New Zealand Security - April-May 2021 by Defsec New Zealand

April/May 2021

New Zealand Security Magazine

BUILDING IT BETTER: SECURITY BY DESIGN The costs of adding security later far outweigh those associated with baking it in from the start.

Security skills shortage

PI confusion sorted

Aotea Security Seminar

Addressing New Zealand’s security skills shortage: We need to own it.

Clearing the air: PSPLA tells employment investigators to license up.

Auckland security risk seminar attracts stellar speaker line-up

www.defsec.net.nz

NZ made

SECURITY TECHNOLOGY RELIABILITY

fire door holding

electromagnets 12 & 24 VDC selectable

rea

unb

le b a k

FDH40S

unbreakable universal mounting • Low power consumption - low operating temperature • One product suits floor and wall mounting • Universal armature - offsets to 55º to suit doors opening past 90º • Wall mount extensions available • 12 & 24 VDC selectable • Push off button with no residual magnetism • Oversize armature for easy alignment • Emergency release button • Electroless nickel plated armature and electromagnet • Stainless fastenings • Full local support and back up

10 YEAR GUARANTEE*

Standard, floor mounted, wall to door distance 114mm

Designed, tested and produced in New Zealand to AS4178

A) Wall mounted,126mm extn. tube (overall 202mm)

B) Wall mounted, 156mm extn. tube (overall 232mm)

C) Wall mounted, 355mm extn. tube (overall 431mm)

CMY

TEE

Option A – Surface Mounted

AN GUAR

FDH40S/R

Surface and Recess mounting This device enhances an outstanding range of unbreakable products which conveniently hold open fire doors. When a smoke/fire alarm is activated the magnet instantly releases the door to the closed position to prevent the spread of smoke and fire. These units feature a choice of 3 covers for optimum aesthetic appeal and durability. The installer can utilise one device for surface mounting or for recess mounting. Option B – Recess Mounted

10 YEAR GUARANTEE*

Satin Aluminium

Gloss Black

Gloss White

Loktronic Limited Unit 7 19 Edwin Street Mt Eden Auckland P O Box 8329 Symonds Street Auckland 1150 New Zealand Ph 64 9 623 3919 Fax 64 9 623 3881 0800 FOR LOK mail@loktronic.co.nz www.loktronic.co.nz

For expert advice and assistance with your security locking needs, trust in Loktronic, call us on 0800 367 565

GUARANTEE

*Standard terms & conditions of sale apply.

21556/1/18

CONTENTS ISSN Print 1175-2149 • ISSN Online 2537-8937

year 10 guarantee ENJOY a

on Loktronic Indoor Electromagnetic Locks!

Industry Associations

www.security.org.nz

www.asis.org.nz

www.masterlocksmiths.com.au

0800 367 565

20851

*Standard terms & conditions of sale apply.

From the editor .........................................................................................................................................................................................................................................6 Access Control: when optimal security is key............................................................................................................................................................................8 The Professional: Ngaire Kelaher.....................................................................................................................................................................................................10 Gallagher security for SMB – App based business security at your fingertips......................................................................................................12 Aotea Security’s inaugural Auckland Security Risk Management Seminar.............................................................................................................14 AX PRO comprehensive wireless alarm solution launched by Hikvision.................................................................................................................16 Crowded Places Strategy: from development to implementation.............................................................................................................................18 How correct product selection can turn a good video solution into a perfect one....................................................................................... 20 New Zealand Reassesses Counterterrorism Post-Christchurch.................................................................................................................................... 22 Security’s Role in Business Continuity......................................................................................................................................................................................... 25 Ankita Dhakar and the Security Lit story................................................................................................................................................................................... 26 Managing Cybersecurity threats with Security By Design.............................................................................................................................................. 28 History of Women in Tech and Cyber Security...................................................................................................................................................................... 30 Melonie Cole: Placing people at the centre of security.....................................................................................................................................................32 ASIS NZ Chapter’s Women in Security 2021............................................................................................................................................................................ 34 PSPLA clarifies Private investigator confusion........................................................................................................................................................................ 36 NZSA CEO’s March Report................................................................................................................................................................................................................. 38 Resolving the security skills shortage..........................................................................................................................................................................................42 Netsafe sheds light on COVID online harm..............................................................................................................................................................................45 Big increase in cyberattacks reported by NZ businesses................................................................................................................................................ 46

www.loktronic.co.nz

NZSM

www.skills.org.nz

www.nzipi.org.nz

April/May 2021

EX CO TE MP ND ED

is a premium distributor of

WIN A WEBER

BBQ *

Shimano Stickbaiting Combo

Shimano Softbaiting Combo

To celebrate, Hills and Dahua have put together a very special offer – Simply buy $2,000 worth of Dahua products on one invoice to go in the draw to win a Weber Genesis II E455 Gas BBQ and 2 fishing combos. RRP $4,900.

For entry details see in store or online at www.hills.co.nz Promotion Dates - 1 February 2021 to 31 May 2021

200121 Official Partner NZ A4 v5

Weber Genesis BBQ Cover

P lus g n 2 Fishios Comb

For more information on these and other best-in-class solutions 08001 HILLS (44557) or hills.co.nz Follow us on

Hills Limited NZ

YO U C A N R E LY O N H I L L S *Terms & Conditions: Every customer who spends a minimum of $2,000 ex GST on Dahua products on a single invoice from Hills NZ Limited through the promotion period will receive one (1) ticket into the prize draw to win a Weber Genesis II E455 BBQ and Fishing Pack. Win a Weber BBQ promotion runs between 1st February 2021 to 31st May 2021. The total prize is valued up to $4,900 (RRP). Winners will be drawn on Friday 7th May 2021, at Hills NZ Limited head office in Auckland NZ. Winners will be notified by phone and published online at Hills.co.nz. Hills NZ Limited reserves the right to change these terms at any time without notice.

Hills has a DSC alarm solution for what ever your customer requires. Come in - we have plenty of stock.

FROM THE EDITOR Welcome to the April-May issue of New Zealand Security Magazine! In this issue we continue our focus on Women in Security and we feature several stories focused on cyber security. We’re proud that this issue sees us (finally) get our act together and eschew our typically male-heavy line-up in favour of no less than eight female contributing authors. NZSM journalist Joanna Mathers profiles Ngaire Kelaher PSP CPP, the first ever female chair of ASIS International’s New Zealand Chapter, and how she is showing other women the opportunities our industry can offer. In its fourth year, last month’s ASIS NZ Chapter’s Women in Security event showcased four exceptional speakers, and – for the first time ever – we’ve convinced Ngaire to write for us about it! Check out her inaugural article inside. As part of our Women in Security event coverage, we feature articles from speakers Darya Kokovikhina, Melonie Cole and Vanessa Leite CISSP CCSP. Darya writes about the many great women who changed the tech world, Melonie writes about putting people at the centre of security, and Vanessa talks security by design, arguing that the costs of adding security as an ‘afterthought’ far outweigh those associated with baking it in from the start. Rounding off our Women in Security coverage is Ankita Dhakar, who threw caution to the wind and founded cyber security company Security Lit amidst a global pandemic in Hamilton. In this issue, we’re delighted to catch up with Brad Small, Gallagher’s Regional Manager, New Zealand & Pacific Islands, who speaks with NZSM about addressing New Zealand’s security skills shortage. It’s an issue, he says, we need to own both collectively and as employers. I take a look at a recent PSPLA decision that clarifies what the ‘private’ in ‘private investigator’ means, and concludes that employment investigators are required to be PSPLA licensed but that lawyers are not, and we cover recent engagement between NZ Police and the NZSA around Protecting our Crowded Places from Attack: New Zealand’s Strategy, and the establishment of an NZSA Crowded Places Security Special Interest Group. Some great updates on solutions as well, including the ASSA ABLOY eCLIQ electronic keying system, Gallagher SMB app, Hikvision AX PRO comprehensive wireless alarm solution, some excellent product selection tips from Hills, and we get the inside story on Aotea Security’s inaugural Auckland Security Risk Management Seminar! To ensure you don’t miss out on any of the news and analysis we publish, subscribe to our email newsletters via our website, and follow us on LinkedIn via the address listed on this page. Nicholas Dynon Auckland

DEFSEC Publishers of premier publications covering industry sectors that help keep New Zealanders safe.

Contact Details: Chief Editor, Nick Dynon Phone: + 64 (0) 223 663 691 Email: nick@defsec.net.nz Publisher, Craig Flint Phone: + 64 (0)274 597 621 Email: craig@defsec.net.nz Postal and delivery address: 27 West Crescent, Te Puru 3575, Thames, RD5, New Zealand

NZSM

Upcoming Issue

NZSM New Zealand Security Magazine

Nick Dynon Chief Editor Nick has written for NZSM since 2013. He writes on all things security, but is particularly fascinated with the fault lines between security and privacy, and between individual, enterprise and national security. Prior to NZSM he clocked up over 20 years experience in various border security and military roles.

twitter.com/DefsecNZ

Disclaimer: The information contained in this publication is given in good faith and has been derived from sources believed to be reliable and accurate. However, neither the publishers nor any person involved in the preparation of this publication accept any form of liability whatsoever for its contents including advertisements, editorials, opinions, advice or information or for any consequences from its use.

linkedin.com/company/ defsec-media-limited

June/July Wholesalers and Manufacturers, Perimeter Protection, Alarms, CCTV

facebook.com/defsecmedia

April/May 2021

eCLIQ - Rethink the Key Schools, museums, leisure centres, and commercial buildings all have the challenge of maintaining multiple security touchpoints. Now, with eCLIQ access management is so much easier. eCLIQ is uncomplicated and reliable, without compromising on security. Each key is individually programmable, offering; password protection, authentication and audit trails – all with the peace of mind, that access rights can easily be revoked. With its extensive range of different cylinder types, the eCLIQ system is designed for every kind of use, from the company entrance gate, to securing the alarm systems, lift doors and cabinets.

Cylinders are easy and quick to install, no cabling is needed.

New, future-proof CLIQ ® chip generation with AES encryption and rapid processing speed with efficient energy management.

More durable, more secure and more efficient than conventional locking systems

www.assaabloy.co.nz

SHOWCASE

Access Control: when optimal security is key Access control has moved on from keys and mechanical locks, but that doesn’t mean digital solutions can’t utilise some of the advantages of traditional systems. What do co-working spaces, retirement villages and multi-residential student facilities have in common? Apart from the fact that they’re all rising in popularity on an exponential scale… they also all present a particular challenge to facility and property managers and anybody else who has the responsibility for ensuring that building security is top of mind. For those who need to monitor and control access to multi-tenant facilities – whether they be workplace related, institutional or accommodation-based – the reality of navigating streams of different people at any given time and ensuring that those who are authorised to have access to premises can easily do so, and those who don’t are prevented from entering, can be a huge challenge. Fortunately, there are now so many different types of access control available that facility managers are able to liaise with their suppliers to specify a fit-for-purpose solution tailored to their exact requirements. The Smart Key One of the most up-to-date solutions actually looks like one of the oldest. For those who find access cards too easy to lose or too reminiscent of hotel stays, there is now an electronic keying system, eCLIQ™ that combine the best

of both worlds. eCLIQ keys look like regular traditional keys, with a head and a separated body, but they are much, much smarter than your traditional key. Without the need for wiring, eCLIQ electronic keys offer features like programmable access rights, time scheduling, audit trails and blocking of lost keys. Simply put, if one of these is mislaid or taken away (either inadvertently or intentionally) the facility manager isn’t landed with the onerous task of rekeying the entire facility. The individual key can simply be blocked/blacklisted at the cylinder, therefore removing the keys access rights and blocking the operation of the key. And products like this are a one-key solution. There’s no need for cutting additional keys, as each one is blank. With the eCLIQ system both the key and the cylinder contain electronics, but only the key has a battery, which then powers up the electronics in the cylinder when the key is inserted. These electronics have a unique code, which is designed for one individual element only and cannot be altered or corrupted. Ease of Installation and Use As the electronic mechanism is embedded in the cylinder itself and is a self-contained unit, installation is simple and straightforward, both for new builds and retrofits. For operation, it’s possible to use CLIQ Web Manager available in either cloud-based or server-based software, depending on customer preference. For those looking for the very highest level of security, the latter option is often selected.

NZSM

April/May 2021

It’s also a system that has many different applications and styles. The varieties of cylinders and locks includes padlocks and cam locks and there are sizes available that are suitable for systems of varying sizes. It’s possible to specify a lightweight software for smaller systems that can be managed via a web browser or mobile phone app. This is the height of simplicity and intuitive handling but has more limited functionality than a more sophisticated system – such as an enterprise full feature software with widespread application possibilities. The more powerful systems do require a measure of training for their implementation and use. For retrofitting an existing door, all that is required is the fitting of a key and cylinder into the standard mortice lock. A simple procedure and one that is a much more cost-effective solution than monitoring people by installing expensive card readers, and the associated cost and complexity of running cabling across the facility.

Benefits The beauty of digital access is its seemingly endless applications. Imagine you are a facility manager working in an office in Auckland and you are liaising with a contractor looking to access a remote site, secured by a padlocked gate, in Christchurch. Through either CLIQ Web Manager or CLIQ Go (can be managed via a remote programming device or a mobile phone app), it’s possible to program one of the eCLIQ keys and grant access – removing that access as soon as it is no longer needed. The access can be timed to the minute. Such a system is also a money and time saver, of course, as it removes the need for the contractor to visit a site office, pick up a key and return to the site to gain access. Instead, as the facility manager you can grant the contractor access for an hour, all day, or a weekend… whatever it takes to get the job done. When you’re in control of the access for a facility, particularly one in which large numbers of people may be coming and going at any time, eCLIQ makes your job simpler and you, more efficient with your time.

eCLIQ™: A Cost-Effective Solution Changing organisational structures, the increased use of contractors, temporary and mobile workers are putting enormous pressure on those responsible for the security in a building or on a site. Designed with this in mind, ASSA ABLOY eCLIQ is the best choice for a more flexible and secure future. eCLIQ - a key that combines the beneﬁts of digital technology, including passwords, authentication, audit trails, ﬂexible access control and so much more, with the security of market leading, fully tested mechanical locks. For information about eCLIQ™ visit www.assaabloy.co.nz

April/May 2021

NZSM

PEOPLE IN SECURITY

The Professional: Ngaire Kelaher It may not have been her first choice of career, but Ngaire Kelaher’s journey in security has provided her with decades of work fulfillment. And as the first ever female (and Maori) chair of ASIS International New Zealand Chapter, she is showing other women the opportunities this multifaceted industry can offer.

Joanna Mathers is a freelance feature writer with years of experience in publishing. She has a particular focus on business and innovation, and also regularly writes for New Zealand Herald’s Canvas magazine.

NZSM

South Auckland born and raised, Kelaher’s high school dream was to become a cop. Friends and family convinced her that security training was a great first step towards realising this goal: she laughs when she remembers the early conversations. “I was hearing [from many different people] that security was stepping-stone to becoming a cop. I still have no idea if that’s true!” With this eventuality in mind, she enrolled in a training course after she left school, at the New Zealand Security Industry Association (NZSIA) in the mid 1990s. The course offered in-depth training, including street survival, first aid and security law; as well as the raft of report writing and admin required for the industry. As part of the course, Kelaher worked (both overtly and covertly) in stores and malls in South Auckland. She was good at the undercover work, but as a South Auckland local, she soon started being recognised by recidivist offenders whom she had issued trespass notices to or caught shoplifting. “I was spotted out with my young family when we were shopping in the area,” she says. “It was starting to become a bit of an issue.” Looking for a change of locale, she was made aware of a position at TSS security services, a company run by Shirley Greer, in the mid-to-late 1990s. One of her main gigs here was security services at Westhaven Marina (she says that the nights here were eye-opening). “I had a bike for this job so I got a free workout and a tan,” she chuckles.

There were also jobs at events like Fashion in the Field, event security giving her another string to her bow. The period at TSS also marked a transition into an area where she would really make her mark in the security industry, as an educator. At the time there was little training for security professionals, Greer was looking to set up some formal training as an adjunct to her security firm, and she was shoulder-tapped for a position. “I really didn’t see it as my thing, I was a guard. And I couldn’t use the photocopier or even do filing!” Nevertheless, Kelaher undertook her own training as an assessor, becoming registered in this field. This allowed her to take people through the assessment process, looking at unit standards and ensuring the security professionals were adhering to these standards. Security training would eventually become NZQA approved, with industry courses feeding guards into the industry. She was part of this change, working at the “coalface” as the transition occurred. And as the industry training became formalised, she continued her own industry upskilling. While working as a guard she completed a National Certificate in Security alongside a National Certificate in Adult Education, which allowed her to become a trainer herself. Kelaher moved into a training role within TSS’s sister company, Training Systems and Solutions Ltd, while still working as a guard. She would work here for 16 years as training assessment manager, and then move

April/May 2021

into the role of deputy director of training when the company was sold to New Zealand Security Association in 2017. In this role she was responsible for security audits against NZSA codes of practice; programme delivery and design; and assessment of material development. Kelaher explains that one of the things she loved most about her work in training is watching how people transform from nervous newcomers to experienced senior managers. “I remember how nervous I was when I started,” she says. “I’ve seen people move into roles like operations manager, it’s wonderful to see this growth.” Her years of work as an educator within the security industry had taken her to the top of her trade. She’d stopped guarding in 1999, and for the next 18 years it was all “training, training, training” at TSSL and then for NZSA.

April/May 2021

While she loved her role at NZSA, after nearly two decades in the same organisation (albeit with different owners) she was looking for a change. “I’d gone as far as I could; but I really hadn’t stepped out of my comfort zone,” she admits. So, when she was approached by Bruce Couper, director and shareholder of security risk consulting firm RISQ, and offered work as a consultant, she leapt at the chance to change direction. “Bruce Couper had been a mentor for me, and I’ve learned a lot since from him,” she says. Her current role as security risk and training consultant is multidimensional; every day is different. She has been working at RISQ since 2017. The company delivers customised security solutions for a wide range of clients¬–telcos, banks, and other corporates. On any given day, you may find Kelaher tailoring a conflict management course, taking

senior execs through ways in which to defuse explosive issues or helping create online video presentations that teach companies the best ways in which to handle threats. “I often play the criminal in these videos,” she laughs. “I’m good at swearing and playing the part of the criminal, but I’m not so good at presenting!” Kelaher exemplifies the ideal of “lifelong learning”. Through ASIS certification (eligibility for which is very stringent) she has completed both CPP and PSP designations in New Zealand; the only woman in the country to do so. She was also appointed chair of ASIS New Zealand in January last year, having been security and deputy chair previously. “It’s sh%tloads of work,” she laughs. It’s an unpaid role and the industry “runs on the smell of an oily rag” she laughs. ASIS International is a respected professional organisation known the world over. It’s standards and qualifications have worldwide recognition, and Kelaher’s election as chair is a representation of the respect people in the industry have for her experience and professionalism. Kelaher believes that women have particular strengths that they can bring to the security industry. “Women tend to have certain communication skills that make them excellent at conflict management. Mothers who have raised kids possess certain life skills: they don’t react as quickly as others, and they tend not to be overwhelmed by their emotions,” she says. She says that she estimates only 20% of applicants for courses are women: but she’s seen many of these women go on to be key players in the industry. Kelaher believes the security industry has a “wide net” and if more women were aware of the opportunities it offered, the numbers would increase. “People are really just limited by their thinking [when it comes to opportunities in security]. There are so many options: face-to-face; technical; cyber security. It’s an amazing industry and we celebrate every woman who is involved in it.”

NZSM

ACCESS CONTROL

Gallagher security for SMB – App based business security at your fingertips For small to medium business owners, there is a growing demand for cloud-based security solutions that are flexible enough to be managed remotely through an app, while also offering control and user management capabilities. Gallagher security for SMB is a cloud-based solution designed to satisfy the needs of small-medium business owners by providing the freedom to manage their security from anywhere, anytime, with an easyto-use app. “Gallagher’s cloud solution is uniquely positioned to offer customers the high level of security and performance that wired systems provide, with the added benefits of cloud hosting,” says Brad Small, Regional Manager for NZ and the Pacific Islands. “With Gallagher SMB, businesses can enjoy the advantages of automatic firmware updates, instantaneous deployment of new features, built in cyber security, and secure storage of site configuration. Gallagher SMB gives customers complete site security control at their fingertips. From one smartphone app, they can arm and disarm alarms, manage unlimited users, control doors, receive alarm notifications with video verification, as well as an optional guarding service when hands-off security is required. As a mobile-run solution, the app can utilise the built-in security of the device – fingerprint, passcode, or face recognition - to prevent use from unauthorised people, increasing the level of security. In addition, flexible guard service functionality and the ability to provide unlimited credentials presents a considerable cost-saving for businesses. Customers can also manage multiple premises, whether both business and home security, from one place and through one provider. By simply installing a system in each location, several sites can benefit from and be managed through the same Gallagher SMB app. Large complex sites have different requirements to small and medium business owners for validating and responding to access control and alarms. Gallagher security for SMB puts the control in the hands of the customer to manage their site to the level they require, providing them with real-time information to make an informed decision and respond depending on the situation.

NZSM

Through real-time incident management, users can see which sensors have activated and where, and view video to confirm whether further action is needed. False alarms can be quickly silenced and closed, and if a guard is required to check out the situation first-hand, one can be requested directly from the app. Selected installation partners are fully trained by Gallagher to install and service the SMB product, mirroring the model that Gallagher chose for its wellknown Command Centre solution. “Gallagher SMB has been developed out of a clear need and will help shape the new norm and expectation around SMB customers,” says Mike McKim, Provincial Manager at Aotea Security, and Install Partner for Gallagher security for SMB. “It gives a secure environment for our customers information and configurations, an evolving eco-system of small to medium business specific enhancements, and a platform from which we can provide confidence to customers through ongoing research and development.” To learn more about how Gallagher security for SMB can help you take control of your business security from anywhere, at any time, visit https://smb.security.gallagher. com/

April/May 2021

BROWN & STONE SOLICITORS

A-BOKAY FLORIST

SAVE-A-LOT

Sunny Daycare

JEFF’S SPORTSWE

SEMINAR

Aotea Security’s inaugural Auckland Security Risk Management Seminar After several Covid-19 interrupted attempts throughout mid to late 2020, on the 25th of March 2021 one year after our first level 4 lockdown, Aotea Security held its inaugural Security Risk Management Seminar at Auckland University of Technology (AUT). The shared initiative of this event is an example of Aotea’s collaborative ecosystem of working together and coming together to offer value to the broader industry and its consumers. This philosophy can be no more important, timely or relevant than in a year preceded by disruption, anxiety and uncertainty within New Zealand and around the world.

Alistair is the CEO of Aotea Security. Alistair has enjoyed a long and successful career within the security industry and has contributed in volunteer leadership roles across industry organisations and professional standards development within New Zealand and internationally. Alistair holds an MSc in Security and Risk Management from the University of Leicester and offers a level of experience and understanding that adds value to our clients’ needs.

NZSM

Collaboration, partnering, shared strategy and long-term sustainable relationships underpin Aotea Security’s approach to engaging with every element of its role within the security industry, wider business and with the community in general. Interest in and attendance at the seminar was high with various sectors represented across local government, retail, education, healthcare, and finance. Aotea’s clear focus on delivering value and relevance without distraction was evident. The messaging was clear, it wasn’t industry led, exploited or a hijacked opportunity to promote

specific products or services: it provided clear, educational content and networking opportunities with likeminded people to broaden the knowledge base in security risk management. Alistair Hogg, CEO of Aotea Security explained the rationale behind the event. “Aotea Security wanted to provide the opportunity for our customers, consultants and the wider audience to further their knowledge base in regard to security risk management,” Hogg said. “Significant thanks need to be expressed to our esteemed speakers for contributing their time, enthusiasm,

April/May 2021

Everything was first class, from the speakers, the venue itself, to the morning tea, with the networking opportunities and the great gifts all participants received

advice and expertise. Thanks also to our sponsors, organisers and supporters for helping make this happen,” Hogg said. To further reinforce the noncommercial approach to the event, Aotea Security were pleased to offer attendance at no cost and simply asked that donations be considered to the Starship National Air Ambulance Service. “Starship provide a much-needed critical service for kiwi families, and we take this opportunity to encourage everyone to support them generally, as much as possible via a contribution on behalf of the Risk Seminar Event,” Hogg said.

Recertification and CPD points were available to ASIS members, members of FMANZ and IBANZ with each organisation lending its support to the event. “As innovators, leaders and collaborators, The Auckland University of Technology receives our sincere thanks for hosting the event. A special thank-you must go to Willie Taylor for his support in ensuring that all in attendance enjoyed a great experience, in an excellent environment in one of New Zealand’s most respected institutions of learning.” Considering the context and timing of our COVID impacted “Thank you for the opportunity to host the 2021 Aotea Security Risk Seminar here at the Auckland University of Technology. As a tertiary institution we are heavily invested in the safety of our students, staff and visitors. As part of that investment we continually looked to the security industry to provide us with innovation and benchmarking opportunities, it is therefore heartening to see that a holistic approach can be possible – even among competitors. Like most other entities the Protective Security Requirements and ISO standards are levels we aspire to even if there is not a strict requirement to do so and it is these conversations that need to keep happening if there is to be a consistent approach nationwide, the outcomes will be measurable, obvious and well overdue”, said Willie Taylor MNZM, Director Security and Emergency Management at Auckland University of Technology.

April/May 2021

world, alongside the specific subject matter of Risk Management, coupled with the free sharing of advice, learnings and best practice methodology applied in a real world setting from recognised subject matter experts, Aotea’s short seminar created a well-timed opportunity to listen, learn, upskill and develop critical skills during a time when it is needed most by the people and communities that we all serve. Safety, confidence and trust all support a sound relationship with uncertainty. In the uncertain times that our communities are currently experiencing, we each carry a responsibility to learn, adapt and apply so that we can deliver value where and when it is needed most. Without good information, how can we make good decisions? New information and validation of existing knowledge contribute to better decision-making through increased confidence, and ongoing education coupled with experience and confidence help reinforce credibility in leadership. “Aotea have been humbled by the quality and numbers of those that attended and take this opportunity to thank them for their interest and support to date. Your attendance is what makes this event a success and your standing and credibility in turn reinforces the value and credibility of the speakers and the relevance and timing of the event and its subject matter. Thank you.” Following the success of this seminar, Aotea Security are planning to hold another event later in the year, to be held in Wellington. Look out for further details of the future event through Aotea’s website or LinkedIn page. www.aoteasecurity.co.nz or https://www.linkedin.com/ company/4866013

NZSM

SECURITY SOLUTION

AX PRO comprehensive wireless alarm solution launched by Hikvision Hikvision, the IoT solution provider with video as its core competency, has announced its new generation of wireless alarm systems – the AX PRO – delivering comprehensive alarm solutions for both residential and commercial applications.

Comprehensive and integrated alarm solutions The newly launched AX PRO product family includes a compact panel hub for a wide range of detectors and peripherals, covering intrusion detection, video verification, smoke detection, flood detection, and home automation. Developed with both the installer and user in mind, the system can be configured according to a variety of needs. Installation complexity is minimal so the end user can easily manage the system with its intuitive user interface. AX PRO panel hub with dual RF chip design The AX PRO hub itself supports several protocols for wireless integration, welcoming the connection of up to 210 peripherals. The panel has been designed with dual RF (radio frequency) chips, featuring Tri-X and CAM-X wireless technologies, to block interference across channels and enable high speed and reliable transmission of alarm messages simultaneously. Extensive range of detectors and peripherals options Alongside the panel, Hikvision has developed an extensive range of detectors and sensors to tailor the system to different installation needs, such as combined PIR-Glass Break detector, safety detectors, door contacts, smoke sensor, water-leak detector, etc. Also available is a wireless passive infrared PIRCAM detector, which detects infrared signals over a 12-meter range and collect snapshots of any moving object. With the PIRCAM, users can view those snapshots of detected

NZSM

activity to verify alarm notifications, receiving alerts even before intruders realize that they have been recorded on video. The PIRCAM is also equipped with LED Illumination for high-quality imaging in the dark. Built with practicality in mind, Hikvision has created a wide range of peripherals to maximize user safety and assist their day-to-day activities. Such devices include static and portable panic button options to keep occupants safe, while the wireless LED keypad or ergonomic keychain fob provide multiple control options to suit the user’s preferences. Intruder Verification as a Service If customers choose, the AX PRO hub panel can be linked to their IP cameras over the cloud or a sub-stream to initiate Intruder Verification as a Service (IVaaS). This service provides live video verification or 7 seconds of video recording for users to quickly and efficiently confirm alarm events on the system. App compatibility Users will take charge and stay connected using the AX PRO since it is fully compatible with Hikvision’s proprietary Hik-Connect app. The app provides voice and video clip notifications for users, and allows them to remotely control and monitor their alarm systems. The AX PRO also supports the Hik-ProConnect app, which can provide full configuration assistance for installers and enable them to offer cloud-based security solutions and services with customer’s authorization.

April/May 2021

CMY

Intercom

IP Camera

AX PRO Hub

433MHz 2 way wireless

Wireless Devices

Wireless Remote Controls

Wireless Outputs

AX PRO is a comprehensive security solution that connects to the Hik-Connect Mobile App to provide Security, Surveillance and Intercom monitoring all in the one connected, mobile interface.

Available from authorised Hikvision Distributors

www.hikvision.com.au Hotline 09 217 3127 salesnz@hikvision.com

Hikvision Oceania

CROWDED PLACES

Crowded Places Strategy: from development to implementation Recent discussions between New Zealand Police and the New Zealand Security Association around Protecting our Crowded Places from Attack: New Zealand’s Strategy is a positive development, writes Nicholas Dynon. Published by the New Zealand Police on 17 September 2020, Protecting our Crowded Places from Attack: New Zealand’s Strategy forms part of the New Zealand Counter Terrorism Strategy, also published in 2020 by the Department of Prime Minister and Cabinet. Recent engagement between Police and the NZSA is unprecedented, yet has been welcomed by the security industry. There is no history of ongoing liaison between Police and the NZSA, and no established mechanism for engagement. No input had been sought by Police from the NZSA or the private security sector in the formulation of the Strategy. A 23 February meeting attended by Police, NZSA, and a small group of industry representatives was convened by the NZSA to talk crowded places and the potential for industry involvement. A quick recap on the strategy New Zealand’s Crowded Places strategy builds on the body of work trail-blazed by the UK Protecting crowded places from terrorism guidance of November 2014, the US Department of Homeland Security’s Soft Targets and Crowded Places Resources, and Australia’s Strategy for Protecting Crowded Places from Terrorism, which was launched on 20 August 2017 by then Prime Minister Malcolm Turnbull. Released without such fanfare, the timing of the New Zealand’s strategy appears to have been delayed initially by the first anniversary of the Christchurch mosque attacks and then by the disruption of the COVID pandemic and last year’s national election. It remains a little known document. The strategy sets out a consistent approach to promote the safety of crowded places. It explains what crowded places are, the risks they pose, and how businesses, event organisers, sports clubs, charities, community and religious groups, central government agencies and local government can help to keep people safe.

NZSM

Protecting Our Crowded Places from Attack: New Zealand’s Strategy Te Whakamaru i Ō Tātau Wāhi Kōpiripiri mai i te Whakaekenga: Te Rautaki a Aotearoa

It introduces guidelines and tools to help owners and operators of crowded places reduce the chance of an attack occurring, and lessen its consequences, using methods that are proportionate to the threat. As part of the Strategy the Police has established three groups: (i) a government Crowded Places Advisory Group New Zealand (CPAGNZ); (ii) a private sector Business Advisory Group New Zealand (BAGNZ); and (ii) a Community Advisory Group New Zealand (CAGNZ).

April/May 2021

According to the Strategy, these advisory groups “will contribute insights and ideas gathered from the sector they represent, related to making New Zealand’s crowded places more resilient. It is expected that these groups will share appropriate information received back to the sector they represent.” Business Advisory Group involvement? During the 23 February meeting, Police’s comments that they had formed the view that the security industry not be represented in the Business Advisory Group (BAGNZ) because of a conflict of interest (i.e. the industry “has a product to sell”) was met with some concern. That this would create the somewhat ironic outcome of having representatives from various industries – except for the security industry – advising the police and sharing intel on a significant area of security, was not lost on attendees. According to Police, its position is consistent with the approach taken by the Australian Government not to involve the security industry in its Crowded Places Business Advisory Group. The NZSA will likely continue to liaise with Police on this matter with the view of having the Association represented on the BAG. In the meantime, the NZSA is also establishing a Crowded Places Special Interest Group (CPSIG) of security providers to provide industry guidance to the NZSA. Approved provider panel? Briefly discussed at the meeting was the potential establishment of a panel of approved providers of crowded places security advice. The strategy encourages venue owners and operators to contact the police for advice on how to implement its guidance, and to consider seeking the advice of a private security provider. Police and NZSA appear to hold a shared view that there may be value in a structured arrangement that might provide for a panel or register of security professionals credentialed to provide crowded places advice. The NZSA has proposed a tiered panel structure that reflects the venue risk tier levels listed in the Association’s recently published Event Security Code of Practice, and which are derived from the marking system used in the Crowded Places Strategy’s Self-Assessment Tool. The Association has sought feedback on these. The real challenge faced by the industry is to develop an agreed view on relevant skills/qualifications/experience for the mooted panel and its possible tiers. At the centre of this challenge is the fact that there is no ‘go to’ security consultant qualification and no universally accepted benchmarking of skills. Existing NZQA security qualifications are loose fitting, and the NZQA New Zealand Diploma in Security (Level 6) has receded into irrelevance on the back of negligible take-up rates. The Private Security Personnel and Private Investigators Act 2010 – the legislative basis of New Zealand’s

April/May 2021

Wellington Event Medics & Paramedical Services Code 1 Limited provides qualified Event Medics and paramedical services within the greater Wellington region. As Wellington’s number one provider of event medical services, we confidently manage the first aid, safety and security requirements at events of every size. We are a reputable provider with First Responders, Paramedics and EMT’s (Emergency Medical Technicians) providing the highest level of emergency care. Our highly skilled Medics have decades of real front line experience with St John or the Wellington Free Ambulance. All of our contracted EMT’s and Paramedics must provide an authority to practice (ATP) prior to engagement or have gained a recognised qualification to provide first aid coverage. By law, event organisers need to ensure the safety of people attending their event. Event organisers are required to ensure people attending and impacted by their event are safe and that the event venue is secure. This requirement includes staff, participants, spectators, staff, volunteers, officials, media and the general public. Minimise your risk!

Freephone 0800 482 738 www.code1.nz security licensing regime – prescribes no real professional requirements for licensing as a security consultant. As an occupation group, security consultants evidence their expertise by pointing to one or more of any number of disparate sources, including former policing or military careers, private security experience, portfolios of previous work/clients, risk management qualifications, overseas qualifications and experience, internationally recognised security certifications, such as ASIS International Board Certifications, and/or esteem among peers. Evidencing security expertise specific to crowded places may prove tricky. Once the above expertise maze has been navigated through, those developing the panel concept will then be faced with the further challenge of identifying who might evaluate applications for the panel and how applications might be evaluated. As complex as they may seem, these are good challenges to be faced with. There is considerable talent and expertise among New Zealand’s private security consultants, and they are naturally best-placed to advise venues on how they can best secure their premises and keep their staff and visitors safe. Conversations between Police and industry such as those had during the meeting of 23 February are a real step forward in terms of discussing the challenges and the potential answers. It is, if nothing else, a good start.

NZSM

INSTALLATION HINTS

How correct product selection can turn a good video solution into a perfect one

Choosing the right camera for the job isn’t always as easy as you might think. While generally “if it costs more, it’s objectively better” is a guideline that’s hard to fault, it doesn’t factor in your specific need. A camera that can record a mouse winking at 100 metres is obviously a very good product but if all you want to see is a wall 25 meters away it’s probably not a sensible choice. It is important to be clear as to what exactly the purpose of the camera will be. Discuss this with your customer, sometimes their expectations are not achievable or may be outside of their budget. A fisheye camera that provides excellent all-round coverage will perform very poorly at face recognition. Over the next 3 issues we will be offering some tips on how to get the most out of your video system, intercoms and access control solutions. In this issue we will be focusing on cameras; specifically, lens selection, motion detection, and physical components such as mounts and cables. The advice here is general and all manufacturers will have slightly different interfaces and processes, so you’ll need to consult specific manuals. Keep in mind, the tips below are not designed to replace training however Hills does offer a wide range

NZSM

of comprehensive training courses on product from all our key partners. Talk to your Hills representative about available sessions and your individual training needs. Lens Selection Cameras with a focal length between 2.8 and 4mm are wide angle, without being distorted (like with a fisheye camera) and are useful for covering large areas for overview surveillance or for covering small rooms with a single camera. 6 to 12mm lenses are good for obtaining increased detail on a specific area of interest indoors, for example to give clear identification images at a doorway. Lenses of 30mm or greater are excellent for subjects at a distance, for example capturing license plates down a driveway. Tools such as field of view calculators are very useful for selecting exactly which lens is required at every location and you can find a link to IDIS calculator on the HillsIDIS microsite (https://www.hills.co.nz/idis-support). Motion Detection Motion detection is a great way to boost your security, and extend the duration of your recording. Motion detection automatically records when movement is detected however some systems will detect any movement including animals,

April/May 2021

trees, or even rain. These false alarms are annoying, can reduce readiness for a real security alert, and if your system is monitored, expensive. With improvements in technology and the introduction of Artificial Intelligence (AI), some cameras can even calculate the increased movement of trees in high wind to eliminate over 95% of false alarms. For example, the Dahua WizSense range of cameras and recorders have in-built smart motion detection (SMD Plus) which greatly reduces false alarms by ignoring pets, insects, leaves, branches, raindrops, lights, etc. Most Network Video Recorders (NVR) will have two locations to configure motion detection, 1. an Event or Alarm section which lets you configure the area you want the camera to look for motion and what to do in the event motion occurs (trigger a notification, switch a relay output etc); and 2. a schedule area where you can configure how the NVR records at specific times. Some systems will be able to utilise the motion detection technology built into the camera itself, increasing accuracy (as the detection is done pre-compression), and reducing network load. Again, different manufacturers call these menu options by different names, so it is important to consult your manual or attend a product specific training course. Physical components and Connections – It’s not all about technology The purpose of the camera will often define the location of the camera, this in turn will help inform the choice of camera style (flush mount for low ceilings, bullets with rain covers for outdoor use etc) and will necessitate specific brackets. Cameras come in all shapes and sizes so it’s important to understand where each camera is to be mounted. Is it to be mounted to a roof or wall? Is there a building feature that provides an obstacle? Does the mount need to resist extreme temperatures, and does it have a housing to protect cables? Is there a likelihood that something may inadvertently be placed in the camera’s field of view, thus creating a blind spot? Another consideration is likelihood of vandalism. If the camera is somewhere that is at risk of tampering you need to make sure your mount can resist this. Many manufacturers provide an “accessory selector” to help you choose the appropriate installation solutions. https://www.dahuasecurity.com/products/ accessorySelector. Sometimes the ideal installation location for a camera exceeds the standard 100m Cat5e/6 ethernet cable

April/May 2021

distance. In these situations, consider using a range extending technology such as Dahua’s ePoE. This allows IP cameras to be connected over Cat5 or 6 cable of lengths up to 800 meters.

ePoE technology also supports connecting IP cameras over Coax, which is perfect for retrofitting an old analogue site.

Connections are also important. Most people understand that you should weatherproof your connection if a camera is outside, but it’s also a good idea to do this for indoor cameras. Humidity, extreme temperatures, and dust can be just as damaging as rain and failure to weatherproof the connections can lead to camera failure and irreversible damage in some cases. Some security cameras come with waterproof connections but if there aren’t any included, they can be bought separately. There is so much to consider when choosing and installing the right video solution. Video surveillance is an integral part of most modern security solutions and the wrong choice can make your whole system vulnerable. Making sure you have the right solution is relatively simple though. Research the products and the environment in which they are to be used. Communicate with your customer and make sure they understand their options. Some customers think they want something but if you know it’s not appropriate, you need to tell them. You’re the expert and they’re relying on you to ensure they have the right solution. Most importantly, if you aren’t sure, don’t guess. Hills has security solution experts who will be happy to help you if there’s anything you are unsure of. Don’t miss part 2 in the June issue where we’ll provide even more tips that will build your proficiency as an installer. At Hills we offer training courses for IDIS, Dahua and Mobotix video systems, if you want information on specific training sessions, call Hills on 0800 1 HILLS (0800 144 557).

NZSM

CHRISTCHURCH

New Zealand Reassesses Counterterrorism PostChristchurch Secrecy about counterterrorism approaches across government agencies and a lack of transparency to the public had consequences for situational awareness, writes Security Management magazine’s Claire Meyer.

NZSM

26 November 2020

Almost two years later in December 2020, the commission’s report was released, calling out failings, intelligence gaps, and unbalanced priorities that led agencies to miss potential signs of an attack. The nearly 800-page report found that New Zealand’s national security agencies had spent an “inappropriate” amount of time focusing on Islamist terror threats in the months leading up to the attack. Researchers also dug into the life and background of the shooter, finding that he displayed racist behaviour from a young age, and his life experience fuelled his resentment and eventual radicalisation. He had no close friends, largely avoided social situations, and was financially independent. Tarrant was able to largely stay below the radar, however, and while the report called out lapses in firearms licensing and intelligence efforts, it noted that “no single aspect of [the shooter’s

Ko tō tātou kāinga tēnei

Volume 1: Parts 1–3

Report of the Royal Commission of Inquiry into the terrorist attack on Christchurch masjidain on 15 March 2019

Ko tō tātou kāinga tēnei

Claire Meyer joined Security Management in 2019 as its managing editor. She has been covering the security industry since 2012, regularly reporting on issues affecting security leaders today, including cybersecurity, leadership, security technology and trends. She graduated from the University of Missouri-Columbia with a bachelor’s in journalism and minors in French and fine arts.

Volume 1: Parts 1–3

New Zealand faced a nationwide reckoning after right-wing extremist Brenton Tarrant amassed an arsenal of weapons and carried out deadly attacks on two mosques in Christchurch in March 2019, killing 51 people. Just 10 days after the attack, the government established a Royal Commission of Inquiry to investigate what happened.

ROYAL COMMISSION OF INQUIRY INTO THE TERRORIST ATTACK ON CHRISTCHURCH MOSQUES ON 15 MARCH 2019 TE KŌMIHANA UIUI A TE WHAKAEKE KAIWHAKATUMA I NGĀ WHARE KŌRANA O ŌTAUTAHI I TE 15 O POUTŪ-TE-RANGI 2019

26 November 2020

background] could have alerted Public sector agencies to an impending terrorist attack.” The assailant’s undetected radicalisation has raised red flags for intelligence and security professionals worldwide, many of whom note that increasing polarization and vitriolic rhetoric from political extremists spikes in times of isolation, stress, and economic troubles—such as during pandemic lockdowns. “Right-wing extremist rhetoric does many things. It often pits elites against the ordinary people in ways that place blame for economic troubles squarely on the shoulders of governments,” said

April/May 2021

Cynthia Miller-Idriss, a professor at American University and director of the Polarization and Extremism Research and Innovation Lab, in a 2019 interview with American University. “When people experience economic precariousness, they can be more vulnerable to that kind of rhetoric. But even more importantly, we are seeing extraordinary levels of isolation, loneliness, depression, and anxiety among young people.” “This is a generation that spends more time alone than any previous cohort,” she continued. “They are eager for connection and meaning, and are vulnerable to rhetoric that promises them a sense of belonging, purpose, and a way to contribute to a cause bigger and better than themselves. This is the same dynamic that motivates foreign fighters to join Islamist extremist groups—the idea that they can be a part of something and that their lives will have meaning and purpose, whether that is to restore a sacred geography like the Caliphate

April/May 2021

or rescue white people from dying out as a race. “The language of ‘white genocide’ and ‘ethnic replacement’ (as cited by the New Zealand terrorist, for example) captures this quite clearly, because it is paired with a call to action. This is not to say that all young people are vulnerable to extremist rhetoric. But more young people than ever today are lonely, anxious, and want a sense of connection. That increases the number who will be vulnerable to extremist promises of meaning and purpose.” Bruce Hoffman, senior fellow for counterterrorism and homeland security at the Council on Foreign Relations, says the pandemic has created an opening for extremist content to flourish. “The COVID-19 pandemic has been like manna from heaven for [extremists] because it gives them a platform or a hook to spread the violent forms of xenophobia, anti-immigrant sentiment, antisemitism, Islamophobia, and so on,” Hoffman explains.

“This has just become a vehicle for all sorts of different arguments, whether it’s in contagion and contamination or in sinister conspiratorial forces manipulating international public health for purposes or profit. It’s just grist for the conspiracy theories that seem to dominate a lot of political discourse nowadays.” Hoffman has been studying violent extremism for 45 years, most recently on the Vortex of Hate project, and he says he is increasingly concerned about violent far-right and far-left messaging online. He calls this the “message in a bottle” phenomenon—people are irresponsibly or intentionally posting messages, GIFs, and memes that encourage division, enflame tensions, and incite violence. The person setting those messages adrift may not be willing to commit acts of violence themselves, but he or she hopes someone who reads them will be inspired to take action. “You could imagine, for law enforcement and intelligence—how do you track that? How do you predict that? How do you interdict if there’s no actual command or order being issued? How can you anticipate these acts of violence?” he asks. Those nebulous trails have left investigators in a challenging position, particularly when public support and resources for counterterrorism initiatives wane. New Zealand’s Royal Commission found that secrecy about counterterrorism approaches across government agencies and a lack of transparency to the public had consequences for situational awareness. “One reason for this was to avoid stigmatising Muslims,” the report said. “But had such a strategy been shared with the public and also incorporated a ‘see something, say something’ policy, it is possible that aspects of the individual’s planning and preparation may have been reported to counterterrorism agencies.” While the report acknowledged that lone actors are difficult for intelligence, security, and law enforcement agencies to detect and

NZSM

stop, disruption is possible. At the time of the 2019 attack, however, the New Zealand Security Intelligence Service had a limited understanding of the state of right-wing extremism within the country—the majority of the service’s scarce resources were concentrated on Islamic extremist terrorism. “Indisputably, even up until the attacks in Christchurch, New Zealand, the overwhelming threat that national security, intelligence, and law enforcement agencies were focused on—with good reason— was the threat from Salafi jihadi terrorists,” Hoffman says. “I think the challenge we face today is, despite declarations to the contrary, neither ISIS nor al Qaeda has gone away; they are still active and still pose serious threats. I think the main challenge is that now we’re turning to law enforcement and intelligence to cover an even longer, broader, and deeper waterfront.” Meanwhile, he adds, “There’s a constriction of resources, funding, personnel, and even interest at a time when the threat is now morphing and growing in different directions—the rise of violent far-right extremism being a case in point.” Hoffman says the New Zealand report makes clear that “there’s no longer any meaningful barrier or demarcation between domestic and international terrorism.” While not part of the original scope of research, the commission said it became clear that social cohesion, inclusion, and diversity were essential lenses through which to view the lead-up and aftermath of the attack. “Social cohesion has many direct benefits to individuals and communities,” the report said. “In contrast, societies that are polarised around political, social, cultural, environmental, economic, ethnic, or religious differences will more likely see radicalising ideologies develop and flourish. Efforts to build social cohesion, inclusion, and diversity can contribute to preventing or countering extremism.”

This is your home and you should have been safe here This illustration and text was kindly gifted by artist Ruby Jones. The Royal Commission deeply appreciates Ruby’s talent and generosity.

Image courtesy Report of the Royal Commission of Inquiry into the terrorist attack on Christchurch masjidain on 15 March 2019

The report made 44 recommendations organised under four main themes: improving New Zealand’s counterterrorism effort; improving New Zealand’s firearms licensing system; supporting the ongoing recovery of victims’ families, survivors, and witnesses; and improving social cohesion and New Zealand’s response to an increasingly diverse population. The government accepted all 44 recommendations, including to establish a new national intelligence and security agency. Firearm licensing laws will be tightened, counterterrorism laws strengthened, and changes will be made so police can better record and respond to hate crimes. In a speech on 8 December 2020, New Zealand Prime Minister Jacinda Ardern apologised on behalf of the government for the lapses and the work that still needs to be done. “There are many groups of people in New Zealand who do not feel safe due to threats and victimisation

that most New Zealanders don’t ever encounter,” she said. “I think most of us would find hate-fuelled behaviour unacceptable, and totally against who we are, and what we aspire to be as a nation.” She announced in the speech that the government was establishing a new police program to respond to hate crime, increasing Human Rights Commission funding, and proposing updates to hate speech legislation. “New Zealand will never be immune from violent extremism and terrorism,” the report said. “Even with the best systems in the world, a determined would-be terrorist could carry out an attack in New Zealand in the future. But there is much that the government can do, starting with a greater commitment to transparency and openness with New Zealanders.” [The assailant] has since pled guilty to terrorism, the murder of 51 people, and the attempted murder of 40 people. He is serving a sentence of life imprisonment without parole.

NZSM

April/May 2021

Security’s Role in Business Continuity Reflecting the evolving Business Continuity role of security professionals, ASIS International is updating its BCP Guideline, writes senior editor of ASIS International’s Security Management magazine Megan Gates. Never before has the need for security professionals to be involved in business continuity efforts been as prevalent as it was in 2020. From deciding how to handle COVID-19 to natural disasters to civil unrest to cyberthreats, executives have turned to their security teams to help keep businesses—and employees—safe while remaining productive. To help provide best practices for these teams, ASIS International gathered a group of experts to update its Business Continuity Guideline, says Robert Carotenuto, CPP, PCI,

Megan Gates is Senior Editor at ASIS International’s Security Management magazine. She joined the Security Management team in 2013 after graduating from Missouri State University with a Bachelor of Science in Journalism.

PSP, director of security at The Shed and chair of the guideline committee. “We understand that the pandemic is on everyone’s minds, but it’s not the only emergency and crisis situation,” Carotenuto says. “There are political crises, rioting, global climate change with fires in California, and hurricanes, so we understood that the guideline needed to address the survivability of your organisation in terms of facing many threats that are known, unknown, or infrequent.” The guideline, planned for publication in spring 2021, will update the existing guideline— written in 2005—providing recommendations for a business continuity management program that enables users to identify, develop, implement, and monitor policies, objectives, capabilities, processes, and programs to address disruptive incidents and crisis events that could impact the organization. The guideline will also provide a framework for organizations to use to prepare for—and successfully manage—critical business functions during and after a disruptive incident or crisis. There are 27 members on the guideline committee, and many of the discussions during its monthly meetings demonstrated how the understanding and concept of risk has changed throughout the course of COVID-19; how the long-off threat of a pandemic has impacted planning for unlikely but potentially catastrophic risks, Carotenuto adds.

Robert Carotenuto, CPP, PCI, PSP, chair of the guideline committee.

“Risks that develop over time— we as humans are not really good at assessing that. Things that take a long time to develop, over years, people tend not to see as imminent,” he says. “They don’t feel the need to take immediate action.” But when it comes to risks like pandemics and climate change, organisations and security professionals need to scan the horizon to prepare themselves. “It’s taking the long-term view, seeing a risk that develops slowly over time that you need a long-term strategy for,” Carotenuto says. “That’s the challenge, to come up with a solution for a risk that slowly erodes stability and resilience over many years.” For more on ASIS International’s Standards & Guidelines, visit: asisonline.org/publications--resources/ standards--guidelines.

April/May 2021

NZSM

WOMEN IN SECURITY

Ankita Dhakar and the Security Lit story According to Ankita Dhakar, winner at the 2020 Women in Security Awards Aotearoa and Founder of cybersecurity provider Security Lit, self-belief is a key ingredient for success. “If anything is worth doing, do it with all your heart”. – Buddha Security Lit, a cyber security company, was formed amidst a global pandemic in the heart of Waikato, Hamilton. Despite not having any formal background or degree in IT, and with very limited resources, Ankita Dhakar founded the company amid the unprecedented economic disruption wrought by the COVID crisis. Soon after starting the company, Ankita could not find a fitting example of a founder like her, so she made it her mission to be that example for herself and for others. She suspected it was possible to lose her way since there was no map or manual for her to follow, so she decided to draw that map so that individuals wanting to follow a similar path wouldn’t have to face the same challenges she did. Ankita’s main purpose is to help individuals and businesses – big or small – operate confidently and securely by providing affordable cybersecurity services. She has a vision to create an environment where everyone feels safe and secure online. With Security Lit, Ankita is spreading cyber awareness in the community to help all New Zealanders. She has developed an internship programme for students and people new to security to help them get where they want to be in their security career. Ankita enjoys educating businesses and individuals about cyber security threats and how to protect themselves.

NZSM

She was recently invited as a guest speaker for CROW (Cyber Security Researchers of Waikato) to share her story and Security Lit’s plans for future. She moved to Hamilton soon after incorporating the company because she wanted to help the graduates of the University of Waikato by training them and giving them real experience that would enable them to find employment quickly, and to inspire them to help protect New Zealanders and SMEs from cyber threats. Ankita is currently working with her technical team on ideas to develop a tool that will keep an eye on various assets for possible sensitive vulnerabilities. One interesting feature that Ankita wants to include in the product is the ability to notify all new discovered vulnerabilities and monitor subdomains and ports of assets for malicious activities. She wants to make this tool available for SMEs of New Zealand at an affordable price. The product development is led by the CTO of Security Lit, Jozsef Gacsal, who has more than 20 years of experience

in the field of IT security and has worked with big companies in the past, including Intel, IBM, and Microsoft. When it comes to doing business and welcoming new team members, Ankita follows a collaborative approach. She strongly believes that you can only grow when you help others grow. Money is not a motivator for her, she gets motivated by her dreams. One such dream is to see Waikato become the Silicon Valley of New Zealand. The advice contained in the above quoted words of Buddha’s “has been a blessing in my life,” said Ankita. “It’s a blessing in that I have followed it religiously – if I do something, I give it 100 percent, jump in fully, and give it every ounce of what I’ve got. She wants to inspire more people by sharing her journey. Ankita once believed that people who start companies, especially tech start-ups, are people who tend to have a lot of experience and funding and are the experts in that field. Today she can say that is not the case. “It can be challenging in the start but if you believe in your dream it will come to life eventually,” she said. “You can become whoever you want to be, and can land whatever role you want.” Security Lit has now successfully completed its first year of operation. Ankita has achieved what she set out the achieve with the help and support of industry professionals. She now has some new dreams for the team and the business: making Security Lit a company known for its incredible services, it’s values and the commitment to give back to the community.

April/May 2021

MEM2400LP

World leaders in revolutionary Electric Locking Design and Craftsmanship. Proudly stocked and supported by NZ’s leading authorized distributor…

• Suits low door height or narrow profile frames • High holding force up to 1000kg • Releases with up to 70kg of side pressure; early warning alarm • Supplied with anti-tamper bracket • 12/24 VDC, low power consumption • 4 hour fire rated • Lock Status & Door Status Sensors MEM2400LED-LZ • Features as for MEM2400LP with L/Z Bracket for inward opening doors

FES20M • High security stainless steel strike rated up to 1490kg holding strength • Quick and easy Power to Lock/Power to Open interchange • Mounting kit with adaptor tabs • 12VDC 220mA; 24 VDC 120mA; 36 VDC 80mA • Door, Lock & Frame status monitors • Pre-drilled for extension lips, 25mm & 50mm available

FES 10 and FES 10M • Stainless steel faceplate & keeper rated up to 1300 kg holding strength • FES 10 is IP56 rated • Dual voltage capable; 12VDC 200mA, 24VDC 100mA • Pre-drilled for extension lips, 25mm and 50mm available • FES 10M has door latch monitor

SECURITY TECHNOLOGY RELIABILITY

• ELECTROMAGNETIC LOCKS

VE1260

• STRIKES • DROP BOLTS • ELECTRIC MORTICE LOCKS

FEL990M

• 5 YEAR WARRANTY

• High security, 1000 kg holding force, 35kg pre-load capability • Accepts 12-30 VDC • Door status & Lock status monitors • Square & radius edge models • Pre-taped glass door housing available for radius edge version • Special strike plate caters for up to 12mm door misalignment • • • • • • • •

Multi-functional and field changeable Vestibule or combination Fail Safe/Fail Secure selectable 12/24 VDC Left or Right hand Key override Monitors: Door, Lock, Key & REX 12 pin connector

21136/REV11.17 21336/1/18

Your FSH Electric Locking range includes…

WOMEN IN SECURITY

Managing Cybersecurity threats with Security By Design The costs of adding security as an ‘afterthought’ far outweigh those associated with baking it in from the start. Security by Design just makes sense, writes Vanessa Leite CISSP, CCSP.

Cybercrime is growing exponentially and is consistent with the growth of technology adoption. Criminals have moved their operations into cyberspace and have been working on developing and enhancing their practices at a concerning pace.

Vanessa Leite CISSP CCSP is a senior cybersecurity manager with over 10 years of experience leading security initiatives across different sectors. Most of her career has been in technical security positions, and she is currently in an executive role leading ANZ’s NZ Advisory and IAM functions.

NZSM

Security experts have been observing a significant increase in sophistication with regard to Tactics, Techniques and Procedures (TTPs), which are patterns of activities associated to specific attacks or hacking groups. No organisation is completely safe from cybersecurity threats nowadays. Although there is no doubt there has been a significant increase in attack sophistication, the majority of successful compromises are still due to poorly developed, configured and maintained information systems, which in reality do not require any sophisticated exploitation techniques. According to the IBM 2020 X-Force Threat Intelligence Index, of the top ten vulnerabilities exploited in 2020, only two of these were actually disclosed in the year of 2020, suggesting organisations encounter significant difficulties with performing basic security controls such as vulnerability and patch management. The Veracode State of Software Security v11 report states that the vast majority of applications analysed by

them (76 percent) had some sort of security flaw, indicating that this is an inevitable issue and emphasising the need for strong and consistent collaboration between development and cybersecurity teams. Making cybersecurity a core part of business strategy and the foundation for the development of applications (or any new solution) is key for managing cybersecurity threats that take advantage of these vulnerabilities. Security by Design can help organisations build more secure solutions and manage cybersecurity threats. What is Security by Design? Security By Design is originally a principle related to the Software Development Life Cycle (SDLC) where security is intended to be designed into very early stages of a software development process. However, its concepts and applicability can be easily extended and used more broadly for the development and creation of any new solution, including business processes. The benefits of embedding controls for protecting confidential, integrity and availability of information into early phases of a solution development process are significant. This approach has the potential of enabling organisations to implement more integrated, effective and efficient security controls. Security by Design is not a new

April/May 2021

concept, and it’s also behind other methodologies such as DevSecOps, where security is brought in as part of the DevOps teams, which is the backbone of the Agile Software Delivery process. The ability for Cybersecurity teams to be so closely involved in any development or creation process is crucial for security, but also for an effective digital transformation. However, besides the fact that Security by Design is not a new concept and has so many visible advantages, the EY 2020 Global Information Security Survey identifies that only 36 percent of organisations say cybersecurity is involved right from the planning stage of a new business initiatives. According to the report, a market leading automotive organisation had to recall 1.4 million vehicles in 2015 after their car’s infotainment system was hacked and key control functions, such braking and steering, were proven to be vulnerable after tests from security experts. If Security by Design can enable more secure and effective digital transformation, why have so many organisations still not fully adopted it? Historically, cybersecurity teams have been perceived as obstacles for innovation and growth due to noncollaborative approaches, such as saying “no” all the time and throwing over the fence requirements, which tended not to take into consideration

April/May 2021

business constraints. Security has come a long way, and today the community acknowledges that a better job needs to be done with regards to finding the balance between business and security requirements and making recommendations that are fit for purpose and take into consideration the user experience. Nevertheless, within many organisations cybersecurity teams are still positioned as gatekeepers instead of contributors, who cooperate for a security afterthought approach instead of a Security by Design one. But how to implement Security by Design? Security by Design is all about collaboration and thinking about what could go wrong from the start so that security issues can be addressed before the point at which the cost and time for remediation becomes disproportionately large. Organisations looking at adopting or enhancing Security by Design should consider the following key aspects: • Incorporate security controls into every phase of solution creation processes (e.g. SDLC). Controls should be designed in as a core part of any solution. • Establish a risk management framework so that risks are properly communicated and managed.

• Have a collaborative approach. Cybersecurity teams need to contribute to the solution too. • Balancing business with security requirements and consider user experience. Users are likely to bypass security controls that are just too hard to perform. • Establish governance processes and control gates to spot projects that are not engaging cybersecurity at the appropriate stages. • Bring in assessments, such as threat modelling, and perform them in a collaborative manner. By doing so, cybersecurity teams can obtain a better understanding of the solution, including how it could be subverted and what controls would be necessary to stop it. • Consider controls such as access management, segmentation, logging and monitoring, configuration compliance, vulnerability management, cryptographic and resilience. • Automate as much as possible. Organisations should be looking at standardising and automating build and update processes, configuration management, logging and monitoring, security testing. Adopting Security by Design can be a significant change for organisations that still see cybersecurity teams as mainly as a governance function responsible for policies, standards and process oversight. Cybersecurity teams can bring a lot to the table when they work collaboratively with other business areas on the identification and design of security controls. Afterthought security costs more, and organisations need to realise that a short-term or profit-first approach will lead to failure, which could have serious consequences to their business and customers. Security by Design has the potential to help organisations build a security risk mindset and culture from the outset, which can enable them to innovate and grow in a much more sustainable way.

NZSM

WOMEN IN SECURITY

History of Women in Tech and Cyber Security Many great women have changed the tech world, writes Software engineer and cyber security specialist Darya Kokovikhina. Remembering their often forgotten stories can help inspire a new generation to break the digital gender gap. The history of women in tech and cyber security is longer than you probably know. Technologies we know today might be different or might not even exist without the many great contributions made by women. Women`s achievements in tech and cyber include but are not limited to the development of the STP algorithm (what we call today`s Internet), codebreaking work during World War Two that exposed Nazi spy rings, the first computer algorithm and compiler, and many more. Ada Lovelace is the world`s first conceptual computer programmer who wrote the first computer program to calculate Bernoulli numbers on paper because no computers existed at the time. Based on her notes, she was the first person to recognise that a general purpose computer could do anything if the right data and instructions were given. The programming language ‘Ada’ was named after her and is now used around the world, including in the operation of real-time systems in areas where reliability and safety are critical, such as aviation, transportation, health care, infrastructure, space and finance. Grace Hopper is the esteemed computer scientist who was involved in the creation of UNIVAC (Universal Automatic Computer), the first all-electronic digital computer. One of Hopper’s inventions was the first computer compiler – a program

NZSM

that translates written instructions into machine language. Hopper`s team invented the FlowMatic language, which is considered to be the first compiler-based programming language and the first language to be expressed in English keywords rather than numbers or machine code. She also helped develop the programming language COBOL, the first standardised general business computer language. It’s still in use today. She predicted that in the future computers will be small to fit on a desk and will be used by everyone. Hollywood actress Hedy Lamarr was also an inventor. She invented frequency hopping with the “Secret Communication System”. She designed a device that prevented enemy ships from detecting and jamming radio-controlled torpedoes. Today, this invention is used in modern wireless communication, including WiFi, GPS and Bluetooth. Inventor Carmelo ‘Nino’ Amarena once said about Lamarr, “We talked like two engineers on a hot project, I never felt I was talking to a movie star, but to a fellow inventor.” Elizabeth S. Friedman is a cryptanalyst and codebreaker, and has been called ‘America’s first female cryptanalyst’. Friedman is considered to be the world`s best-known codebreaker and her achievements have only come to light in recent years. During World War Two Friedman deciphered enemy messages sent by Germany’s Enigma machines,

Darya Kokovikhina is a Software Engineer and Cyber Security Specialist

uncovering a Nazi spy ring based in South America in 1943. “She was this amazing, hidden woman behind so many important secret battles of the 20th century,” commented journalist Jason Fagone. Radia Perlman is a computer programmer, network engineer and who is often referred to as the ‘Mother of Internet’. She developed the algorithm behind the Spanning Tree Protocol (STP). Spanning Tree Protocol setup allows the automatic backup of paths that have failed but are still active, incapacitate the links that are not related to the path and enable a network to send data accurately and reliably. This innovation was fundamental to network bridges and what we now call the Internet. There were so many more great influential women who changed the tech world. Remembering their often forgotten stories can help in inspiring a new generation of women to break the digital gender gap.

April/May 2021

REACH

NEW HEIGHTS in Professional Excellence

ASIS accredited certifications can help you reach your career goals.

Validates your ability to conduct security investigations through the effective use of surveillance, interviews, and interrogations. Designed for those with 5 years of related experience.

WHY EARN THE PCI DESIGNATION? • Provides independent confirmation of your specialized skills in security investigations • Gain global recognition by your peers and industry • Get a competitive edge in the marketplace • Enhance your career and earnings potential • Enjoy personal satisfaction and professional achievement Be one of the many ASIS board certified practitioners who are leaders, mentors, and trusted strategic partners, serving both their organizations and the profession.

Visit www.asis.org.nz

“PCI is an important element in the ASIS Certification programme, dovetailing into both CPP and PSP for a comprehensive understanding of broader security industry objectives. An effective and reliable investigation depends on objectivity, thoroughness, relevance, accuracy and timeliness. PCI helps identify critical investigative outcomes, including evidence collection, case management, and the process of offender detection, identification, interview and prosecution. Good physical security designs, together with robust policies and procedures are key elements in a successful investigation. The PCI certification provides an insight into how these pieces interrelate." - David Horsburgh, MSc CPP PSP PCI

WHY SHOULD AN EMPLOYER HIRE ASIS CERTIFIED PROFESSIONALS? • B uild a strong, dedicated team committed to high standards and continuing professional development • Promote ongoing education of critical job knowledge and skills • Feel confident that your staff are using best practices • Recruit the most qualified professionals • Reinforce or elevate your organization’s reputation and credibility Increase the competency level of your staff by supporting your security professionals in their certification journey.

WOMEN IN SECURITY

Melonie Cole: Placing people at the centre of security Melonie Cole, owner and consultant at Mindshift, a Women in Security Awards Aotearoa finalist and speaker at the recent ASIS NZ Women in Security event, contributes an article of two parts to NZSM. The common thread? People.

Melonie is an experienced cyber awareness specialist, strongly focussed on building relationships that stand the test of time. She loves working with people to develop stand-out awareness campaigns and programmes.

NZSM

We have one thing in common and that’s people Whether we’re talking about information, physical, or personnel security, there’s one thing in common, and that’s people. When we started Mindshift, our mission was to make a positive difference to the online safety of New Zealanders and we came up with the definition “cyber awareness is the information we give people to help them make good cyber decisions”. After talking at a recent ASIS Women in Security event about my baptism into the world of security, I pondered whether the addition of the word ‘cyber’ to that definition has led me to silo our business into one that focused purely on our online world but should be taking a broader approach. When it comes to awareness, people are at the heart. It’s not just the information we give people to make good online decisions, it’s the information we give people to ensure they act in secure ways – whether it be handling information or with people directly. I clearly remember the day I bravely asked a colleague “what exactly is information security’? I’ll never forget the withering look I was given, as if this was common knowledge. For most New Zealanders, ‘online safety’ may be a term more easily understood, and that includes by me too.

How many others in our wider industry would love to understand the terms we assume to be understood? And, who would enjoy learning about what people in different fields within security do? There may be opportunities, both professionally and personally that are lurking, just waiting to be discovered. Being brave enough to ask questions is something I talk a lot about. This becomes more challenging I’ve found as I’ve become more ‘seasoned’ (aka older and wiser!) and there’s an expectation that ‘seasoned’ means you are the fount of knowledge! Accepting that questioning and listening are vital life skills is critical for us all, especially those working in security where nothing seems to stay the same for long. Asking and listening is also how we connect with people, I love the saying “speak in such a way that others love to listen to you; listen in such a way that others love to speak to you.” It goes without saying there’s a place for formal training in any industry. In fact, for many working in information security it seems neverending and no-one ever starts out being an expert in anything. But surely nothing tops the richness of knowledge we absorb when we learn from our peers, friends, and people we respect in our industry. What opportunities are there to share experiences across our industry as a whole, especially

April/May 2021

What people do, or don’t do is key when it comes to cyber security. Make awareness part of your cyber security strategy with Mindshift.

those which encourage young people to consider security as a rewarding career choice? No matter what age or stage of life or career we’re at, or the role we have, we are all contributing to the safety of our country and all New Zealanders. Take a second to reflect on that, that’s got to make you feel pretty good eh?! Putting people at the centre of security conversations People have hearts, minds, emotions, feelings – that’s what makes us human. We also have ways of doing things (patterns), which is how we organise information in our lives. It’s possible to change our patterns but our behaviours are unpredictable based on external influences which are often out of our control, like how we’re feeling that day, the pressures of work and life, and time constraints. All of that makes us more vulnerable to people who want to take advantage of us. And there’s no better place for us to be taken advantage of than when we use the internet. Undoubtedly, we underestimate risk on the internet because we feel we’re in control. We decide what websites to visit, what files to download, what emails to read. And

April/May 2021

because we have this sense of control of something we can’t actually see, we underestimate the risks. What people don’t realise is that the websites they visit may be malicious, the files can be infected, or email could be scams. When attacks happen, people may not even be aware. Take the way we underestimate risk on the internet and combine that with the fact the internet makes it simple for criminals to imitate communications that people trust, it’s no wonder we’re so vulnerable to today’s cyber threats. In the work we do at Mindshift, we’ve observed some key reasons why we think people exhibit cyber risky behaviours: • People will find the easiest and quickest way to do things, but it may not the most secure. • Security policies are not usually written in a way people can understand or connect with. • It’s human nature to need and want for things and not to miss out so we’re lured to scams. • We’re often distracted by other things, especially when we work from home. • People may just not care – attitude is a big contributor to how people

behave, especially if they feel unsupported or blamed, or just not engaged with what they’re doing. We often hear and see people referred to as the weakest link in cyber security. But when you consider all the external factors that people need to deal with as well as develop their own secure ways of working perhaps describing people as “cyber risky” is more accurate. So the role we all play in helping people be more aware of security is very important. We need to find ways to give people the information they need to take the necessary actions to keep information secure and people safe. There’s no better time to do this than now, as people make work from home the norm and habits, good or not so good, start to form. And if we think about doing this in a way that will be most useful and meaningful to people, then we need to put them at the centre of how and what we communicate, supporting and helping them at the right time wherever they are. And remember, people have vulnerabilities (we are human!) and that’s what makes us risky, not necessarily the “weakest link” in security.

NZSM

WOMEN IN SECURITY

ASIS NZ Chapter’s Women in Security 2021 In its fourth year, the ASIS NZ Chapter’s Women in Security annual event presented a challenging planning exercise, writes Chapter Chair Ngaire Kelaher, with the result a resounding success. In celebration of International Women’s Day, ASIS New Zealand hosts an annual ASIS NZ Women in Security Special event. This event is to celebrate the women in our industry as well as an opportunity to engage with subject matter experts of their field, to network, and to inspire and motivate! Although this annual fixture highlights female trailblazers within the industry, often from a variety of industry backgrounds, the actual event is for EVERYONE within industry! The event has now run for four years taking place mainly in Auckland (and once in Wellington). Ideally, we would like the event to take place each year in alternating cities, however this isn’t always possible as we rely heavily on people donating and volunteering their time as well as sponsorship. This is important, as we offer the event to all free of charge so that there are no barriers when it comes to attendance. We also live streamed the event (via the ASIS NZ Facebook page) this year in order to make it as accessible as possible. This year proved to be very interesting one to say the least with planning taking place amid COVID alert level changes and uncertainty in the weeks leading up to the event (which included lots of internal venting!)

NZSM

This resulted in the contact tracking of ticket ‘sales’ to ensure it stayed under one hundred during the level 2 COVID phase), and ensuring tables were in place to control safe social distancing and changing the catering arrangements to prepackaged individual packs – to name a few of the tweaks we made. Then, the return to Level 1 in Auckland just a few hours before the event meant we could socialise a bit more freely during the evening (a great bonus), but it also resulted in a few ‘no shows’ as we were also competing with the America’s Cup. Yes, that’s right, once the level 1 change came into force for Auckland just in time on a Friday night… well, you get the picture. Despite the alert level challenges and everything else – and despite competing with Auckland peak hour traffic – we nevertheless recorded a great turn out. The traffic could not stop our audience, and for that we are eternally grateful. Inspiring speakers But what made the night an absolute success were our fantastic speakers – women that may have security in common but who approach security from extremely different backgrounds. They delivered amazing stories and key messages that both informed and inspired the audience. This is what made the night a success! Our first speaker was Darya Kokovikhina, a Software Engineer

experienced in cyber security and software application architecture. She’s worked in multinational organisations in countries as diverse as New Zealand, Sweden, Malaysia and Central Asia. Darya believes that support, encouragement and the sharing of experience and knowledge can inspire women in tech and cybersecurity. She gave a fantastic presentation titled ‘Women in Tech and Cyber Security: My Journey’. Second speaker Jane McCarroll, Head of Industry and Client Partnerships for the Skills Consulting Group, spoke on ‘Managing the Generational Gap’. It was, basically, an extremely humorous and insightful history of today’s working-age generations from baby boomers through to the school leavers now joining the workforce. Jane described the key traits behind the different generations, and gave extremely helpful tips to communicate effectively across them and to bring out the best in each other. Third speaker Melonie Cole is the Owner of Mindshift, a Kiwi business focused on the people part of cyber security. Melonie drew on her experience in organisational change, compliance, communications, to talk candidly about what triggered her to leave three decades of corporate life behind to start her own cyber security awareness business! The evening’s final speaker, Vanessa Leite, talked ‘Managing

April/May 2021

Cybersecurity threats with Security By Design’. A Senior Manager Cybersecurity with over 10 years of experience in leading security initiatives across different sectors, most of Vanessa’s career has been in technical security positions. In what was a common theme of the evening, Vanessa talked about the importance of sharing experience. Knowledge and experience sharing, she believes, is critical for building cybersecurity awareness and for working on making organisations’ security practices more mature. ASIS New Zealand would like to thank our amazing speakers for 2021 – the wonderful Darya Kokovikhina, Jane McCarroll, Melonie Cole, and Vanessa Leite. Their enthusiasm, time, passion for their field engaged the

April/May 2021

audience and made it a fantastic night for all. Thank you to our sponsors, and especially to Gary Morrison of the NZSA who again made this event possible, and to Dean Kidd of Auckland Unlimited who started the initiative four years ago and continues to host the Auckland events. Thank you also to our MC Bruce Couper who did an amazing job again this year, and a huge thank you to all attendees. Stay tuned! We’ve had a lot of positive feedback circulating on linkedIn, and next year’s line-up is already being planned – we’ve already confirmed two speakers! Please follow ASIS New Zealand on LinkedIn, Facebook and

email chairpersonasisnz@gail.com to be added to the member list. Also, look out for ASIS New Zealand’s monthly Chapter meetings, which feature guest speakers from across industry; monthly Young Professional Meetings; and monthly study group updates for those undertaking ASIS International Board Certifications. We’re also continuing the popular ‘Across the Globe’ series we started last year in which International Guest Speakers Zoom in to present in their area of expertise. And, last but not least, we’re also reviving the Annual ASIS NZ Certification Dinner, which is taking place on 26 March as a formal event. Lot’s to look forward to in coming weeks and months with ASIS International’s New Zealand Chapter!

NZSM

PSPLA

PSPLA clarifies Private investigator confusion A recent PSPLA decision clarifies what the ‘private’ in ‘private investigator’ means, writes Nicholas Dynon, concluding that employment investigators are required to be PSPLA licensed but that lawyers are not.

A decision from the Private Security Personnel Licensing Authority (PSPLA) in June 2020 concluded that a company investigating a case of workplace misconduct had breached the Private Security Personnel and Private Investigators Act 2010 because its investigators were not appropriately licensed during their investigation. Despite this finding, the company avoided prosecution due to the PSPLA concluding that “any breach was inadvertent and a result of the widespread belief within the employment investigation industry that they were not private investigators.” The decision ([2020] NZPSLA 007) also noted that the company’s employees had subsequently obtained practicing certificates as lawyers, which exempted them under the Act from having to be licensed as private investigators. Complaint and CIPU finding A complaint was lodged in July 2019 against the company relating to the way it had carried out a workplace investigation for the complainant’s previous employer. The complaint alleged that two individuals were providing private investigation services through the company without

NZSM

the necessary certificate or licence. The complaint led to an investigation by the Complaints, Investigation and Prosecution Unit (CIPU), which found that the company’s investigators should have held licenses/certificates and that as holders of practicing certificates as lawyers they were not exempt. Disagreeing with the finding, the company sought a review, arguing that it is not the intention of the Act for employment consultants and investigators to fit within the definition of a private investigator, and that “even if they were required to hold a licence at the time they carried out the investigation, they should now be exempted by s 22(d) as they hold practicing certificates as lawyers.” In the subsequent PSPLA review, clarifications were provided in relation to misconceptions relating to the role of private investigators vis a vis employment investigators, and in relation to whether or not practicing lawyers are required to hold private security licenses/certificates of Approval. Private Investigators and Employment Investigators According to the PSPLA, the company had submitted that when the Act was passed in 2010, “Parliament’s main concern was to

ensure private security personnel and investigators did not get out of hand and to deter cowboy operators,” and that “the Act was directed at private investigators in the sense in which that role is commonly understood, namely covert investigations and surveillance of targets.” The PSPLA accepted that parliament may not specifically have had employment investigators in mind when considering the work of private investigators when the Act was passed, but that it had “clearly intended the definition of private investigator to cover all people in the business of carrying out investigations into a person’s character, actions or behaviour.” In its decision, the PSPLA noted that the company specialises in independent investigations into workplace complaints, and provided a brief description about what’s involved. “They are contracted to carry out investigations on behalf of an employer where there are allegations of misconduct, either by one employee against another or by an employee against a manager. Most allegations relate to bullying, sexual harassment or other inappropriate behaviour in the workplace but can also relate to allegations of fraud or theft. “When such allegations are made an employer is legally required to

April/May 2021

establish the facts of the complaint. To ensure fairness to all parties and that any investigation is conducted in accordance with the principles of natural justice and procedural fairness, it is now considered best practice for employers in New Zealand to engage a specialist third party to undertake an independent employment investigation.” Given this, the PSPLA found that the company is “carrying on a business of seeking or obtaining for their clients, or supplying to their clients, information as defined in s 5(1)(a) of the Act,” and is therefore a private investigator. At the time they carried out the investigation involving the complainant, the company was required to hold a licence as a private investigator and was therefore in breach of the Act. Nevertheless, the PSPLA accepted “that the breach was unintentional and that there is a widespread misconception in the industry that people in the business of employment investigations are not private investigators.” In this case, misconceptions appeared to focus around the meaning of ‘private’ as used in ‘private investigator’ and in particular that private refers to investigations activities being of a ‘covert’ or ‘secret’ nature, or involving an invasion of ‘privacy’.

April/May 2021

The company had submitted that employment investigations differ from private investigations in that “if individuals decline to participate in an employment investigation covert surveillance or invasion of privacy does not follow.” In response, the PSPLA noted that covert surveillance and invasion of privacy is not part of the Act’s definition of the work of a private investigator, and that private investigation work “covers a wide range and frequently does not include surveillance or invasion of privacy.” The PSPLA also clarified the misconception that “most employment investigators would not meet the criteria for a security licence as they have no training or experience in surveillance and security.” It noted that “surveillance experience is not an essential part of the training or experience for all private investigators.” Ultimately, it stated that the ‘private’ in ‘private investigator’ is a designation that distinguishes investigators working in private practice from those working in ‘public’ sector positions, such as police detectives and others in government investigator roles. Private Investigators and Lawyers The PSPLA noted that subsequent to the period covered by the complaint, the company had become

an incorporated law firm and its officers had gained practicing certificates as lawyers. As a result, it found that the company’s officers “are therefore exempt from needing to hold a licence under s 22(d) of the Act and are no longer in breach of the Act.” Section 22(d) of the Act provides an exemption for people who are licenced or permitted to carry out security work under some other regime. This is particularly the case, noted the PSPLA, “if the other regime under which they are licensed ensures they are qualified to carry out the work and has a robust complaint process if they act contrary to the public interest.” In particular, it considered the training and ethical requirements for lawyers to be more extensive than those under the Act for private investigators, and that the complaints process for and against lawyers is more comprehensive than that for private investigators. It concluded that any further action against the company or its officers for the breach of the Act to be unnecessary, and that any breach was inadvertent and a result of the widespread belief within the employment investigation industry that they were not private investigators.

NZSM

INDUSTRY

NZSA CEO’s March Report In this update, NZSA CEO Gary Morrison talks SkillsVR Security Training Platform, MSD Skills for Industry programme COA training, Crowded Places SIG, Security Technical Level 4 qualification and more.

Gary Morrison is CEO of the New Zealand Security Association (NZSA). A qualified accountant, Gary originally joined Armourguard Security as a junior accountant and held several roles over two decades prior to appointment as GM for New Zealand and Fiji, after which he established Icon Security Group.

NZSM

Everyone has their personal views on the “go hard go fast” strategy and the effectiveness of closing off the extended Auckland region in response to localised positive tests, however there is no escaping the economic cost to the country when locking down the commercial hub that generates in excess of 40 percent of our GDP. It is very apparent that border closures will be with us for some time and that there will be a longlasting and severe impact on sectors such as tourism and hospitality and the industries that service them. Thankfully, most of our members have reported strong demand for their services and have come through the pandemic without significant impact, however we are very aware that some are still doing it tough and remain in survival mode. Given that we are in our annual process of renewing membership, we appreciate that cost control will be an issue for some and remind members that the annual fee can be paid over equal monthly instalments, but also welcome members to give me a call and discuss options, such as deferred membership, that may assist financially. Launch of SkillsVR Security Training Platform We are very pleased to announce that the SkillsVR Security Training Platform has successfully completed the moderation process and can now be delivered to candidates seeking to complete the mandatory training required for obtaining a Certificate of Approval (COA).

The training will be delivered by an approved and accredited training provider that we are partnering with however the delivery model also provides flexibility for delivery by other accredited training providers who wish to utilise the platform. The SkillsVR Security Training Platform has been jointly developed by JBA (Joy Business Academy) and NZSA in partnership with MSD and will form a key component of the wider SkillsVR offering being developed in conjunction with MSD. As part of this offering, MSD clients will soon be able to visit a number of Connected MSD offices where they will be able to use the virtual reality headsets to experience real life work scenarios across a range of industries and identify roles that fit their future employment aspirations. There will be 38 face-to-face Connected drop-in centres across the country that will include website and communication access and aim to make it easier for New Zealanders to find employment, education and training services and types of support offered by government agencies. Prior to the formal launch of the SkillsVR Security Training Platform with MSD, we will commence delivering the COA training to our MSD clients through the Skills for Industry programme and NZSA members during March. This will be delivered via a combination of e-learning for Unit Standards 27360 and 27364 and virtual reality for Unit Standard 27361.

April/May 2021

The e-learning modules provide total flexibility with regards to location, venue and timing from a learner perspective and the virtual reality is delivered from a simple headset that can either be purchased or hired at low cost with a one-day turnaround. For further information on the SkillsVR Security Training Platform or to arrange a live or online demonstration, please contact Chris Thomas on 021 771 173 or chris@ skillsvr.com. MSD Skills for Industry programme - inclusion of COA training In conjunction with the implementation of the SkillsVR Security Training Platform, we are pleased to advise that within the next month all MSD candidates referred to our members for employment under the Skills for Industry (SFI) Work Broker programme will have completed their COA training via the SkillsVR Security Training Platform and will have their COAs when commencing employment.

April/May 2021

The NZSA will cover the cost of the training and our members will further benefit from being able to interview and employ well trained and work ready candidates. Crowded Places Security Special Interest Group (CPSSIG) Late last year the New Zealand Government Protecting our Crowded Places strategy documents were released. The strategy has been developed to protect people working in, using and visiting crowded places and with the intent of preserving the public’s use and enjoyment of these places while making them more resilient. There are four overarching strategies: 1. Building stronger partnerships 2. Implementing effective protective security 3. Establishing better sharing of information and guidance 4. Increasing resilience It has been recognised that the private security industry has a key role to play in the implementation

and delivery of these strategies - both through participation in the to-beestablished Business Advisory Group and also in an advisory role to the owners and operators of venues, events and other crowded places when seeking guidance on protective security and building resilience. The NZSA recently hosted a Crowded Places Security Forum involving specialist consultants and security providers, venue and event operators and the NZ Police to discuss how we can further strengthen and professionalise the services offered and create career pathway opportunities for those looking to specialise in this area. As an outcome, we have established the Crowded Places Security Special Interest Group (CPSSIG) which will provide specialist industry representation and guidance on matters such as determining the competency criteria that should be utilised when determining those parties who are qualified to provide expert advice on crowded places security.

NZSM

Participation in the CPSSIG is open to those who have a strong interest and expertise within the crowded places arena (and including non NZSA members). If interested, please contact Gary on gary@security. org.nz for more information. Covid-19 vaccine rollout Whilst the Covid-19 vaccine rollout is underway for security staff working at the MIQs and other frontline roles, the government has yet to publish any formal rollout plan for other essential service workers. With the assistance of the association representing commercial cleaners in New Zealand, we have been able to establish a relationship with the Ministry of Health that will allow us to have cleaning and security staff recognised as priority essential service workers on the regional rollout plan. We are currently in the process of establishing and providing indicative staff numbers across the 14 District Health Board regions that will oversee the vaccine programme and once we receive indicative plans and timelines we will be able to communicate these to our members.

NZSM

Security career pathway website Thank you to all those members who have provided feedback on the new website www.securitycareers.co.nz. The feedback has been extremely positive and our viewing statistics have continued to increase - including a surprisingly high number of views from overseas. Over the next few months we will be launching an initiative targeting school career advisors and using both the security careers website and the virtual reality training platform as key differentiators from other industries when looking to encourage new entrants into the security industry. Security Technical Level 4 qualification It is very pleasing to advise that not only is the New Zealand Certificate in Electronic Security (NZCiES) Level 4 qualification in place and being delivered, but also the uptake of registrations has exceeded expectations. Those gaining this qualification will be recognised as qualified security technicians able to supervise staff on mid to large sized projects, create electronic security solutions for customers as well as provide site-wide leadership and manage relationships with stakeholders. Learners doing the core certificate in electronic security also have the option to enrol in one of the following strands: • Electrical appliance service person (endorsed) • Electrical installer • The qualification covers topics such as: • Professional and technical knowledge for emerging and converging technologies • Advanced health and safety • Installation and cable support systems • Theory of electronic security system design • Theory and development of data networking to support electronic security systems • Advanced application of stakeholder engagement principles • Diagnosis and repair of faulty electronic security systems

• Develop solutions for electronic security intruder alarm systems This course also qualifies for the Government Fees Free policy until December 2022 for New Zealand residents - refer www.feesfree.govt.nz. For more information please contact Carine Vaccari at ETC on 022 568 6671 or carinev@etec.ac.nz. End of copper network Telecommunication providers have been providing advance warning that copper phone lines are going to be removed, and with many exchanges already operating VOIP circuits for subscriber ‘analogue’ phone lines, this will impact on a significant number of parties who still have their alarms monitored via copper. Chorus has recently confirmed that they will start shutting down its copper phone network from September this year. We would recommend that monitoring providers should have plans in place for alternative communication pathways prior to cessation of the copper network. New Zealand Register of Security Professionals In our last email we mentioned that the NZSA is conducting a feasibility study on the implementation of a Register of Security Professionals that could sit alongside our licensing authority or potentially even replace the PSPLA. As part of the feasibility study we have consulted with a range of stakeholders including service providers, training providers, unions and industry customers and as the final part of the process we will also seek input and feedback from our Registrar and Ministry of Justice. Key factors for us in determining the long term viability of the proposal will centre around the need to provide quantifiable benefits for those who utilise the register (the “what’s in it for me” question) and the ability of industry to effectively and efficiently self-manage the administrative processes required. We expect to finalise the feasibility study within the next month and will provide an update within the next newsletter.

April/May 2021

From

, a cleverly designed,

Motorised Hook Lock to simplify electric locking of sliding doors. Available now from Loktronic. HL1260 • Up to 650 kg holding strength for the toughest jobs • Motor driven hook captures roller on strike plate • Recessed or surface mounting for easy fitting to most door types • Fail Safe/Fail Secure field changeable for simplicity • Accepts 12-30 VDC • Door Position Switch • Hook Position Switch • Tested to 400,000 cycles for durability • 5 year warranty for peace of mind

Also from FSH, the expertly designed

VE Lock

sets

new standards of reliability. VE1260 • 1,000 kg holding strength… ideal where high security is needed • Release with up to 35 kg pre-load makes for easy unlocking • Field changeable between Fail Safe and Fail Secure • Accepts 12-30 VDC • Door and Lock status monitoring for total status reporting • Radiused and square edged models suit new installs and upgrades • Can be installed horizontally, vertically and into surface mounted housings • Pre-taped housings make for simple installation onto frameless glass • Special wide V strike plate allows for up 12 mm door offset

16078. REV 11.17

These fine products from world leaders in electric locking design, FSH, are proudly stocked and supported by NZ’s leading authorized distributor,

PERSONNEL

Resolving the security skills shortage Brad Small, Gallagher’s Regional Manager, New Zealand & Pacific Islands, speaks with NZSM about addressing New Zealand’s security skills shortage. It’s an issue, he says, we need to own both collectively and as employers. A key issue that the security industry here in Aotearoa shares with the rest of the world is that we are experiencing a prolonged and seemingly intractable skills shortage. “For the last 15 years, we have had a skills shortage and a shortage of highly skilled people in the fire and security sector. Employers daily tell me of their struggles to engage with a younger audience. Very rarely does someone at school decide to seek an apprenticeship or career in the fire and security sector. It is an afterthought, a second career or a recommendation from a family member.” Sound familiar? That was a comment made last month not in New Zealand but by Skills for Security, an initiative in the UK. And it’s not just physical security that’s feeling the squeeze. In the US, according to CSO Magazine, 70 percent of cybersecurity professionals claim that their organisation is impacted by skills shortages in cybersecurity. In 2019, risk modelling specialist RedSeal predicted it would take a decade to fill the cybersecurity skills shortage in the UK.

Brad Small, Gallagher’s Regional Manager, New Zealand & Pacific Islands

NZSM

An invisible industry In New Zealand, it seems that kids at school are not thinking ‘security’ when they daydream about what they want to be when they grow up. “If you ask a student who doesn’t want to go to university what trade they might be interested in, the answer might include the building industry, electrical, mechanics, that’s it. I don’t think there’s very good awareness that the security industry exists,” Brad Small, Gallagher’s Regional Manager, New Zealand & Pacific Islands, told NZSM. “I didn’t know about it until I was 22-23, and that was after my degree.” For Mike McKim, Provincial Manager at Aotea Security, the call to join the security industry came at the age of 16. “My father was in the industry, he found me a job in Auckland working for an Armourguard contractor. There was no apprenticeship, nothing, you just become a technician.” But he stresses that his case is in the minority. Parents are more likely, he says, to push a trades-suited child into plumbing or electrical rather than security. “We’ve got an aged technical base in New Zealand, and a lot of them are retiring now,” he observes. “And nothing’s really coming in behind them.” An invisible brand “In three words, the key driver behind the skills shortage in security is the industry’s brand (or lack thereof),” says Brad. “I really think the security industry needs to do a better job of marketing itself - demonstrating what roles are available and raising more awareness about the profession (particularly among teachers and career guidance services).” According to NZSA CEO Gary Morrison, there are a lot of misconceptions about security occupations in the employment market.

April/May 2021

“Our work with candidates seeking employment opportunities has highlighted an industry weakness in that we have very limited resources that talk to the different roles and opportunities that exist within the security industry, or the career pathways that can be followed,” he commented in a recent newsletter to NZSA members. “For many individuals, mention of the security industry immediately brings to mind a mental picture of a burly guard outside a bank or tackling a pitch invader at a football match,” he said. “This detracts from our ability to attract a diverse and skilled workforce that can meet our resource demands going forward, including our ability to attract school leavers and graduates.” There have been some recent steps forward. Most notably the launch last year of the NZ Security Careers Pathways website (securitycareers.co.nz), an initiative of the NZSA developed to promote the wide range of security careers on offer in New Zealand. The website includes information on skill set requirements, training requirements and options, indicative pay scales and possible pathways into other industry sectors, such as Corrections, Police and cyber. “Security as a career is changing because the nature of the range of security threats organisations face is changing,” says Andrew Moss, Optic Security Group’s National Sales Director. “It’s an exciting sector to be working in, and electronic security professionals are now working at the cutting edge of mobile technologies and the Internet of Things.” “Among the many things we’ve learnt from COVID-19 is that security’s got a real story to tell,” he says. “From security guards providing an essential service

April/May 2021

at supermarkets during lockdowns to security consultants providing much needed revamps of organisations’ Business Continuity Plans, to the security of Managed Isolation and Quarantine arrangements, security has had an extremely important role to play.” The right culture According to Brad, the industry as a whole needs to be providing incentives for security professionals to remain in their jobs for longer. This, he suggests, starts with creating a supportive culture that fosters learning and development. “We want to give people a reason to stay in the industry. If we don’t, talent will continually pursue other opportunities, which will continue to drive up salaries.” “The industry, and integrators in particular, need to be willing to train people at entry - and manufacturers could look to support this (supporting integrators to take on apprentices, and help them upskill).” “As a company, we’re not finding it that difficult to get technicians because we’re creating a culture, an environment, that’s attractive,” says Mike McKim. “Word of mouth is powerful. “It’s about attracting people by having a culture within security that supports a young person’s upskilling or entry into the industry,” he says. “What that means is not taking a fresh 18-year-old, bringing them into a company and giving them to some old stale guy who just throws them through the roof and who might wait three or four years to find someone who might take them under their wing and actually teach them.”

NZSM

With the news late last year that the New Zealand Certificate in Electrotechnology Level 3 and the New Zealand Certificate in Electronic Security Level 4 are now both on the government’s list of approved apprenticeship qualifications and that the security technician apprenticeship qualifies for the fees-free funding, there is now every reason for employers to consider how they might attract and develop new talent. Initiatives As a security manufacturer, Gallagher’s outreach and recruitment efforts traditionally focus on tertiary graduates, including a 12-month graduate programme in which graduates apply for roles across its business in Hamilton. “The purpose of our grad programme is to attract the top talent coming out of tertiary education and immerse them in what we do,” says Brad. “We want them to develop a deep understanding of how we work. “Our intention is that when they come out of the grad programme, they’ll be employed by an area of the business that best aligns with their strengths. “Our very own Marketing Coordinator for Gallagher’s security for small and medium business (SMB) went through the programme and immersed himself in opportunities across supply and manufacturing, operations, customer support, marketing, and product development to name a few. He finished his placement in SMB and was offered a full-time role, which he still holds today. “Additionally, the Sir William Gallagher Cyber Security Scholarship was established in 2015 to support academically talented students studying towards a Master of Cyber Security qualification at the University of Waikato. The scholarship is valued at $20,000 and

NZSM

provides the recipient with the opportunity to undertake an industry-based research project with Gallagher.” Gallagher also takes on interns from both the University of Waikato and Waikato Institute of Technology (Wintec) across several departments. “It’s a great way to help soon to be graduates get a start in the workforce and gain relevant experience/skills, plus it is beneficial for the long-term health of our industry.” According to Brad, Gallagher is now looking to take part in NZSA’s schools initiative “to go into schools and tell tomorrow’s talent what it is that we actually do within the industry.” The initial area of geographic focus will be Rotorua. Working together Despite the initiatives being driven by NZSA – including the schools programme, NZ Security Careers Pathways website, and behind-the-scenes work with government on qualifications and apprenticeships – there remains much that needs to be done. “Instead of looking to the government, the NZSA, or integrators - we all need to be working together, to help the nation understand that security is a lucrative and rewarding career choice,” said Brad. It’s a point echoed by both Aotea’s Mike McKim and Optic’s Andrew Moss. “We do need more collective conscious; if people are interesting in workshopping this, let’s put it together – let’s reach out,” says Mike. “There is great opportunity within the industry, a good culture, and areas for recruitment we’re yet to tap.” “There’s a lot of scope for collaboration in this space,” says Andrew. “the skills shortage is, frankly, bigger than each of us, and simple logic dictates that the only way we’re going to crack it is if we do so together.”

April/May 2021

CYBER SECURITY

Netsafe sheds light on COVID online harm If the health and economic consequences of COVID weren’t bad enough, NZ’s online safety organisation reports a massive spike in unwanted digital communications and harm during and after lockdown. According to a report by Netsafe released in December, COVID-19 also presented a challenging period in terms of online harm, with lockdowns creating “a perfect storm for people experiencing online harm like never before.” Between 2 June and 7 July 2020, Netsafe, which was set up in 1998 as an independent, non-profit online safety organisation, carried out a nationally representative survey that asked New Zealand adults about their personal experiences of receiving unwanted digital communications in the previous 12 months and, if they had, when this had occurred in relation to the nationwide lockdown. Unwanted digital communications, according to Netsafe, include “a range of online experience(s) mediated/facilitated by unsolicited electronic communication(s) that might or might not cause distress and/or harm to the person who deals with it (e.g. receiving spam, accidentally seeing inappropriate content, having rumours spread about oneself, being threatened online). “As New Zealand’s lockdown got underway, the number of reports about harmful digital communications that Netsafe’s call centre received began to increase, with this trend continuing beyond the lockdown period,” Netsafe noted in a report factsheet. “Similar patterns were observed in the UK and Australia by organisations providing comparable support services.” According to Netsafe’s research, the number of individuals suffering unwanted digital communications – encouraging people to hurt or kill themselves – increased. This is supported by data that illustrates how lockdowns impacted online harm and drove demand for self-help resources. When the Lockdown period was compared to the same time in 2019, it was found scam reports were up 74 percent, sextortion 35 percent, romance scams 69 percent, intimidation 45 percent and the supply and distribution of objectionable material 66 percent. Of participants who reported being a victim to at least one unwanted digital communication during the last year, 41 percent said it occurred during and/or after Lockdown.

April/May 2021

Males (46 percent), those aged between 40 and 49 (59 percent) and New Zealand Europeans (44 percent), were most likely to have suffered online harm. Around six in ten people with long-term disabilities who received unwanted digital communications, did so during and/or after the Lockdown period. Some types of unwanted digital communications were more likely than others to be sent during and/or after lockdown. These involved trying to get the person receiving it to hurt themselves or share their intimate images or recordings without their permission. Categories that attracted the largest numbers of online harm during and/or after Lockdown included encouraging people to hurt or kill themselves (65 percent), sharing intimate images or recordings without permission (65 percent), sharing violent or sexual content considered indecent or obscene (55 percent), and offensive comments about religious or political beliefs (54 percent). Also above the 50 percent mark were physical threats and intimidation (53 percent), unwanted sexual advances (53 percent), and Stalking by monitoring a person’s online activity to intimidate or control them (52 percent).

NZSM

CYBER SECURITY

Big increase in cyberattacks reported by NZ businesses CERT NZ’s latest report, released in late March, shows a 65 percent increase in reports of cyber security incidents over the past year, with $16.9 million in direct financial losses.

In 2020 CERT NZ, the government agency that supports organisations and individuals affected by cyber security incidents, received 7,809 reports of cyber security incidents affecting New Zealanders, a significant uplift from the 4,740 reports made in 2019. “More Kiwis spent time online last year due to the impacts of COVID-19, presenting many opportunities for cyber attackers,” says CERT NZ Director, Rob Pope. Phishing and credential harvesting, where an attacker collects personal data to perform an array of online crimes like fraud, was the most reported form of attack during 2020. These types of incidents were up 76 percent on 2019, accounting for 41 percent of all reports made. “Unfortunately, these figures are not surprising. Cyber attackers are opportunistic and use anything topical as a hook to try and trick people into sharing personal or financial details,” says Mr Pope. The amount of money Kiwis are losing to cyber security incidents is also on the rise. In 2020, cyber security incidents left New Zealanders $16.9 million dollars out of pocket, the highest annual figure recorded by CERT NZ since it launched in 2017. In total, $53 million dollars of direct financial loss has been reported to CERT NZ since reporting began. “Most cyberattacks are financially motivated. However, our figures do

NZSM

not paint the full picture of the types of loss Kiwis have experienced,” says Mr Pope. CERT NZ figures show 14 percent of cyber security incidents reported in 2020 were associated with some type of loss including financial, operational, reputational or data. “From a financial perspective, the impacts of a cyberattack can snowball. A business may lose revenue because its website has gone down, meaning it’s unable to trade online. This greatly impacts individuals’ livelihoods and therefore has a knock-on effect on the economy. “Businesses also incur additional costs recovering from a cyber incident, like hiring IT professionals to mitigate any further security issues, which can take months or even years to fully restore. This can result in loss of customer trust. “For an individual, there can be serious ramifications if their

personal data has been stolen and used to conduct online fraud. As well as having to obtain new personal identification documents, they could experience a detrimental effect on their credit rating making it difficult to secure a mortgage or financial loan. “While the effects of a cyber security incident can be devastating, it may have been possible to avoid these significant losses by taking some simple steps. “This includes taking measures like good password practice, implementing two-factor authentication as an extra layer of security on logins, making sure software on devices are up-todate, regularly backing up data, and thinking about how and where you share personal information.” If you or your organisation experiences a cyber security incident contact CERT NZ at www.cert.govt. nz or call 0800 CERT NZ, Monday to Friday, 7am – 7pm.

April/May 2021

fired up protection LOKTRONIC’s expansive product range has just become even wider with these first class EGRESS and FIRE PROTECTION DEVICES and PROTECTIVE COVERS.

NEW

STI-1130 Ref. 720-102

STI-WRP2-RED-11 IP67 Ref. 720-062R

Surface mount with horn and spacer 255mm H x 179mm W x 135mm D

Also available in White.

STI-RP-WS-11/CN Ref. 720-052W Available in White, Green, Blue & Yellow.

STI-13000-NC Ref. 720-090 Flush mount, no horn 206mm H x 137mm W x 69mm D

STI-RP-GF-11/CN Ref. 720-051G Available in White, Green, Blue & Yellow.

NEW

STI-RP-RS-02/CI

STI-13B10-NW Ref. 720-092 Surface mount, horn and label optional 206mm H x 137mm W x 103mm D

Ref. 720-058 Cover included. Flush Mount Available. • •

STI-1100 Ref. 720-054

•

Flush mount with horn 255mm H x 179mm W x 86mm D

•

• • • • •

STI-6518 Ref. 720-060 Flush mount, no horn 165mm H x 105mm W x 49mm D

STI-13210-NG Ref. 720-093 Surface mount, horn and label optional 206mm H x 137mm W x 103mm D

All STI ‘Stoppers’ are made of tough, UV stabilised polycarbonate. Many can be supplied with or without a 105 dB horn. Other models and sizes available including weather resistant options.

Approved to EN54-11 Current Rating: 3 Amps @ 12-24V DC, 3 Amps @ 125-250V AC Material: Polycarbonate Comes with Clear Cover 2 x SPDT switches Positive activation that mimics the feel of breaking glass. Visible warning flag confirms activation. Simple polycarbonate key to reset operating element - no broken glass. Dimensions: 87mm Length x 87mm Width x 23mm Depth (Flush Mount) & 58mm Depth (Surface Mount)

STI-6255 Ref. 720-042

Mini Theft Stopper discourages inappropriate use of equipment. Sounds a powerful 105 dB warning horn when activated. Tough, ABS construction. Reed switch activation for cabinets and display cases or unique clip activation for freestanding equipment. Does not interfere with use of protected fire fighting equipment. Compact design 85mm H x 85mm W x 25mm D.

STI-6720 Ref. 720-047

Break Glass Stopper. Keys under plexiglas. Protects emergency keys from inappropriate use. Keys remain visible. Fast, easy installation. Simple, inexpensive plexiglas. 3 year guarantee against breakage of the ABS housing within normal use.

NEW

Battery Load Tester Ref. 730-101

Fire Brigade Alarm: (Closed/Open) Ref. 730-231

Anti-Interference Device

ViTECH, strong, lightweight aluminum case, 5, 15 and 30 amp battery load tester for fire and alarm use. Weight: 500gms, Size: 165mm x 90 x 70mm.

ViTECH branded Type X (730-230) and Type Y (illustrated) models with temperature compensated pressure transducers with digital display showing pressures for defect, fire and pump start.

Ref. 730-400 series ViTECH AID for sprinkler valve monitoring; fits all ball valve sizes.

21620/1/18

21620

ViTECH products are designed and produced in New Zealand.

i-PRO X SERIES powered by AI

Taking intelligent analytics on the network edge » Maximising network and bandwidth efficiencies » Installs up to three video analytics applications » Designed for third party application development » High endurance, high realiability even in extreme conditions » Five year warranty

AI Privacy Masking Available models: WV-X2571LN 4K outdoor dome camera WV-X2271L 4K indoor dome camera WV-X1571LN 4K box camera

WV-X2551LN 5MP outdoor dome camera WV-X2251L 5MP indoor dome camera WV-X1551LN 5MP box camera

business.panasonic.nz/security-solutions/

New Zealand Security - April-May 2021

Articles inside

Big increase in cyberattacks reported by NZ businesses

Netsafe sheds light on COVID online harm

Resolving the security skills shortage

NZSA CEO’s March Report

Melonie Cole: Placing people at the centre of security

ASIS NZ Chapter’s Women in Security 2021

History of Women in Tech and Cyber Security

PSPLA clarifies Private investigator confusion

Managing Cybersecurity threats with Security By Design

Security’s Role in Business Continuity

Gallagher security for SMB – App based business security at your fingertips

Aotea Security’s inaugural Auckland Security Risk Management Seminar

How correct product selection can turn a good video solution into a perfect one

The Professional: Ngaire Kelaher

From the editor

New Zealand Reassesses Counterterrorism Post-Christchurch

AX PRO comprehensive wireless alarm solution launched by Hikvision

Access Control: when optimal security is key