New Zealand Security Magazine - June-July 2024

NZ S M

New Zealand Security Magazine

Nick Dynon

Nick has written for NZSM since 2013. He writes on all things security, but is particularly fascinated with the fault lines between security and privacy, and between individual, enterprise and national security. Prior to NZSM he clocked up over 20 years experience in various border security and military roles.

Disclaimer:

The information contained in this publication is given in good faith and has been derived from sources believed to be reliable and accurate. However, neither the publishers nor any person involved in the preparation of this publication accept any form of liability whatsoever for its contents including advertisements, editorials, opinions, advice or information or for any consequences from its use.

Copyright:

No article or part thereof may be reproduced without prior consent of the publisher.

Kia ora and welcome to the June-July 2024 issue of New Zealand Security Magazine! In this issue we greet the winter months with some great reading, including s spotlight on the Bondi Junction mall attack in Sydney, supply chain security, global terrorism, and the latest in New Zealand security sector news.

Firstly, a big thanks also to our wonderful advertisers (both print and online) who continue to partner with us during what are uncertain economic times. Quality journalism and expert commentary comes at a cost, and our advertisers play an important role by contributing to a vibrant and informed security sector through their sponsorship of the magazine.

Our gratitude for this third issue of NZSM for 2024 extends to our supporters and leading manufacturers and distributors TSS (Trade Security Supplies), Loktronic, HID, simPRO, Provision-ISR (SWL), and Vivotek (Clear Digital) We’d also like to recognise our association and academic content partners for this issue, the NZSA, Risk NZ, and Massey University’s Centre for Defence and Security Studies.

Inside this issue, we welcome TSS – New Zealand’s newest security distributors. As the new distributors for Paradox, TSS have set up shop with a number of security industry heavyweights in their team, including Basil Sykes, Steve Mace, Richard Cutforth, and General Manager Andrew Moss Welcome TSS!

We also explore the world of mobile access credentials on university campuses with HID Although mobile phone use is now banned in New Zealand high schools, it’s a different case altogether on tertiary campuses where mobile access is increasingly viewed as the next step in campus digital transformation.

In this issue, we’re also joined by Dr John Battersby, who writes that the Bondi Junction tragedy leaves us with the question of how to react to extremely low probability events with potential catastrophic consequences. Plenty of takeaways for New Zealand in this article.

The Women in Security Awards Aotearoa winners have just been announced, and we’re pleased to see two members of the private security sector among those recognised Congratulations to FIRST Security’s Gina Lindsay-Crawford for taking out the "securing organisations and infrastructure" category and Serpenti Investigations' Kallia McFarland for achieving Runner-Up in the “combating fraud and misrepresentation” category! Outstanding results!!

There’s all this and much more to explore in this issue of NZSM. Also, if you haven’t already, consider subscribing to our to-your-inbox eNewsletter THE BRIEF It’s a great way to keep up-to-date with the latest. Details on the Defsec website.

Nicholas Dynon , Auckland

DEFSEC

Contact Details:

Chief Editor, Nick Dynon

Phone: + 64 (0) 223 663 691

Email: nick@defsec.net.nz

Publisher, Craig Flint

Phone: + 64 (0)274 597 621

Email: craig@defsec.net.nz

Postal and delivery address: 27 West Crescent, Te Puru 3575, Thames, RD5, New Zealand

Upcoming Issue

August/September, Building, Construction, Facilities Integration, Consultants, Electricians, CCTV Installers, Architects, Engineers, Intergrators & Estimators.

facebook.com/defsecmedia

twitter.com/DefsecNZ

linkedin.com/company/ defsec-media-limited

LEADING A REVOLUTION IN CCTV CYBER SECURITY

In a world where cyber threats are constantly evolving, you no longer need to compromise on the cyber security of your CCTV.

Provision-ISR and Check Point are leading a revolution in the CCTV industry with high-end CCTV systems featuring true embedded cyber security.

Distribution newcomer TSS set to redefine customer experience alongside Paradox

Backed by industry stalwarts and a fresh approach to customer service, TSS (Trade Security Supplies) launched in May, with ambitions to shake up the security sector as Paradox’s newly appointed distributor for New Zealand.

Inspired by recognising and remedying the challenges faced by trade customers, the New Zealand-owned business has a mission to focus on relationships, expert people and top-quality brands.

“We’ve set out with the intention of putting our customers and their needs at the centre of everything we do,” said Managing Director Andrew Moss,” It’s about delivering service backed by exceptional product knowledge imparted with a personal touch.”

“Our philosophy is simple; we prioritise core brands to ensure a focused approach and improved customer experience.”

In addition to Paradox, TSS has been appointed as a distributor for video surveillance system manufacturer Uniview.

“Uniview is a strong brand and offers a compelling range of solutions that have great alignment with Paradox,” said Andrew, “… and we’re excited that our Uniview stock will be arriving in just a couple of weeks!”

Meet the Team: Andrew Moss GM, Basil Sykes, Technical Sales, Steve Mace, Technical Sales, Aaron Mace, Trade Sales Support

With a uniquely narrow focus on core brands, TSS’ less-is-more approach will enable its team to devote more time and attention to understanding customers’ needs and providing them with optimal solutions.

Industry pedigree

While the new distributor may have only recently opened its doors, the experience of its team goes back several decades.

“We have assembled a strong and experienced team of industry stalwarts who share a deep passion for Paradox,” said Andrew Moss, “including Steve Mace, Basil Sykes, and – joining us in early June – Richard Cutforth.”

Steve has spent the past 36 years in security, 26 of these at wholesale operations, and prior to that a decade in the integrator space.

“What’s kept me hooked all these years is the dynamic nature of security technology,” said Steve. “The challenge of helping it grow with TSS really sparked my interest. Plus, TSS’ focus on customer experience is something I genuinely connect with.”

“I’m all about building relationships, sharing what I know, and going that extra mile to make sure every customer feels like more than just a corporate number. It’s not about ticking boxes; it’s about really delving into our customers’ needs and crafting solutions that go above and beyond what they expect.”

Steve’s fellow new-starter, Basil, got his start in the industry back in 1992 as a Security Technician, working with various integrators as an employee and then as a contractor before transitioning into sales. For the past 16 years, he’s been in sales, first with Bosch and then with Atlas Gentech/Wesco Anixter.

“I was drawn to the idea of joining a distributor that embodies the spirit of Security Merchants in its early days,” said Basil. “Having been lucky enough to be involved with that kind of business in a sales capacity, I’ve seen the benefits of privately owned companies up close.”

“Our goal is to bring Paradox back to centre stage where it deserves to be. We may be the new kids on the block, but the kids are very experienced!”

Ambitious goals

The TSS team pulls no punches when it comes to stating their objectives. They see a gap in the industry that they are looking to fill with a focus on core brands, a commitment to their customers, and a deep passion for what they do.

“Becoming New Zealand’s preferred trade supplier is our goal, and we’re implementing plenty of initiatives to encourage customers to come on that journey with us,” said Andrew.

“Our trade promise of exceptional service is unparalleled in this sector, our ‘learn and earn’ training camps will help teams to elevate knowledge without compromising on productivity, and we’ve even got a great incentive for customers joining TSS.”

TSS’ pedigree doesn’t just stop with its impressively experienced team. As a sister company to established enterprise security distributor Channel Ten, TSS is part of a highly respected and multi-award winning group.

“Maintaining distinct corporate identities for TSS and Channel Ten just seemed to make good sense,” explained Andrew. “TSS is definitely part of the Channel Ten group but it has a different focus and a different specialisation to maintain.”

Despite taking the reins at TSS recently, Andrew continues in his role as General Manager of Channel Ten.

The TSS trade desk, showroom, and warehouse operates out of 922 Great South Road, Penrose, Auckland, with plans to be opening branches in Wellington and Christchurch by the end of 2024.

“Our shelves are fully stocked with Paradox products and ready for business,” said. Andrew. “Personally, I couldn’t be happier to have Paradox as our foundation partner. It’s a private business that’s passionate about developing innovative products, delivering for its customers, and listening to them.”

“We know our customers and we’re also committed to them, we’re passionate about what we do, and we’re ready to redefine the New Zealand security customer experience.

For more information, visit TSS’ website: https://www. tssupplies.co.nz/.

Women in Security Awards Aotearoa: Winners Announced!

The results are in, and we can now reveal the category winners and highly commended finalists of the 2023-24 Women in Security Awards Aotearoa! And the winners are…

In its fourth year, Women in Security Awards Aotearoa (WiSAA) has once again proven a challenge for its judging panel, with a high quality field of nominees from across New Zealand’s security and resilience sector.

Organised by the New Zealand Security Sector Network (NZSSN) and supported by Defsec New Zealand –publisher of New Zealand Security Magazine and Line of Defence Magazine, and the international Women in Security & Resilience Alliance (WISECRA), the WiSAA initiative was established in 2020 to recognise women who have advanced the New Zealand security and resilience sectors.

Nominees must be women, or identify as women, have more than three years of experience in a security or resilience-related profession, and be actively practising in Aotearoa New Zealand or working overseas in a New Zealand-focused role.

Thi s year’s WiSAAs winners are spread across eight new cate gories:

1. Se curing organisations and infrastructure

2. Sa feguarding networks and people online

3. Countering incivility and violent extremism

4. Contributing to defence and international security

5. Combatting fraud and misrepresentation

6. Protecting borders, trade, and biosecurity

7. Re sponding to natural disaster events

8. Bu ilding resilient communities

Wi SAA organisers were this year honoured to be joined by an expert judging panel reflecting the skills, experience and diversity of the sector:

• International risk management, organisational resilience, and extreme events academic and practitioner Dr Bridgette Sullivan-Taylor;

• For mer New Zealand Defence Industry Association (NZDIA) CEO, IFSEC Global Influencer in Security, and 2021 WiSAA alumna Jennie Vickers;

• ASIS International Regional Vice-President, respected physical security educator and 2020 WiSAA alumna Ngaire Kelaher CPP PSP; and

• Former ASIS International New Zealand Chapter Chair and former NZSA New Zealand Security Consultant of the Year, Andrew Thorburn

And the winners are…

1. Contributing to defence and international security: Lieutenant Colonel Laura Cranston, New Zealand Defence Force

2. Protecting borders, trade, and biosecurity: Janna Binning, New Zealand Customs

3. Countering incivility and violent extremism: Detective Sergeant Beth Bates, New Zealand Police

4. Safeguarding networks and people online: Tegan Wedderburn, Netsafe

5. Securing organisations and infrastructure: Gina Lindsay-Crawford, FIRST Security

6. Combatting fraud and misrepresentation: Catherine Abel-Pattinson, Netsafe

7. Responding to natural disaster events: Colonel Mel Childs, New Zealand Defence Force

8. Building resilient communities: Inspector Juanita (Whiti) Timutimu, New Zealand Police

Among high performing finalists from the private security sector was Kallia McFarland, Director of Serpenti Investigations, who was placed Runner-Up in the "combating fraud and misrepresentation" category.

According to the organisers, this year’s WiSAA category winners and highly commended finalists will each receive award certificates and their inspirational stories will be featured in an upcoming series of features in NewZealandSecurityMagazineand LineofDefence Magazine

Look out for more to come in the AugustSeptember issue of NZSM!

Mobile access on campus: The next step in humancentric student services

With smartphones the preferred way for students to manage and utilise their digital identities, the user experience improves when universities shift physical access control from plastic ID cards to digital credentials in smartphones.

Much has been written about Generation Z as “digital natives” tethered to their smartphones. The relationship between teens and twenty-somethings with their mobile devices continues to evolve as more and more of the actions of everyday life become doable via phone app.

While high school students become subject to the national government ban on phone use in schools from 29 April, university campuses are another matter entirely, with phone use an increasingly critical enabler of the student experience.

The ability to enrol in and access services, conduct transactions, order food deliveries, verify identity, socialise, and recreate via their smartphones has fast become an expectation of Generation Z members. And why not? It’s convenient.

But tucked away in students’ purses and wallets – and often kept handy within phone cases – can be found another ubiquitous artefact of campus

life – the credit card-sized student ID card.

RFID-enabled student ID cards are still used at university and polytechnic campuses across the country to verify identity, access services and facilities, borrow library books, purchase printing and photocopying, and receive discounts.

Interestingly, some campuses in Aotearoa have recognised the ubiquity of smartphones and have introduced smartphone apps or ‘wallets’ that can be used by students to pay for a range of services, course supplies, and food on campus, as well as to store an electronic copy of the student ID card. But this appears to be the exception rather than the rule.

Plastic student ID cards are something that the parents of Generation Z students would remember from their time on campus last millennium, but for the tertiary students of today they’re old school, they’re administratively cumbersome, `and they’re just another thing to have to carry around.

With smartphones already capable of being used to pay for campus services and to hold forms of identification, wouldn’t it be great if they could also be used to eliminate the need for a student ID card by also providing access to facilities on campus?

The good news is that they can. In fact, for many leading universities around the world, mobile access has become the de facto standard.

Tapping into what’s important

According to New Zealand research by Susanne Aldrich, it is becoming increasingly rare to see young people without a mobile device on their person. Aldrich cites several studies that indicate that “students see their devices as extensions of themselves” and that “mobile phones have become a continuum of a young person’s attachment to the world.”

Other significant factors, writes Aldrich, are the convenience, mobility and usability provided by mobile devices, but also – importantly – their

affordability compared with other kinds of technology.

It was with the student experience in mind that the prestigious Les Roches hospitality business school’s campus in Marbella, Spain, migrated to a mobile credentials-based system that replaced plastic access cards with a digital ID on a smartphone.

“Everything here is about the student experience,” said Mano Soler, Director of Student Services and Operations at Les Roches Marbella. “It is our main driver and the reason we embrace and foster innovation — because innovation makes our students’ lives easier and supports their wellbeing through secure technology.”

Les Roches selected HID to create a mobile ecosystem enabling students to authenticate themselves via the

HID mobile credential in order to access wide-ranging services, including parking garage systems, building entrances, vending machines, laundry facilities, printers, point-of-sale at restaurants/on-campus eateries, class attendance tracking, and dormitory room door locks.

“You cannot discount the value of mobile when it comes to today’s student populations,” said Soler. “It is their way of life. They were ‘born digital’ and they have an expectation when it comes to smart living — for them, it’s a mobile-first world. We get it. We embrace it.”

Digital credentials also mean fewer cards and keys to remember – or lose!

And if a student misplaces their phone there’s no need for panic, as access to the digital credential is not available

without verified access to the phone via PIN or biometric authentication. Once a unique mobile credential is installed on a smartphone, it is unavailable for installation elsewhere until it is deactivated.

With a long-read range and smart device sensors, students can easily access security doors, gates and school parking from a distance, a handy feature particularly given security concerns in campus neighbourhoods across Aotearoa. HID’s patented “Twist and Go” technology enables the use of smartphones from a distance, simply by using a gesture like turning a key.

Enrolment is also made simple.

A student receives an invitation via email, downloads the app and enrols.

The mobile ID is provisioned straight to the student’s smart device remotely

anytime and anywhere – so no more standing in queues. Getting a new or replacement mobile ID takes seconds and is literally in the student’s hand.

Mobile also means no physical waste and a reduced carbon footprint — a huge plus for students who value sustainable technology.

A digital transformation win Tertiary institutions across Aotearoa have in recent years made significant inroads into their digital transformation journeys while also grappling with the unprecedented disruption wrought by Covid-19 and post-pandemic economic headwinds.

If anything, these challenges reinforce the necessity of progressing digital transformation strategies apace to maximise attractiveness, sustainability, and savings. According to a November 2023 EY report, “purposefully putting human needs and expectations at the center of higher education digital transformation will improve university success.”

The importance of humancentricity is evident in the University of Auckland’s digital strategy, which notes that digital identity is “necessary to personalise services

and create respectful and benevolent outcomes, unifying fragmented digital touchpoints into safe, helpful, and connected experiences.”

With smartphones the preferred way in which students utilise their digital identities, the user experience improves – for both students and administrators – when universities shift physical access control from plastic ID cards to smartphones.

For students, mobile IDs can help with quick and contactless enrolment and transactions. For administrators, Mobile solutions such as HID’s mobile access using app or mobile wallet enable centralised management of mobile identities via a cloud-based portal – so no more programming and printing of RFID student access cards.

For administrators at Les Roches Marbella, the move to mobile digital credentials was aimed at driving improvements through back-office processes and procedures to save time and resources. This included achieving efficiencies around the school’s student intake registration/check-in process each semester.

Loading ID credentials individually onto RFID cards, then printing each

of them meant bottlenecks, delays, and errors. In contrast, the HID mobile solution achieves efficient and secure remote enrolment – with shorter-term access parameters for contractors and other temporary users.

The solution is also handy for institutions possessing multiple campuses with different access control systems. With a mobile access solution supporting multiple identities per mobile device, a student can simply receive a new mobile identity on their phone before leaving or upon arrival.

Ultimately, despite the clear benefits of mobile credentials to university administrators, the key advantage to mobile is its human centricity. As Juan Luis Velasco, IT Manager at Les Roches Marbella, puts it, “the most rewarding aspect truly is connecting to our students in a way that’s important, convenient and meaningful to them — keeping them connected and secure via a device that’s already an extension of their existence.”

To find out more about the HID mobile access solution, download the ebook: Mobile Access Higher Ed eBook (hidglobal.com)

Gen Z employees twice as likely to bend the rules or engage in workplace misconduct

New research finds that a quarter of employees around the world said it was “OK to break the rules if needed to get the job done”, and Gen Z 2.5 times more likely than Boomers to be rule breakers.

A just-released report by ethics and compliance solutions provider LRN Corporation has found that nearly a quarter (23%) of employees around the world agreed that “it is OK to break the rules if needed to get the job done,” and 14% said they had actually themselves “engaged in behaviour that violated their company’s Code of Conduct or standards” in the past year.

In Brief

• Companies with the strongest ethical cultures outperform those with weaker ethical cultures by 50%.

• Organisations with strong ethical cultures are 2.6 times more likely to be adaptable – a critical determinant of a company’s resilience.

• Employees who view their companies as adaptive and resilient are nearly 2 times more receptive to the potential benefits of Artificial Intelligence in workplace and career opportunities.

• Nearly 25% of employees around the world agreed “it is OK to break the rules if needed to get the job done” –Gen Z 2.5 times more than Boomers.

• Psychological safety as the strongest predictor of an employees’ willingness to report misconduct, with a 2.4 magnitude effect.

The

detail

Interestingly, 22% of Gen Z respondents said they engaged in unethical conduct in the past year in the workplace, compared with just 9% of Baby Boomers. The results suggest an inverse trend between this mindset and age, with Gen Z 2.5 times more likely to agree with breaking the rules than Boomers.

The findings are included in LRN’s latest Benchmark of Ethical Culture Report, which is based on a comprehensive survey of more than 8,500 employees at major organisations and corporations in 15 different countries, and from 13 different industries.

The research found that companies with strong ethical cultures have lower rates of observed misconduct and report their observation at a rate 1.5 times higher than those in companies with weak cultures (93% compared to 63%).

As companies can only address that which they are aware of, this higher level of reporting represents a significant reduction in risk.

“Companies with strong ethical cultures outperform, by an average of around 50% percentage points more than companies with weak ethical cultures, on a variety of traditional business metrics including customer satisfaction,

employee loyalty, competitiveness, innovation, and adaptability.”

Globally, one-third (33%) of respondents said they had observed misconduct or unethical behaviour in the past year, with harassment, discrimination, conflicts of interest, and employee health and safety violations cited most frequently.

Of those, one-fifth (21%) didn’t report their observation because they didn’t think their company would do anything about their concern (36%) or handle it effectively (30%), or because they feared retaliation (36%). These trends overwhelmingly signal a lack of trust in the system of procedural justice within the organisation.

The research also probed employees’ perceptions of Artificial Intelligence and its place in work and on careers. While a slight majority believe AI will have a positive impact, employees who view their companies as adaptive and resilient are nearly 2 times more receptive to the potential benefits of Artificial Intelligence on their workplace and career opportunities.

Culture gap

It is generally accepted that culture impacts business results. Companies with strong ethical cultures outperform, by an average of around 50% percentage points more than companies with weak ethical cultures, on a variety of traditional business metrics including customer satisfaction, employee loyalty, competitiveness, innovation, and adaptability.

Not only is this gap significant in its size, it represents a meaningful increase from similar research conducted in 2021, which identified a 30% performance gap.

The performance gap is most pronounced when it comes to a company’s ability to adapt quickly to internal and external change (a critical determinant of resilience): the adaptability of companies with strong ethical cultures is rated 2.6 times higher than those from weak ethical cultures. These companies also outperform on business results and innovation at a rate 2.3 and 2.2 times higher.

A company’s ethical culture explained a significant proportion (41%) of the variation in an employees’ willingness to stay at their organisation, outside of other factors such as compensation, title, or job responsibilities.

Other findings

A large majority (79%) of employees who observed misconduct reported their observation, with most raising their concern to either their direct manager or another manager in the company (77% combined).

Of all ethical culture measures, psychological safety was the greatest predictor of whether employees would report misconduct they had observed.

Perhaps unsurprisingly, executive and senior leaders are 2.6 times more likely to indicate their company has a strong ethical culture than individual contributors and front-line employees, illustrating a stark leadership disconnect with the realities on the ground.

Hybrid employees have more positive perceptions of their company’s ethical culture than their fully in-office peers; they also observe misconduct at a lower rate, and report their observations at a higher rate.

Why organisations must prioritise supply chain risk as part of their security strategy

According to cybersecurity provider Trustwave, organisations must develop strong programs to manage supply chain risks, both known and unknown, and prioritise their most critical assets.

Supply chain attacks exploit vulnerabilities in the network of suppliers, distributors, and other third-party partners to gain unauthorised access to sensitive data and systems. The complexity and opacity of modern supply chains often leaves businesses exposed to significant risks, ranging from operational disruptions to data breaches.

Protecting the soft underbelly

“Including supply chain security as a key component of an organisation’s overall security strategy is crucial,” said Craig Searle, director, consulting and professional services (Pacific), Trustwave. “This ensures that the most important parts of the organisation are protected, supporting the enterprise’s long-term stability and success.”

Supply chain attacks target less secure elements in the supply network of an organisation. In software supply chains, for example, attackers can compromise software distributed by a legitimate vendor, impacting end users of that software.

“By understanding the latest trends and threats, and implementing best practices for supply chain security, organisations can better protect themselves against the potentially devastating impacts of a breach.”

This approach has been observed in various high-profile incidents, such as the SolarWinds attack discovered in December 2020, where malicious code was inserted into the company’s software updates, affecting thousands of customers, including government agencies and large corporations.

“The nature and methods of supply chain attacks are constantly changing, becoming more sophisticated over time,” said Searle. “As attackers innovate, the methods to infiltrate supply chains become more accessible, lowering the barriers for potential attackers to execute such operations.

The proliferation of malicious packages in open-source software repositories has made it easier for attackers to exploit vulnerabilities in widely used software components.

This trend is exacerbated by the growing reliance on opensource software, which, while fostering innovation and collaboration, also introduces new risks.”

Critical infrastructure at risk

Organisations face a number of concentration risks within their supply chains, particularly in extended networks that include fourth-party and systemic dependencies.

These risks are amplified in sectors critical to national infrastructure—for example, healthcare, telecommunication, financial services, transportation, and energy—where a breach in a single supplier can have far-reaching impacts on operational resilience and systemic stability. This means it’s crucial for organisations to gain visibility into their entire supply chain and collaborate with industry peers and regulators to mitigate these risks.

State-sponsored cyberattacks have evolved into a formidable threat, with the capacity to destabilise sectors and entire economies. These actors, backed by national interests, deploy increasingly advanced tactics.

Their strategies extend beyond targeting critical infrastructure; they now sophisticatedly exploit human vulnerabilities through social engineering. The current global geopolitical situation indicates a probable escalation in such attacks.

The Australian Cyber Security Centre (ACSC), for example, acted against a series of state-sponsored cyber activities that targeted Australian institutions in 2020. These attacks were aimed at government agencies, industry, political organisations, educational institutions, health services, essential service providers, and operators of other critical infrastructure.

The ACSC identified the tactics, techniques, and procedures (TTPs) used in these attacks. These included spear-phishing to exploit human vulnerabilities and the deployment of sophisticated malware to infiltrate systems.

To combat these evolving threats, and protect their supply chains, Trustwave highlighted that organisations must:

• implement comprehensive security measures, including secure coding practices, thorough vetting of third-party vendors and deploying endpoint detection and response (EDR) solutions to protect against cyber threats

• enhance supply chain transparency and security by leveraging technologies like blockchain for immutable transaction records and invest in artificial intelligence (AI) for improved predictive capabilities and operational efficiency

• cultivate a strong security culture within the organisation and among supply chain partners through regular security awareness training, sharing of best practices, and collaborative security initiatives, making security a shared responsibility to reduce vulnerability to attacks.

“The security of supply chains is a complex issue that requires concerted efforts from all stakeholders,” said Searle.

“By understanding the latest trends and threats, and implementing best practices for supply chain security, organisations can better protect themselves against the potentially devastating impacts of a breach.”

The NZ PSR and supply chain security

Within the New Zealand Government’s Protective Security Requirements (PSR) the management of supply chain security is covered under the GOV5 mandatory requirement

– manage risks when working with others.

Although only mandated government agencies are required to comply with the PSR, the PSR is nevertheless considered by government as suitable for both public and private sector organisations.

Part of the PSR’s Security Governance domain, GOV5 requires that organisations, “Identify and manage the risks to your people, information, and assets before you begin

working with others who may become part of your supply chain.”

The requirement lists twelve principles that organisations should follow in order to gain and maintain control of their supply chain. These twelve principles are divided into four stages:

Understand the risks

1. Understand what needs to be protected and why

2. Know who your suppliers are and build an understanding of their security measures

3. Understand the security risks posed by your supply chain.

Establish control

4. Communicate your view of security needs to your suppliers

5. Set and communicate minimum security requirements for your suppliers

6. Build security considerations into your contracting process and require your suppliers to do the same

7. Meet your own security responsibilities as a supplier and consumer

8. Raise awareness of security within your supply chain

9. Provide support for security incidents.

Check your arrangements

10. Build assurance activities into your supply chain management.

Seek continuous improvement

11. Encourage the continuous improvement of security within your supply chain

12. Build trust with suppliers.

For more information on supply chain within the PSR, visit the New Zealand Government PSR website .

You could help minimise harm in a public attack. Here’s what it means to be a ‘zero responder’

Anyone can be a zero responder, writes Dr Milad Haghani, whether it’s through actions that impede or prevent an attack, assist the injured, or facilitate an efficient evacuation.

Dr Milad Haghani is a Senior Lecturer at the School of Civil & Environmental Engineering at UNSW, where he also holds an Australian Research Council DECRA Fellowship.

The tragic Westfield attack in Sydney highlights the vulnerability of crowded public spaces. Six people were killed and many were injured by a knife-wielding attacker in a short period of time.

For people with malicious intent, crowded venues such as shopping centres , concerts , sporting events and public transport are often easy targets for maximising harm.

Traditionally, in response to mass casualty events, we depend on the actions of first responders, including police and ambulance services, who are the trained professionals. But there’s always a gap, however short, between when a crisis begins and when authorities arrive.

The actions of people at the scene are crucial in bridging this gap. The “zero responders” – bystanders who proactively assist – play a pivotal role in the immediate response. They can be key players in preventing, reporting and containing an incident.

No,

crowds don’t panic

An outdated and scientifically debunked theory about crowd behaviour in emergencies negatively characterises the role of the public.

This theory, which incorrectly posits that crowds act irrationally and are driven by panic during life-threatening situations, is still widely believed.

In fact, this misconception has often led authorities to withhold information during emergencies to prevent panic.

However, empirical evidence tells a different story. Research on the 2005 London bombings , for example, reveals people often respond with rationality and altruism. Survivor accounts emphasise widespread acts of assistance and emotional support.

I have conducted experiments that simulate life-threatening scenarios to study crowd responses, including their flight and escape behaviours. These studies reveal that as the level of perceived urgency increases, people’s actions tend to become more constructive than irrational. Survival instinct is deeply entrenched within us and can be easily activated.

People can prevent harm

So, what do these insights say about responses to mass casualty events in crowded places? They suggest the public should be considered part of the emergency response team. I call them “zero responders” because these proactive individuals can save lives and

minimise harm in the crucial initial moments before emergency services take control.

Zero responders can help prevent harm by reporting crises quickly. For instance, an analysis of 640 mass attacks in the United States from 1995 to 2020 highlights the crucial role of public awareness and swift reporting. More than half of these incidents were thwarted before anyone got hurt.

The US Department of Homeland Security’s If You See Something, Say Something campaign engages the public as key players in preventing terrorist attacks. This is a positive step toward including them in emergency preparedness and response. However, the initiative could extend beyond reporting to authorities. People can also act to minimise harm.

A prime example was observed during the recent tragic attack in Sydney, where active bystanders played a crucial role. Actions such as a samaritan confronting the attacker by using a bollard to create a barrier delayed the assailant’s progress.

This engagement impeded the attacker and bought precious seconds that may have saved lives. Therefore, referring to these individuals merely as “bystanders” does not do justice to their role. They acted as part of the emergency response, as immediate responders.

Zero responders’ role can also be significant in providing first aid to those who are injured. Since the September 11 terrorist attacks, there have been significant efforts in the United States to train the public in first aid CPR.

For those not positioned to intervene directly (those not near the source of danger or unable to assist), making efficient escape and evacuation decisions and encouraging others to do so is also vital in minimising harm.

My research, using computer simulations and controlled crowd experiments , has explored how simple behaviour changes, both in decisionmaking and physical actions, can make evacuations more effective.

Act swiftly and decisively

Many are familiar with the “run, hide, fight” protocol, which suggests people try to escape first, find a place to hide if they can’t leave, and confront the attacker as a last resort. While this is widely promoted in the US for active shooter situations , there are additional, more nuanced actions that can further enhance survival.

The misconception that people in a crisis typically panic can cause them to go out of their way not to appear scared. Consequently, some delay their response to assess the situation, worry

about the embarrassment of reacting to a false alarm , or walk slowly away from the danger rather than run.

However, empirical evidence and my research consistently show these reactions are not the best. Being swift and decisive typically leads to more efficient evacuations , for the individual and the crowd as a whole.

The minimal risk of overreacting in the event of a false alarm is far outweighed by the potential benefits of immediate action. This, in fact, demonstrates vigilance and risk awareness, rather than overreaction.

Another key aspect is agility in decision-making . This includes the willingness to revise initial decisions, such as which exit to use, as the situation evolves.

The public as responders

Different cultures and countries have different attitudes to zero responders. For instance, Israel enacted the Good Samaritan Law in 1998 to protect active bystanders from civil liability. This law compels bystanders to assist people in serious danger and even provides compensation for any costs or health damages incurred during the rescue.

Statistically, the more zero responders present during an emergency, the higher the likelihood of survival. While it is unrealistic to expect the entire population can be educated or trained for such scenarios, as not everyone may be willing or able to participate, research indicates comprehensive training of the entire community isn’t necessary for the benefits to be substantial.

Anyone can be a zero responder. Whether it’s through actions that impede or prevent an attack, assist the injured, or facilitate an efficient evacuation or sheltering, everyone has a role to play.

We should not overlook the crucial role of the public during mass casualty incidents. Societies can enhance their own protection by supporting zero responders and training for the public. This article is republished from The Conversation under a Creative Commons license. Read the original article

RISK 360°: A HOLISTIC VISION FOR FUTURE RESILIENCE

23 - 24 JULY 2024

AOTEA CENTRE, AUCKLAND

Risk NZ and Brightstar are excited to collaborate again on the New Zealand’s premiere risk summit in 2024, after a fabulous summit at Takina Convention Centre in Wellington, in August 2023.

ORGANISATIONAL RISK

PSYCHOSOCIAL RISK

TECHNOLOGY RISK

CLIMATE AND ESG RISK

risknzsummit.co.nz

DAY 1

9.00 Welcome from the MC

Nick Dynon, Enterprise Security Risk Manager, Optic Security Group

9.10 Welcome from Risk NZ

9.20 International Guest: Building organisational resilience

Andre Le Duc, Chief Resilience Officer, University of Oregon (USA)

9.50 Geopolitical Update

Sophie Heading, Global Risks Lead, World Economic Forum (UK)

10.20 Morning break

10.50 Unlocking Potential: The expanding role of GRC in modern business operations

Brad Smith, Principal Consultant, Camms Group

11.20 Case Study: Empower your teams

Meena Patel, National Risk and Assurance, Fire and Emergency New Zealand

11.40 Case Study: Risk reimagined: The future of risk measurement

Ben Lynch, Senior Risk Business Partner, Fonterra

12.00 Strategic risk leadership panel: Owning, navigating and collaborating

Paul Quiroga, Portfolio Risk Manager, Kainga Ora

Sharyn Reichstein, Chief Risk Officer, Tower NZ

12.40 Lunch break

1.40 Keynote: What is psychosocial risk and how to measure it?

Hillary Bennett, Director, Leading Safety

2.10 Case Study: Critical risk and a control protection framework

Max Riley, Head of Business Resilience, Chorus

2.30 Addressing psychosocial risk and driving workplace performance - Key considerations for executives and Boards

David Burroughs, Chief Mental Health Officer, Westpac (AUS)

2.50 Panel Discussion: Effective psychosocial risk measurement and practical applications for actionable outcomes

Moderated by : Jennie Vickers, Risk & Audit Lead, Tuatahi First Fibre

Jay Barrett, Workplace Psychologist, Glia

Gareth Beck, Safety, Wellbeing & Risk Business Partner – Retail, Z Energy

Deborah Pitout, Health and Safety Lead, ASB

3.30 Afternoon break

4.00 Keynote: Recognising and preparing for crisis –Pre-emptive behaviours and structure

Captain Hugh Pearce, Head of Flight Operations – Emergency Management Team Chair - Deputy Chief Pilot Senior Person Air Operations Operations Integrity & Safety, Air New Zealand

4.30 Panel Discussion: What is the future looking like?

David Turner, Chief Executive Officer, RiskNZ

Bryan Whitefield, Director, Bryan Whitefield Consulting (AUS)

Andre Le Duc, Chief Resilience Officer, University of Oregon (USA)

5.10 Summary remarks & Awards and networking event

DAY 2 RISK & RESILIENCE SUMMIT NEW ZEALAND

9.00 Welcome back from the MC

Nick Dynon, Enterprise Security Risk Manager, Optic Security Group

9.10 Keynote: Emerging technologies, transformation and risk management: Navigating the future Glen Willoughby, Chief Executive, Nilo

9.40 Case Study: Leading a cyber-attack response team

Richard Harrison, Head of Cyber and Technology Risk, Foodstuffs South Island

10.05 Panel Discussion: Demystifying AI - Safe Implementation & the Road Ahead

Facilitator: Dr Maria Pozza, Director – Lawyer, Gravity Lawyers

Andrew McPherson, Chief Information Officer, SkyCity Prabhu Singh, Director of Transformation, Sky Network Television

10.40 Morning break

11.10 Roundtables

12.20 Lunch break

1.20 Keynote: Navigating your ESG strategy for future readiness in New Zealand

Anthony Thompson, Sustainability Manager and Te Ao Māori Strategy Lead, Co-Chairman of Te Rōpū Māori o SkyCity, SkyCity Entertainment Group

1.50 Case Study: Transpower risk maturity journey

Julian Morton, Strategy, Performance & Risk Manager, Transpower

2.10 Panel Discussion: Strategic sustainabilityInsights from CROs and senior leaders

Laura Toulmin, Risk and sustainability manager, Tourism Holding

Kristin Renoux, Senior Associate - SustainabilityClimate & Nature, Beca Gemma Wensor, Principal Risk Advisor, Waka Kotahi NZ Transport Agency

Helen Mahoney, Manager Group Sustainable Finance, Auckland Council

2.50 Keynote: Watercare’s strategic response: Mastering risk management with precision and purpose

Nigel Toms, General Manager Risk, Quality and Assurance, Watercare Services

3.20 Closing remarks from the MC

2024 RISK NZ EXCELLENCE AWARDS

TIMELINE

FINALIST SHORTLISTING MEETINGS

16 May - 19 June 2024

FINALISTS ANNOUNCED

5 July 2024

FINALIST INTERVIEWS

Dates to be determined

2024 RISKNZ EXCELLENCE AWARDS & DRINKS

23 July 2024, from 6PM

CATEGORIES & CRITERIA

Risk Professional of the Year

Emerging Risk Professional of the Year

Networking and Partnerships in Risk Management

“Innovation” – Managing risk during times of significant change

FEATURED SPEAKERS

SOPHIE HEADING Global Risks Lead, World Economic Forum (UK)

DAVID BURROUGH Chief Mental Health Officer, Westpac (AUS)

SHARYN REICHSTEIN Chief Risk Officer, Tower NZ

ANDRE LE DUC Chief Resilience Officer, University of Oregon (USA)

HILLARY BENNETT Director, Leading Safety

ANTHONY THOMPSON Sustainability Manager and Te Ao Māori Strategy Lead, Co-Chairman of Te Rōpū Māori o SkyCity, SkyCity Entertainment Group

What can we learn from the Westfield Bondi Junction Mall incident?

The Sydney tragedy leaves us with the question of how to react to extremely low probability events with potential catastrophic consequences, writes Dr John Battersby of Massey University’s Centre for Defence and Security Studies.

Dr John Battersby is a Teaching Fellow at Massey University’s Centre for Defence and Security Studies and Managing Editor of the National Security Journal.

On 13 April 2024 a lone male carried out a vicious attack in a West Sydney shopping mall. Six people perished as a result of the injuries he inflicted before a police officer shot him. For the deceased victims’ families and the injured baby, who survived, but will now be without a mother, this was a dreadful tragedy.

For the police officer, despite being hailed a hero, this event will have lifelong consequences – no one joins a police service to kill people. Regardless of the circumstances, harming people is not something police take any pride in doing.

For the media, this event was manna from heaven generating day on day copy. The victims included a mum, a bride to be, a student from China – all with immense potential lives to live, cut down in their prime by the senseless actions of one individual. The perpetrator himself became the subject of sensationalised speculation – was he ideologically driven? Did he hate women? He was an escort apparently. Then a gay escort.

The police officer, a female inspector, alone, calm under immense pressure, acted decisively, and she did not miss. She was shown after the event taking care of the man she shot, precisely as she would have been trained to do. There were

days of compelling media fodder here amplifying and elongating the tragedy.

But what are the wider implications of this event? While likely to be considered one of those things that will never happen here – might it? Could we do anything about preventing it?

Understanding the facts

Our first task is to remove the incident from the sensational mediadriven milieu within which public understanding was framed and place it back into the reality in which it happened. No assessment can take place until key facts have been verified, assumptions identified, and knowledge gaps determined.

Sydney is a city with a population the size of New Zealand. Sydney has hundreds of malls, shopping centres, and retail spaces in which thousands of people congregate every day. These routine congregations almost always pass without incident, other than petty crime, isolated and occasional disorder, the vast bulk of which creates no existential risk or actual harm to the general public.

On 13 April 2024 there was a clear exception – but even so public place mass killings are rare in Australia and very unusual with an offender using a knife. Knife mass killings occurred in December 2014 and September 2018 in Australia – both were associated with domestic incidents.

Knives have been used globally in ideologically inspired attacks, as have motor vehicles as improvised weapons, but their media profile is vastly out of proportion with their actual frequency. Knife attacks by terrorists, violent extremists or non-ideological perpetrators are very unusual.

From this we can depict 13 April 2024 as a highly uncharacteristic event, very unlikely to recur in Australia, let alone anywhere else.

The offender Joel Cauchi is dead, and dead men tell no tales. We will never know what triggered him, or what motives he had in doing what he did.

His decision appears to have been spontaneous, he did not leave a note, or a manifesto explaining his actions, and a number of people interviewed by media sources, who knew him, seemed genuinely surprised at what he did. His motives will remain a subject of speculation.

Cauchi used a knife, which supports the notion of improvisation and limited planning. He wore an Australian Rugby League jersey, an everyday item and hardly a statementmaker.

Cauchi has therefore taken no action to acquire anything symbolic that might suggest a message of any kind. The evidence suggests he acted by himself, apparently without any desire to trigger a connection with anybody else.

He did appear to target females, prompting a worthy line of inquiry regarding a possible misogynistic or incel-related motive. But we need to know what the demographic was inside the mall – were there more women than men in there?

We need to know how many people he attacked (not just killed); there has been very little information provided about several people apparently injured. He did kill one male, and CCTV images showed another one fending off Cauchi.

We need to be careful of commentators with agendas framing the incident in way that serves their purposes. Our initial assessment then has to be, unless information emerges to the contrary, this was an attack inspired somewhere deep within Cauchi’s troubled mind, and not related to any broader ideological cause.

Does this event mean anything for us here in New Zealand?

New Zealand has about 100 major malls or shopping centres across the country. Our largest city, Auckland, has a population of 1.5 million people, and it likely has most of the larger public/private commercial spaces in which people congregate.

Mass killings in New Zealand are extremely rare, and the only one involving a knife was during a domestic incident in Masterton in 1992. Two

knife attacks have occurred in circumstances where a mass killing could have resulted, both occurring in supermarkets in 2021. One was ideologically driven in Lynn Mall, and one in Dunedin.

While both received media attention, the Lynn Mall attack has received a disproportionate amount likely due to its perpetrator, Ahamed Samsudeen, being inspired by ISIS propaganda.

There are over 3,800 supermarkets in New Zealand. The sober assessment has to be therefore, that in 2021, following years without any notable incident, there were two out of over 3,800 supermarkets that experienced a knife attack incident.

To be fair, the Lynn Mall offender was known to police and if New Zealand had counter terrorism legislation that was actually functional – arguably it wouldn’t have happened.

Any sober analysis results in a conclusion that a masskilling or mass-injury knife attack is extremely unlikely in any public/private commercial space in New Zealand.

However, the West Bondi Mall attack (in tandem with the Lynn Mall attack) illustrates two key points: (i) the vulnerability of such environments to any attacker, providing congregations of unsuspecting people with limited points of escape, and (ii) the potency of armed

police officers in stopping an attack. This latter point is significant as New Zealand police officers, while they have access to firearms, are not routinely armed.

We are left with a question how to we react to a problem of an extremely low probability event, with potential catastrophic consequences, occurring within the confines of a busy New Zealand shopping mall on any given day of the week by an active armed offender? A few things seem certain:

• the motive of the offender is irrelevant, an attacker is deadly because they are armed and have an intent to do harm (the reason why they do it will not affect the lethality of their attack).

• Police are unlikely to be present in a New Zealand mall at the time of any attack; and they would NOT be armed if they were. A police response time of 10-15 minutes could be expected in most areas,

• most malls have limited entrances and exits, complicating a panicked escape of customers, and:

• while almost all malls have security guards, the death of Faraz Tahir in Sydney, demonstrates the fatal consequences of them attempting to intervene.

Clearly, while highly unlikely, such an attack could have serious and fatal results. However, we seem to be left with limited options when contemplating what to do about such an event.

So, we could do nothing. The likelihood of anything similar to the Westfield Bondi Junction attack happening here has vastly greater odds than winning lotto. There are serious limitations (not to mention costs) to what we could do anyway, and this would weigh against any practical action that could be undertaken.

Honestly, the safest prediction is that the Westfield Bondi Junction Mall attack will go down as an aberration of modern urban life and remain a horrible and singular tragedy. We will all move on.

Or alternatively, we could take a serious look at our public/private spaces in terms of a major unexpected event, and link this to the suppression of serious crime generally. Daylight ram raids – or other raiding incidents – present no less of a risk to the public in terms of potential harm and are significantly more likely to occur.

We could look at reviewing what the role of security guards are in New Zealand, and what we need to better equip or empower them.

There must he scope for improved communication and cooperation between police and public/private space operators looking at the possibility of more visible police patrols, detection, and monitoring of suspicious behaviour, and coordinated contingency planning for unexpected events.

Ultimately, we cannot stop the emergence of an active armed offender intent on causing a mass casualty event, and it is highly unlikely such an individual will be detected before they have inflicted harm. It remains a risk, albeit a remote one. But there does seem scope at least for us to attempt to take seriously the possibility that it could occur and put some mitigations in place – especially if they overlap with other crime control or public safety initiatives.

fire

unbreakable universal mounting

•Low power consumption - low operating temperature

•One product suits floor and wall mounting

•Universal armature - offsets to 55º to suit doors opening past 90º • Wall mount extensions available •12 & 24 VDC selectable • Push off button with no residual magnetism • Oversize armature for easy alignment • Emergency release button

•Electroless nickel plated armature and electromagnet

•Stainless fastenings • Full local support and back up

10 YEAR GUARANTEE*

Designed, tested and produced in New Zealand to AS4178

A)Wall mounted,126mm extn. tube (overall 202mm) B)Wall

Surface and Recess mounting

This device enhances an outstanding range of unbreakable products which conveniently hold open fire doors. When a smoke/fire alarm is activated the magnet instantly releases the door to the closed position to prevent the spread of smoke and fire. These units feature a choice of 3 covers for optimum aesthetic appeal and durability. The installer can utilise one device for surface mounting or for recess mounting.

Career Pathways: HSM hosts Hastings Girls High School

In May, Hastings-based security services provider HSM participated in a Graeme Dingle Foundation programme to host high school students and showcase security as an alternative career path.

The Graeme Dingle Foundation has launched a programme aimed at broadening the career horizons of high school students and addressing the common misconception among students that college is the sole pathway to a successful career.

By highlighting alternative career options and pathways, the Foundation aims to motivate high school students to explore various industries, broadening their horizons and showcasing alternative career pathways beyond those traditional college routes. Bringing students to visit local businesses like HSM not only exposes them to various industries but also allows them to envision themselves in those roles.

On May 20th, HSM had the pleasure of hosting a group of students from Hastings Girls’ High School. The visit was led by Brent, who provided a comprehensive tour of the HSM office who, during the tour, emphasised the diverse career opportunities available at HSM, particularly in the fields of guarding and monitoring.

The monitoring room was a standout feature of the visit, capturing the interest of many students. One student expressed particular enthusiasm about the prospect of a future career as a monitoring operator.

This was the first such venture with the Graeme Dingle Foundation, with HSM having booked in further visits organised by the Foundation with other Hawkes Bay local schools. It’s

wonderful to see students becoming excited about potential career paths they may not have previously considered and the visit highlighted the importance of providing hands-on experiences and exposures to different career options.

HSM is also excited to participate in Futureopoly, an event organised by the Graeme Dingle Foundation aimed at engaging youth in exploring different career pathways. Scheduled to take place at the Hawke’s Bay Showgrounds in early June, this event aims to engage 500-600 students in a fun, interactive environment.

Through games and activities, local employers, including HSM, will have the opportunity to share information about their businesses and the various career paths

HSM is looking forward to being able to participate in a venture which is more interactive and engaging than the traditional presentations or visits to school careers offices, targeting in particular those who are not aware of how many career options are actually available to them and empowering them to make informed decisions about their futures. By participating in initiatives like the Graeme Dingle Foundation’s programme and Futureopoly, HSM hopes to connect with students, inspire them, and provide insights into careers they may not have previously considered. The collaboration between the Graeme Dingle Foundation and local businesses like HSM represents a valuable effort to expand students’ understanding of career opportunities beyond traditional academic routes.

Privacy Commissioner survey reveals New Zealanders’ privacy concerns

A biennial privacy survey of 1,200 New Zealanders was released on 13 May, with around 50% of respondents concerned or very concerned about the use of facial recognition technology in retail stores to identify individuals.

The number and size of privacy breaches, combined with the increasing reach of technology into people’s daily lives, are two reasons people are more concerned now about privacy issues, according to the survey commissioned by the Privacy Commissioner.

“These results paint a picture of the current state of privacy in New Zealand and shows to me that Kiwis aren’t as complacent as our well-advertised ‘she’ll be right’ attitude might indicate,” said Privacy Commissioner Michael Webster.

The percentage of people who said they are “more concerned” about privacy issues over the last few years has increased to 55%, which is a 14% increase from two years ago.

New Zealanders are clear in their response to these concerns:

• 80% want more control and choice over the collection and use of their personal information.

• 63% said protecting their personal information is a major concern in their lives.

• 83% want to know when their personal information is used in automated decision-making.

• 82% want the right to ask a business to delete their personal information.

“These increases line up with what we also heard from Kiwis about specific privacy issues, with the highest levels of concern among survey respondents

being organisations sharing data, the use of AI in decision-making, and cyber-attacks,” said Mr Webster.

There are high levels of concern about key privacy issues with around two thirds of New Zealanders concerned about:

• businesses or government organisations sharing their personal information without telling them (67%).

• the public and private sectors using artificial intelligence to make decisions about them, using their personal information (66%).

• organisations losing their personal information in a cyber-attack (65%).

Around two thirds of survey respondents (64%) also said they were very concerned about not being told about or agreeing to the use of Facial Recognition Technology, and 49% concerned or very concerned about the use of facial recognition technology in retail stores to identify individuals.

“Increasing public awareness about the use of Facial Recognition

Technology and some of the issues being expressed about it seem to be having an impact, as people become aware that this is happening and start asking, “is this the society I really want to live in?””

Privacy concerns drive behaviour. The survey asked whether in the last 12 months the recipients had avoided doing specific activities because of privacy concerns. The top avoided activities were social media 33%, online browsing 28%, online shopping 28% and online dating 28%.

People are not just aware but they’re also acting. In the survey, 70% declared that they were likely to consider changing service providers in response to poor privacy and security practices.

“Our survey also showed Māori are more concerned about privacy in every way,” said Mr Webster. “A standout example of the privacy concerns expressed by Māori is that 32% stated that in the past 12 months they have avoided contacting a government department due to privacy concerns. For non-Māori that figure is 14%.”

NZSA CEO’s May newsletter

In this abridged May update, NZSA CEO Gary Morrison reflects on the tragic Bondi Junction shopping mall attack and talks HB167 review, CCTV privacy guidelines, CoA training, and more.

Gary Morrison is CEO of the New Zealand Security Association (NZSA). A qualified accountant, Gary was GM of Armourguard Security for New Zealand and Fiji prior to establishing Icon Security Group.

Our condolences go out to those who were impacted by the tragic stabbings that occurred at the Westfield Bondi Junction shopping mall several weeks ago.

In particular out thoughts are with the family, friends and work colleagues of security officer Faraz Tahir who suffered fatal injuries whilst responding to the incident. It is understood that a second security officer also suffered life threatening injuries but was saved by a team-mate who provided immediate medical attention. We applaud this team-mate for their actions.

The incident again highlights the increasing risks faced by those involved in providing protective services. This also brings our attention to the role of security officers, the legal authority, training and protection that they are equipped with.

The NZSA position remains firmly opposed to the carrying of any weapons. We have however held initial discussions with government, police and the licensing authority with regards to giving appropriately trained and licensed security officers the authority to retrieve property and detain offenders.

Discussions have been positive and closely align with the governments focus on getting tough on crime and promoting public/private cooperation. We will keep you informed on developments and seek industry submissions as discussions progress.

We also firmly support the appropriate use of PPE, and in particular stab resistant vests, in highrisk environments. It is important to note however that the quality and effectiveness of vests varies considerably and in the absence of any specific Australian or NZ standards, research

should be conducted to ensure any equipment purchased is fit for purpose. Similarly, we strongly recommend having vests fitted to ensure comfort, avoid secondary strains or injuries and to ensure the vest is as effective as possible. We have provided some guidelines from specialist PPE provider Strategic Defence later in this newsletter.

Within this newsletter we also profile two new “Board Cadets” who have joined the NZSA Board for a year in a non-voting capacity. We have introduced the cadet programme as a mechanism for bringing greater diversity to the board and encouraging, supporting and developing those who have the talent and capability to participate at a board level but would not normally have the opportunity to be appointed to such a position.

Whilst the cadets serve a one-year term, they will be encouraged to stand for election at completion of their term and hopefully this will also provide long-term capability and continuity for the board.

Living Wage 2024/2025

For those who missed the announcement, from 1st September 2024, the Living Wage hourly rate is $27.80. This is an increase of $1.80 on the 2023/2024 rate.

Auckland congestion charges

During April the Auckland Council announced plans to push for legislative changes that would enable the introduction of congestion charging on key motorways and arterials.

The NZSA and BSCNZ (representing Commercial Cleaners) have made a joint submission to Auckland Council seeking an exemption from congestion charges for clearly branded work vehicles being used for the provision of security guarding, security patrols, cashin-transit services and commercial cleaning services.

Standards review HB 167:2006 Security Risk Management

During April we received notification from Standards NZ that they are reviewing Standards that are more than 10 years old and unless there is evidence that they are fit for purpose they will be withdrawn.

The notification advised that Standard HB 167:2006 – Security Risk Management was targeted for withdrawal as the technical committee deemed it no longer fit for purpose.

In discussion with members providing Security Consulting services, it is very apparent that this standard continues to be the go-to document for the industry and whilst a little

dated, has considerable relevance for those involved in criticality, threat and vulnerability analysis.

We have engaged with Standards NZ and provided compelling argument for the retention and on-going recognition of this Standard.

Whilst we have yet to receive a response, we are confident that our application will be successful.

Privacy Guidelines for use of CCTV Systems

We regularly receive enquiries from security providers and members of the public with regards to privacy concerns related to the installation and use of CCTV systems.

The Privacy and CCTV Guide issued by the Privacy Commissioner in 2009 provides good guidance on requirements however it is now somewhat outdated and does not adequately cover some technology developments, including audio recording and facial recognition.

With regards to audio, it is important to note that this is covered in the Crimes Act 1961 under Section 216B Prohibition on use of interception devices. The Act states that every-one is liable to a term not exceeding 2 years who intentionally intercepts communication by means of an interception device.

It is clear that microphones on CCTV cameras would come under the definition of an interception device and should always be turned off and rendered inoperable at time of installation.

MSD Digital Passport (including Security Passport)

It was great to see that MSD was internationally recognised as an award winner at the 2023 Would Summit Government Awards.

The awards recognise digital initiatives that significantly contribute to achieving the United Nations sustainable development goals and MSD took home the top achievement in the Government and Citizen Engagement category that recognises quality education, work and economic growth and reducing inequalities.

The Digital Passport offers free

learning modules focused on digital literacy and essential job skills and is delivered via VR (Virtual Reality). One of the modules covers an introduction to the role of a Security Officer, utilising learning from the VR CoA training jointly developed by SkillsVR and NZSA, and with those completing the learning receiving a Security Digital Passport.

Submission on future of industrial

classifications

Many critical decisions impacting industry sectors are determined or influenced by data collection. This applies at a government, local government and private sector level with some examples including legislative changes, allocation of training funding, setting ACC levies, determining immigration settings, workforce planning and policy development.

Two of the main sources of data specific to industry are the ANZSIC06 and ANZSCO classification systems.

ANZSIC06 is the Australian and New Zealand Standard Industrial Classification system and structures industry by Division, Sub-Division, Group and Class and for the Security Industry we are broadly classed under the Public Administration and Safety Division (for protective services) and Construction Division (for electronic security services).

The ANZSIC codes are used for the bulk of industry reporting by Infometrics and used to determine by ACC, IRD and the WDC’s amongst other agencies.

ANZSCO is the Australian and New Zealand Standard Classification of Occupations system and follows a similar four level classification based on Major Group, Sub-Major Group, Minor Group and Unit Group. Security services are listed under Major Group headings Community and Personal Service Workers (Protective Services) and Technicians and Trade Workers (Electronic Security Services).

The ANZSCO classification also introduces Skill Levels that are applicable to specific unit groups – these range from Skill Level 1 (commensurate with a bachelor degree)

down to Skill Level 5 (NZQA Level 1). Most protective security roles are deemed to be Level 4 or 5 whereas security technicians are classified as Level 3.

Our concern is that the industry descriptors used on the two classifications do not match current industry terminology which probably explains why reports provided by Infometrics and other government agencies frequently under report the size of the industry in terms of revenues and employment.

Statistics NZ have requested feedback on the ANZSIC06 classification, and we have provided a submission recommending a comprehensive review and updating of the terminology being used so as to align with common industry use. We have also cautioned against any consideration of moving to the ISIC (International Standard Industrial Classification) system given that it is also outdated, and we would loose any opportunity to influence the code allocations.

CoA training, moderation and Good Practice Guideline for Train the Trainer

The CoA Training provides initial training for those entering the workforce and it is critical that the training is as comprehensive and effective as possible.

We are pleased to advise that Ringa Hora (the Services WDC) has been leading the process of reviewing the three existing Unit Standards and re-writing as Skills Standards, with the draft standards nearing the stage of being ready for circulation and consultation.

As part of this process, stakeholders have been mindful that the standards are covered by legislation and therefore cannot be substantially changed but have taken the opportunity to strengthen the content and establish specific outcomes that can be moderated.

Ringa Hora have also been more active with regards to conducting moderation on training providers and ensuring that training delivery is via suitably approved trainers and in accordance with expected standards.

We applaud this approach and remind employers of the importance of ensuring the CoA training is being provided by suitably qualified trainers. The NZSA Good Practice Guideline covering Provision of Train the Trainer Instruction documents the qualifications and experience requirements for those who can deliver the training, including the need for biannual refresher training.

As always, we welcome all comments and feedback on NZSA or industry issues and activity. Keep safe and well.

Public Sector Reputation Index New Zealand

The 2024 New Zealand Public Sector Reputation Index report has just been launched by research and communications agency Verian. FENZ remains on top, with creative sector the biggest improver.

The free to download report reveals the top 10 performing agencies on the Index in 2024, and reputational trends for the public sector more broadly. It also explores perceptions of trust relating to information coming from agencies, news organisations, and online sources, such as bloggers.

Most reputable

Fire and Emergency NZ continues its reign as the highest rated of all agencies on the Index, with new entrant, NZ Search and Rescue, following closely. Callaghan Innovation, NEMA, Tourism NZ and Creative NZ all improved their position in the index this year.

Creative NZ enjoys the strongest improvement in overall reputation in 2024. Organisations in a similar space, Ministry of Culture and Heritage and RNZ, are also among those who have seen the strongest improvement in reputation, suggesting a more favourable view towards the arts and creative sector.

Reputational recovery

2024 sees a recovery in reputation across the public sector, following two years of falling scores. The distribution of New Zealand public sector agencies has improved slightly (2024 average of 64 compared with an average of 62 in 2023). 20 agencies have improved their score by at least two points since 2023, while four have fallen by at least two points.

While the proportion of those with negative perceptions towards the public sector is unchanged, the attitudes of those who were more neutral in their opinion are once again warming.

With 58 agencies on the New Zealand Index, the Electoral Commission, NZ Search and Rescue, and High Performance Sport NZ are new to the Index this year.

Major influencers

News media has, by far, the most influence on the reputation of the public sector – the number of people influenced by the media is double those who are influenced by an agency directly (through communications or personal experience).

While the news media is the most common influence on reputation, this differs markedly by age – the news media influences older New Zealanders much more than younger New

Zealanders. In contrast, the impact from word of mouth and online sources is more skewed towards younger New Zealanders.

The index

The Public Sector Reputation Index was developed nearly a decade ago in response to demand from public sector agencies for rigorous, independent benchmarks of their reputation. In 2023 the index was expanded into Australia and Singapore.

The Index is a globally validated model of reputation that has been carefully adapted for the public sector. This model includes four central pillars: trust, leadership, social responsibility, and fairness.

The research involved 3,541 online interviews of a nationally representative sample by age, gender, region, ethnicity and education level. Fieldwork was conducted from 14 to 29 March 2024.

A Deadly Year: Key findings from the Global Terrorism Index 2024

In the latest Global Terrorism Index 2024 report from the Institute for Economics and Peace, terrorism deaths spike internationally despite a drop in incidents in the West.

While terrorism deaths in the West have hit a 15-year low, the global terrorism death count is at a seven-year high, and Central Sahel is the new epicentre of international terrorism. That’s according to the latest Global Terrorism Index Report.

Now in its eleventh year, the annual Global Terrorism Index (GTI) is developed by the Institute of Economics and Peace (IEP) and provides the most comprehensive resource on global terrorism trends.

“The last twelve months resulted in the most lives lost to terrorism than in any period since 2017,” stated

“Conflict remains the primary driver of terrorism, yet most wars in the 21st century have been unwinnable and very costly. Terrorism also thrives in areas of political instability; it is imperative that current political tensions and minor conflicts do not escalate and that current conflicts are resolved, otherwise further increases in terrorism are likely.”

The Global Terrorism Index 2024 report provides a summary of the key global trends and patterns in terrorism over the last decade, up to and including 2023. Among the report’s key findings:

Terrorism deaths highest since 2017

Deaths caused by terrorism increased by 22% to 8,352 in 2023, the highest level since 2017. Even when excluding the October 7th Hamas attacks on Israel, deaths would still have increased by 5%.

This is despite terrorist incidents decreasing by 22% to 3,350, resulting in a 56% increase in the average number of people killed per attack. This is the worst rate in almost ten years.

“Terrorism had been falling or remaining steady for several years prior to 2023, with substantial falls from 2015 to 2019 followed by several years of minor fluctuations,” states the Report. “However, the last 12 months saw the largest percentage increase in terrorism since the inception of the GTI, even as total attacks fell considerably.”

Fewer terrorism deaths in the West

In 2023, the US accounted for 76% of terrorism-related deaths in Western democracies, amid a 15-year low in incidents.

Terrorism incidents in Western democracies recorded a drop of 55% compared to the previous year. There were 23 attacks that resulted in 21 fatalities, marking a 15-year low. However, the US recorded 76% of these fatalities from seven attacks. Five of these attacks were linked to individuals with far-right beliefs yet none had an affiliation with a far-right group.

In OECD countries, many of which are Western democracies, socio-economic factors such as youth unemployment, military expenditure, lack of confidence in the press and lower inequality-adjusted life expectancy correlate significantly with the GTI.

Central Sahel now terrorism epicentre

The epicentre of terrorism has shifted out of the Middle East and into the Central Sahel region of sub-Saharan Africa, which now accounts for over half of all deaths from terrorism.

Despite the Hamas attacks of October 7th, the number of terrorist incidents fell in the Middle East, along with North Africa, Europe, and North America.

The central Sahel region has conclusively overtaken the Middle East as terrorism’s epicentre with Islamic State (IS) and Jamaat Nusrat Al-Islam wal Muslimeen (JNIM), a franchise of Al-Qaeda, being the most active terrorist organisations.

Organised crime and terrorism have merged in the Sahel with groups forming complex alliances and fuelling the persistence of terrorist activities in the region.

Terrorist organisations sometimes integrate with organised crime groups or provide protection and safe passage

for illicit trade in drugs, human trafficking and precious metals. The region has seen a surge of kidnapping since 2017, with incidents increasing from 78 to over 1,000 in 2023 and generating significant revenues for terrorist organisations.

Burkina Faso most impacted

Burkina Faso suffered the worst impact from terrorism in 2023, with deaths increasing by 68% despite attacks decreasing by 17%. Terrorism in the country has deteriorated every year since 2014. Neighbouring Mali and Niger also deteriorated in 2023.

“In the 13 years that the GTI covers, it is the first time a country other than Afghanistan or Iraq has been top of the index,” states the Report. “Almost 2,000 people were killed in terrorist attacks in Burkina Faso from 258 incidents, accounting for nearly a quarter of all terrorist deaths globally.”

Pakistan recorded the most incidents of any country, with 490 attacks that resulted in 689 deaths. This is the fourth successive year where both deaths and incidents have increased in the country.

Ten countries account for most deaths

Terrorist activity remains highly concentrated in a small number of

countries, with just ten countries accounting for 87% of all terrorism deaths in 2023. These include Burkina Faso, Israel, Mali, Pakistan, Syria, Afghanistan, Somalia, Nigeria, Myanmar, and Niger.

The concentration of terrorist activity has intensified over the past decade, with the number of countries recording at least one death from terrorism falling from 57 in 2015 to 41 in 2023.

Conflict remains primary driver of terrorism

Violent conflict remains the primary driver of terrorism, with over 90% of attacks and 98% of terrorism deaths in 2023 taking place in countries in conflict. All ten countries most impacted by terrorism in 2022 were also involved in an armed conflict.

The intensity of terrorism in conflict is also much higher than in non-conflict countries, with an average of 2.7 fatalities per attack compared to 0.48 fatalities.

Iraq shows biggest improvement Iraq recorded the largest improvement in the last decade with deaths from terrorism falling by 99% since the 2007 peak, to 69 in 2023.

Iraq is no longer amongst the ten countries most impacted by terrorism, with total deaths falling 65% in the

past year. Prior to 2023, Iraq had been ranked in the top ten every year since the inception of the Global Terrorism Index. Total deaths have fallen 99% since their peak in 2007, with incidents falling 90%.

“Afghanistan has also seen a significant improvement in the impact of terrorism, with deaths and incidents falling 84 percent and 75 per cent respectively since 2007,” states the report.

The GTI Report noted that because it does not include acts of state repression and violence by state actors, acts committed by the Taliban are no longer included in the scope of the report since the group’s ascension to power.

Israel and Palestine

The deadliest terrorist incident in 2023 was the October 7th Hamasled attack in Israel which killed 1,200 people. It was the largest single terrorist attack since 9/11, and one of the largest terrorist attacks in history. Its consequences are still unfolding, with more than 30,000 Palestinians killed by Israel’s retaliatory military operation by mid-February 2024.

Tensions between Palestine and Israel prior to the conflict were

already at an all-time high and the security situation in Israel had been deteriorating. Over 2,500 instances of communal violence in Israel and Palestine were recorded in the first ten months of 2023, compared to less than 500 in 2016.

“Globally, we have seen real gains in recent years in our fight against terrorism, particularly in Western democracies,” stated Steve Killelea. “However, left unchecked regional instabilities could fan the flames of a new wave of terrorism. It is therefore important that global policymakers focus international efforts to address the current global conflicts and prevent the Gaza conflict from spreading.”

Increased attribution

Of the 3,350 terrorist attacks recorded in 2023, 54% were attributed to a group. IS and its affiliates remained the world’s deadliest terrorist group, responsible for 1,636 deaths, despite its attributed deaths falling by 17%. IS was followed by Hamas, JNIM, and Al-Shabaab. Together, they were responsible for over 75% of terrorismrelated deaths globally. A decade ago, they were responsible for less than 25%.

In 2023, IS attacks occurred in six of the nine GTI regions: Asia-Pacific,

Europe, MENA, sub-Saharan Africa, Russia and Eurasia and South Asia. In the Middle East, Syria was the country most affected by IS attacks. It recorded 224 attacks, an increase from 152 in 2022, and a quarter of all IS related deaths.

Using machine learning techniques, researchers were able to attribute an additional 15,000 deaths to IS since 2007, increasing the total number of attributed deaths from 25,000 to 40,000.

Terrorism is not the deadliest form of violence in the world. Armed conflict results in nine times more fatalities than terrorism, homicide over 45 times more, and deaths from suicide 72 times higher. However, terrorism has a uniquely disturbing psychological and social impact intended to traumatize the whole of society, rather than the individual.

The GTI, developed by the Institute for Economics & Peace, provides a comprehensive summary of the key global trends and patterns in terrorism over the last 15 years. The report ranks 163 countries (99.7 % of the world’s population) according to the impact of terrorism, and is produced using data from TerrorismTracker and other sources.

A Step Change in Security Threat Assessment: Open-source enabled persistent threat monitoring

The challenges of open source threat assessments can be avoided by subscribing to a persistent threat monitoring service, writes Chris Proctor, Senior Associate Security Consultant with Beca Applied Technologies.

Chris Proctor

I’ve always had a problem with security threat assessments. Probably not a great thing for a security practitioner to say, however, there it is.

My concerns primarily relate to the lack of information sources available to corporate organisations, the lack of analytical expertise to effectively translate what little information there might be into actionable security threat intelligence and the static nature of threat assessments.

The Information Issue

Let’s explore the first of those issues – the lack of relevant information to inform the first part of the threat equation – capability and intent.

This isn’t really an issue if you are within the trusted environment of

central government and associated agencies as there is a clear route to high level, classified intelligence from a range of sources. It does become a significant issue if you are outside that circle or operating in the commercial environment. The sources typically available to you include:

• National Threat Levels – rather anaemic reporting of generic national threats with no real way to apply this to your particular environment.

• NZ Police Crime Snapshot – a very general view of crime in the wider neighbourhood in which your organisation is located. Again, there is little or no way to tie this to your own operations. What is the real worth of knowing that serious

assaults in your geographic area have increased by 7.8% over last year?

• Wider organisational threats – you can look at the wider threats posed to your organisation as a whole and then try and apply them specifically to a location, person or asset.

• Neighbourhood scanning – reviewing what is in the neighbourhood is a good way of identifying potential threat actors and collateral threats but is unlikely to provide you with information on any specific threats to your organisation.

• Review of past incidents – this can provide you with a feel of how vulnerabilities have been exploited in the past but, hopefully, you will have addressed those vulnerabilities so past incidents may not really reflect future threats. The quality of internal security incident reporting can be variable and insufficient to draw reliable conclusions.

• ‘Googling’ – everyone’s go-to intelligence source. As a tool, it may provide some information that will be of use to you, but remember – it is information, not intelligence. It’s what you do with it that makes the difference.

• Local contacts – your security manager or consultant might have contacts within the trusted environment mentioned earlier who they can still ‘tap up’ for

information. The privacy, legality and usability of such information must always be considered. This information and how it was obtained might actually adversely affect your threat-scape.

All in all, these sources provide a broad brush view of the threats you face. With such a vague, mainly uncontextualised information set, how can you derive insightful and actionable intelligence?

The Analysis Issue

My other bugbear is analysis. Information on its own does not provide you with any real benefit. It’s the ‘so what’ that really adds value.

That’s why it is critical to view the information collected through an analyst’s lens. Information becomes the ‘feedstock’ for the analytical process and that process is not a simple one. It’s an objective, reasoned approach aimed at combining seemingly unrelated pieces of information into a cohesive picture and developing new perspectives.

The New Zealand Institute of Intelligence Professionals (NZIIP) Intelligence Practitioners Handbook is a fantastic source of information on a range of divergent and convergent structured analysis techniques that most trained intelligence analysts will be familiar with. It is only by the application of such techniques in a

measured way that true intelligence can be gleaned.

It makes sense therefore that, in order to deliver any form of meaningful security threat assessment, you need to have a trained and experienced analyst on board to help you make sense of the information you are able to gather.

The Point in Time Issue

Thinking about most security projects, when does a security threat assessment take place? Normally, right at the start and then, depending on the security maturity of the organisation, it might get reviewed on an annual or biennial basis thereafter.

So, for up to two years, the only likely indicator an organisation might get that their threat landscape has changed is when a security incident takes place. Hardly a proactive approach. For some organisations, it never gets reviewed but rather sits as part of the risk governance documentation and is used when a new project or audit is initiated.

You can sense my frustration – a security threat assessment is only valid at the moment it is completed. From that moment on, the threat landscape evolves – threat vectors change, threat actors enhance their capabilities, and the organisation’s aims, values and operational ways of working may also change, all leaving the threat assessment floundering in their wake.

A solution

That then is the problem set that we looked to address. How could we inject energy and impetus into the threat assessment process, elevating it from a point in time effort to a dynamic and enduring, behind the scenes activity that adds value and provides the risk/ security leadership of an organisation with a timely view of their security threats, enabling proactive decision making rather than reactive responses?

The solution – a targeted, opensource enabled persistent threat monitoring service.

Understanding that, in these network-enabled times, threats can emerge as posts, chatter or threads online in forums or social media, news posts or other online sources, we set out to find a way to harvest this information and turn it into actionable insights. Not an easy undertaking as the surface web, available to the average user through a search engine such as Google, makes up only 10% of the world wide web.

Given that the surface web contains over 4.5 billion web pages, and the deep web is 400-500 times that size, how do you know what to look for, and where to look for it…?

Privacy

Given that privacy is on everyone’s mind at the moment, one of the first things we did was to explore the legal

and ethical implications of open-source intelligence collection and analysis. The definition of open source that we have chosen is the methodical collection and exploitation of information from free, publicly available, and legally accessible sources to fulfil a specific intelligence requirement.

Publicly available information does not require clandestine collection techniques to obtain. It is obtained through means that meet the copyright, commercial and privacy requirements. We have mapped our service against our obligations under the Privacy Act 2020 and have undergone successful legal and privacy scrutiny.

Our Solution

In short, by using world leading open-source intelligence gathering and analysis tools, we will create and manage bespoke information searches across publicly available social media and internet sources including the World Wide Web, dark and deep web to identify potential or actual threats against our clients’ organisations.

Our highly experienced analysts will engage with clients to identify potential threat triggers, targets and vectors and will develop insightful tripwire and periodic reporting criteria, delivering actionable insights and threat information in a timely manner.

How it works

Direction

It all starts off with us sitting down with our clients and understanding the threat vectors and potential threat actors that are causing them concern. We’ll work with the client to understand their specific threat intelligence requirements, how often they require updating, and the threshold for our tripwire, or immediate, reporting option.

Collection

Our intelligence analysts will take this insight and convert it into a collection plan – what we are looking for, where we might find it and how we go about constructing searches to extract it.

Processing

Our analysts will collate and evaluate the information – seeking to remove the ‘noise’ and ensure the currency and relevance of the information. Then comes the magic – application of analytical techniques and processes to extract the ‘so what’ out of the information, turning it into actionable intelligence.

Dissemination

This final phase sees the intelligence being passed to our clients in the form and periodicity that they have requested. We will also look to deliver critical intelligence (such as imminent protest activity or intent to commit a harm act) as soon as we get it –something we’re calling ‘Tripwire’ reporting.

As with all circular models, this is a never-ending loop. The dissemination phase includes a review process to ensure that we are collecting the right type of information, that the intelligence meets the clients’ requirements, and that the client’s situation has not changed.

Ultimately, we envisage that our Persistent Threat Monitoring service will provide significant value to organisations, regardless of their role or market sector by delivering peace of mind and value for money via a subscription service that delivers savings.

Bula! Axis Communications announces 2024 Oceania Partner Awards winners

Axis Communications announced the winners of its Oceania Partner Awards 2024 at its annual Partner Summit held this week on the resort island of Denarau, Fiji.

Held at Axis’ annual Partner Summit from 6th to 9th May, the awards honour the accomplishments of Axis’ partners in the region who have made significant contributions to enhancing their customers’ CCTV-based security in the past year.

Advanced Security Group came out big winners in this year’s awards, taking out the gongs for Top New Zealand Partner, Government segment partner New Zealand, Critical infrastructure partner New Zealand, and Axis intercoms partner. Distributor Channel Ten’s Hamish McKenzie gained prestigious recognition with his induction into the Axis Hall of Fame.

“We are immensely grateful for the dedication of our partners, whose contributions have been instrumental in our success this past year.”

In addition to Advanced Security Group, other New Zealand multiple category winners included Channel Ten and security integrator Nextro.

“We are immensely grateful for the dedication of our partners, whose contributions have been instrumental in our success this past year,” said Axis Communications Regional Director for Oceania Wai King Wong.

“Together, we’ve navigated today’s dynamic technology landscape to go beyond and deliver cutting-edge security solutions. Thanks to these valuable collaborations, we have been able to strike a balance between

optimising current strategies and exploring new avenues for growth. I am looking forward to what we can achieve in 2024 and beyond.”

The Oceania Partner Awards 2024 were categorised by region and segment, with top-performing partners and distributors recognised:

Top Partner Winners by Region

NSW: JD Security

QLD: Link Enterprise Solutions

ACT: Wormald Security

VIC: PMT Security

SA: BST Systems

WA: SEME Solutions

TAS: TMR Systems

NZ: Advanced Security Group

Oceania region: Convergint

Fastest growing partner in Australia: H3C Plus

Fastest growing partner in NZ: Nextro

Top Winners by Category

Retail segment partner Australia: PMT Security

Retail segment partner New Zealand: Focus Digital Security Solutions

Government segment partner

Australia: Optic Security Group

Government segment partner New Zealand: Advanced Security Group

Critical infrastructure partner

Australia: Royal Eagle

Critical infrastructure partner New Zealand: Advanced Security Group

Smart cities segment partner Australia: Link Enterprise Solutions

Smart cities segment partner New Zealand: Evotek Technologies

Banking segment partner Australia: ARA Security

Banking segment partner New Zealand: Securitek

Transportation segment partner

Australia: ARA Security

Transportation segment partner New Zealand: Nextro

Special Partner Award Winners

Axis intercoms partner: Advanced Security Group

E2E champion partner: JD Security

Audio Awards: Link Enterprise Solutions

Top Distributor Winners

Top distributor Australia: Dicker Data

Top distributor New Zealand: Channel Ten Security

Highest YoY Growth in Australia:

Central Security Distribution (CSD)

Highest YoY Growth in New Zealand: Channel Ten Security

E2E distributor Australia: VSP Solutions

E2E distributor New Zealand: Sektor

Hall of Fame

Hamish McKenzie – Channel Ten

Security

Luke Morgan – Link Enterprise

Nominations Open Tohu Awards

An event in support of part-time New Zealand Defence Force personnel and the organisations who support them.

EMPLOYERS OF NZDF PERSONNEL ARE INVITED TO SELF-NOMINATE

CATEGORIES

Reservist of the Year

Reserve Employer of the Year (Small and Large Employer Categories)

New Zealand Cadet Force Officer

Employer of the Year

Limited Service Volunteers (LSV)

Employer Recognition Award

Outstanding Contribution to the the

Limited Service Volunteers (LSV) Programme

HOW?

REQUEST NOMINATION FORMS:

From secretariat@desc.govt.nz

SUBMIT NOMINATIONS:

To secretariat@desc.govt.nz

Reservist of the Year: 19 August 2024

All other Categories: 17 May 2024

CLOSING DATES: QUERIES?

Email secretariat@desc.govt.nz

Understanding the power of a risk-based approach in protective security

There are several key steps to implementing a risk-based approach, explains ICARAS Security Consultants, that ensures security strategy is tailored to an asset’s specific risks and vulnerabilities.

When it comes to protective security, there are many different strategies that organisations can use to protect their assets - property, information and people. One of the most effective is taking a “risk-based” approach. At its core, a risk-based approach to protective security involves determining the potential sources of threat to an asset and assessing the risks those threats pose. By identifying the asset’s vulnerabilities, security measures can be implemented that effectively mitigate or manage those risks.

This approach is considered more effective than a onesize-fits-all approach because it is tailored to the specific risks and vulnerabilities of the asset in question. So, how does a risk-based approach work in practice?

There are several key steps that organisations can take to implement a risk-based approach to protective security:

1. Identify the assets that need protection: This may include property, personal information, staff and customers. It’s important to understand what needs to be protected in order to determine the appropriate level of security.

2. Determine the potential threats to those assets: This step involves looking at the different types of threats that could potentially impact the assets and the likelihood of that threat manifesting. For example, this may include things like theft, vandalism, violence towards staff, or even espionage.

3. Assess the security risks faced by the assets: Risks consider both the likelihood of the threat occurring along with the impact it would have. Assessing and evaluating risks provides a clear understanding of the actual harm that may result to enable effective risk prioritisation.

4. Evaluate the vulnerabilities of the assets against those risks: Once security risks have been identified, organisations need to consider how vulnerable their assets

may be to those risks eventuating. This step involves looking at factors such as the location of the assets, their accessibility, and the protective security measures and controls currently in place.

5. Implement security measures: Based on the vulnerability assessment, security measures are implemented to mitigate risks to an acceptable level, by reducing the likelihood of an incident occurring, or reducing the impact of an incident should it occur.

6. Continual reassessment: The threat environment is constantly changing, resulting in an ever-evolving set of security risks. To ensure risks remain effectively mitigated, regular reassessment is required.

Security Risk Management (SRM), as the name suggests, is the active management of an organisation’s security risk environment through the process described above. By taking a risk-based SRM approach to protective security, organisations can ensure that their assets are protected in the most effective way possible by identifying and prioritising the risks that may result in the most harm, and putting in place the necessary security measures to mitigate those risks.

REACH NEW HEIGHTS in Professional Excellence

ASIS accredited certifications can help you reach your career goals.

Validates your ability to conduct security investigations through the effective use of surveillance, interviews, and interrogations. Designed for those with 5 years of related experience.

WH Y EARN THE PCI DESIGNATION?

• Provides independent confirmation of your specialized skills in security investigations

• Gain global recognition by your peers and industry

• Get a competitive edge in the marketplace

• Enhance your career and earnings potential

• Enjoy personal satisfaction and professional achievement

Be one of the many ASIS board certified practitioners who are leaders, mentors, and trusted strategic partners, serving both their organizations and the profession.

“PCI is an important element in the ASIS C ertification programme, dovetailing into both CPP a nd PSP for a comprehensive understanding of broader security industry objectives. An effective and reliable investigation depends on objectivity, thoroughness, relevance, accuracy and timeliness. PCI helps identify critical investigative outcomes, including evidence collection, case management, and the process of offender detection, iden tification, interview and prosecution. Good physic al security designs, together with robust policies and procedures are key elements in a successful investigation. The PCI certification p rov ides an insight into how these pieces interrelate."

- D avi d H orsburgh, MSc CPP PSP PCI

WHY SHOULD AN EMPLOYER HIRE ASIS CERTIFIED PROFESSIONALS?

• Build a strong, dedicated team committed to high standards and continuing professional development

• Promote ongoing education of critical job knowledge and skills

• Feel confident that your staff are using best practices

• Recruit the most qualified professionals

• Reinforce or elevate your organization’s reputation and credibility

Increase the competency level of your staff by supporting your security professionals in their certification journey.