting to make more sense to South Africans With load shedding back and disrupting day-to-day life, compounded by consumers feeling the 15% increase on their electricity bill, alternative sources of energy are beginning to look more attractive to South Africans, and solar should be at the top of the list. By Mathew Hall, Product Director at Rectron.
A
lternative power solutions, such as solar panels, inverters, and batteries, have progressed significantly in terms of efficiency and cost over the last decade. As solar technology becomes more accessible and electrical appliances continue to reduce their power consumption, installing a solar system to supplement your electricity bill and reduce your dependence on the electrical grid has never been more appealing and easier to do. Considering South Africa’s electricity supply issues, why don’t more homes and businesses already have solar? How expensive is implementing solar solutions within a household and when should
28
SECURITY FOCUS AFRICA JUNE 2021
users expect a payback from their investment? There are other ways to reduce a home’s electricity consumption. Consider these as part of a longer-term investment and cost-saving exercise. Depending on your needs, there are multiple options and solutions which may be customised for your home, cost, and preferences. Pure solar generation with no battery backup With the current generation of solar inverters available today, users may install a solar system without the need for backup batteries and significantly reduces the overall cost. Ideally, this solution is for households or offices that consume more
power during the day, allowing the user to maximise the electricity generated in the daytime, as there is no way to store power. A pure solar generation allows the user to generate solar with much lower capital investment and will supplement existing power available, rather than replacing it. • According to Eskom, the national average daily consumption for a typical household is over 30 kWh. • With the maximum 8 000W of panels installed, users could generate 7,290kWh a year. Based on the higher Eskom tariffs, the return per year is R22,526. • The total hardware cost involved for panels and the inverter is around
securityfocusafrica.com
ON THE MARKET
R70,000 and around R50,000 for installation, providing a total cost of around R120,000. • Based on the generation figure of R22,526 the return will be 5.3 years if every kWh hour generated is used. The return on investment here will come from reducing consumption from Eskom, with users paying less on the R3.09 per kWh tariff for over 600KWh per month consumption. The downside of this installation is, of course, that in event of load shedding at night or during daytime – when consumption is higher than generation – there will be no backup power, which of course leads us to the next scenario. Solar generation with battery backup A photovoltaic system converts the sun’s radiation, in the form of light, into usable electricity. As a backup or moving to an off-grid style solution – a photovoltaic system and a solar power storage unit – valuable solar electricity may be stored and used during times of load shedding. As it is difficult to match electricity consumption to the solar power that is being generated, you often need a battery backup so that users may store power to use at a later stage. This, of course, will lead to higher capital investment, with various considerations which must be taken into account. • On top of the R120,000 needed for the solar system, users will require sufficient battery backup, especially for night consumption or low light times
securityfocusafrica.com
of the year. • The current South African household backup requirement is around 10Kwh of backup. This will require 3 x 3.6kwh Dyness B3 Lithium Iron Phosphate batteries,, leading to a total of R54,000 on top of the hardware cost above. • With the total cost now at R174,000, the return on investment is now 7.72 years. However, with backup batteries in place, the user is much closer to being totally off the grid and far less reliant on Eskom power supply. When selecting the batteries which will be used within the solar system, it is important to consider their quality and capacity, rather than the initial cost of investment. Lithium Iron Phosphate batteries may be more expensive when compared to acid, AGM and Gel-based batteries. However, lithium batteries will last up to 10 years or 6 000 cycles, while acid, AGM and Gel-based batteries will only last around 1 200 cycles before they must be replaced. An installer should be able to provide you with an accurate energy estimate for how much your system will produce each year, as well as how much you will save. The payback period on these scenarios is based on Eskom tariff remaining flat for the next five to seven years. With tariffs likely to continue to rise, the return period will become much shorter with each increase. Over and above the benefit of lower electricity bills, a solar power system makes a home more environmentally friendly and limits reliance on Eskom.
Alternatives to keep the lights on during load shedding For many South Africans, going off-grid might not be affordable and they may just be looking for solutions to ensure that they may remain productive during load shedding. Once these hardware solutions have been installed within an office space or household, the adverse effects of load shedding may be completely sidestepped, ensuring you or your workforce remain productive and minimising business disruptions. Consumer backup options include: • The MegaPower Bank is focused on users who need more than what a standard power bank may provide, and are able to power up a variety of devices. Focused at either a small home or travelling user, you should be able to power your router, notebook, and screen (details specific and uptime will vary) • The MegaPower Trolley is focused on households looking to cover the full load shedding time. Depending on the number of devices that are connected to the 1k Inverter with a 200ah battery, this solution is capable of keeping basic lights, TVs and devices all charged throughout load shedding. Whether you prefer a permanent, professionally installed solution or an easy plug-play solution, Rectron offers a range of power solutions, including RCT and Vertiv, that may be customised for a variety of situations and needs of our customers.
SECURITY FOCUS AFRICA JUNE 2021
29
CYBER SECURITY
Protecting your ERP system from cybersecurity breaches Cybercrime taps into the vulnerability of business systems and can pose a real threat to a robust supply chain. A sophisticated ransomware attack recently targeted the world’s largest meat processor. Following the business system breach, operations in the US and Australia were disrupted, resulting in a knock-on effect. By JP van Loggerenberg ,Chief Technology Officer at SYSPRO.
T
he meat processor had no option but to shut down nine beef plants in the United States and several plants in Australia. Several truck drivers who specialize in hauling livestock also had no choice but to drive hundreds of miles to pick up cattle from an alternative supplier. For the endconsumer, the long-term impact of the cyber-attack could mean inflated meat prices. Unfortunately, this is not the only instance of a cyber attack on critical business. Earlier this year, a ransomware attack on the Colonial Pipeline, that provides nearly half the United States East Coast’s fuel supply, resulted in gas and jet fuel shortages in the US. In this case, the hackers demanded $4 million in ransom. While the ransom was paid on the same day, and authorities have since
30
SECURITY FOCUS AFRICA JUNE 2021
been able to recover around $2.3 million in bitcoin paid in the Colonial Pipeline ransom, the pipeline was only able to function again after six days. With increased reliance on digital tools, businesses are now understanding the importance of company-wide cybersecurity strategies that take into consideration all IT systems. For manufacturers and distributors, this includes your Enterprise Resource Planning (ERP) solution, as it integrates internal systems and integrates with external third-party systems. ERP systems contain sensitive information ranging from supplier information on the creditor side and customer information on the debtor side. From a compliance perspective, this information needs to be carefully protected. There is no doubt that ERP is
at the heart of the business and needs to be an integral part of the cybersecurity strategy of the organization. Your first line of defense begins with knowledge To safeguard against cyber-attacks, manufacturers and distributors should watch out for a number of ‘social engineered ’ scams that try to exploit organizational weaknesses. Distributed denial-of-service (DDoS) attacks seem to be amongst the most prevalent amongst ERP users. Here, cybercriminals target a public-facing endpoint, where a network resource is rendered unavailable to intended users.
securityfocusafrica.com
CYBER SECURITY
Phishing is another example where criminals may exploit systems by sending emails that seem to be from trusted sources or companies. For example, an ERP customer would receive an email from their ERP vendor, often promising a reward or refund, to deceitfully obtain personal information, including passwords, identity number, banking login details. Another example is pharming. Pharming is a cyber-attack intended to redirect a website’s traffic to another, a fake site that aims to steal your information and money. In a pharming attack, the criminal hacks into the website you have opened and redirects you to an imposter site. Much like a phishing scam, many of us won’t notice any difference in the rogue site and will enter our username and password, or credit information as usual. The attacker then intercepts the captured information. Across all cyber-attacks, the one common denominator is the human factor. The risk lies from within a business, so manufacturers should consider a number of steps to safeguard their ERP investment.
Steps to guard your ERP system against possible risks • Don’t delay software updates Security technologies are ever-evolving. What may be safe today, may not be safe tomorrow. Therefore, businesses need to protect their devices by installing the latest versions of any software – including the latest version of your ERP software. In addition to leveraging the latest features, newer software versions remove any vulnerabilities that may put a business at risk. • Consider access rights For some, applying specific access rights across an organization is an effort. In this scenario, most employees are given full access rights. The problem with this scenario is that it opens up more opportunities for cybercriminals to access sensitive information. Organizations should instead ensure that employees are provided with specific roles and form part of groups with associated security and clearance authorizations.
• Choose a multi-factor authentication approach One-factor authentication is archaic and involves a person who matches one credential to verify himself or herself online. This poses a real risk for businesses and a real opportunity for malicious users. Instead, businesses today need to have an extra layer of security with two-factor or multi-factor authentication. Luckily, modern technology today does offer the option of single sign-on. Rinse and repeat Ultimately, a company’s cybersecurity is only as strong as its weakest link. Because the human factor can place your business at risk, a rinse and repeat approach should be taken around cybersecurity education. Staff need to be reminded not to open suspect emails, be wary of unexpected messages, and be reminded to change their passwords often. Education and awareness can strengthen this mindset and can protect your ERP solution from malicious intent.
Across all cyber-attacks, the one common denominator is the human factor. The risk lies from within a business, so manufacturers should consider a number of steps to safeguard their ERP investment.
securityfocusafrica.com
SECURITY FOCUS AFRICA JUNE 2021
31
CYBER SECURITY
Passwords are 60. Time for them to go It’s been 60 years since passwords were first used at MIT, and if the number of breaches in the news are anything to go by, we are no more adept at managing our passwords than we were in 1961.
B
ut, while passwords are being phased out, IT leaders may, fortunately, rely on authentication technology that will protect their valuable data, without destroying the user experience. As more companies have adopted cloud computing, and more recently, remote working, the need to protect data has become significantly more important. For companies transacting online, the need to protect their customers is higher still. However, setting up security roadblocks that slow down the user experience will cause irritation and potentially lose a business valuable customers. “Protecting users while keeping fraudsters out has become one of the most critical duties for today’s CIO (chief information officer). Finding the correct balance between great user experience and strong authentication in a low-friction environment has become the holy grail in security circles,” says Gerhard Oosthuizen, Chief Technology Officer at Entersekt1.
Passwords just don’t cut it, and some alternatives don’t, either According to Verizon’s annual security report2, compromised credentials are still the most often used asset (80%) when it comes to data breaches. Despite the glaring evidence of just how at risk we are, most people resist making use of password managers and, according to Oosthuizen, still have terrible password habits. “We all now have hundreds of accounts that require passwords. The chances are
32
SECURITY FOCUS AFRICA JUNE 2021
Gerhard Oosthuizen
that we each have around four or five that we simply recycle. One which we only use for our bank account, one or two that we use for our various social media accounts, and one which we use for everything else. Our ‘recover password’ information is also easily cracked, so that is of little use – especially if we answer honestly. A simple search will give you a person’s mother’s maiden name, the name of their first pet and, let’s be honest, the majority of us will answer pizza if asked for our favourite food. Passwords are passé,” Oosthuizen states. When the weaknesses of passwordbased authentication began to become known, many organisations introduced two-factor authentication. One popular implementation that is still common today is SMS one-time PIN or password (OTP) technology. While it does add an extra layer of protection, Oosthuizen points out that this often comes with a big dose of user friction, and it’s by no means foolproof. “Today the biggest challenge with OTPs is that the technology does not really protect against modern attacks. Criminals have found many workarounds such as SIM-swap3 and man-in-the-middle attacks4.” Stronger security, better experiences More robust technologies like mobile push authentication have now replaced SMS OTPs as the industry standard in authentication. Unlike SMS OTPs,
authentication messages delivered via push messaging technology are truly out of band. “This means that you don’t rely on the same channel to deliver authentication requests and responses that was used to initiate the original, potentially fraudulent, transaction,” Oosthuizen explains. In addition to the stronger security provided by technologies like push-based authentication, they also offer a far greater user experience. The user receives the full request on their trusted mobile app, and may approve it from there. They no longer have to wait for an OTP to arrive and copy it or remember it and then enter it, frequently having to switch between apps to do so. It’s all about leveraging the user’s device to create a strong device identity, and making authentication experiences as seamless as possible. And today you may use the biometric sensor on a device to completely eradicate the use of passwords, while increasing security. “We use the end-user’s digital device to help authenticate them. Our certificatebased device identity technology ensures that only your own trusted device may be used, and if you combine that with biometrics, it prevents you from having to enter a password or an OTP. This enables a truly passwordless experience, Oosthuizen explains. “So the passwordless future has arrived. That should make all those CIOs smile.” About Entersekt Entersekt is a leading provider of strong device identity and customer authentication software. Financial institutions and other large enterprises in countries across the globe rely on its multi-patented technology to communicate with their clients securely, protect them from fraud, and serve them convenient new experiences irrespective of the channel or device in use. They have repeatedly credited the Entersekt Secure Platform with helping to drive adoption, deepen engagement, and open opportunities for growth, all while meeting their compliance obligations with confidence. 1. https://www.entersekt.com/ 2. https://enterprise.verizon.com/content/ verizonenterprise/us/en/index/resources/ reports/2020-data-breach-investigationsreport.pdf 3. https://en.wikipedia.org/wiki/SIM_swap_scam 4. https://en.wikipedia.org/wiki/Man-in-themiddle_attack
securityfocusafrica.com
ON THE INDEX MARKET
Contributors and advertisers index ENTITY
PAGE
WEBSITE
Charles Kinnear
18
www.abcorlawinc.co.za/wp/
Cybelangel
11
www.cybelangel.com
Digimune
22
www.digimune.com
Gerhard Oosthuizen
32
www.entersekt.com
ISMG
11
ismg.io
JP van Loggerenberg
30
za.syspro.com
Kaspersky Matthew Hall Nemtek Peter Bagshawe Security Association of South Africa
securityfocusafrica.com
15, 17
www.kaspersky.com
28
www.rectron.co.za
3
www.nemtek.com
34 6, IBC
— www.sasecurity.co.za
SECURITY FOCUS AFRICA JUNE 2021
33
THE LAST NEWS WORD
THE RULE OF LAW
The impetus for this article came partly from discussions with colleagues and probably more apposite from quotations attributed to members of the public supporting the former State President who attended the opening of the hearing of the criminal trial of Thales and Jacob Zuma at the Pietermaritzburg High Court on 17 May 2021. By Peter Bagshawe
O
ne of the attendees is quoted as saying, “He is so old and now we are wasting money running behind him.” Another commented that she felt like Zuma was being persecuted, which echoes a number of similar statements from Zuma family members. The charges that were brought against Jacob Zuma include one count of racketeering, two
34
SECURITY FOCUS AFRICA JUNE 2021
counts of corruption, one count of money laundering and twelve counts of fraud, whilst Thales faces one count of racketeering, two counts of corruption and one count of money laundering. The simple answer to why, within the criminal prosecutorial system, charges have been laid in this matter is The Rule of Law. This phrase has been in use for centuries and, to complicate matters, is
not a codified or readily apparent legal rule; the Rule of Law refers to a position where the law rules in a particular state or country. Building from this position the Rule of Law is a mechanism that provides the equality of all citizens before the law and secures a non-arbitrary form of government in order to prevent the partial use or abuse of power. Broadly speaking, this would entail a situation
securityfocusafrica.com
THE LAST NEWS WORD
where the authority and influence of law on a society, where the law acts as a constraint on individual and institutional behaviour, acts in a manner that ensures all members of a society, including government, are equally subject to publicly disclosed legal codes and processes. For this mechanism to work it is essential that measures are in place to ensure adherence to the principles of supremacy of law, equality before the law, accountability to the law, fairness in the application of the law, separation of powers, participation in decision-making, legal certainty and avoidance of arbitrary actions with procedural and legal transparency. The history of the discussion about and the development of the Rule of Law may be traced back to Aristotle, but the main impetus came in the 16th-century when the divine right of monarchs to rule was under attack with arguments put forward
securityfocusafrica.com
to promote impartial legal systems being developed. From this starting point, it was developed to the point that currently the rule of law requires that every person be subject to the law, including people who are lawmakers, law enforcement officials and the judiciary. In this sense, it stands in contrast to dictatorships, or an oligarchy, where a dictator or cabal would be above the law. The current evolved view on The Rule of Law is probably best captured by The Justice Project which breaks their four principles (being Accountability, Just Laws, Open Government and Accessible Justice) into a further eight ranking factors. These are, briefly, Constraints on Government Powers, Absence of Corruption, Open Government, Fundamental Rights, Order and Security, Regulatory Enforcement, Civil Justice and Criminal Justice. Space does not permit a full review of each but the standouts are government actions must be subject to judicial review, government officials in the executive and legislative branches, judicial branch, police and military cannot use public office for personal gain, equal treatment before the law, effective control of crime and civil disorder and effective criminal investigation systems. The absence or partial implementation of the ranking factors lowers the score in respect of the strength of the applicable Rule of Law system. From a practical perspective, the existence of The Rule of Law within any state does not guarantee that the system will be enforced and enforceable. Democratic principles and effective separation of powers between the legislature and judiciary are essential and the absence or erosion of either would jeopardise the system. Here, appointment of judicial officials and the funding of a strong, independent judiciary are key. Decay of the Rule of Law will take place if government lacks corrective mechanisms for restoring it. This would allow for the development of corruption, compounding the difficulty of restoring The Rule of Law, and the longer this is allowed to continue, the greater the likelihood becomes of corruption being embedded in systems of government. The longer this eroded system remains in place, the more difficult rectification and remediation would become. Eventually a collapse of The Rule of Law is the ultimate outcome. Turning back to the trial of Thales and Jacob Zuma, the charges allege the use of public office for personal gain in respect
of payments made by Thales to Jacob Zuma. More specifically, the charges in respect of both are racketeering, corruption, money laundering and fraud. The alleged payments relate to periods when Jacob Zuma was the MEC for Economic Development in KwaZulu-Natal. The Commission of Enquiry into State Capture (Zondo Commission) was established to hear evidence of and investigate allegations of state capture, corruption, fraud and other allegations in the public sector including organs of state. In respect of both the Zuma Thales trial and Zondo Commission fraud, corruption and personal gain are common threads, which require, in terms of the Rule of Law, to be investigated and findings by a judicial officer presented. A further application of The Rule of Law is the availability of the full ambit of legal defences to the Zuma legal teams over the period of both the prosecution and Zondo Commission. The trial in the Pietermaritzburg High Court was held over until 26 May 2021 to allow papers to be served on the State relating to an application by Zuma’s legal team for the recusal of chief prosecutor Billy Downer. This is similar to the application made for the Chairman of the Commission of Enquiry into State Capture to recuse himself from hearing evidence from Jacob Zuma at the Commission. This application was unsuccessful. Cynics may suggest that both were a manifestation of the Stalingrad defence first referred to by Zuma’s then advocate Kemp J Kemp in 2006 during Zuma’s rape trial and which has been repeatedly referred to by commentators in subsequent legal matters involving Zuma. The South African Constitution contains provisions, checks and balances that ensure that The Rule of Law is capable of application in its full ambit. Factually it is being given effect; however the speed of matters being heard and the use of its mechanisms may lead to the incorrect conclusion that The Rule of Law has been subverted. The independence of our judiciary and the willingness of Parliament to review matters such as the fitness of the Public Protector to hold office give comfort that The Rule of Law is currently being protected. PETER BAGSHAWE holds a Bachelor of Law degree from the former University of Rhodesia and a Bachelor of Laws degree from the University of the Witwatersrand.
SECURITY FOCUS AFRICA JUNE 2021
35
DIRECTORY
SECURITY ASSOCIATION OF SOUTH AFRICA (SASA) ADMINISTRATION Suite 4, Blake Bester Building, 18 Mimosa Street (cnr CR Swart Road), Wilro Park, Roodepoort Suite 147, Postnet X 2, Helderkruin 1733 National Administrator: Tony Botes t: 0861 100 680 | e: tony@sasecurity.co.za c: 083 272 1373 | f: 0866 709 209 Membership, accounts & enquiries: Sharrin Naidoo t: 0861 100 680 | e: admin@sasecurity.co.za c: 083 650 4981
SASA OFFICE BEARERS
REGIONAL OFFICE BEARERS
National President: Marchél Coetzee c: 084 440 0087 e: marchelcoetzee@omegasol.com
Gauteng: Gary Tintinger c: 084 429 4245 e: gary.tintinger@cwexcellerate.com
National Chairperson: Franz Verhufen c: 082 377 0651 | e: fverhufen@thorburn.co.za
KwaZulu-Natal: Clint Phipps c: 082 498 4749 e: clint.phipps@cwexcellerate.com
National Deputy Chairperson: Louis Mkhethoni c: 082 553 7370 e: louis.mkhethoni@securitas-rsa.co.za
Western Cape: Koos van Rooyen c: 082 891 2351 | e: koos@wolfgroup.co.za
SECURITY AND RELATED ASSOCIATIONS AND ORGANISATIONS PSIRA (Private Security Industry Regulatory Authority) Eco Park, Centurion t: +27 (0)12 003 0500/1 | Independent hotline: 0800 220 918 | e: info@psira. co.za | Director: Manabela Chauke | Chairperson: T Bopela | Vice chairperson: Z Holtzman | Council members: Advocate A Wiid | Commissioner A Dramat APPISA (Association for Professional Private Investigators SA) Bertie Meyer Crescent, Minnebron, Brakpan | e: info@appelcryn.co.za | www.appelcryn. co.za | c: +27 (0)73 371 7854 / +27 (0)72 367 8207 | Chairperson: Ken Appelcryn ASIS International Johannesburg Chapter No. 155. Box 99742, Garsfontein East 0060 | t: +27 (0)11 652 2569 | www.asis155jhb.webs. com | President/chairperson: Johan Hurter | Secretary: Chris Cray ASIS International (Chapter 203: Cape Town – South African Security Professionals) President/chairperson: Yann A Mouret, CPP Secretary: Eva Nolle t: +27 (0)21 785 7093 f: +27 (0)21 785 5089 | e: info@aepn.co.za | www.asis203.org.za BAC (Business Against Crime) Box 784061, Sandton 2146 | t: +27 (0)11 883 0717 | f: +27 (0)11 883 1679 | e: info@bac.org.za CAMPROSA (Campus Protection Society of Southern Africa) President: Des Ayob | e: 27149706@nwu.ac.za Executive Secretary: Derek Huebsch | e: huebsch. derek@gmail.com | www.camprosa.co.za CISA (Cape Insurance Surveyors Association) Shahid Sonday t: +27 (0)21 402 8196 | f: +27 (0)21 419 1844 | e: shahid.sonday@saeagle.co.za | Mike Genard t: +27 (0)21 557 8414 | e: mikeg@yebo.co.za DRA (Disaster Recovery Association of Southern Africa) Box 405, Saxonwold 2132 | Chairperson: Grahame Wright | t: +27 (0)11 486 0677 | f: (011) 646 5587 | Secretary/treasurer: Charles Lourens t: +27 (0)11 639 2346 | f: +27 (0)11 834 6881 EFCMA (Electric Fencing and Components Manufacturers Association) Box 411164, Craighall 2024 | t: +27 (0)11 326 4157 | f: +27 (0)11 493 6835 | Chairperson: Cliff Cawood c: +27 (0)83 744 2159 | Deputy chairperson: John Mostert c: +27 (0)82 444 9759 | Secretary: Andre Botha c: +27 (0)83 680 8574 ESDA (Electronic Security Distributors Association) Box 17103, Benoni West 1503 | t: (011) 845 4870 | f: +27 (0)11 845 4850 | Chairperson: Leonie Mangold | Vice chairperson: David Shapiro | www.esda.org.za ESIA (Electronic Security Industry Alliance) Box 62436, Marshalltown 2107 | t: +27 (0)11 498 7468 | f: 086 570 8837 | c: 082 773 9308 | e: info@esia. co.za | www.esia.co.za FDIA (Fire Detection Installers Association) Postnet Suite 86, Private Bag X10020, Edenvale, 1610 | t: +27 (0)72 580 7318 | f: 086 518 4376 | e: fdia@fdia. co.za | www.fdia.co.za | President/chairperson: Clive Foord | Secretary: Jolene van der Westhuizen
FFETA The Fire Fighting Equipment Traders Association) Postnet Suite 86, Private Bag X10020, Edenvale 1610 | Chairperson: Belinda van der Merwe Administration manager: Rosemary Cowan | t: +27 (0)11 455 3157 | e: rosemary@saqccfire.co.za | www.ffeta.co.za FPASA (Fire Protection Association of Southern Africa) Box 15467, Impala Park 1472 | t: +27 (0)11 397 1618 | f: +27 (0)11 397 1160 | e: library@fpasa.co.za | www.fpasa.co.za | General manager: David Poxon GFA (Gate & Fence Association) Box 1338, Johannesburg 2000 | t: +27 (0)11 298 9400 | f: +27 (0)11 838 1522 | Administrator: Theresa Botha HSA (Helderberg Security Association) Box 12857, N1 City Parow 7463 | t: +27 (0)21 511 5109 | f: +27 (0)21 511 5277 | e: info@command.co.za | www.command.co.za | Chairperson: Stephen van Diggele IFE (Institution of Fire Engineers (SA) Treasurer: Andrew Greig | President: Mike Webber | Administrator: Jennifer Maritz | PO Box 1033, Houghton 2041 | t: +27 (0)11 788 4329 | f: +27 (0)11 880 6286 | e: adminstaff@ife.org.za | www.ife.org.za ISA (Insurance Surveyors Association) Box 405, Saxonwold 2132 | Chairperson: Graham Wright | t: +27 (0)11 486 0677 | Vice chairperson: Alan Ventress | Secretary: Alex dos Santos LASA (Locksmiths Association of South Africa) Box 4007, Randburg 2125 | t: +27 (0)11 782 1404 | f: +27 (0)11 782 3699 | e: lasa@global.co.za | www.lasa.co.za | President/chairperson: Alan Jurrius | Secretary: Dora Ryan NaFETI (National Firearms Education and Training Institute) Box 181067, Dalbridge 4014 | Chairperson: MS Mitten | Vice chairperson: Ken Rightford | t: +27 (0)33 345 1669 | c: +27 (0)84 659 1142 NaFTA (National Firearms Training Association of SA) Box 8723, Edenglen 1613 | National chairperson: Peter Bagshawe | t: +27 (0)11 979 1200 | f: +27 (0)11 979 1816 | e: nafta@lantic.net POLSA (Policing Association of Southern Africa) t: +27 (0)12 429 6003 | f: +27 (0)12 429 6609 | Chairperson: Anusha Govender c: +27 (0)82 655 8759 PSSPF (Private Security Sector Provident Fund) Jackson Simon c: +27 (0)72 356 6358 | e: jackson@ psspfund.co.za | www.psspfund.co.za SAESI (Southern African Emergency Services Institute) Box 613, Krugersdorp 1740 | t: +27 (0)11 660 5672 | f: +27 (0)11 660 1887 | President: DN Naidoo | Secretary: SG Moolman | e:info@saesi.com SAIA (South African Insurance Association) Box 30619, Braamfontein 2017 | Chief executive officer: Viviene Pearson | Chairperson:
Lizé Lambrechts t: +27 (0)11 726 5381 | f: +27 (0)11 726 5351 | e: info@saia.co.za SAIDSA (South African Intruder Detection Services Association) | Association House, PO Box 17103, Benoni West 1503 | t: +27 (0)11 845 4870 f: +27 (0)11 845 4850 | e: saidsa@mweb.co.za www.saidsa.co.za | Chairperson: Johan Booysen Secretary: Cheryl Ogle SAIS (South African Institute of Security) Postnet Suite 86, Private Bag X10020, Edenvale, 1610 Chairperson: Dave Dodge | Administration manager: John Baker | t: +27 (0)63 782 7642 | e: info@instituteofsecurity.co.za | www.instituteofsecurity.co.za SAN (Security Association of Namibia) Box 1926, Windhoek, Namibia | Administrator: André van Zyl | t: +264 81 304 5623 | e: adminsan@iway.na SANSEA (South African National Security Employers’ Association) Box 62436, Marshalltown 2107 | Administrators: SIA t: +27 (0)11 498 7468 | f: 086 570 8837 | e: galen@sansea.co.za SAPFED (Southern African Polygraph Federation) President: Flip Vorster | c: +27 (0)82 455 1459 | e: info@sapfed.org | Secretary: Anrich Gouws | e: admin@sapfed.org | www.sapfed.org SAQCC FIRE (South African Qualification Certification Committee) Postnet Suite 86, Private Bag X10020, Edenvale 1610 | t: +27 (0)11 455 3157 | www.saqccfire. co.za Executive Committee: Chairperson: Duncan Boyes Vice chairperson: Tom Dreyer 1475 Committee: Chairperson: Lizl Davel Vice chairperson: John Caird D&GS Committee: Chairperson: Nichola Allan; Vice chairperson: Clive Foord General Manager: Rosemary Cowan | e: rosemary@saqccfire.co.za – Address, phone and website all remain as is. SARPA (South African Revenue Protection Association) Box 868, Ferndale 2160 | t: +27 (0)11 789 1384 | f: +27 (0)11 789 1385 | President: Naas du Preez | Secretariat: Mr J. Venter, Van der Walt & Co SIA (Security Industry Alliance) Box 62436, Marshalltown 2107 | t: +27 (0)11 498 7468 | Chief executive officer: Steve Conradie | www.securityalliance.co.za SKZNSA (Southern KwaZulu-Natal Security Association) t: +27 (0)39 315 7448 | f: +27 (0)39 315 7324 | Chairperson: Anton Verster c: +27 (0)82 371 0820 VESA (The Motor Vehicle Security Association of South Africa) Box 1468, Halfway House 1685 | t: (011) 315 3588/3655 | f: +27 (0)11 315 3617 | General manager: Adri Smit VIPPASA (VIP Protection Association of SA) Box 41669, Craighall 2024 | t: +27 (0)82 749 0063 | f: 086 625 1192 | e: info@vippasa.co.za | www.vippasa.co.za | Enquiries: Chris Rootman c: +27 (0)82 749 0063 | e: vippasa@protectour.co.za
* Every attempt has been made to keep this information up to date. If you would like to amend your organisation’s details, please email jackie @contactpub.co.za 36
SECURITY FOCUS AFRICA JUNE 2021
securityfocusafrica.com
DRIVING COMPLIANCE in South Africa’s Private Security Industry
With a five decade legacy, SASA is the greatest advocate of industry compliance, serving as resource for its members, an educational platform for consumers of security services, and an essential link between the private security industry and government. The Security Association of South Africa (SASA) is nationally recognised by the Government, South African Police Service and all Municipalities as having members with a proven track record within the industry and a Code of Ethics by which members must abide. SASA Gold Membership promotes compliance not only to the industry role-players, but to the end-users of security services as well. Join SASA today and find out more about how we can fight the scourge of non-compliance, promoting SASA Gold Membership as an essential requirement for all security service providers, ensuring industry excellence for the private security industry.
For more information, contact the SASA Administrator on admin@sasecurity.co.za Postal Address: Suite 147, Postnet X2 Helderkruin, 1733. Tel: 0861 100 680 Fax: 086 670 9209
www.sasecurity.co.za
DIGITAL BUYERS GUIDE
to security services & products Promote your business
Attract customers
Increase your sales
Claim your listing on www.securityfocusafrica.com/buyersguide
2 for 1 offer
The print listings now mirror our online directory style with basic and premium listings. In fact, upgrading a basic listing in print to premium will include an upgrade to premium on the website and vice versa. The same information online is printed in the print directory.
Security Focus Africa is known for having the most comprehensive directory of service providers in Africa. We have been a trusted source of information for more than 40 years, and now offer this valuable resource online.
The market is tough out there. What makes your business different from any other? For starters, be more accessible on the internet. Online searches are now the preferred method of finding information and contact details, so the better your online presence, the more business you will get.
BENEFITS OF LISTING YOUR BUSINESS:
• By claiming your listing, you can keep your company’s information up to date at your own convenience • Upgrade your listing online at any time to maximise your brand exposure • Improve your SEO and online presence • We provide a targeted audience for your business • See your stats – know how many people are seeing your listing
Security
For as little as R2 400, you can get the edge over your competitors by providing indispensable information to your customers on our online directory.
Affordable advertising is just a click away.
Focus
AFRICA
BUYERS GUIDE
www.securityfocusafrica.com/buyersguide KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
