www.securityfocusafrica.com | Vol 40 No 1 Dec 2021/Jan 2022 The official industry journal for professional risk practitioners: security, safety, health, environment and quality assurance
Security sector challenges in 2022 – and expert advice on how to rise above them
Meet newly appointed ConCourt judge Jody Kollapen The last word: First Zondo report
R
O
N FO
S
B
U
PE
S
SINE
securityfocusafrica.com Security Focus Africa has been marketing suppliers to buyers in Africa since 1980, and is the official industry journal of the Security Association of South Africa (SASA). Our readers form the core of Southern Africa’s buyers and decision-makers in the security products and services industry. Our digital platform has a highly-focused readership of people at the very heart of the security industry. Our news is distributed via website, digital magazine, and social media. Our annual Security Focus Africa Buyers Guide is searchable via our online directory, with over 760 businesses and branches throughout Africa. Need to find a service or supplier? We will help you find exactly what you need.
PO Box 414, Kloof 3640, South Africa Tel: +27 (31) 7646977 Fax: 086 762 1867 Email: contact@contactpub.co.za
Security Focus AFRICA w w w. s e c u r i t y f o c u s a f r i c a . c o m
The official industry journal for professional risk practitioners: security, safety, health, environment and quality assurance
KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
DIGITAL BUYERS GUIDE
to security services & products Promote your business
Attract customers
Increase your sales
Claim your listing on www.securityfocusafrica.com/buyersguide
Security Focus Africa is known for having the most comprehensive directory of service providers in Africa. We have been a trusted source of information for more than 41 years, and now offer this valuable resource online. The market is tough out there. What makes your business different from any other? For starters, be more accessible on the internet. Online searches are now the preferred method of finding information and contact details, so the better your online presence, the more business you will get.
BENEFITS OF LISTING YOUR BUSINESS:
• By claiming your listing, you can keep your company’s information up to date at your own convenience • Upgrade your listing online at any time to maximise your brand exposure • Improve your SEO and online presence • We provide a targeted audience for your business • See your stats – know how many people are seeing your listing
Security
For as little as R2,400, you can get the edge over your competitors by providing indispensable information to your customers on our online directory.
Affordable advertising is just a click away.
Focus
AFRICA
BUYERS GUIDE
www.securityfocusafrica.com/buyersguide KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
XXX
Security Focus Africa: Serving the South African security industry for 41 years
CONTENTS
VOL 40 NO 1 DECEMBER 2021 JANUARY 2022
12 COVER STORY SECTOR CHALLENGES 12 Challenges facing the Security Sector in 2022 — and how to deal with them.
No need to compromise your security!
26
Get quality and affordable batteries brought to you by
G S S Group THE BRAND YOU CAN TRUST 2
+27 (0) 10 140 7137
sales@gssgroup.co.za
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
www.gssgroup.co.za
securityfocusafrica.com
Official Journal of the Security Association of South Africa
Published by Contact Publications (Pty) Ltd (Reg No. 1981/011920/07)
Vol 40 No 1
TEL: (031) 764 6977
24 wishing you and everyone in your ambit, a happy, healthy, productive, and successful 2022!
ASSOCIATION NEWS 6 Update from SASA. NEWS IN BRIEF 8 News snippets from around the world.
CYBER SECURITY 11 Trend Micro prediction report forecasts cyber fightback in 2022.
OPINION PIECE 16 Multi-cloud security doesn’t
have to be complicated to be effective, it just has to be consistent. 18 Crypto crimes and the South African legal framework.
TECHNOLOGY UPDATE 19 Artificial Intelligence (AI) for
MANAGING DIRECTOR: Malcolm King malcolm@contactpub.co.za
EDITOR:
REGULARS EDITOR’S COMMENT 4 From our desks to yours, here’s
FAX: 086 762 1867
Ingrid Olivier
PERSONALITY PROFILE 26 Judge Jody Kollapen. SECURITY IN ACTION Growth for holography in 28
2022 as covid and other threats continue to impact, says global trade body.
VIRTUAL COMMERCE WLA’s road to success 30
continues: Four new organisations join the alliance.
CYBER SECURITY 31 FBI warns US companies to
avoid malicious USB devices. 32 Kaspersky develops cybersecurity policy for bionic devices.
33 ADVERTISERS INDEX THE LAST WORD 34 First Zondo report.
ingrid@securityfocusafrica.com
SENIOR GRAPHIC DESIGNER: Vincent Goode vincent@contactpub.co.za
DISTRIBUTION MANAGER: Jackie Goosen jackie@contactpub.co.za
POSTAL ADDRESS: PO Box 414, Kloof 3640, South Africa
PUBLICATION DETAILS: Security Focus Africa has 12 issues a year and is published monthly, with the annual Buyers’ Guide in December. Due to the Covid-19 crisis, we will only be publishing digitally, until further notice.
EDITORIAL CONTRIBUTIONS: Editorial contributions are welcome. For details please email editorial@securityfocusafrica.co.za.
36 DIRECTORY
ADVERTISING ENQUIRIES: Malcolm King
Human Resources Toolkit helps organisations overcome implementation challenges. 20 Six technologies businesses are using to adapt.
Email: malcolm@contactpub.co.za
Security Focus Africa is a member of
INSTITUTE FOR SECURITY STUDIES 22 South Africa’s renewal begins with the rule of law.
NEWS 24 ACI’s World Airport Traffic Report reveals domestic traffic leading recovery.
securityfocusafrica.com
32
www.securityfocusafrica.com 3
EDITOR’S COMMENT
From our desks to yours, here’s wishing you and everyone in your ambit, a happy, healthy, productive, and successful 2022!
S
tarting 2022 with a bang It would be an understatement to say that the new year has started with a bang (and I’m not talking about Catherine Wheels and other traditional fireworks). In South Africa, we’ve seen Parliament burn, the Constitutional Court physically attacked, some of our judges verbally attacked by a sitting minister, and the handing over of the first of the three reports into state capture by Judge Raymond Zondo to
BULLETPROOF VESTS
Vest stopped R1 during test – letter from Kings shooting range. Available @ R1950 each. 5 or more @ R1500.
Tel 082 443 0227 4
President Cyril Ramaphosa. The controversial AARTO (Administrative Adjudication of Road Traffic Offences Act) has been ruled unconstitutional and invalid by the Pretoria High Court, there have been two more Constitutional Court judge appointments, all provinces are alleged to have peaked in terms of the fourth wave of Covid-19, and the Moti family – whose four sons were kidnapped and then thankfully returned physically unharmed – have reportedly relocated to Dubai. We also buried Nobel prize winner and anti-apartheid activist Archbishop Desmond Tutu. Meanwhile, in the rest of the world, the British prime minister has come under fire for partying during hard lockdown, apologising to the country’s beleaguered monarch who is also dealing with the fallout from court cases linking one of her sons to sexual assault. Tennis champion Novak Djokovic has lost his fight to play in the Australian Open as a result of his refusal to champion Covid vaccinations, concerns are rising that Russia is planning to invade Ukraine,
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
Beijing has pretty much locked down in its bid to attain a zero-Covid rating in time for the February Winter Olympics in China next month, Meta (Facebook) is facing billions worth of fines if it’s found guilty of exploiting user data, YouTube’s also come under intense fire on the back of allegations of disinformation, and former Israeli prime minister Benjamin Netanyahu is trying to end his corruption trial via plea bargain. People are taking to the streets in their thousands globally to protest against mandatory Covid-19 vaccinations, Nigeria, Somalia and other countries are reeling from unending violence, and North Korea has reportedly been testing railway-borne missiles.
securityfocusafrica.com
EDITOR’S COMMENT
A mixed bag with key takeaways It’s a mixed bag of news – some good, some saddening, some alarming. For me, the key takeaways are that every country in the world is winning some battles while losing others, and the importance of legacies and accountability. ‘The Arch’, as he was popularly known, left a huge legacy of compassion, grace, and humour. Others will leave legacies of corruption, criminality, abuse, and selfishness. We all get to choose our legacy, the end result of the way we live our lives, conduct ourselves and treat others. Major events in SA In his 17 January 2022 ‘From the desk of the President’ missive, President Cyril Ramaphosa spoke of South Africa’s entry into the new year as being confronted by two major events “that reminded us, in different ways, of what brings us together as a people. On the first day of 2022, the nation gathered in spirit to bid farewell to Archbishop Desmond Tutu at St George’s Cathedral in Cape Town. It was a moment of great sadness as we recalled the life and contribution of a beloved compatriot who was, in many ways, the moral conscience of our nation. At the same time, his funeral was a celebration of the values he stood for. It was a celebration of the great unity and diversity of our people, and a reminder of the sacrifices made by so many to achieve our democracy.” And then, on 2 January 2022, continued Ramaphosa, “the country watched on in horror as a huge fire engulfed Parliament, just a hundred metres from where we had gathered the day before to pay our last respects to Archbishop Tutu. Apart from the close proximity of St George’s Cathedral and Parliament, what connects these two events is that each reminds us of what brings us together as South Africans: our democracy,” he said. “Just as the fire in Parliament was finally being extinguished (in my opinion, a third major event), Acting Chief Justice Raymond Zondo submitted the first part of the report of the Commission of Inquiry into State Capture. This part of the report details how several public institutions were infiltrated, looted, and severely damaged. These include state-owned enterprises like South African Airways (SAA), the Government Communication and Information System, and the South African Revenue Service (SARS).”
securityfocusafrica.com
The report, while painting a ‘deeply disturbing picture of how key institutions of our democracy were compromised and undermined with criminal intent,’ he said, will hopefully result in better controls around state entities, jail terms and fines for those found guilty of criminality, and a visible improvement with regard to protecting our democracy, our constitution and our judiciary. That it’s going to be another challenging year is a given — as is its potential for personal and business growth. It’s anyone’s guess as to what’s going to happen with the global and national economies, Covid, crime, politics and other events, but we do have control over some significant areas, including the way we embrace change, how we treat people, how we manage stress as well as our mental and emotional wellbeing, and how we use the lessons of the past to build our futures. It’s a new landscape, to quote our MD Malcolm King who, in our first editorial meeting of the year, emphasised the importance of ‘letting the main thing remain the main thing’. Despite the many, many predictions floating around, no one really knows what the future holds. We do know, though, where our core business strengths lie, that advertising pays and that the retention of
top employees has never been more important. We know, too, that hybrid work models are gaining traction as employees rethink their priorities, and that with this comes growing cyber risk. These, however, can be managed, even triumphed over, with the right attitude and focus. In this, our December 2021/ January 2022 issue, our feature article focuses on expert advice with regard to the challenges we’re likely going to face, both on the personal and business fronts. There is also a lot of really good advice in the article. “Problems and challenges are everywhere,” said President Ramaphosa in his eulogy at the Arch’s funeral service, highlighting poverty, racism, inequality, homophobia, gender-based violence, crime and corruption. There were times when Tutu felt let down, and yet he never lost hope, he continued. “The most fitting tribute we can pay to him, whoever and wherever we are, is to take up the cause of social justice for which he so tirelessly campaigned.” Here’s to not only surviving but thriving this year. Be safe, be kind.
Ingrid Olivier, Editor ingridolivier@idotwrite.co.za
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
5
ASSOCIATION NEWS
Update from SASA
P
From the desk of Tony Botes, SASA National Administrator.
rivate Security Industry — Challenges for 2022 The coming year is bound to be the most difficult year for the private security industry, massively impacted by several factors that we have identified and probably many more than we can even imagine – or predict – as the year progresses. Covid-19 The pandemic, which has now been with us since March 2020, is showing no sign of abatement and is expected to continue impacting negatively on the national economy and even more so on the private security sector in South Africa. SASA has, in collaboration with ISIO (International Security Industry Organization), and CAPSI (Security Association of India), developed highly advanced Covid-19 protocols for the private security industry, as we believe that only we can enforce effective measures to minimise, and maybe even eventually eliminate, this biological threat. Unfortunately, our Department of Health has, so far, ignored our approaches of free cooperation in this regard, which is very disappointing! Our security officers face the brunt of the challenges from our population when they try to enforce adequate C-19 protocols and, as such, are also facing extremely high risks in performing these tasks.
6
Consumer resistance Covid-19, and the economic catastrophe it has caused, has resulted in massive consumer resistance to existing statutory increases in remuneration and benefits, which were gazetted in early 2020, before the pandemic, and valid for three years, until the second quarter of 2023. Furthermore, instead of increasing their security complement levels to assist in combating the spread of Covid-19, many clients have, in fact, reduced the numbers of contracted security officers. To compound this, virtually every consumer has demanded rates lower than those in place prior to the pandemic, which leads us to the next point. Non-compliance Unreasonable consumer ‘push back’ has led to a serious increase in gross criminal non-compliance by many security service providers in an effort to retain their existing clients. Such non-compliance can only result in the security officers on the ground being cheated out of their statutory minimum levels of remuneration and benefits, which – in turn – must lead to an elevated level of job dissatisfaction and a sub-standard level of security. Neither of the regulators in the private security industry – PSIRA (Private Security Industry Regulatory Authority) and the National Bargaining Council for the Private Security Industry
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
(NBCPSS) – have the capacity to effectively police the more than 10,500 registered security companies, not to mention the number of illegal unregistered companies that have emerged during the past 18 or so months. Furthermore, mainly because of the consumer resistance to what they see as unaffordable prices for security services, there has been a critical increase in the use of: • unregistered ‘fly by night’ security operators • unregistered security officers (often undocumented foreigners, and some possibly with criminal records) • disguised employment relationships between the security businesses and their employees (independent contractors, also referred to as self-employed security officers, cooperative structures, unregistered ‘learners’ being used as fully qualified security officers, etc.) • security service providers, whether willingly or not, failing to pay over deducted provident fund, funeral scheme, and medical insurance premiums, as well as UIF (Unemployment Insurance Fund) contributions, all of which will have a disastrous impact on the security officers who might lose their jobs, become ill or even die.
securityfocusafrica.com
ASSOCIATION NEWS
There are unfortunately many hundreds of security service consumers who have closed their doors (hopefully not permanently), which has resulted in significant job losses in our industry, despite the fact that a few clients have been proactive and – because of the pandemic – increased their security requirements because of the access control measures required. Whatever the reason, all consumers are under serious pressure to reduce costs and we believe that, in the months ahead, this will result in further job losses. Many consumers are also now employing their own security officers, some blissfully unaware that they should also register with PSIRA as inhouse security employers, and that the minimum levels of remuneration and benefits also apply to them. Without professional supervision, such insourced security is prone to be of a significantly lower quality, which greatly increases the risk to life and property. The use of electronic security measures such as CCTV and electric fence alarms is mostly ineffective if not monitored 24/7, and it is advisable that these be used in conjunction with manned guarding. Such electronic equipment, usually being imported from abroad, is becoming increasingly expensive, mainly because of the poor exchange rates and the increased demand internationally. Furthermore, much of the over-the-counter electronic security equipment is not of a standard that is dependable. We are, however, confident that SASA members, who are bound by an extremely strict code of conduct and compliance requirements, are remaining fully compliant and will continue to do so going forward.
Wage negotiations for March 2023 will commence early in 2022 and it is expected that demands will be unaffordable. We expect the process to be more difficult than ever before, with a possibility of industrial action if labour’s expectations are not met.
Profitability Profit margins in the private security industry have dropped to an all-time low, which will undoubtedly have a negative impact on many of the security businesses, with a logical reduction in service levels and more job losses. The private security industry is due for another statutory wage increase in March 2022, which will likely create more consumer resistance, non-compliance, and unemployment. The private security industry, earlier this year, managed to apply for and was granted certain small but welcome exemptions in respect of allowances and Provident Fund premiums. The last of these will expire in August 2022, which will once again result in a slight cost increase.
PSIRA training standards The PSIRA ‘grade’ training has been in existence since the early 1990s and, understandably, is way overdue for an upgrade, but there’s little doubt that the result will be a ‘double whammy’ for both employers and employees in the industry in terms of time and costs.
securityfocusafrica.com
PSIRA fees PSIRA has just published its proposed new annual fees for security service providers (including inhouse security employers) and security officers, to come into effect from April 2022. We will be engaging with them to minimise the impact on the industry. PSIRA uniform legislation The entity recently promulgated new legislation, in terms of which no uniforms, vehicles or branding could, in any way, resemble or be construed to be that of the SAPS (South African Police Service), SANDF (South African National Defence Force), Correctional Services, municipal/traffic police or any other law enforcement agency. In terms of this new legislation, all shades of blue and camouflage is prohibited, as well as the material or colours of any of the above. Blue is currently the dominant colour in the private security industry, which is going to result in unbudgeted costs for virtually every security company. PSIRA digital transformation The regulator is in the process of totally digitising their registration and renewal processes, which must have cost them millions, which they are going to have to recover from the industry role players, employers and employees.
SAPS and firearm legislation With the Minister of Police intent on reducing the numbers and types of firearms in private hands, there’s going to be a cost impact on the industry while also reducing its ability to fight crime. It’s important to note that South Africa’s private security industry collectively employs more people than the SAPS and the SANDF together. Add to this what
happened in KZN, Gauteng and other areas in July 2021... it is ironic that, while the looting was taking place, SASA was asked by the Minister, via PSIRA, what the private security was doing to assist the police in terms of combating the unrest. Critical risk factors Our national infrastructure – Eskom, Transnet and others – has deteriorated to such an extent that we’re expecting an increase in economic crimes as well as crimes against businesses and individuals (kidnapping, looting and organised and opportunistic offences). Summary We believe that the above factors are going to have a profoundly serious and negative impact on the private security industry, but at the same time, we must and will survive through 2022 and beyond. Benefits of SASA membership: • A strictly applied Code of Ethics • Representation at national and local government level • Industry exposure in the media as well as at major shows and exhibitions • Contacts and networking opportunities • Discounted training courses, events and seminars • Access to a security library managed by UNISA (University of South Africa) • Updates on new legislation and other industry-relevant information • Access to security-related and affiliated associations in South Africa and overseas • The SASA national website • A central administration office • Free digital subscription to Security Focus Africa magazine, the official journal of SASA • A mentorship programme which is designed to guide and assist startup security companies with attaining the compliance standards required to qualify for Gold Membership For more information about what SASA does and how it can help you and your company, please contact: Tony Botes, SASA National Administrator, at: Tel: 0861 100 680 / 083 650 4981 Cell: 083 272 1373 Email: info@sasecurity.co.za / tony@sasecurity.co.za Website: www.sasecurity.co.za
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
7
ASSOCIATION NEWS
News snippets from around the world effort to restore government’s integrity, credibility and capability. But will it happen? Can South Africans really expect a different outcome this time? https://www.thesouthafrican.com/
Time to make ecocide an international crime
8
South Africa holds state funeral for Archbishop Desmond Tutu
U.K. Prime Minister Boris Johnson fighting to save job over Covid party scandal
The funeral mass for South African anti-apartheid campaigner Archbishop Desmond Tutu has taken place at the Anglican Cathedral in Cape Town. Tutu, a Nobel Peace Prize winner who helped end the racist regime in South Africa, died on 26 December 2021 aged 90. In his eulogy, President Cyril Ramaphosa described Tutu as “the spiritual father of our new nation”. Tutu had insisted there should be no ‘lavish spending’ on the funeral and that he wanted ‘the cheapest available coffin’. https://www.bbc.com/
Despite the country being under a strict coronavirus lockdown in 2020, Prime Minister Boris Johnson attended a ‘bring your own booze’ party with dozens of staff members in the garden of his No. 10 Downing Street residence and office. Johnson apologised last Wednesday in the House of Commons as he fought to save his leadership from a growing scandal around a number of reported parties he and his staff held during Covid lockdown. https://www.nbcnews.com/
State collapse and other risks threatening South Africa over the next two years: WEF
It’s imperative that South Africa moves fast on state capture prosecutions
The World Economic Forum (WEF) has published its global risks report, detailing some of the key risks facing South Africa over the coming years. The forum said that Covid-19 and its economic and societal consequences continue to pose a critical threat to the world at the start of 2022. “Vaccine inequality and a resultant uneven economic recovery, risk compounding social fractures and geopolitical tensions. In the poorest 52 countries – home to 20 percent of the world’s people – only six percent of the population had been vaccinated at the time of writing. https://businesstech.co.za/
South Africans now face another moment of accountability. This follows the release of part 1 of the report of the Judicial Commission into State Capture led by deputy chief Justice Raymond Zondo. Media reports suggest overwhelming agreement that the well-detailed and comprehensive report must be followed up to hold accountable those linked in the report to rampant corruption during the reign of former President Jacob Zuma. Indeed, President Cyril Ramaphosa has described the first part of the Zondo Commission’s report as a ‘defining moment’ in the country’s
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
In December 2021 in The Hague, the governing body of the International Criminal Court (ICC) held its annual meeting. The most substantial development, however, was not on the official agenda and did not involve the U.S., China, or other major powers. It happened instead at a designated ‘side event’ hosted by the Republic of Vanuatu and the Independent State of Samoa. There, a new international crime was defined: ecocide. “The time is right to harness the power of international criminal law to protect our global environment,” argued Philippe Sands, cochair of the expert panel that drafted a legal definition of ecocide. The panel defines ecocide as ‘unlawful or wanton acts committed with knowledge that there is a substantial likelihood of severe and either widespread or long-term damage to the environment being caused by those acts.’ If enacted, this law would be a substantial preventative measure in stopping some of the world’s worst climate abuse. https://www.openglobalrights.org/
SANDF members to continue patrols President Cyril Ramaphosa has announced that the SANDF (South African National Defence Force) deployment across the country will continue until March this year. Despite 2,700 soldiers continuing their deployment across the country, however, Cape Flats residents say they won’t make much of a difference. Murder and other violent crime increased over the Festive Season, and residents say much more needs to be done, especially regarding witness protection after they have testified. https://www.enca.com/news/
securityfocusafrica.com
NEWS IN BRIEF Federal agencies warn of Russian hackers targeting critical infrastructure The Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency released a joint Cybersecurity Advisory last Tuesday detailing cyber operations sponsored by the Russian state, including commonly used tactics, techniques and procedures. The advisory also outlines detection actions, incident response guidance and mitigation measures. https://thehill.com/
South Africa’s Ramaphosa says ANC needs renewal to regain support South African President Cyril Ramaphosa has said that the governing party, the African National Congress (ANC), must work to regain popular support after being embroiled in corruption scandals and divided by bitter factional rivalries. Marking the ANC’s 110th anniversary last Saturday, Ramaphosa struck a sombre note, emphasising that the party of Nelson Mandela, which helped South Africa achieve democracy, has lost voter backing. “We must be forthright in recognising, and deal decisively with, the reality that ANC structures are in a poor state,” Ramaphosa said. “Many of them are focused on internal organisational conflicts, factionalism and furthering the self-interest of individual leaders rather than the aspirations of communities they are meant to serve.” https://www.aljazeera.com/
Artificial intelligence carries a huge upside but potential harm needs to be managed Artificial intelligence (AI) and machine learning have the potential to contribute to the resolution of some of the most intractable problems of our time. Examples include climate change and pandemics. But they have the capacity to cause harm too. And they can, if not used properly, perpetuate historical injustices and structural inequalities. To mitigate against their potential harms, the world needs frameworks for the governance of data that are economically enabling and that preserve rights. Artificial intelligence and machine learning operate on the basis of massive datasets from which algorithms are programmed to discern patterns. These patterns can be used to infer new insights and also predict behaviour and outcomes. Increasingly, artificial intelligence and
securityfocusafrica.com
machine learning are being used to substitute human decisions with automated decision-making on behalf of humans… Yet, it all happens in a black box that even the designer of the algorithm may not have access to, so deciding what goes into the box is important. https://theconversation.com/
R14.8 billion, associated with Covid-19 spending from April 2020 to June 2021, was being investigated for procurement irregularities. https://theconversation.com/
Fifth Covid-19 wave will definitely arrive in SA but it will be less severe, the Health Department believes
Europol, the law enforcement agency of the European Union, has been ordered to delete a huge store of personal data gleaned from police agencies in EU member states over the past six years. The deletion order comes from the European Data Protection Supervisor (EDPS), a watchdog body overseeing EU institutions’ compliance with privacy and data protection legislation. EDPS has given Europol a year to review its databases and then remove any data that cannot be linked to a criminal investigation. The total volume of data stored in Europol’s systems amounts to around 4 petabytes according to reporting in The Guardian – equivalent to hundreds of billions of pages of printed text – and includes data on at least a quarter of a million current or former terror and serious crime suspects, along with other people in its contact networks. https://www.theverge.com/
South Africans should brace themselves for more Covid-19 waves, but the good news is that indications are that the worst is over as future variants are likely to be less severe. The National Department of Health and experts have not given an indication of when the fifth Covid-19 wave is likely to hit, with Health Department spokesperson Foster Mohale saying it is just too early to predict. https://www.iol.co.za/
South Africa’s corruption busters: short-changed on funding and political commitment In his 2021 Medium-Term Budget Policy Statement, the country’s finance minister Enoch Godongwana warned that rampant corruption was a persistent issue draining public finances. At the height of the Covid-19 pandemic, South Africans witnessed how corruption further exacerbated the unprecedented disruption to their education, employment, entrepreneurial pursuits and other opportunities for advancement. In September 2021, South Africa’s Special Investigating Unit (SIU) told Parliament that
Europol ordered to delete petabytes of data not clearly linked to crime
Massive electricity price hike on the cards for South Africa South Africa faces a hefty electricity price hike in April this year, despite ongoing load shedding and energy production concerns surrounding Eskom. The National Energy Regulator of South Africa (NERSA) invited stakeholders to comment until Friday 14 January on Eskom’s proposed tariff increases for the country. Eskom chief
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
9
NEWS IN BRIEF
financial officer Calib Cassim has confirmed that the state-owned power utility has applied for an electricity price increase of 20.5 percent for its 2023 financial year, set to take effect from 1 April 2022. https://businesstech.co.za/
Taxi organisation launches campaign in Tshwane to help stop crime against students Students making their way to Pretoria to start their first-year courses must be aware of criminals operating around their campuses and the inner city. This was the warning issued by the SA National Taxi Council (SANTACO) in Tshwane, which has launched an initiative to make new students aware of criminals targeting unsuspecting people. SANTACO’s Tshwane chairperson, Abner Tsebe, said that the local taxi branch has launched a campaign called Tlhokomela (Be Alert) to make prospective students aware of crime in the city. Tsebe said that the taxi industry was working in conjunction with lawenforcement agencies such as the SAPS (South African Police Service) and the metro police. https://www.iol.co.za/
COJ to revive Operation Buya Mthetho to address hijacked buildings and crime COJ (City of Joburg) says it will revive Operation Buya Mthetho to address hijacked buildings, illegal dumping and illegal water and electricity connections, along with other crimes plaguing the city centre. The multi-disciplinary team involves officials from the JMPD (Johannesburg Metropolitan Police Department), SA Revenue Service (SARS), Home Affairs and other law enforcement agencies. Community Safety MMC David Tembe said that the problem was much bigger than abandoned high-rise buildings in the CBD. “One looks at Berea, one looks at Yeoville, even Houghton has been hijacked, and we need to audit and make sure that they are being restored to the rightful owner,” Tembe said. https://ewn.co.za/
Pinsent Masons hires corporate crime and forensic investigations partner in South Africa Multinational law firm Pinsent Masons has hired partner Edward James to bolster its corporate crime and investigations capabilities in South Africa. Joining from South African-headquartered firm
10
ENSafrica, James will work predominantly with the firm’s global energy and infrastructure sectors and will enhance the firm’s forensics, criminal investigations, and compliance capabilities in Africa. Edward is a leading corporate crime and investigations specialist advising clients on compliance, fraud, bribery and corruption, corporate espionage, anti-money laundering, cyber breaches and economic sanctions. He has advised clients across a broad range of industries in Sub-Saharan African jurisdictions including Angola, Botswana, Ghana, Kenya, Mozambique, Nigeria, Rwanda, South Africa, Tanzania, the Democratic Republic of Congo and Uganda. https://www.pinsentmasons.com/
New digital ID system for South Africans The current National Population Register is set to be replaced by the new NIS system. According to BusinessTech, the system will effectively act as a single source of information for all South Africans. “The department is in the process of implementing a single integrated source of biographic and biometric information — to make digital service deliver a seamless reality.” The current disparate civic and immigration systems will produce secure data that will feed into the NIS according to an identity management policy and an updated identification act,” stated a source. Issuing of birth, marriage and death certificates will now be digital. The adjudication of permits and visas will also be done digitally. https://www.thesouthafrican.com/
State capture report: will Dudu Myeni be arrested? Four years later and over 800 pages of part
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
one of the state capture report highlights serious inefficiencies in the country’s state-owned entities. The report lays bare what happened at the national carrier SAA (South African Airways) and its subsidiaries. It also shows how SAA board chair Dudu Myeni got involved in operational matters when she had no business to do so. It is clear from part one of the state capture inquiry report that state capture was alive in South Africa. https://www.enca.com/
39 Northern Cape schools vandalised over the festive season The provincial department of education in the Northern Cape says at least 39 schools were vandalised over the festive season. The department says assessment on the magnitude of the damage is still under way ahead of the reopening of schools in the province https://www.sabcnews.com/
City of Cape Town offering R5,000 reward for information leading to arrests of train vandals The municipality will pay whistleblowers R5,000 if it leads to the positive identification and arrest of those responsible for the stoning of a new train set. The incident took place on its first day of operation in the Steenberg area last week. The City of Cape Town said that the vandalism of critical infrastructure was unacceptable, even if it was perpetrated by young people who thought stoning trains is ‘fun’. Mayor Geordin Hill-Lewis said the city had been without a well-functioning rail service for too long and far too many Capetonians suffered as a result. https://ewn.co.za/
securityfocusafrica.com
CYBER SECURITY
Trend Micro prediction report forecasts cyber fightback in 2022 Report offers actionable insights for overburdened security teams.
G
lobal cybersecurity leader Trend Micro Incorporated predicts that global organisations will emerge more alert and better prepared in 2022 thanks to a comprehensive, proactive, cloud-first approach to mitigating cyber risk. Research, foresight, and automation are critical for organisations to manage risk and secure their workforce. Trend Micro blocked 40.9 billion email threats, malicious files and malicious URLs for customers in the first half of 2021 alone — a 47 percent year-over-year increase. “We have more cybersecurity researchers embedded across the globe than any competitor, and those insights and discoveries are used widely within the industry and power our own product offerings,” said Kevin Simzer, chief operating officer at Trend Micro. “These teams power much of the threat intelligence for which we are renowned.” Trend Micro researchers predict that threat actors in 2022 will focus
securityfocusafrica.com
ransomware attacks on cloud and datacentre workloads and exposed services to take advantage of the large number of employees continuing to work from home. Vulnerabilities will be weaponised in record time and chained with privilege escalation bugs to drive successful campaigns, according to the report. “It’s been a tough couple of years for cybersecurity teams, disrupted by work-from-home mandates and challenged as corporate attack surfaces have exploded in size,” said Jon Clay, vice president of threat intelligence for Trend Micro. “However, as hybrid work emerges and more certainty returns day-to-day, security leaders will be able to plot a robust strategy to plug gaps and make the bad guys work much harder.” IoT (Internet of Things) systems, global supply chains, cloud environments, and DevOps functions will be in the crosshairs. More sophisticated commodity malware strains will be aimed at SMBs. However, Trend Micro predicts that many
organisations will be ready for the challenge as they build out and implement a strategy to proactively mitigate these emerging risks via: • Stringent server hardening and application control policies to tackle ransomware • Risk-based patching and a high-alert focus on spotting security gaps • Enhanced baseline protection among cloud-centric SMBs • Network monitoring for greater visibility into IoT environments • Zero Trust principles to secure international supply chains • Cloud security focused on DevOps risk and industry best practices • Extended detection and response (XDR) to identify attacks across entire networks To read a full copy of Trend Micro’s 2022 predictions report, please visit: https://documents.trendmicro.com/ assets/rpt/rpt-toward-a-newmomentum-trend-micro-securitypredictions-for-2022.pdf
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
11
SECTOR CHALLENGES
Challenges facing the Security Sector in 2022 — and how to deal with them
1.
What’s ‘strong’ with you?
By reflecting back on 2021, we can enter 2022 stronger. These comforting and inspiring words come from Paul Galbraith, counselling psychologist and key opinion leader for FitBit. “We’re usually pretty good at identifying problems, deficits, and what’s wrong with ourselves,” he says, adding that it’s probably easier for most people to write a page about their flaws rather than a paragraph about their strengths. There’s an evolutionary perspective to this, he explains. Humans have evolved to be very successful at identifying risks so that they are able to take steps to
12
manage them. “However, numerous studies have shown that when we focus on developing our strengths, we grow faster and stronger versus just trying to improve our flaws. This comes down to where we focus our energy – when focused on what’s wrong, we tend to get stuck in a loop of ruminating, but when we get better at identifying what’s right, we can cultivate a sense of hope, accomplishment and positivity that gives us momentum. In addition, people who are aware of, and focus on, their strengths, tend to be happier, less stressed, and more confident.” People tend to see others’ ability to cope, survive, and thrive more readily than their own, he continues, citing the findings of a survey by
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
Course5 Intelligence, conducted on behalf of Fitbit in August 2021, and involving more than 13,000 people in twelve different countries (including South Africa). Sixty-eight percent of the respondents named others (parent, friend, spouse, etc.) ahead of themselves, when asked to identify the strongest person they knew, says Galbraith. “While we may not always be great at noticing our own strengths and resources, we do, however, show remarkable capacity to overcome challenges. Fitbit’s survey found that people have been proactively building their mental strength during the pandemic through small and ordinary actions that helped them feel ready to take on each new day.”
securityfocusafrica.com
SECTOR CHALLENGES
To this end, the survey revealed that 66 percent of the respondents prioritised sleep as being crucial for them to feel strong. Physical exercise was vital for 52 percent of them, and 32 percent saw goal-setting as their go-to strategy. Here’s Galbraith’s advice on how to become better — ‘strength detectives’: • Spend some time reflecting on the past week, month or even year. • Pay special attention to what has gone well for you, what you are proud of, and those times when you’ve felt like you’ve been the best version of yourself. The trick here is to consider even the smallest and most ordinary moments. Consider, too, how challenging the last two years of the pandemic have been, along with the things and behaviours which helped you to get through it. • Next, write down what you did to make these things happen — the skills and/or characteristics that under-pinned your successes. • Lastly, imagine yourself in the future, perhaps at the beginning of 2022 or even further ahead, and consider developing or enhancing these attributes to make an even bigger difference to your life. By doing these exercises regularly, you’ll be able to identify your own inner strengths and skills, he says, which can help you grow and thrive in 2022.
2. Digital currencies Love them or hate them, but digital currencies are not only here to stay; they’re also featuring increasingly in the success toolboxes of forward-looking companies.
securityfocusafrica.com
According to Gartner, Inc., 20 percent of the world’s larger enterprises are likely to be using digital currency by 2024 — that’s a mere two years away. “Increasing mainstream acceptance of cryptocurrencies on traditional payment platforms and the rise of central bank digital currencies (CBDCs) will push many large enterprises to incorporate digital currencies into their applications in the coming years,” says Avivah Litan, distinguished vice president analyst in the Gartner IT practice. “Digital currencies will be primarily used by these organisations for payment, a store of value and the ability to leverage high-yield investments available in decentralised finance (DeFi) applications.” Gartner experts have noticed an uptick in interest in digital currency and blockchain applications among CFOs since the start of the year,” says Alexander Bant, chief of research in the Gartner Finance practice. “While volatility of cryptocurrencies remains a concern, anticipation of clearer regulatory guidance, and the advent of CBDCs (central bank digital currency), now offer CFOs more avenues to pressure-test cases for digital currencies.” Bant also points to additional factors that could make digital currency applications more palatable to CFOs in the next 12-24 months: hedging against high inflation, increased regulatory clarity, improved energy usage, and adoption by employees, consumers and suppliers. “There has always been theoretical
appeal in the use of blockchain and digital currencies for CFOs as a means to lower costs, increase transaction processing speed, reach new global customers, move toward continuous accounting and auditing, and create an error-free and fraud-free environment,” Bant says. “We are starting to see some Fortune 500 companies map out scenarios for how they will respond if a country or supplier moved to doing business with only digital currency and what steps they would take as a result.”
3. Business resilience As the world heads ever-deeper into 2022, the need to improve business resilience grows. “Not just for the next six months to a year,” says Brian Baker, Chief Revenue Officer at Calipsa, “but for the long term. Now, more than ever, security businesses need to consider the macro trends that are shaping the growth of the industry as a whole when they plan for the future.” Calipsa’s trends to watch include: 1. Supply chain disruption and staff shortages “Along with staff shortages, 2021 was the year of supply chain disruption,” Baker avers. “According to Accenture, 94% of Fortune 1000 companies have seen supply chain disruption as a result of Covid-19. When goods can’t move quickly from A to B, this has security implications — for the cargo and for the vessel/vehicle. Truck drivers have been held in queues for days on end due to changing Covid restrictions at border crossings, and the movement of raw materials and parts worldwide has slowed its pace significantly,
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
13
SECTOR CHALLENGES
4. New ideas, innovative thinking, and hard work
causing backlogs in multiple sectors. When cargo remains stationary for long periods, there is a risk that criminals will move in, seeing it as an easy opportunity.” He notes, accordingly, the findings of BSI & TT Club’s Cargo Theft Report in which 71 percent of cargo theft took place on or around trucks. “As we discovered in our guide to supply chain security, there are many weak links in the supply chain where criminals can intercept goods — from loading and unloading points, to simply slashing and grabbing goods from a truck on a pitstop. While technology is being used to protect cargo and drivers, according to SIA’s 2022 Megatrends report, even this poses risks,” he warns. “The concern is the ability to put full trust in the source code, firmware, system-on-chip and other hackable elements that exist with any product or solution. In other words, the systems that enable companies to track and trace their vehicles are also susceptible to breaches. This means that even security technology needs to be secured.” 2. Physical security and cybersecurity are merging The line between physical security and cybersecurity is becoming increasingly blurred, Baker says. “It is just as important to protect your security devices and digital assets as it is to protect your physical assets. For some businesses, cybersecurity
14
risks remain a barrier to tech adoption. According to IFSEC Global’s 2021 Video Surveillance Report, 64 percent cited cybersecurity as a barrier to cloud video adoption. This was the number one barrier — interestingly, the third barrier was a lack of understanding/expertise about the cloud. Wider education around cybersecurity risks – both for the cloud and for devices – is key for security businesses moving forward.” And it’s not just the cloud that poses a security risk, he adds. “Many interconnected smart devices – known as the Internet of Things (IoT) – can also leave companies vulnerable. If one device is weak to attack, it is possible for a hacker to use it as an entry point to an entire security system. In the case of the Mirai botnet attack, malware (known as Mirai) managed to infect many IoT devices, including security cameras. These cameras in turn became bots, which bombarded servers with web traffic until finally, they became overwhelmed and went offline. This left much of the USA’s East Coast with no internet for nearly a whole day.” Long story short, he concludes, the systems we’re relying on to provide our customers with the best possible security services are also vulnerable to attack, hence the need to get cybersecurity professionals to assess your systems and stress-test them.
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
Cybersecurity expert Dan Lohrmann, in his GovTech.com blog, singles out new ideas, innovative thinking and hard work as key elements of success in 2022. “This year we again see many familiar themes, with cyber threats around working from home, supply chain, new ransomware, mobile threats, and new twists on cloud threats spread throughout the report. We again see forecasts of more government compliance rules, 5G challenges, APTs (Advanced Persistent Threats), deepfakes getting really dangerous, privacy concerns, and another year of healthy growth in technology and cyber companies,” he says. He predicts a “heavy emphasis on operational technology (OT) cybersecurity with regard to vulnerabilities, threats and impacts; a “strong emphasis on cryptocurrencies and crypto wallet security attacks; more application security vulnerabilities (especially when code is widely used, such as the Log4j vulnerabilities); issues created by a lack of talent and vacancies in public and private sector organisations; and renewed emphasis (but in new ways) on artificial intelligence (AI), autonomous vehicles, drones and other new technologies being hacked.”
5. Leadership trends in 2022 Stephanie Neal is the director of the Center for Analytics and Behavioral Research (CABER), and general manager and lead author of global leadership consulting firm DDI’s Global Leadership Forecast (2022 Forecast: 5 Trends in Leadership). She writes in her blog of the new challenges facing companies and leaders and how to rise above them. Trend 1: The race for top talent heats up “Retaining talent has risen as one of the greatest challenges for organisations, following the pandemic. Many employees have reevaluated what they want out of work as a result of changes over the past year-and-a-half. As part of our Global Leadership Forecast research series, we asked HR executives about the turnover their organisations were experiencing. Before the pandemic, only a third of HR executives indicated they had seen an increase in turnover.” However, she notes, in a recent pulse survey, more than half of the HR respondents (53 percent) reported an increase in staff turnover and of those,
securityfocusafrica.com
SECTOR CHALLENGES
20 percent said it had increased significantly. Her advice to companies with regard to stemming the tide of staff turnover is to do three things: • Instil a sense of purpose “Recent research from McKinsey showed that in response to the pandemic, nearly two thirds of employees have paused to reflect on their purpose in life. And nearly half are reconsidering the kind of work they do. For a large majority of professionals (80 percent), work defines their purpose,” she says. “This sense of purpose needs to come from the top, with senior leaders that inspire employees’ confidence. With a strong company culture, where employees feel they have a sense of purpose, organisations have better employee engagement and retention. • Support leadership capabilities to recover Neal believes that leaders who are effective at delegation, leading virtually, and digital acumen, will play a significant role in retaining staff or promoting recovery when employees leave. • Keep employee wellbeing front and centre “A manager’s role in supporting wellbeing will continue to be crucial long after the pandemic,” maintains Neal. “We (have) found that organisations where managers demonstrate that they care about wellbeing are two to three times better prepared to prevent employee burnout and resulting turnover.” Trend 2: Finding potential in the (virtual) shadows There’s a serious shortage of leaders in critical positions, says Neal, referring to their Global Leadership Forecast series. The results show that only 51 percent of companies had an effective process for identifying leadership potential prior to the shift to hybrid working, she points out, adding that companies can deal with this by identifying and clearly defining success profiles; identifying hidden high-potential talent; and developing virtual capabilities to build leadership talent. Trend 3: Engaging the next generation of leaders Companies need to build an inclusive workplace environment that encourages talent of all generations to thrive and
securityfocusafrica.com
excel, maintains Neal. “New and emerging leaders are looking for more coaching and feedback… (and), additionally, next-gen leaders are more diverse than any other generation we’ve seen step up in the workplace.” Next-gen leaders are also more critical of how their organisations are approaching bias, fairness, inclusion, flexibility, opportunities for growth and the scope to improve their skills outside of their workdays, she adds. 6. And last, but certainly not least, password protection “Password, 123456, qwerty — while passwords which appear on the list of the most common passwords should definitely be retired from use, even a more unique password can be easy to crack if a computer program is tasked with systematically breaking it,” says Katharina Buchholz, data Journalist at Statista, in her article “How safe is your password?” “As seen in data by website Security. org,” she notes, “adding even one upper case letter to a password can already dramatically alter its potential. In the case of an eight-character password, it can now be broken in 22 minutes instead of instantaneously in one second — an increase of more than 1,000 percent. While the added time, in this case, is definitely not good enough to end up with a satisfactory password, the high
security gains of using characters other than lower case letters can be multiplied. When using at least one upper case letter and one number, an eight-character password now would take a computer one hour to crack. Add another symbol and it takes eight. To make a password truly secure, even more characters or more than one uppercase letter, number or symbol can be added. A twelve-character password with one uppercase letter, one number and one symbol is almost unbreakable, taking a computer 34,000 years to crack.”
Contributors Paul Galbraith https://www.paulgalbraith.info/ Gartner https://www.gartner.com Calipsa https://www.calipsa.io/ Govtech www.GovTech.com DDI World Center For Analytics And Behavioral Research (CABER) https://www.ddiworld.com/about Statista https://www.statista.com/aboutus/
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
15
OPINION PIECE
Multi-cloud security doesn’t have to be complicated to be effective, it just has to be consistent As organisations in every industry shift infrastructure and services to the cloud by means of a multi-cloud strategy, their business assets, software and applications become distributed across several cloud-hosting environments.
D
By Kumar Vaibhav, Solution Architect at In2IT .
espite the many business benefits – including agility, flexibility, competitive pricing, scalability, and reliance, to list a few – there are several hurdles that must be addressed when adopting cloud across the business. It can be particularly tricky securing a plethora of clouds due to a lack of visibility across services and providers. With multiple clouds comes multiple layers of risk, such as an increased attack surface, improper user management, constantly shifting workloads, DevOps and automation, all of which can get complicated. Multiple cloud benefits However, cloud security shouldn’t be as complicated as it has become. Despite cloud having been around for more than a decade, there is still this perception that it
16
is ‘new’ technology, which makes people uncomfortable. Cloud is many things, including scalable, reliable and costeffective, but it’s no longer new. While on-premise security and own-data centres is what most organisations think they need to secure their digital assets, the reality is that this is no longer sustainable — it’s time-consuming and cost-intensive to operate and manage, particularly in comparison to the cloud. Security must meet in the middle So how does cloud security compare to on-premise security? Essentially, there isn’t that much difference. It’s easy to think that on-premise is more secure because one has direct control over all the servers, systems and data living in that data centre. However, it’s important to remember when moving to the cloud
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
that all cloud service providers, like Microsoft, Bing and Amazon all have their own security measures in place. The main concern that businesses have when it comes to moving data to the cloud is that they’re uncertain where it will live, but realistically, it’s possible to have the same controls in the cloud as with on-premise security. The two go hand-inhand and security in the cloud is a responsibility that must be shared between the cloud service provider and the customer, depending on the service they’re using. The service provider has to ensure (in line with the SLA) that customer data is safe in their cloud, while the customer has to ensure everything in their cloud, up to the point where it onramps to the service provider, is secured and that their users are properly managed.
securityfocusafrica.com
OPINION PIECE
Users are the weakest link in security Proper user management is particularly important now that the workforce is split between working at home, in the office or out in the field as 80-90% of all cyber breaches or attacks happen because of users. Whether it is users being tricked into giving out credentials, or credentials being compromised by exploiting vulnerabilities, the effect is the same, making it critical to implement and utilise Multi-Factor Authentication (MFA) as part of a stringent Identity Management Program. Password sniffing or spoofing is easy, and there are thousands of ways that attackers can gain unauthorised access to data, but having MFA drastically reduces the chances of getting defrauded from the inside. In addition to MFA, it’s necessary to have a proper access control program in place. Role-based access is one of the most important keys to preventing data leaks. Here, it’s important that not everyone gets the same level of access, and specific users must be granted only the permissions necessary to fulfil their job description. Countering the DevOps risk Securing web-based applications to ensure that they’re not used as attack vectors is as simple as proper testing. One of the main problems with the DevOps approach that’s becoming increasingly popular, because of the agility it enables, is that the fast pace of work can lead to an increase in coding mistakes, which can
securityfocusafrica.com
result in undetected bugs and errors. Attackers can exploit these coding mistakes to gain access to digital assets. To counter this risk, it is necessary to pay more attention to thorough vulnerability testing on the web app, continuously, while following best practices for maps. Although penetration testing can be expensive, this cost needs to be evaluated against the real possibility that a single breach can cause untold damage, both reputational and financial. Protecting against network threats and vulnerabilities in the cloud isn’t much different to securing web apps, and it’s important to ensure that all applications and operating systems are up to date in terms of security patches, along with proper access control through a firewall and a secure perimeter. Access must be on a needs basis only, and when vulnerabilities are detected, these must be addressed as soon as possible. In the case of virtual machines, it’s important to have the appropriate security controls and to pay particular attention to endpoint hygiene. There’s no point in having antivirus protection, or a firewall if it’s incorrectly configured, malfunctioning or not reporting properly. Visibility through simplification Secure Access Service Edge (SASE), as defined by Gartner, can make a difference here. SASE is a security framework specifying that security and network connectivity technologies should come together in a single cloud-delivered platform to enable rapid, secure cloud
transformation. In addition to providing a singular point through which services are delivered to the client, this also streamlines network access and security measures, while eliminating operational complexity by reducing the number of vendors involved and helping to protect the business from third-party vulnerability. This plays a massive role in achieving visibility and transparency in cloud environments, along with the fact that public cloud providers generally have their own compliance requirements to meet such as ISO 20 001, PCI, DSS and HIPAA — all of which may be passed onto the customer. Secure the data wherever it goes Ultimately, the most effective approach to securing anything in the cloud will be one that focuses on securing data both in transit and in motion. Asset protection is important, and visibility is critical given the scalability and flexibility of the cloud. Endpoint protection is required to secure servers or workstations or any machine in the cloud, along with operational security which ensures that when any changes are made, these occur without accidentally opening system loopholes. Monitoring is just as vital, along with vulnerability and penetration testing. Finally, to ensure security and continuity, businesses should avoid putting all their eggs into a single cloud basket. Using multiple clouds ensures that if one goes down, there’s another ready to take its place and ensure security through business continuity.
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
17
OPINION PIECE
Crypto crimes and the South African legal framework By Lesai Seema, Candidate Attorney, checked and released by Shaun Piveteau, Senior Associate at Schindlers Attorneys. As published at https://www.schindlers. co.za/news/crypto-crimes-and-the-south-african-legal-framework-2/
I
ntroduction Unlawful (or at the very least, what appears to be unlawful) cryptocurrency/crypto assets (‘crypto’) transactions have been concluded almost immediately after blockchain technology was developed. The anonymity in the blockchain system, is a complex matter and has added a veil to transactions on the peer-to-peer network system. This has, for obvious reasons, made it ideal for criminals and illicit activity. Over recent years, there has been a sizeable rise in the use of crypto for unlawful transactions. In an attempt to bring the illegal activity under control, South African authorities are considering, amongst other things, extending the current legislation regulating crypto so as to implement certain deterrents to the ongoing unlawful crypto transactions. This article contemplates and considers the South African legislation that will likely extend to these types of crypto transactions. The use of crypto assets to conclude unlawful transactions The unlawful use of crypto can, at this stage, be separated into three main categories – 1. Crypto used to purchase illicit goods or services such as the purchasing of illicit substances; 2. Crypto used to evade statutory requirements such as using crypto to evade tax; and 3. Crypto obtained illegally through, for example, Cryptojacking (Malicious
18
cryptomining) and ‘gimcrack’ crypto investment schemes. In the absence of the introduction of central crypto regulating legislation, it is likely that the offences contemplated in the above categories, will be regulated by various pieces of legislation. Suppose a person has used crypto to purchase large amounts of cocaine, the applicable legislation will likely be the Drugs and Drug Trafficking Act 140 of 1992. On the other hand, the Income Tax Act 58 of 1962 will likely be the applicable legislation in the event that a person has failed to declare income accrued to him from crypto or is utilising crypto to evade tax. However, whilst it is all good and well identifying the relevant piece of legislation, there is a fundamental issue that the legislature will face in its attempts to extent the legislation to create crypto-related offences. A crime recognised by law as a criminal offence? In a South African legal context, the ius praevium principle states that a person may only be found guilty of a crime if the conduct was recognised by the law as a criminal offence at the time that the conduct took place. The ius certum principle states that criminal offences and corresponding sanctions should be demarcated clearly and unambiguously. As such, in order for a person to be found guilty of a crypto-related offence, the legislature, in its attempts to create crypto-related offences, will need to comply with the ius praevium and ius
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
certum principles. Simple enough, right? Wrong! At this stage, the South African Reserve Bank does not recognise crypto as legal tender and crypto remains largely unregulated within the South African legal framework. Moreover, in order for the South African justice system to work effectively, the South African Police Service and other law enforcement officials need to be in a position to identify the perpetrator/suspect in question. If the suspect cannot be identified, he cannot be prosecuted, regardless of whether a criminal offence exists. Unfortunately, anonymity in crypto and, more specifically, the blockchain system is a complex issue, one which creates a nightmare for the South African legislature. How do you formulate a criminal/statutory offence in circumstances where the suspect is nearly always unidentifiable or untraceable? In the circumstances, prior to the legislature extending or creating cryptobased legislation and corresponding offences, it will need to be possible for law enforcement officials to de-anonymise the user. Until then, it is uncertain whether this is possible. Conclusion Recovering and prosecuting crypto assets will be a complex process, considering the lack of regulation and the uncertainty of whether the current legal framework extends to crypto. The Finance Sector Conduct Authority will need to get over the regulation hurdle first in order to be in a position where it can consider formal investigations and law enforcement. As it stands, crypto is not considered legal tender in South Africa. This will raise further definition and regulation issues when transactions are concluded in foreign jurisdictions — South Africa may have to consider collaborative legislation with foreign countries and treaties alike. What is needed is a proactive approach and a firm implementation of the policies and frameworks contemplated in the IFWG Crypto Assets Regulatory Working Group Position paper on crypto assets. Value With the rise in illicit uses of Crypto Assets over recent years, it is important to consider the laws that these unlawful transactions are breaking and where crimes are committed — how will the authorities and regulatory bodies apply/extend the existing legal framework?
securityfocusafrica.com
TECHNOLOGY UPDATE
Artificial Intelligence (AI) for Human Resources Toolkit helps organisations overcome implementation challenges By Safaa Khan, World Economic Forum, safaa.khan@weforum.org
• The expansion of artificial intelligence in human resources tasks raises data privacy and bias concerns. • The toolkit aims to help organisations and human resources professionals navigate the opportunities and perils of using artificial intelligence for tasks such as hiring and training. • Trials of the toolkit were convened by the Centre for the Fourth Industrial Revolution Turkey in two manufacturing companies, Türk Traktör and Mercedes Benz Türk, and resulted in valuable insights such as regular bias monitoring. • An accompanying white paper discusses the lessons learned from the project and new issues that are on the horizon for AI in HR such as regulation and ensuring the benefits of AI in HR are shared. • Read the toolkit and full report here.
T
he World Economic Forum has published the ‘Human-Centred AI for Human Resources: A Toolkit for Human Resources Professionals‘ to scale the responsible use of artificial intelligence in Human Resources (HR). The toolkit includes a guide covering key topics and steps in the responsible use of AI-based HR tools, and two checklists — one focused on strategic planning and the other on the adoption of a specific tool. There are now 250 HR tools that use AI, according to the paper. These tools aim to manage talent in ways that are more effective, fair, and efficient. However, the use of AI in HR raises concerns given AI’s potential for problems in areas such as data privacy and bias. The use of AI in HR also poses operational, reputational, and legal risks to organisations, especially with recent moves,
securityfocusafrica.com
in several countries, to regulate its use. There is, therefore, high interest in AI in HR but also apprehension, and organisations are looking to navigate this increasingly complex landscape. To help organisations overcome these challenges, the World Economic Forum brought together over fifty experts in HR, data science, employment law, and ethics to create a practical toolkit for the responsible use of AI in this field. “The use of AI in Human Resources is becoming prolific and yet it can be riddled with ethical AI problems such as bias. For this and other reasons the EU has named it a high-risk use of AI. This multi-stakeholder work helps all users to take the right decisions when using these tools,” said Kay Firth-Butterfield, Head of AI and Machine Learning at the World Economic Forum. The toolkit contents were reviewed by over 300 HR professionals in private, public, and civil society organisations through focus groups, workshops, and in-depth pilots. “As large companies innovate with a growing variety of technological tools related to talent and people strategy, questions abound as to how to ensure that technology is used responsibly and effectively. The Human-Centred AI for HR Toolkit is a practical guide to the responsible use of AI in HR that we hope will assist HR professionals to properly assess AI tools, improve diversity and inclusion outcomes, and support ethical AI practices for their organisations,” said Ani Huang, Senior Vice President of the HR Policy Association. “As the workplace continues to evolve, HR professionals must embrace technologies – such as AI – to better
understand employee and business challenges and recommend evidence-based solutions. This toolkit will be helpful for HR professionals in making better informed decisions when using AI in Human Resources,” said Alexander Alonso, Chief Knowledge Officer for the Society for Human Resource Management. Özgür Burak Akkol, Chairman of the Board at the Turkish Employers’ Association of Metal Industries (MESS) said: “Artificial intelligence can provide the best outcome once it’s designed in a human-centred approach. The research that we initiated in Turkey showed that the HR department is not yet equipped with the required capabilities to manage the future of the workforce and cultivate the culture for the 4th Industrial Revolution. Two workshops and pilots that reached more than 250 companies’ HR heads proves that the designed toolkit is very effective in providing the key considerations for the use of AI for HR and support the cultural transformation for the 4th Industrial Revolution.” The accompanying white paper published along with the toolkit highlights the lessons learned from the project and piloting experiences, and discusses new issues that are on the horizon for AI in HR. This project was led by World Economic Forum Fellow, Professor Matissa Hollister from McGill University, in collaboration with Fellows from Baker McKenzie and New America, and the Centre for the Fourth Industrial Revolution Turkey, an affiliate centre of the World Economic Forum established by the Turkish Employers’ Association of Metal Industries (MESS) and the Republic of Turkey Ministry of Industry and Technology.
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
19
TECHNOLOGY UPDATE
Six technologies businesses are using to adapt This year, many businesses ramped up their digitisation strategies which are changing the ways that businesses operate altogether. Remote working drove big changes in how we communicate, collaborate, and work together. And technology is at the core of how business owners are adapting. By Warren Bonheim, Managing Director of Zinia.
T
he one thing about shifts – such as the global pandemic and technology – in how we work is that they bring with them a multitude of ways that businesses can adapt to be better. Warren Bonheim, Managing Director of Zinia, a leading ICT and telecoms provider, shares six essential technologies that businesses can affordably implement to adapt. Telephony — enter the cloud As the pandemic shifted us into a remote-working scenario, many companies using traditional telephone systems – PBXs – did not have the flexibility to shift quickly. Hosted PBX enabled remote working in a massive way. The PBX is hosted in the cloud at a telecom provider’s premises, your telephone network runs through the Internet Protocol (IP), versus traditional phone-line infrastructure and is fully managed by a provider. This gives your employees the same telephony functions as if they were in the office, and your customers a professional
20
experience with your company. Employees can receive and make calls professionally from anywhere as long as they have access to the Internet or mobile data. Via an app on a mobile device, their phone becomes an extension of the company PBX and employees can make and receive calls as if they are sitting at their desk. Cloud business software — hello remote-working Your employees need to continue using business office technology that they are highly familiar with. They need to access these systems wherever they are on any device. With software such as Microsoft 365 in the cloud, employees are able to stream all their applications, data and tools – including their personalised settings – from the cloud to any device whether it is a laptop, computer, iPad or mobile phone. Employees can work from anywhere, provide a consistent customer experience, and they can do their work productively. Virtual meetings became the norm,
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
enabled by technologies like Microsoft Teams, Zoom, Skype and Google Meet. One thing we saw companies embrace are integrated systems such as Microsoft, where work, collaboration and communication happens within one business ecosystem; with Teams for example, employees have the ability to share files, organise meetings from their calendar and sync with other office apps. Productivity — data for managers The productivity of your employees is the driving force of your business. And in the fast-paced new world of teams working remotely, and in the office, making sure everyone is achieving their full potential is a challenge for most companies. Productivity technologies have emerged which provide workforce analytics to help you understand your people and how they work on their computers. Innovative employee monitoring software allows managers to gain real-time insights via easy-to-understand dashboards, graphs, and reports, to know how their team is doing and when to take action if needed.
securityfocusafrica.com
TECHNOLOGY UPDATE
Virtual… well, everything Virtualising almost everything is definitely here in a big way. This means that your company can use a virtual – instead of an actual version of something – for example a server, network, operating system, or storage device. Some of the benefits you can take advantage of is having quicker backups and easier disaster recovery if something should go wrong — you can literally move – say a virtual server – quickly and be back up and running in no time. Also, virtualising your environment means lower costs because you don’t need expensive hardware. Managed Services — outsourcing to specialists As managing costs become key in a downturn, looking for ways to ensure accurate budgeting or reigning in IT costs is key. Through managed services, which means outsourcing parts or all of your IT to a specialist, you are able to focus on your core business while saving on high IT resource costs. These companies have invested heavily in smart systems which allows them to provide a host of services for SME’s at an affordable fee. From IT support, anti-virus protection, backups, cybersecurity, network management… you name it, these days most managed service providers can take care of your IT, while you focus on growing your company. Artificial Intelligence — let’s go automation Automation is one of the biggest breakthroughs in business today, essentially allowing you to use tech to deliver or get services without any human intervention. From an IT perspective, a human is able to do only so much in the time they have. You now have the ability to automate 1,000s of routine IT tasks, plus using AI tech you can (are able to) now anticipate, diagnose and fix any issues that crop up before they become a problem. This kind of proactive approach to tech means that your IT environment is not constantly breaking down, which can be very costly. So, there you have it, the six technologies businesses are using to take full advantage of digitisation and to adapt to the new world of work. About Zinia Founded in 2009, Zinia is a forwardthinking company focused on providing Internet, Voice and IT solutions that
securityfocusafrica.com
underpin business success. Zinia’s goal is to provide decision-makers with solutions they can depend on, taking away the headache of managing technology and enabling them to focus on the business. In its twelve-year history, Zinia has grown into a formidable force, from humble beginnings as a wireless ISP to today’s position as a leading Telecoms and ICT company with over 80 staff, a national footprint and a service culture that customers rave about. Warren Bonheim, Zinia Co-founder and Managing Director Warren is the quintessential self-made entrepreneur with the drive and humour of Richard Branson and the wisdom of Jack Welch. Despite multiple challenges over the years, his resilience and passion for constant improvement have led him to become the impressive leader he is today. At 40 years of age, Warren is the MD of Zinia, a highly profitable multi-million rand business that continues to grow year on year since its inception in 2009. Zinia is focused on delivering the best IT, Internet and voice solutions for business with an unparalleled service experience — a positioning that has resonated with the market, fueling the company’s growth even during tough market conditions. When he established Zinia at the age of 29, his experiences as a twenty-something entrepreneur had matured and shaped his business acumen. Zinia from the outset was run like a big business with tight controls, a strong management team, statistics to inform decision-making and a process methodology that revolves around simplicity and innovation. With a strong leadership team in place, Warren enjoys the freedom he has to develop and execute growth strategies for Zinia, which is a role that matches his energy and drive 100%. With a passion for seeking ‘what’s next’ and constantly improving, Warren is the perfect leader to drive the future of Zinia. Warren’s early story is a compelling one. Starting out at 19, he navigated the ups and downs of being a rookie in sales, working for various companies including Kirby, Health & Raquet Club, Red Devil Energy drink and Nashua. Working at a small telecoms company was a turning point for Warren, where he was taken under a sales manager’s wing and taught an effective sales methodology which saw him go from zero to hero in a matter of months.
After achieving great success where he broke company sales records, his passion for entrepreneurship had grown and at the age of 22, he established a PABX and Premicell business in the telecoms industry where he made his first Million in one year. With no support other than his and a business partners’ own money, in the early days he talks about how they scraped through the day eating very little, were on the road five to six hours a day and worked from a dingy office above a curry manufacturing business. While this time of his life was challenging, it became a driving force fueling him forward — he never wants to sit on a pavement sharing a cheese roll and juice box between two people or smell curry at 6am in the morning again! In the next seven years, he grew his business to a staff compliment of 50, billing a couple of million per month. He learnt a lot about running a business in those years and cites the following as his biggest learnings, “you can never assume tomorrow will be great, never lose sight of who you are and what got you there, and always keep your fingers on the pulse of the numbers.” These were the reasons he threw it all away at a young age and had to begin again with not so much as a rand in his pocket or a business card. The idea had formed in his mind to create a Wireless Internet and Voice provider with a difference. He made the business a reality and Zinia was born. This time Warren’s drive and vision were backed up with almost a decade of ICT knowledge and 7 years of business management experience. With the understanding that you need to sacrifice in the beginning to build a profitable business, Warren and the team he brought in initially sacrificed salaries and heavy expenses to focus on creating a smart, innovation-driven business that would be sustainable, well-run, efficient and profitable. Zinia has since grown into a leading ICT and Telecoms company offering IT, internet and voice telecoms solutions that underpin business success. In its twelve-year history, Warren has grown the company into a formidable force, from humble beginnings as a wireless ISP to today’s position as a leading Telecoms and ICT company with over 80 staff, a national footprint and a service culture that customers rave about. There is no doubt that Warren will lead Zinia to further heights in the telecommunications space.
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
21
WELLBEING ISS TODAY
South Africa’s renewal begins with the rule of law A competent and trusted executive-level official is needed to drive the country’s criminal justice reform. By Andrew Faull, Senior Researcher, Justice and Violence Prevention, ISS Pretoria. Republished from https://issafrica. org/iss-today/south-africas-renewal-begins-with-the-rule-of-law?utm_source=BenchmarkEmail&utm_campaign=ISS_ Today&utm_medium=email. Photo: Amelia Broodryk/ISS
S
outh Africa’s prosperity depends on the rule of law, trust between police, prosecutors and the public, and a criminal justice system that treats all people fairly. These were some of the key takeaways from a week-long exchange between top German and South African police and prosecutors in Munich in October.
22
The South African delegation also included representatives of the Nelson Mandela Foundation, Presidential Economic Advisory Council, Civilian Secretariat for Police Service, and the Institute for Security Studies. It’s estimated that between 2014 and 2019, South Africa lost R1.5 trillion to corruption, while the cost of violence in 2021 is likely to be 15% of GDP.
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
Reforming the criminal justice system to address such harms, inspire trust in the state, and restore economic confidence was a focus of the trip to Germany. South Africa’s President Cyril Ramaphosa was elected on an anti-corruption ticket in 2018 and has taken steps to deliver on his promises. He’s appointed new heads for the Directorate for Priority Crime Investigation, National Prosecuting
securityfocusafrica.com
SUCCESS ISS TODAY STORY
During the Europe visit, German prosecutors and police and their South African counterparts agreed that the primary role of the democratic state was to create a safe, secure environment for its people. This was best achieved through the equal application of the rule of law. Reflecting on this, Nelson Mandela Foundation CEO Sello Hatang said, ‘Security for all is promised by both the South African and German constitutions, but we too often fail to deliver it for our people. … We must judge a country by how it creates a safe environment for all its citizens, particularly its most vulnerable people.’
Criminal justice reforms in the NDP and other reviews spanning the past 15 years haven’t been implemented
Authority (NPA) and South African Revenue Service. He has strengthened the Special Investigating Unit, established the Investigating Directorate in the NPA and a National Security Council, and hired a National Security Adviser.
Despite Ramaphosa’s efforts, few perpetrators of grand corruption or serious organised crime have been prosecuted Despite this, the damage of over a decade of poor governance and state capture under the Zuma administration mean that few perpetrators of grand corruption or serious organised crime have been brought to book. This includes the alleged instigators of the July unrest. Weak rule of law has compounded cycles of deteriorating investor confidence, a stagnating economy and rising unemployment. When citizens perceive the state as corrupt, unable to keep them safe or create jobs, they’re more likely to engage in illicit economic activities, avoid tax and use personal or vigilante violence to solve problems. Unchecked corruption and violence create conditions of societal unravelling.
securityfocusafrica.com
Germany differs because this principle is spearheaded by police and prosecutors whose high-level goals are ‘truth and justice.’ The South African approach involves achieving crude statistical performance targets that may look good on paper but fail to improve public trust or safety. In Germany, police and prosecutors can enforce the law without political interference and approach all they do with the imperative of promoting trust in the state. For this reason, the Bavarian Police is one of the most trusted organisations and sought-after employers across both public and private sectors. Contemplating the implications of this message, head of the South African Police Service (SAPS) contingent, Deputy-National Commissioner Lt-Gen Liziwe Ntshinga, noted that, ‘Law enforcement agencies can only gain the public’s trust if they perform their duties as competent, respectful professionals.’ Similarly, National Director of Public Prosecutions Shamila Batohi suggests that if South Africans see and believe that the country’s law applies to all equally, trust in the state will rise. This will allow for investment and economic activity, more jobs and a growing tax base, and a government better able to provide services to millions of people in need. An example of this potential is the night-time economies of more peaceful industrial states. At night, many South
Africans stay at home, neither earning nor spending money. With improved safety, this could instead be a significant period of productivity and entertainment with positive spinoffs in well-being, employment and economic growth.
The UK’s night-time economy was the country’s fifth largest industry in 2019, accounting for 8% of jobs In the United Kingdom for example, the night-time economy was the country’s fifth largest industry in 2019, accounting for 8% of all jobs. But for this to develop, people must feel safe leaving their homes at night, keeping their businesses open, travelling on public transport, carrying cash, and interacting with strangers after dark. None of these is common in South Africa. However, this is the South Africa envisaged by the government’s 2012 National Development Plan (NDP) – where all people are safe and feel safe, and where dignity and opportunity are abundant. Yet the notable criminal justice reforms in the NDP and numerous other reviews and policy documents spanning the past 15 years have not been implemented. Ramaphosa should appoint a member of the executive to coordinate and manage implementation of the sevenpoint plan in the 2007 criminal justice review adopted by the cabinet and reiterated in the NDP. This individual – who shouldn’t have executive powers – should lead the realignment of the criminal justice system, its performance measures and targets, budgetary allocations, generation and use of evidence-based practices, and more. In turn, police and prosecution heads must hold the executive, each other and those below them accountable to the law, to their respective codes of conduct, and public service values. Political support and dedicated criminal justice system leadership, combined with rigorous training and meritocratic promotions, can turn South Africa’s law enforcement agencies around. By aligning performance cultures, fostering respect between agencies, and supporting one another’s organisational reforms, the NPA and SAPS can drive South Africa’s social and economic renewal.
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
23
NEWS
ACI’s World Airport Traffic Report reveals domestic traffic leading recovery Top 10 busiest airports for passenger and cargo traffic confirmed Airports Council International (ACI) World has today released its 2021 World Airport Traffic Report (WATR), along with data showing the lasting impact of Covid-19 on air transport demand.
A
ccording to the report, the Covid-19 outbreak reduced the number of passengers at the world’s airports by more than 5.6 billion in 2020 and is forecast to remove an additional 4.6 billion passengers by the end of 2021, compared to 2019 volumes. Global passenger traffic in 2021 is expected to reach only half of what it was in 2019, totalling only 4.6 billion of the 9.2 billion passengers served two years ago. The world’s airports also saw a sharp reduction in global aircraft movements in 2020, decreasing by 39.5% to reach only 62 million.
24
The pandemic, however, had a less severe impact on global air cargo volume, largely driven by the requirement for personal protective equipment (PPE) and the increase in online retail. Nevertheless, global air cargo declined by 9.6% in 2020 compared to 2019, with 108 million tonnes handled in 2020. Global passenger traffic: domestic traffic leading recovery Due to Covid-19-related travel restrictions worldwide, domestic passenger traffic continued its trend – from 2020 into 2021 – of recovering faster than the international market — especially in China
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
and in the US, the latter being the world’s largest domestic market. Globally, domestic traffic was expected to continue to increase, reaching more than 3.1 billion passengers by the end of the year, a level corresponding to 58.5 percent of that achieved in 2019. The US is now home to only three of the top 10 busiest airports in the world, Chinese airports filling the seven other top positions in 2020. Traffic at Atlanta (ATL) – which had been the world leader for passenger traffic since 2000 – fell 61.2% in 2020, causing it to cede the top spot to Guangzhou (CAN) as the world’s busiest airport for passengers.
securityfocusafrica.com
NEWS
Dallas/Fort Worth (DFW), the world’s tenth-busiest airport in 2019, moved up to fourth-busiest in 2020. Before the pandemic, four of the ten busiest airports in Asia-Pacific were Chinese airports. As a result of the Covid-19 outbreak and then the rapid recovery of its domestic passenger market, seven airports in China now reside in the top 10, six of them new to the list. Many Asia-Pacific international hubs suffered major losses due to their dependence on international passenger traffic and did not make the top 10 in 2020, such as Beijing (PEK), the busiest airport in 2019, and Tokyo (HND), the second-busiest airport in 2019. The Asia-Pacific region covers a sizeable geographical area, however, and has recently shown some signs of a slowerthan-expected recovery. This is due to many countries remaining closed to international travel, inevitably impacting all regions — as Asia-Pacific has been the main region driving growth in the global air transport industry over the last decade. Global cargo traffic: fuelled by PPE, vaccines, and online retail Despite the general feeling that air cargo volume boomed in 2020 because of the requirements for personal protection equipment (PPE) and later for vaccine shipments, the decrease in passenger-
securityfocusafrica.com
aircraft movements – which severely limited the availability of belly-cargo capacity – offset gains from shipments of PPEs and online retail merchandise. According to the report, about 11.5 million metric tonnes less of air cargo were carried in 2020, returning the industry to 2015–2016 tonnage levels, and the Covid-19 crisis is expected to remove more than 3.6 billion passengers for 2022, representing a 28.3% decrease from 2019 levels. The performance of individual airports in the top 10 busiest cargo hubs differed significantly from 2019 rankings. Memphis (MEM), the global hub for FedEx, saw volume grow 6.7% in 2020. Its growth helped MEM take the top place in 2020, reclaiming the number one ranking held by Hong Kong (HKG, down 7.1% in 2020), since 2010. Shanghai (PVG, up 1.4%), Anchorage (ANC, up 15%), and Louisville Muhammad Ali International Airport (SDF, up 4.6%) – home of another major consolidator, United Parcel Service – complete the top five busiest airports for air cargo. Airports heavily used by all-cargo carriers or major consolidators experienced much better performance in 2020 compared to airports relying on international passenger movements for belly cargo capacity. “The impact of Covid-19 has completely altered the airport sector as
seen in the busiest passenger and cargo traffic rankings,” ACI World Director General Luis Felipe de Oliveira said. “The 2021 World Airport Traffic Report provides in-depth analyses into the impact of the pandemic on airport passenger, movement, and cargo traffic from a global and regional perspective — enabling airport stakeholders to make data-driven decisions as airports and the aviation sector work towards a sustained long-term recovery. “The economic value driven by airports cannot be understated when it comes to facilitating business and leisure travel, trade, and the subsequent GDP, jobs, taxes, and associated social benefits. Air traffic is the lifeblood of the airport business, highlighting the necessity of government action to promote safe travel – including a coordinated and risk-based approach to testing and vaccination – rather than enforcing full-scale restrictions and blanket measures.” To highlight the resiliency and rich past of the sector, for this year’s report, ACI World has collaborated with AirportHistory.org to provide ‘time capsules’ that depict the history of eight airports spread over six continents. Each capsule contains a selection of carefully curated images from the AirportHistory.org archives as well as historical facts that exemplify the evolution of the industry.
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
25
PERSONALITY XXX PROFILE
Judge Jody Kollapen Meet newly sworn-in Constitutional Court Judge Narandran ‘Jody’ Kollapen. Judges Matter website: https://www.judgesmatter.co.za/judge-jody-kollapen/ Photos and information credits: Oupa Nkosi, Mbekezeli Benjamin.
I
nfluenced by his mother, who was arrested twice for participating in anti-apartheid marches in South Africa in the 1950s, and his uncle, who was a ‘kind of paralegal’, Narandran ‘Jody’ Kollapen knew, while still a young boy, that he wanted to pursue a legal career. A man who is and has always been passionate about civil rights, his legal journey has seen him grow from an attorney to a judge in South Africa’s Constitutional Court, an appointment made public by President Cyril Ramaphosa on Christmas Eve 2021. The highest court in the country, the ConCourt is presided over by Deputy Chief Justice Raymond Zondo, among others.
26
The early years Jody was born to a seamstress mother and a waiter father on 19 May 1957 at a nursing home in Lady Selbourne. Of Indian origin, he and his family lived in Marabastad until they were forced to relocate to Laudium in the 1960s as a result of the notorious Group Areas Act. He returned to Marabastad to practice as an attorney after graduating from Wits University with a B.Proc and LLB. Civil society service Over the years, Kollapen’s unflagging commitment to civil rights saw him coordinating the ‘Release Political Prisoners’ programme for Lawyers for Human Rights (LHR); joining the South
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
African Human Rights Commission (SAHRC) first as a commissioner and going on to become its head; occupying the position of national director of Lawyers for Human rights (LHR); being part of the selection panel that chose the commissioners for the Truth and Reconciliation Commission (TRC); and working with the Legal Resources Centre, the Centre for the Study of Violence and Reconciliation, IDASA (Institute for Democratic Alternatives in South Africa, later to become known as the Institute for Democracy in South Africa), and the London-based Article 19 (an international human rights organisation that works to defend and promote freedom of expression and freedom of information worldwide).
securityfocusafrica.com
PERSONALITY PROFILE
High profile cases During the course of his lengthy career, he’s worked on a number of high-profile cases, including the Delmas Treason Trial, the trial of the Sharpeville Six and the case involving South Africa’s Medical Council’s failure to investigate the circumstances surrounding the death of Steve Biko in police custody in 1977. High court judge In 2011, Kollapen was appointed to the position of Judge of the High Court of South Africa, Gauteng Division. Some of his most eminent judgments, according to Judges Matter (an independent transparency project that monitors the appointment of judges, their discipline for misconduct and the governance system of the judiciary in South Africa) included ‘Hennie and Others v Minister of Correctional Services and Others‘ where he granted an urgent interdict allowing prisoners to use laptops in their cells to study. As Justice Kollapen, he presided in the Limpopo textbooks case, reprimanding the National Education Department and its Limpopo counterpart for its failure to deliver textbooks to schools in the province, and handing down a structural order outlining deadlines for textbook deliveries. Other interesting cases, continues Judges Matter, were one in which he ordered a father to return a horse to his teenage daughter after he’d taken it away from her as a punishment, and another in which he instructed ‘warring factions of the International Pentecost Holiness Church to work together.’ Further, as reported by Daily Maverick, Kollapen was on the panel of High Court judges that unanimously ‘dismissed with costs ANC secretary-general Ace Magashule’s application to have his suspension declared illegal’. And finally… a ConCourt judge Prior to his ConCourt appointment at the end of last year, Kollapen was ‘unsuccessfully interviewed’ in 2017 and then again in 2019, despite serving two terms as an acting judge of the very same court. Says Judges Matter on its website: “Kollapen appears a ‘big picture judge’ who is emboldened by the transformative vision of the Constitution and the potential for the law to create a more equitable society. In Helen Suzman Foundation v Judicial Service Commission (JSC), the applicants had sought to make
securityfocusafrica.com
public the private deliberations of the JSC in deciding which candidates to nominate to the president for appointment. The Helen Suzman Foundation argued that these could be disclosed under rule 53(1)(b) of the Uniform Rules of Court as part of the record of its proceedings. Kollapen, with fellow acting judge Dumisani Zondi concurring, wrote a separate dissenting judgment, saying: “Openness is also double-sided. It is imperative that what is constitutionally necessary is seen and heard. However, in order to ventilate what must be seen and heard and to preserve certain core constitutional values, there also has to be an environment in which open and uncensored debate flourishes.” Kollapen is ‘mindful of the separation of powers doctrine’, as well, notes Judges Matter, citing Eskom’s urgent high court application in 2020 for permission to increase its tariffs, pending a review of the National Energy Regulator of South Africa (NERSA). “Kollapen found that separation of powers considerations militated ‘strongly against the Court responding to such an invitation to set a tariff’, and that the court was in any event ‘also not equipped to make the kind of determinations’ required of it. The balance of convenience thus did not favour the granting of the interdict and the application was dismissed.” Being mindful of human dignity and court costs When interviewed by the JSC last year,
says Judges Matter, “Kollapen was clear about the transformative role the judiciary should play in South Africa and… mindful of the inaccessibility of the courts for the poor.” “Judges should remain human and uphold human dignity. A judge needs to be mindful of the enormous amount of resources it takes to get to court,” Kollapen said. Personal Judge Kollapen and his wife Rani have three daughters, one of whom – attorney Kiyashni Kollapen – posted this on LinkedIn, following his ConCourt appointment: “ “Dad, I would like to congratulate you on your appointment to the Constitutional Court. Many years of dedication and passion devoted to human rights and public interest work have paid off and I don’t know anyone more deserving of this than you. I have never seen someone so passionate about what they do… I don’t think many people understand it first-hand like your family does, but I honestly don’t know how you do it, juggling being the most supportive and loving father, husband, grandfather, brother, uncle etc. whilst still giving your all to your work and also contributing tirelessly to the social reconstruction of our society. All that I know is that we are very blessed to have a father and role model like you… A hearty congratulations to Justice Mathopo on his appointment as well.”
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
27
SECURITY IN ACTION
Dr Paul Dunn, IHMA chair.
Growth for holography in 2022 as covid and other threats continue to impact, says global trade body Covid threats and increased illicit trade and counterfeiting are among the factors set to drive hologram growth in 2022, particularly for authentication purposes.
T
he International Hologram Manufacturers Association (IHMA) says that authentication and track and trace systems, which feature holograms, will help to underpin international efforts by government and law enforcement agencies to bolster overt and covert protection strategies in the next 12 months. Fake Covid cards, documents and vaccines will remain a big security threat
28
in the months ahead, so government, law enforcement authorities and global supply chains must review their anticounterfeiting plans and investment in security resources. Growth in security devices appears ‘strong and potentially lucrative’, says the IHMA, following The Future of AntiCounterfeiting, Brand Protection and Security Packaging to 2026 and other reports predicting increasing incidences of global counterfeiting alongside
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
Dr Paul Dunn, chair of the IHMA.
securityfocusafrica.com
SECURITY IN ACTION
heightened awareness of tracing technologies. These indicate that brand protection, track-and-trace and other anticounterfeiting technologies in packaging will increase in use as economies wrestle with the impacts of Covid. The packaging industry will continue to benefit in the coming months from the use of anticounterfeiting solutions, particularly as fears over shortages of medicines, pharmaceuticals and vaccines in many parts of the world drive demand for counterfeit and illicit products. Security devices such as holograms on packaged goods can ensure quality and check the distribution and smuggling of illicit products while items not displaying them can be seized and destroyed. There is a growing volume of fake medicines on sale in developing countries, according to the World Health Organisation (WHO), while Interpol has reported an increase in fake medical products. Seizures of fake Covid tests and personal protective equipment (PPE)
securityfocusafrica.com
have also been reported by the US CBP and the World Customs Organisation. Added to this, the economic damage wrought by Covid – including tax hikes, global shortages of raw materials and finished goods, rising prices and falling incomes – is providing fertile ground for illicit trade to flourish. This situation is set to continue in the next 12 months, the IHMA predicts, while growth in authentication devices will stay ‘strong and lucrative’ on the back of forecasts that the market for anti-counterfeit technologies on pharmaceuticals and cosmetics products will grow. The overall global market for anti-counterfeit products on security packaging is projected to be worth in excess of US$188 bn by 2025. A poll has revealed that almost 50% of hologram manufacturers and suppliers are seeing an increase in demand from customers, specifiers and end-users for holographic devices and technologies. This indicates that hologram users will continue to be concerned about the impact of counterfeiting on supply chains as the pandemic continues to be felt well into new year. IHMA chair, Dr Paul Dunn, said: “Counterfeiting puts governments, companies and the public at risk and must be tackled effectively to minimise the impact on society. We look forward to seeing supply chains further bolstered in 2022 with countries enhancing their anticounterfeiting plans, which should include the introduction of harder hitting anticounterfeiting legislation and strategies. “It’s clear that, in the face of the continued impact of Covid and other threats, we can legitimately say law enforcement, government, brand owners and other influencers will continue to push demand for authentication and brand protection devices such as holograms.” Holography will also hold up well in comparison with other optical variable features in the currency market in 2022, says the IHMA. Despite predictions about the demise of cash, demand for banknotes has actually increased around the world during the pandemic — especially for high value notes as a store of value, which fuel demand in turn for holograms. One third of all banknotes currently feature a holographic device, and the R&D going into ever more secure and complex holographic features for both paper and polymer banknotes that reassure
the public and central banks about cash authenticity will continue. On the other hand, a drop in travel has seen a decline in the demand for passport and travel documents, and hence for holographic devices that protect these. So long as uncertainties remain around Covid, this situation will persist, but is somewhat offset by the global migrant crisis, which will continue to drive the development and deployment of secure personal identification outside of that related specially to Covid. Dr Paul Dunn said: “Innovative features in banknotes are pushing the boundaries of what the technology is able to achieve, reflecting that there is plenty of mileage in holography. We will also see new applications for holographic features on ID documents coming through, where innovations linked to digital applications, packaging and tax stamps, could all see continued growth.” The exploration of holography technologies for new wearable headup displays and other smart devices to enhance people’s lives along with applications will see continued development in the new year. Holographic optical elements (HOEs) which are used in, for example, vehicle lighting and head-up displays, will also continue to gain traction alongside ‘ground-breaking’ holographic applications in medical imaging, solar energy, data storage, healthcare such as legalised cannabis-derived treatments, and cryptocurrencies, says the IHMA. The use of authentication solutions, as advocated by the ISO12931 standard, enables examiners to verify the authenticity of a legitimate product, differentiating it from fake products coming from counterfeiting hot spots in Asia and eastern Europe. Even those that carry a ‘fake’ authentication feature can be distinguished from the genuine item if that item carries a carefully thought-out authentication solution. About the IHMA The IHMA (www.ihma.org) is made up more than 80 of the world’s leading hologram companies. Members include the leading producers and converters of holograms for banknote security, anti-counterfeiting, brand protection, packaging, graphics and other commercial applications around the world, and actively cooperate to maintain the highest professional, security and quality standards.
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
29
VIRTUAL CYBER SECURITY COMMERCE
The WLA aims to provide independent payment solutions for payment providers. (Source: IDEMIA)
WLA’s road to success continues: Four new organisations join the alliance The White Label Alliance (WLA) has seen a steady increase in members since its founding in March 2021, including new partners Modena, AdvanIDe, PAX Technology, and WizarPOS.
F
ounded by Giesecke+Devrient (G+D), IDEMIA, and NXP® Semiconductors in March 2021, the WLA aims to provide independent payment solutions for national and private-label payment brands. To this end, the WLA is establishing an open technology standard leveraging EMV for contact and contactless card and mobile device payments. In addition to payment sovereignty, the white-label approach offers domestic and private label schemes advantages such as interoperability, cost efficiency, and an essential technology brick for customised payment systems. The alliance now welcomes Modena, a payment solution provider, AdvanIDe, a provider of semiconductors and contactless inlays for payment cards, and POS (point of sale) manufacturers PAX Technology and WizarPOS as new members. As each member has a different background in the payment
30
sector, including POS services and solution providers, their participation highlights the growing importance of self-managed payment systems worldwide. The WLA invites new members from all industries, such as service providers, system integrators, manufacturers of payment cards, chips, terminals, and applications, or financial institutions. As a member-driven organisation, the WLA offers different levels of membership tailored for individual needs. The WLA also invites all stakeholders to join in its effort to transform white-label payments to ensure widespread adoption of operator-run white-label payment systems as well as jointly driving the evolution of the standard. “We are thrilled by the success of the recently launched initiative. Growing our member base is confirmation for us that we have struck a chord with our white
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
label contactless payment standard, answering genuine needs for independence in the industry,” explains WLA President Jacques Doucerain. “We expect the alliance to become increasingly attractive to other companies and organisations as global demand for open, independent payment standards continue to grow.” About WLA Headquartered in Munich, the White Label Alliance (WLA) is a member-driven organisation committed to extensive adoption of independent payment solutions for smart card and digital firms based on WLA payment standards that enable ready-to-deploy and interoperable payment solutions. Find out more at wla-payment.org. Contact WLA info@wla-payment.org
securityfocusafrica.com
CYBER SECURITY
FBI warns US companies to avoid malicious USB devices By Brandon Rochat, Cybereason sales director for Africa.
C
ybercriminals constantly evolve the tactics, techniques, and procedures they use to execute attacks to find innovative ways to bypass or circumvent security controls. Sometimes the best strategy is the simplest one, though, and may succeed in catching targets off guard. A new warning from the FBI cautions US companies to be on alert for an old tactic that is apparently being used again — tricking users into connecting a malicious USB device. Malicious USB campaign According to the FBI, threat actors targeted companies in the defense, transportation, and insurance industries in the last half of 2021 by sending USB thumb drives to intended targets. The attackers – identified as the FIN7 cybercrime group by the FBI – used the US Postal Service and UPS to send letters and packages that claimed to be from the Department of Health and Human Services (HHS), or – in some cases – Amazon. The deliveries included a USB thumb drive containing malicious software, such as BadUSB. Information shared by the FBI indicates that the packages were designed to seem like legitimate thank you notes or gifts. If the threat actors are smart, they presumably also did at least a little homework to improve the odds of success by tailoring the message to the organisation or individual it was sent to. Threat actors from FIN7 have also been known to follow up — calling or emailing recipients to reinforce the con and pressure them into actually connecting the malicious device to their PC. BadUSB BadUSB is a particularly sinister piece of malware that immediately registers the device on the system as a Human Interface Device (HID) Keyboard. This little trick enables the malicious USB device to operate even if the system has a policy in place that disables the use of removable storage devices. The malicious USB uses its designation as a ‘keyboard’ to inject keystrokes on the
securityfocusafrica.com
system to install other exploits and malicious payloads on the compromised system. A report from BleepingComputer explains, “FIN7’s end goal in such attacks is to access the victims’ networks and deploy ransomware (including BlackMatter and REvil) within a compromised network using various tools, including Metasploit, Cobalt Strike, Carbanak malware, the Griffon backdoor, and PowerShell scripts.” Gaining a foothold This attack vector may be an attempt to exploit the work-from-home trend. Delivering USB flash drives directly to someone’s home, for example, there are fewer guard rails and an increase in the likelihood a user will plug the computer into a work computer, or to their home network to which their work computer is also connected. It is also possible that there are organisations or departments that routinely employ USB thumb drives — where people are more likely to use a USB storage device without finding it suspicious. That would make this tactic more effective. The bottom line is that if the attackers are able to gain a foothold – even if it’s not an admin account – they can escalate privileges or conduct reconnaissance from the inside, which may aid in gaining access to other systems. Smoke and mirrors This all sounds highly suspicious, though, and makes me wonder if this is a misdirection or distraction from a different or broader attack. This is an old tactic. Even average users should know better than to use an unknown USB drive that gets delivered to them. It does depend, to some extent, on how convincing the attack is, though. IT and cybersecurity professionals are well trained to not plug in devices such as found or free flash drives from unknown sources, but the average person may not be as cautious. This is even more true if the person is convinced the package is from a credible source, or if an offer such as a free gift card triggers an emotional response which
short-circuits rational thought processes. Still, there are a variety of more effective attack vectors that don’t rely on a potentially traceable and high-touch campaign like this. It is hard to imagine a reasonable scenario under which most people would use a USB stick they received in the mail. If the attackers sent a device like a USB mouse or some other type of gadget, that would probably have much higher success just by virtue of being novel. Look for the big picture FIN7 is a sophisticated threat actor — which is why this all feels like a big misdirection. You should obviously never insert an unknown USB device into your PC — whether it’s one you receive randomly in the mail, or even a USB device that you just don’t know when or where it was used last. Beyond that, though, you need to pay attention to the big picture when it comes to cyberattacks. Whether attackers succeed in gaining a foothold using a malicious USB drive, or use the delivery of a malicious USB drive as a distraction from a different attack vector, you need to be able to view the entire malicious operation – or MalOp™ – across your environment and recognise Indicators of Behaviour (IOBs) that enable you to quickly identify and stop malicious activity. Cybereason contact Brandon Rochat, Sales Director, Africa Mobile: +27 (82) 498 7308 Email: brandon.rochat@cybereason.com
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
31
CYBER SECURITY
Kaspersky develops cybersecurity policy for bionic devices Kaspersky, a leading global cybersecurity and digital privacy company, is one of the first organisations to address the challenge of the human augmentation phenomenon, by presenting a comprehensive cybersecurity policy. The document aims to enhance the workforce while also considering employees’ security and welfare when using bionic devices in the office.
A
mid all the excitement and innovation surrounding human augmentation – particularly the growing use of bionic devices aiming to replace or augment parts of the human body with an artificial implant – there are legitimate fears among cybersecurity experts and the wider community. They are concerned that too little attention is paid to the security of the dedicated devices. This lack of awareness around the topic leads to uncertainty and risks for both further development of human augmentation technologies, and a safer digital world in the future. Kaspersky has been continuously exploring the potential of human augmentation and evaluating security challenges that humanity may encounter during its wider integration into our lives. Following open discussions within the community, the company decided to respond to the specific need for security regulation and designed cybersecurity policies to mitigate security risks that augmentation technology can pose to corporate IT networks. The document creates a scenario where augmented employees become more common in the company in the future, and takes into account Kaspersky’s real-life tests with employees’ biochip implants.
32
Developed by Kaspersky security experts, the policy governs procedures for using bionic devices* within the company and aims to reduce the associated cybersecurity risks in business processes. The proposed document addresses the entire company’s infrastructure and all of its business units. As a result, it applies to the full access control system, as well as administration processes, maintenance processes, and the use of automated systems. The policy is to be applied to both employees and temporary staff, as well as employees of third-party stakeholders that render contract services to the company. All these factors aim to enhance the cybersecurity of the corporate infrastructure on a larger level. Marco Preuss, Director of Kaspersky’s Global Research & Analysis Team (GReAT) in Europe, declared: “Human augmentation is a burgeoning area of technology which in fact remains underexplored. That’s why making a first step towards clarifying issues related to its use, as well as strengthening security, will help us to ensure its potential is used in a positive way. We believe that to build a safer digital world for tomorrow, we need to digitally secure the future of human augmentation today.” The cybersecurity policy initiated by
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
Kaspersky offers a range of standardisation processes, enhancing security and granting better inclusion of employees using bionic devices when in the office. One of the major objectives of this initiative is also to engage the global IT and augmentation community in the discussion and pursue a collaborative effort for further steps of human augmentation security development. This includes ensuring digital privacy of devices, providing different levels of access rights to stored information, and mitigating any threats related to human health. The latest international discussion on the future of human augmentation, global industry policy, digital security standards, major digital threats that can affect augmented devices, as well as best practices to address them, took place at the UN-organised Internet Governance Forum (IGF) 2021 on 7 December 2021. For more information and to follow the online panel discussion on ‘The future of human augmentation: gain or ‘cyber-pain’?’ click here. *Bionic devices covered by the cybersecurity policy include chip implants (e.g. such as an NFC biochip), bionic limb prostheses and internal organs, as well as artificial sensory organs (e.g. visual prostheses, hearing aids, etc.). Learn more at www.kaspersky.co.za.
securityfocusafrica.com
PRODUCT INDEX SHOWCASE
INDEX OF ADVERTISERS AND CONTRIBUTORS
December 2021/January 2022
ADVERTISER
PAGE WEBSITE
Bulletproof Jackets – Steven Paul
4
Cel. 082 443 0227
Calipsa 12 https://www.calipsa.io/ Cybereason 31 www.cybereason.com DDI World
12
https://www.ddiworld.com/about
Gartner 12 https://www.gartner.com GovTech 12 www.GovTech.com GSS 2 www.gssgroup.co.za In2it 16 www.in2it.com IHMA 28 www.ihma.org ISS 22 www.isssafrica.org Kaspersky Inc.
32
www.kaspersky.co.za
Paul Galbraith
12
https://www.paulgalbraith.info/
Schindlers Attorneys
18
https://www.schindlers.co.za
Security Association of South Africa (SASA)
6, IBC
www.sasecurity.co.za
Statista
12
https://www.statista.com/aboutus/
Trend Micro
11
www.trendmicro.com
White Label Alliance
30
wla-payment.org
Zinia 20 www.zinia.co.za
securityfocusafrica.com
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
33
THE LAST NEWS WORD
FIRST ZONDO REPORT Former State President Jacob Zuma established The Judicial Commission of Inquiry into Allegations of State Capture, Corruption and Fraud in the Public Sector including Organs of State in January 2018. By Peter Bagshawe
T
he Commission is better known as the Zondo Commission (titled after the Commission Chairperson, Deputy Chief Justice Raymond Zondo) and served as a public inquiry to investigate allegations of state capture, corruption, and fraud in the public sector in South Africa. The Commission arose from the ‘Captured State’ report by then Public Protector, Thuli Madonsela and, following a failed application to have Madonsela’s report overturned, then Chief Justice Mogoeng Mogoeng selected Zondo as Chair of the enquiry. In the course of hearings, an estimated petabyte of data and some 159,100 pages of evidence was accumulated after interviewing 278 witnesses. The Zondo Commission is estimated to have cost around R1 billion over a period of almost 4 years.
34
The 1st Report of the Zondo Commission was handed to State President Ramaphosa on 4 January 2022 and comprised 855 pages dealing with three principal areas of the Inquiry: being South African Airways (SAA), the South African Revenue Service (SARS) and The New Age newspaper. The 2nd and 3rd Reports are due to be released at the end of January and end of February respectively. At this stage it may be as well to affirm that the investigation of state capture was geared around nine broad areas arising from Madonsela’s report. For the purposes of the following discussion, state capture is regarded by me as a course of action involving systemic political corruption in which private interests or individuals significantly influence government processes in contravention of legal norms to achieve economic advantage.
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
South African Airways former Board Chairperson, Dudu Myeni, featured prominently and the report recommended that she be prosecuted for fraud and corruption together with a number of other members of South African Airways boards and associated companies. The report refers to money diverted and laundered to Myeni from the Free State Provincial Government, systematic weakening of governance and procurement processes, the creation of a climate of fear and intolerance at the carrier and poor operational decisions that led to a decline of the South African Airways’ financial position. Additionally, reference to corrupt and negligent management is contained in the report in respect of Yakhe Kwinana, the former chairperson of South African Airways Technical, Advocate Nontsasa Memela,
securityfocusafrica.com
THE LAST NEWS WORD
the then-South African Airways Technical Head of Procurement, and former Interim Chief Financial Officer of SAA, Phumeza Nhantsi, with a recommendation for investigation by the National Prosecuting Authority (NPA) for fraud and corruption. Additionally, nineteen individuals, companies, bank staff and a bank are identified for similar review by the Hawks for fraud and corruption relating to South African Airways whilst under Myeni’s charge. The South African Revenue Service was, prior to Tom Moyane being appointed Commissioner, a highly regarded and internationally recognised tax institution. Between 2014 and 2018, Zondo found that Moyane and Zuma were responsible for mismanagement and dismantling the systems of governance to collapse the institution and instilled a culture of fear within SARS. Following from this, some 2,000 staff and investigators were forced out of the Revenue Services, negating the ability for SARS to function. This was in line with what Zondo found to be intentionally done as ‘its (SARS) investigatory and enforcement capacity was a hurdle to people involved in organised crime’ and blocked corruption. The report included reference to the appointment of Bain and Company to ‘restructure’ the entity and Bain’s active involvement in the so-called ‘Rogue Unit’
securityfocusafrica.com
misinformation. The Zondo Report specifically recommends that all Bain contracts with government departments should be reviewed, investigated by the South African Police Service (SAPS) and reviewed by the National Prosecuting Authority (NPA). Further to this, the Zondo Report found that Moyane should be charged with fraud in respect of false evidence given by Moyane to Parliament. The final element of the report relates to current Jacob Zuma Foundation Spokesperson and former Government Communications Information System Chief Executive Officer, Mzwanele Manyi, who the Zondo Report found to have enabled the channelling of advertising funds to the Gupta-owned The New Age newspaper. Manyi was transferred to the Government Communications Information System from a position as a DirectorGeneral in the Department of Labour, ostensibly at the behest of then-President Jacob Zuma to replace the then-Chief Executive Officer, Themba Maseko, who had declined to give advertising revenue to The New Age. Over the period of 18 months that Manyi held the role of chief Executive Officer, some R14,5 million was paid to The New Age despite the newspaper not having an established or auditable readership. Manyi has denied that he enabled the channelling of funds and
disputes that evidence of this is available. The recommendations contained in the Zondo Report are, clearly, recommendations only and require to be decided on, followed through and acted upon by the Legislature. For the criminal charges recommended by the Zondo Commission to be taken forward, the investigation of these by the South African Police Service and National Prosecuting Authority (as well as the South African Revenue Services in some instances) is key. With no ill will and as acknowledged by National Director of Public Prosecutions, Shamila Batohi, the Hawks are ill-prepared and under-funded to follow up on the recommendations made. The same can be said of the South African Police Service. This is despite the availability of data and evidence collected by the Commission and the availability of Commission investigators and evidence presenters to provide consultancy services. Whilst politicians can give assurances that those identified will be pursued and face criminal consequences, Zondo has stated that the Hawks have historically failed to perform in respect of corruption prosecutions. For the Commission to have been effective and the cycle of corruption to be broken, the National Prosecuting Authority and the commercial crime division of the South African Police Service need to be prioritised with the funding and establishment of efficient structures. Failing this, the Commission will, rather like the Nugent Commission of Inquiry into the South African Revenue Service, be remembered as having complied with its mandate without achieving the full effect possible. Given the duration of the Zondo Commission’s hearings and the cost of the Commission, it cannot be allowed that the reports (once all released) and the sheer weight of evidence summarised in the reports, be allowed to lead nowhere: this is an instance where civil society must maintain pressure and demand transparency in the manner in which it is dealt with by the government. Anything less than concerted action by the state and its organs will be a disservice to the country at large and more particularly will be a failure to bring to an end a sordid period in our history. PETER BAGSHAWE holds a Bachelor of Law degree from the former University of Rhodesia and a Bachelor of Laws degree from the University of the Witwatersrand.
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
35
DIRECTORY
SECURITY ASSOCIATION OF SOUTH AFRICA (SASA) ADMINISTRATION Suite 4, Blake Bester Building, 18 Mimosa Street (cnr CR Swart Road), Wilro Park, Roodepoort Suite 147, Postnet X 2, Helderkruin 1733 National Administrator: Tony Botes t: 0861 100 680 | e: tony@sasecurity.co.za c: 083 272 1373 | f: 0866 709 209 Membership, accounts & enquiries: Sharrin Naidoo t: 0861 100 680 | e: admin@sasecurity.co.za c: 083 650 4981
SASA OFFICE BEARERS
REGIONAL OFFICE BEARERS
National President: Marchél Coetzee c: 084 440 0087 e: marchelcoetzee@omegasol.com
Gauteng: Gary Tintinger c: 084 429 4245 e: gary.tintinger@cwexcellerate.com
National Chairperson: Franz Verhufen c: 082 377 0651 | e: fverhufen@thorburn.co.za
KwaZulu-Natal: Clint Phipps c: 082 498 4749 e: clint.phipps@cwexcellerate.com
National Deputy Chairperson: Louis Mkhethoni c: 082 553 7370 e: louis.mkhethoni@securitas-rsa.co.za
Western Cape: Koos van Rooyen c: 082 891 2351 | e: koos@wolfgroup.co.za
SECURITY AND RELATED ASSOCIATIONS AND ORGANISATIONS PSIRA (Private Security Industry Regulatory Authority) Eco Park, Centurion t: +27 (0)12 003 0500/1 | Independent hotline: 0800 220 918 | e: info@psira. co.za | Director: Manabela Chauke | Chairperson: T Bopela | Vice chairperson: Z Holtzman | Council members: Advocate A Wiid | Commissioner A Dramat APPISA (Association for Professional Private Investigators SA) Bertie Meyer Crescent, Minnebron, Brakpan | e: info@appelcryn.co.za | www.appelcryn. co.za | c: +27 (0)73 371 7854 / +27 (0)72 367 8207 | Chairperson: Ken Appelcryn ASIS International Johannesburg Chapter No. 155. Box 99742, Garsfontein East 0060 | t: +27 (0)11 652 2569 | www.asis155jhb.webs. com | President/chairperson: Johan Hurter | Secretary: Chris Cray ASIS International (Chapter 203: Cape Town – South African Security Professionals) President/chairperson: Yann A Mouret, CPP Secretary: Eva Nolle t: +27 (0)21 785 7093 f: +27 (0)21 785 5089 | e: info@aepn.co.za | www.asis203.org.za BAC (Business Against Crime) Box 784061, Sandton 2146 | t: +27 (0)11 883 0717 | f: +27 (0)11 883 1679 | e: info@bac.org.za CAMPROSA (Campus Protection Society of Southern Africa) President: Des Ayob | e: 27149706@nwu.ac.za Executive Secretary: Derek Huebsch | e: huebsch. derek@gmail.com | www.camprosa.co.za CISA (Cape Insurance Surveyors Association) Shahid Sonday t: +27 (0)21 402 8196 | f: +27 (0)21 419 1844 | e: shahid.sonday@saeagle.co.za | Mike Genard t: +27 (0)21 557 8414 | e: mikeg@yebo.co.za DRA (Disaster Recovery Association of Southern Africa) Box 405, Saxonwold 2132 | Chairperson: Grahame Wright | t: +27 (0)11 486 0677 | f: (011) 646 5587 | Secretary/treasurer: Charles Lourens t: +27 (0)11 639 2346 | f: +27 (0)11 834 6881 EFCMA (Electric Fencing and Components Manufacturers Association) Box 411164, Craighall 2024 | t: +27 (0)11 326 4157 | f: +27 (0)11 493 6835 | Chairperson: Cliff Cawood c: +27 (0)83 744 2159 | Deputy chairperson: John Mostert c: +27 (0)82 444 9759 | Secretary: Andre Botha c: +27 (0)83 680 8574 ESDA (Electronic Security Distributors Association) Box 17103, Benoni West 1503 | t: (011) 845 4870 | f: +27 (0)11 845 4850 | Chairperson: Leonie Mangold | Vice chairperson: David Shapiro | www.esda.org.za ESIA (Electronic Security Industry Alliance) Box 62436, Marshalltown 2107 | t: +27 (0)11 498 7468 | f: 086 570 8837 | c: 082 773 9308 | e: info@esia. co.za | www.esia.co.za FDIA (Fire Detection Installers Association) Postnet Suite 86, Private Bag X10020, Edenvale, 1610 | t: +27 (0)72 580 7318 | f: 086 518 4376 | e: fdia@fdia. co.za | www.fdia.co.za | President/chairperson: Clive Foord | Secretary: Jolene van der Westhuizen
FFETA The Fire Fighting Equipment Traders Association) Postnet Suite 86, Private Bag X10020, Edenvale 1610 | Chairperson: Belinda van der Merwe Administration manager: Rosemary Cowan | t: +27 (0)11 455 3157 | e: rosemary@saqccfire.co.za | www.ffeta.co.za FPASA (Fire Protection Association of Southern Africa) Box 15467, Impala Park 1472 | t: +27 (0)11 397 1618 | f: +27 (0)11 397 1160 | e: library@fpasa.co.za | www.fpasa.co.za | General manager: David Poxon GFA (Gate & Fence Association) Box 1338, Johannesburg 2000 | t: +27 (0)11 298 9400 | f: +27 (0)11 838 1522 | Administrator: Theresa Botha HSA (Helderberg Security Association) Box 12857, N1 City Parow 7463 | t: +27 (0)21 511 5109 | f: +27 (0)21 511 5277 | e: info@command.co.za | www.command.co.za | Chairperson: Stephen van Diggele IFE (Institution of Fire Engineers (SA) Treasurer: Andrew Greig | President: Mike Webber | Administrator: Jennifer Maritz | PO Box 1033, Houghton 2041 | t: +27 (0)11 788 4329 | f: +27 (0)11 880 6286 | e: adminstaff@ife.org.za | www.ife.org.za ISA (Insurance Surveyors Association) Box 405, Saxonwold 2132 | Chairperson: Graham Wright | t: +27 (0)11 486 0677 | Vice chairperson: Alan Ventress | Secretary: Alex dos Santos LASA (Locksmiths Association of South Africa) Box 4007, Randburg 2125 | t: +27 (0)11 782 1404 | f: +27 (0)11 782 3699 | e: lasa@global.co.za | www.lasa.co.za | President/chairperson: Alan Jurrius | Secretary: Dora Ryan NaFETI (National Firearms Education and Training Institute) Box 181067, Dalbridge 4014 | Chairperson: MS Mitten | Vice chairperson: Ken Rightford | t: +27 (0)33 345 1669 | c: +27 (0)84 659 1142 NaFTA (National Firearms Training Association of SA) Box 8723, Edenglen 1613 | National chairperson: Peter Bagshawe | t: +27 (0)11 979 1200 | f: +27 (0)11 979 1816 | e: nafta@lantic.net POLSA (Policing Association of Southern Africa) t: +27 (0)12 429 6003 | f: +27 (0)12 429 6609 | Chairperson: Anusha Govender c: +27 (0)82 655 8759 PSSPF (Private Security Sector Provident Fund) Jackson Simon c: +27 (0)72 356 6358 | e: jackson@ psspfund.co.za | www.psspfund.co.za SAESI (Southern African Emergency Services Institute) Box 613, Krugersdorp 1740 | t: +27 (0)11 660 5672 | f: +27 (0)11 660 1887 | President: DN Naidoo | Secretary: SG Moolman | e:info@saesi.com SAIA (South African Insurance Association) Box 30619, Braamfontein 2017 | Chief executive officer: Viviene Pearson | Chairperson:
Lizé Lambrechts t: +27 (0)11 726 5381 | f: +27 (0)11 726 5351 | e: info@saia.co.za SAIDSA (South African Intruder Detection Services Association) | Association House, PO Box 17103, Benoni West 1503 | t: +27 (0)11 845 4870 f: +27 (0)11 845 4850 | e: saidsa@mweb.co.za www.saidsa.co.za | Chairperson: Johan Booysen Secretary: Cheryl Ogle SAIS (South African Institute of Security) Postnet Suite 86, Private Bag X10020, Edenvale, 1610 Chairperson: Dave Dodge | Administration manager: John Baker | t: +27 (0)63 782 7642 | e: info@instituteofsecurity.co.za | www.instituteofsecurity.co.za SAN (Security Association of Namibia) Box 1926, Windhoek, Namibia | Administrator: André van Zyl | t: +264 81 304 5623 | e: adminsan@iway.na SANSEA (South African National Security Employers’ Association) Box 62436, Marshalltown 2107 | Administrators: SIA t: +27 (0)11 498 7468 | f: 086 570 8837 | e: galen@sansea.co.za SAPFED (Southern African Polygraph Federation) President: Flip Vorster | c: +27 (0)82 455 1459 | e: info@sapfed.org | Secretary: Anrich Gouws | e: admin@sapfed.org | www.sapfed.org SAQCC FIRE (South African Qualification Certification Committee) Postnet Suite 86, Private Bag X10020, Edenvale 1610 | t: +27 (0)11 455 3157 | www.saqccfire. co.za Executive Committee: Chairperson: Duncan Boyes Vice chairperson: Tom Dreyer 1475 Committee: Chairperson: Lizl Davel Vice chairperson: John Caird D&GS Committee: Chairperson: Nichola Allan; Vice chairperson: Clive Foord General Manager: Rosemary Cowan | e: rosemary@saqccfire.co.za – Address, phone and website all remain as is. SARPA (South African Revenue Protection Association) Box 868, Ferndale 2160 | t: +27 (0)11 789 1384 | f: +27 (0)11 789 1385 | President: Naas du Preez | Secretariat: Mr J. Venter, Van der Walt & Co SIA (Security Industry Alliance) Box 62436, Marshalltown 2107 | t: +27 (0)11 498 7468 | Chief executive officer: Steve Conradie | www.securityalliance.co.za SKZNSA (Southern KwaZulu-Natal Security Association) t: +27 (0)39 315 7448 | f: +27 (0)39 315 7324 | Chairperson: Anton Verster c: +27 (0)82 371 0820 VESA (The Motor Vehicle Security Association of South Africa) Box 1468, Halfway House 1685 | t: (011) 315 3588/3655 | f: +27 (0)11 315 3617 | General manager: Adri Smit VIPPASA (VIP Protection Association of SA) Box 41669, Craighall 2024 | t: +27 (0)82 749 0063 | f: 086 625 1192 | e: info@vippasa.co.za | www.vippasa.co.za | Enquiries: Chris Rootman c: +27 (0)82 749 0063 | e: vippasa@protectour.co.za
* Every attempt has been made to keep this information up to date. If you would like to amend your organisation’s details, please email jackie @contactpub.co.za 36
SECURITY FOCUS AFRICA DECEMBER 2021/JANUARY 2022
securityfocusafrica.com
DRIVING COMPLIANCE in South Africa’s Private Security Industry
With a five decade legacy, SASA is the greatest advocate of industry compliance, serving as resource for its members, an educational platform for consumers of security services, and an essential link between the private security industry and government. The Security Association of South Africa (SASA) is nationally recognised by the Government, South African Police Service and all Municipalities as having members with a proven track record within the industry and a Code of Ethics by which members must abide. SASA Gold Membership promotes compliance not only to the industry role-players, but to the end-users of security services as well. Join SASA today and find out more about how we can fight the scourge of non-compliance, promoting SASA Gold Membership as an essential requirement for all security service providers, ensuring industry excellence for the private security industry.
For more information, contact the SASA Administrator on admin@sasecurity.co.za Postal Address: Suite 147, Postnet X2 Helderkruin, 1733. Tel: 0861 100 680 Fax: 086 670 9209
www.sasecurity.co.za
DIGITAL BUYERS GUIDE
to security services & products Promote your business
Attract customers
Increase your sales
Claim your listing on www.securityfocusafrica.com/buyersguide
Security Focus Africa is known for having the most comprehensive directory of service providers in Africa. We have been a trusted source of information for more than 41 years, and now offer this valuable resource online. The market is tough out there. What makes your business different from any other? For starters, be more accessible on the internet. Online searches are now the preferred method of finding information and contact details, so the better your online presence, the more business you will get.
BENEFITS OF LISTING YOUR BUSINESS:
• By claiming your listing, you can keep your company’s information up to date at your own convenience • Upgrade your listing online at any time to maximise your brand exposure • Improve your SEO and online presence • We provide a targeted audience for your business • See your stats – know how many people are seeing your listing
Security
For as little as R2,400, you can get the edge over your competitors by providing indispensable information to your customers on our online directory.
Affordable advertising is just a click away.
Focus
AFRICA
BUYERS GUIDE
www.securityfocusafrica.com/buyersguide KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
