Security Focus Africa February 2018 by Contact Publications

www.securityfocusafrica.com | Vol 36 No 2 February 2018 The official industry journal for professional risk practitioners: security, safety, health, environment and quality assurance

DIGITAL BUYERS GUIDE

to security services & products Promote your business

Attract customers

Increase your sales

Claim your listing on www.securityfocusafrica.com/buyersguide

2 for 1 offer The print listings now mirror our online directory style with basic and premium listings. In fact, upgrading a basic listing in print to premium will include an upgrade to premium on the website and vice versa. The same information online is printed in the print directory.

Security Focus Africa is known for having the most comprehensive directory of service providers in Africa. We have been a trusted source of information for more than 35 years, and now offer this valuable resource online.

The market is tough out there. What makes your business different from any other? For starters, be more accessible on the internet. Online searches are now the preferred method of finding information and contact details, so the better your online presence, the more business you will get.

BENEFITS OF LISTING YOUR BUSINESS:

• By claiming your listing, you can keep your company’s information up to date at your own convenience • Upgrade your listing online at any time to maximise your brand exposure • Improve your SEO and online presence • We provide a targeted audience for your business • See your stats – know how many people are seeing your listing • Increase traffic to your website with a link from the directory

Security

For as little as R2 400, you can get the edge over your competitors by providing indispensable information to your customers on our online directory.

Affordable advertising is just a click away.

Focus

AFRICA

BUYERS GUIDE

www.securityfocusafrica.com/buyersguide KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE

Security Focus Africa: Serving the South African security industry for 36 years

CONTENTS

COVER STORY

Reducing false alarms with deep learning

The deep learning phenomenon continues to excite the IT world, with computing power now at the level where it can be properly used in practical applications. Hikvision has been at the forefront of applying the technology in the surveillance industry and beyond, and has already released its first set of products that harness the power of Artificial Intelligence (AI).

VOL 36 NO 2 FEBRUARY 2018

FEATURES: THE CYBERSECURITY ISSUE 8

Cybersafety and ICT: security trends for 2018

Cybersecurity analysis could become one of the most sought-after skills around the world. Cybercrime is becoming more cunning and damaging by the way, and here at home, there is no exception.

12 Managing risk through the cloud Companies are increasingly turning to the cloud for improved security, efficiency and regulatory compliance. Data breaches that result in confidential data being compromised have become an almost daily occurrence, making cybersecurity a nonnegotiable for organisations. This includes both educational awareness and the necessary hardware or software tools.

14 28 2

SECURITY FOCUS AFRICA FEBRUARY 2018

securityfocusafrica.com

Official Journal of the Security Association of South Africa

Published by Contact Publications (Pty) Ltd (Reg No. 1981/011920/07)

Vol 36 No 2

TEL: (031) 764 6977 | FAX: 086 762 1867 PUBLISHER: Godfrey King | gk@contactpub.co.za

MANAGING DIRECTOR: Malcolm King | malcolm@contactpub.co.za

EDITOR: Andrea Müller | andrea@writescene.co.za

PRODUCTION & DESIGN EDITOR: Hayley Mendelow | hayley@contactpub.co.za

DISTRIBUTION MANAGER: Jackie Goosen | jackie@contactpub.co.za

HEAD OFFICE PHYSICAL ADDRESS:

REGULARS

Suite 1, Fields Shopping Centre, Old Main Road, Kloof 3610

POSTAL ADDRESS:

4 Comment

PO Box 414, Kloof 3640, South Africa

So long, farewell

City of Joburg turns its back on private security

21 Elvey keeps things on track

12 Cyber trends

22 Security threats to face

• Shake it like a cloud-based infrastructure • 5G: Are we there yet?

15 Industry opinion

its new scholarship programme

18 On the market

• Over R20 million invested in vehicle armour and Kevlar uniforms • Unlock your front door with your smartphone

19 • TomTom Telematics launches

next generation fleet management • Bitdefender wins ‘product of the year’ award from avcomparatives

securityfocusafrica.com

SUBSCRIPTION RATES: Annual subscription for magazine posted in Republic of South Africa is R650 including VAT and postage. Subscription rates for addresses outside South Africa can be obtained on application to the Subscription Department, Box 414, Kloof 3640.

24 Product showcase • Deep learning technology in smart retail solution

T welve cities, one vision: 2018 Hikvision SA Roadshow

EDITORIAL CONTRIBUTIONS: Editorial contributions are welcome. For details please email hayley@contactpub.co.za.

27 • Intersec 2018

, a division of Novus Holdings

Paarl Media KZN, 52 Mahogany Road, Westmead www.paarlmedia.co.za

recognition and FaceStation 2 Technology

• Over R20 million invested in vehicle armour and Kevlar uniforms • IDEMIA new appointment

17 Paxton announces recipients of

Printed by

26 Exhibition news

16 Company news

for Pyze Auto Electrical on mining project

Security initiatives boost property prices

Security Focus Africa has 12 issues a year and is published monthly, with the annual Buyers’ Guide in December.

cybersecurity protection

6 News

PUBLICATION DETAILS:

20 Suprema’s BioStar 2

• Successful launch for innovative CAT system

ADVERTISING ENQUIRIES: Bernadette Fenton Cell: 082 443 8931 Email: bernadette@ securityfocusafrica.com

28 International News Surveillance video storage market worth 1.7B USD in 2017

Security Focus Africa

29 Law & Security

is a member of

Public Protector’s review under review

30 Index of Advertisers 31 Calendar 32 Directory

SECURITY FOCUS AFRICA FEBRUARY 2018

@SecurityFocusza 3

Security Focus

www.securityfocusafrica.com

EDITORS COMMENT

So long, farewell I t is with a deep sense of gratitude that I am writing what will be my very last Editors Comment for Security Focus Africa magazine. After 10 years with this publication, the time has come to step down. Over the past decade, I have had the privilege of interviewing, working with and getting to know on a work and personal level some of the most colourful and fascinating characters in the security industry. Among these people I have met some of the friendliest, most eccentric, hardworking, gritty and sometimes downright impossible personalities I have ever come across in my career. I have thoroughly enjoyed most of it. One of the most difficult pages to complete for the magazine, has always been this one, the editors comment. Usually it’s because as a writer, you feel exposed. There’s no hiding behind facts, figures, and news, when you’re writing your opinion – and judged you will be! You learn to take it on the chin when you receive a strongly worded email objecting to your last comments. You also learn to humbly accept when you have made a mistake, or to try and correct yourself when a misguided comment is pointed out to you. South Africa’s private security industry is full of complexities but is also an industry that is so

critical to South African citizens. It is also an industry that is highly misunderstood by mainstream media and consumers. A fact that I have come to realise over and over, when asked to explain the intricacies of compliance, legislation, training, labour issues etc. When I first started freelancing for this magazine in the early 2000s the private security industry had just emerged from one of the most violent and devastating industry strikes that this country had ever seen. It is through the commitment and passionate dedication of a few cool and calm individuals that this industry has seen mostly peace and accord over the past 10 years, particularly when it comes to those times associated with wage negotiations. The industry has also gone into the ring several times with its own regulatory authority, and at times united when it was needed to serve the best interests of industry stakeholders. It has been a fascinating journey to be part of. Over the years, I have sat with some of the most enthusiastic and committed individuals who have taken the time and patience to explain these complexities to me, and helped me to understand, and hopefully in turn help others to understand better as well. I would like to take this opportunity to thank, the founder of Security Focus Africa magazine, Mr Godfrey King, for affording me this opportunity. As a 26-yearold freelance writer back in 2008, I had never quite imagined myself in the security sector but as the months turned to years, I found that the industry has a way of getting under your skin. I must admit that while the whole publishing world continually goes through

EDITORIAL POLICY Statements made or opinions expressed in articles in Security Focus Africa do not necessarily reflect the official views of the Security Association of South Africa (SASA) nor those of any of the other security associations listed in Security Focus Africa. Similarly, advertising in this publication does not imply in any way endorsement or approval by these security associations of any products or services. It is the policy of the Security Association of South Africa that any office-bearer who has an executive position in a company, or companies, which supply security products or services should on no account allow his position to be used to promote his company or its objectives in the editorial content of Security Focus Africa, the official journal of the Association. If, at any time, an office-bearer’s position has been quoted in relation to his company or product, this does not imply the Association’s approval or involvement.

SECURITY FOCUS AFRICA FEBRUARY 2018

MESSAGE FROM THE MD On behalf of everyone at Contact Publications and the Security Focus Africa team, I would like to thank Andrea Muller for the last 10 years, where she has been a very important member of our team, creating content, being a public face of the publication and contributing to the success of Security Focus Africa. We wish her well with her future endeavours. Thank you Andrea. A familiar face is returning to the role of editor. Ingrid Olivier has returned to Gauteng and will be adding her own perspective to these pages from the March 2018 issue onwards. Those who remember Ingrid’s work from the past can reacquaint themselves with her style and new readers have something to look forward to. Welcome back Ingrid.

Malcolm King, Managing director, Contact Publications

a digital transformation, I still prefer the smell of a crisp clean magazine, fresh from the print run. Reading from a laptop, smartphone or tablet, doesn’t quite compare to curling up on the couch with a hot cuppa and magazine. But that’s the nature of things in this never-ending evolving world. It has been my pleasure to be part of this industry for the past 10 years. I look forward to seeing Security Focus Africa go from strength to strength.

Andrea Müller Editor andrea@writescene.co.za

securityfocusafrica.com

NEWS

City of Joburg turns its back on private security

Over 150 privately owned and managed security firms stand to lose millions of rands worth of business, as the Joburg Metro vows to make good on its promise of insourcing security personnel.

his announcement comes after months of speculation, following Mayor Herman Mashaba’s state of the city address, during May last year, when he initially announced that a process of insourcing “certain” essential city services would take place. The City of Johannesburg announced on 8 February 2018 that it was currently in

Mayor Herman Mashaba Credit: destinyman.com

the process of insourcing 4 000 contract security workers. According to Mayor Mashaba, the city was outsourcing security services through 150 contracts on different sites with various service providers. Mashaba also stated that it cost R360 million for the City’s security services. “The city has paid on average R14 000 per security guard while the guards themselves received as little as R4 500 as a salary per month,” Mashaba said. He added that the city was undergoing an extensive process of ensuring the smooth integration of the security personnel while guaranteeing the financial sustainability of the entire operation. Mayor Mashaba also acknowledged the role played by the EFF in working with the DA to address the matter. “Due to the complexities of local

government regulations, cases of corruption, contractual commitments and legal considerations, the time taken to implement this process has been considerable,” added Mashaba. The City of Joburg has apparently not had any consultation with the industry, either directly, or through the Private Security Industry Regulatory Authority (Psira), but with millions of rands at stake, there is bound to be major reaction from the industry. It is also not yet clear which private security companies will be directly impacted by this decision, but the Joburg Metro has stated that it is determined to proceed with its plans and would individually consult the affected security companies. The City of Joburg has also vowed to continue with the process of insourcing cleaning and landscaping services as well.

A GUARD MONITORING SOLUTION FOR ANY APPLICATION * DB Projects and Agencies

sales@guardreports.co.za 011 888 4982 356 Pretoria Ave, Ferndale, Randburg

* All backed by on-site service

securityfocusafrica.com

SECURITY FOCUS AFRICA FEBRUARY 2018

COVER STORY

Reducing false alarms with deep learning The deep learning phenomenon continues to excite the IT world, with computing power now at the level where it can be properly used in practical applications. Hikvision has been at the forefront of applying the technology in the surveillance industry and beyond, and has already released its first set of products that harness the power of Artificial Intelligence (AI).

he concept of deep learning takes inspiration from the way the human brain works. Our brains can be seen as a very complex deep learning model. Brain neural networks are comprised of billions of interconnected neurons; deep learning simulates this structure. These multilayer networks can collect information and perform corresponding actions according to analysis of that information. In the past two years, the technology has excelled in speech recognition, computer vision, voice translation, and much more. It has even surpassed human capabilities in the areas of facial verification and image classification; hence, it has been highly regarded in the field of video surveillance for the security industry. Its ability to enhance the recognition of human beings (distinguishing them from animals, for example) makes the technology a great addition to the security arsenal. This is especially relevant in a world where false alarms account for 94-99 per cent of all alarms, according to police and fire service statistics.

How deep learning works Deep learning is intrinsically different from other algorithms. The algorithmic model for deep learning has a much deeper structure than the traditional algorithms. Sometimes, the number of layers can reach over a hundred, enabling it to process large amounts of data in complex classifications. Deep learning is very similar to the human learning process, and has a layer-by-layer feature-abstraction process. Each layer will have different weighting, and this weighting reflects on what was learnt about the images’ components. The higher the layer level, the more specific the components. Just like the human brain, an original signal in deep learning passes through layers of processing; next, it takes a partial understanding (shallow) to an overall abstraction (deep) where it can perceive the object. Deep learning does not require manual intervention, but relies on a computer to extract features by itself. This way, it is able to extract as many features from the target as

SECURITY FOCUS AFRICA FEBRUARY 2018

possible, including abstract features that are difficult or impossible to describe. The more features there are, the more accurate the recognition and classification will be. Some of the most direct benefits that deep learning algorithms can bring include achieving comparable or even better-than-human pattern recognition accuracy, strong antiinterference capabilities, and the ability to classify and recognise thousands of features.

Challenges of existing systems Conventional surveillance systems mostly detect moving targets, without further analysis. Even smart IP cameras can only map individual points on a shape one by one, making it difficult to calibrate some features (eg forehead or cheek), thus decreasing accuracy. For perimeter security, for example, other technologies can be (and are) used to provide more comprehensive security.

securityfocusafrica.com

COVER STORY

Deeper Intelligence. Deeper Surveillance. Hikvision deep learning solutions are available at three levels: - DeepinView camera can conduct target tracking, grading and capturing when an alarm is triggered. - ‘traditional’ IP camera using a DeepinMind NVR will add the function of searching intelligently by picture, saving time on searching for targets compared with a regular NVR.

But they all have their downsides. Infrared emission detectors can be ‘jumped over’ but are also prone to false alarms caused by animals. Electronic fences can be a safety hazard, and are limited in certain areas. Some of these solutions can also be expensive and complicated to install. Object such as animals, leaves, or even light can cause false alarms, so being able to identify the presence of a human shape really improves the accuracy of perimeter VCA functions. Frequent false alarms are always an issue for end-users, who need to spend time to investigate each one, potentially delaying any necessary response and generally affecting efficiency. Imagine, for example, a scenario where it’s relatively quiet; a location at night where there are few cars and people around. Even here, there could be 50 false alarms in a night. Assuming it takes 2-3 minutes to check out a false alarm, and that just 3 out of the 50 warrant more attention – say 15 minutes each. A guard either needs to check the system and look back at the alert, or someone needs to be dispatched to the location and look around, checking if anyone has indeed ‘entered without permission’. In most organisations, these would need to be reported/recorded too, adding to the overall time spent on this ‘false alarm’. So, those 50 false alarms could cost more than two hours each night of wasted time in that scenario. Deep learning, however, makes a big difference. With a large amount of good quality data from the cameras and other sources, like the Hikvision Research Institute, and over a hundred data cleaning team members to label the video images, sample data with millions of categories within the industry have been accumulated. With this large amount of quality training data, human, vehicle, and object pattern recognition

securityfocusafrica.com

models become more and more accurate for video surveillance use. Based on a series of experiments, the recognition accuracy of solutions using the deep learning algorithm increased accuracy by 38 per cent. Applying this to the previous example, that’s a saving of nearly one hour each night. This makes deep learning technology a great advantage in a perimeter security solution, with more accurate line crossing, intrusion, entrance and exit detection.

Other uses The value of deep learning technology stretches further than traditional security. For example, tracking movement patterns of individuals can see if they are ‘loitering’ and a potential threat in the future. A threshold could be set to five metres radius of movement, or ten seconds of staying in the same place. If the person passes either threshold, an alarm could be triggered. The solution tracks the individual and compares this behaviour to a database to see if it recognises a pattern.

- DeepinView camera and a DeepinMind NVR delivers a full power solution, with the camera sending the information to the NVR, which can then analyse it. This accelerates recording and false alarm filtering. For more information, please visit us at www.hikvision.com.

Another application would be in a scenario where ‘falling down’ could be a threat, like an elderly care home. If a height threshold was set at 0.5 m and duration time 10 seconds, for example, the solution would be able to see a person falling down (as they go below 0.5 m) and might be in trouble (if they ‘stay down’ for longer than 10 seconds). The solution uses the parameters set to compare with its database and raise an alarm. With features and benefits like these, it’s easy to see how many smart applications could be catered for by deep learning technology. To sum up, a 10 000-strong R&D centre is pushing the boundaries of surveillance solutions and bringing even more benefits to them. Artificial intelligence has massive potential, and Hikvision is always exploring new ways to apply this exciting technology throughout the security industry and beyond.

SECURITY FOCUS AFRICA FEBRUARY 2018

SPECIAL FEATURE: CYBERSECURITY

Cybersafety and ICT Security trends for 2018 Cybersecurity analysis could become one of the most sought-after skills around the world. Cybercrime is becoming more cunning and damaging by the way, and here at home, there is no exception.

nline Education Company, Get Smarter says that protecting the security and integrity of data is vital as sensitive data leaks can cost companies millions in lost revenue or ransom demands. With devastating cyberattacks on the rise organisations are waking up to the imperative value of cybersecurity analysts. According to the US Bureau of Labour Statistics (BLS), information security analyst jobs are projected to increase by 28 per cent between 2016 and 2026, much faster than the average for all occupations during that decade. Kaspersky Lab conducted a survey with over 8 000 global company employees this

year, where 50 per cent of the respondents think that all employees, including themselves, should take responsibility for protecting corporate IT assets from cyber threats. But then again, one cannot ignore the impact of human error.

Employee actions lead to cybersecurity incidents The findings of the Kaspersky study show us that businesses have good reason to be concerned when it comes to employees and cyber risks. Employees make misguided mistakes that put company data at risk, through pure

SECURITY FOCUS AFRICA FEBRUARY 2018

carelessness or lack of knowledge. Careless or uninformed staff, are the second most likely cause of a serious security breach, second only to malware. In addition, in 46 per cent of cybersecurity incidents in the last year, careless/ uniformed staff have contributed to the attack. Over the past year internal staff have also caused security issues through malicious actions of their own, with 30 per cent of security events in the last 12 months being directly attributed to the actions of employees against their employers. “This discrepancy could be particularly dangerous for smaller businesses, where

securityfocusafrica.com

SPECIAL FEATURE: CYBERSECURITY

there is no dedicated IT security function and responsibilities are distributed among IT and non-IT personnel. Neglecting even basic requirements, such as changing passwords or installing necessary updates, could jeopardise overall business protection. According to Kaspersky Lab experts, top management, HR and finance specialists who have access to their company’s critical data are usually most at risk of being targeted.

Skills pool has ripple effect Vikas Kapoor, practice head of cybersecurity & GRC at In2IT Technologies, said that the scale of today’s connected, digital world has had a dire impact on security risks. Kapoor says the situation is exacerbated by a vast shortage of cybersecurity skills, not confined to South African borders, and countries across the globe, who face similar challenges. The highly publicised global security breaches of this past year point to an increase in the prevalence of the likes of ransomware, a malware that keeps evolving to find new ways to penetrate and attack networks. “As fast as cybersecurity measures improve to bridge current security gaps, so does cyber threats, resulting in a continuous shortfall of suitably-skilled people capable of properly protecting networks from intrusion,” said Kapoor. “Beyond the vast size of growing security concerns, another contributor to the dire shortage of skills in this critical sector is time. Becoming a knowledgeable expert in cybersecurity takes a considerable investment of time spent learning various technologies and systems and understanding how they integrate. He adds that it takes time to build a pool of skilled resources, including time spent in the classroom, spent garnering experience protecting live networks. “Unfortunately, the cybersecurity space is already on the back foot and time is of the essence,” he added. Kapoor said that South Africa has been listed as the 31st most cyber-attacked country in the world, out of 117 countries, and says that cybersecurity professionals are constantly having to play catch up.

security threat landscape will this year become even more treacherous with experts predicting an increase in zero-day exploits and massive changes in the way ransomware operates. According to Bitdefender’s threat analysis unit, malware authors will continue to target both individuals and enterprises; malware and password-grabbing utilities such as Mimikatz will aggressively exploit “wormable” security vulnerabilities. Mimikatz has in recent months gained notoriety as an undeniably ubiquitous hacker tool that allows intruders to quickly leapfrog from one connected machine to a network to the next as soon as they gain an initial foothold. For example, last year’s NotPetya and BadRabbit ransomware strains were paired with Mimikatz and leaked NSA hacking tools to create automated attacks - these infections rapidly saturated networks with disastrous results.

Increased sophistication Bitdefender also predicts that malicious SPAM email attachments will increase as

South Africa has been listed as the 31st most cyberattacked country in the world, out of 117 countries

well as Fileless attacks - Windows 10 adoption is becoming universal which means the platform’s support for Powershell or Linux Bash utilities will be exploited. Looking at Fileless malware, these attacks target already-stalled applications, therefore, those that are whitelisted and known to be safe. For example, fileless malware exploit kits can target browser vulnerabilities to make it run malicious code, take advantage of Microsoft Word macros or use the Powershell utility. The adage, money talks remains true for the threat landscape; malware like ransomware, banker Trojans and digital currency will undergo major changes in the way it

A year of dire predictions For both consumers and corporates, the

securityfocusafrica.com

SECURITY FOCUS AFRICA FEBRUARY 2018

SPECIAL FEATURE: CYBERSECURITY

performs. Bitdefender, for example, expects that ransomware will start leveraging GPU (Graphics Processing Unit) for encryption which will enable it to move faster in attempts to circumvent antimalware products. “There is no doubt that the security landscape is going to be a bumpy one in 2018 – consumers and companies alike must become extra vigilant, ensuring their technology and information assets are protected and adapted to deal with the newest threats,” says Leo Meyer, MD of Black Castle Technologies, official Bitdefender country partner for consumer products.

IoT botnets – the new normal The continued vulnerability of WiFi and Bluetooth remains a major concern and will increasingly be used to launch attacks, this in turn will lead to IoT botnets, says Bitdefender. Already Bitdefender confirmed the existence of a botnet named HNS (Hide ‘N Seek) and as of 26 January 2018, it controls over 33 000 IoT devices. It continues to evolve and use samples from various architectures as payloads. And while botnets have been around for years, mainly used for DDoS (Distributed Denial of Service) attacks, the discoveries made during the investigation of the HNS bot reveal greater levels of complexity and novel capabilities such as information theft – potentially suitable for espionage or extortion, adds Bitdefender. HNS is one example, and the source code for IoT bots is readily available online. Cybercrime groups interested in compromising IoT devices have a solid platform to customise their attacks and launch it.

“Destructionware” – Ransomware gets nastier According to Paul Jolliffe, Lead DSM: Security at T-Systems South Africa, a new type of Ransomware is evolving, known as Destructionware. Ransomware – a type of malware that infiltrates and infects a user or company’s

system and encrypts their data, holding the organisation to ransom until a large sum of money is paid in return for a decryption key to unlock it – is more pervasive than ever. “However, the emergence of a new type of ransomware strain late in 2017 showed a sinister new face to the already destructive malware,” says Jolliffe. “Rather than having their data recovered when they paid their ransom, the victims of the attack found their data completely and irretrievably wiped, even after paying large sums of money to recover their information.” He adds that where ransomware, in the traditional sense, seeks to make its perpetrators wealthy, the new strain seeks to destroy. It mimics ransomware and operates in a very similar fashion, accessing victim’s computers through an infected link or attachment, encrypting the data on the machine and any other servers it can spread to. However, the new strain is also able to elevate user access, meaning it can obtain user credentials and move laterally, undetected, between systems. The effects of such a wave can be catastrophic, with devastating financial and reputational consequences. This new type of data wiping ransomware begs the question: who are the new cybercriminals intent on malicious sabotage of information, what do they stand to gain, and has ransomware evolved to be called “destructionware”, given its tendency to destroy rather than hold to ransom? We take a look at the possible motives behind “destructionware” purveyors, and how South African businesses can protect themselves from falling victim.

or hackers, inhabit the Darkweb, an underground Internet used for nefarious purposes, and many develop reputations among their peers based on their expertise. It’s safe to say that a malware such as “destructionware” would launch the hacker or syndicate, responsible into the limelight, giving them a level of fame in cybercriminal circles. The bragging rights that “destructionware” gives its makers effectively allows them to name their price for services such as RaaS, going forward. They also obtain that which every hacker seeks: the respect of their peers for bringing a large portion of global business to its knees with a few simple tweaks of an already prevalent malware. Of course, there are those who would seek the services of such hackers or syndicates, for their own malevolent reasons. Former employees who bear a grudge against previous employers; activists who protest an organisation or government’s business practices; terrorist groups who want to add cyberterrorism to their arsenal; victims of lost investments; or even merely jealous individuals who wants to destroy that which they cannot, or do not, have. RaaS has made ransomware,

Cybercrime as a business In cybercrime circles, what has been a simple get-rich-quick scheme for individual hackers and hacker syndicates, has evolved into a lucrative business. Ransomware-as-aservice (Raas) is increasingly being offered by industrious syndicates, who make a cut from their customers’ use of the code that they provide. However, as evidenced by the “destructionware” outbreak, money is no longer the primary objective of the cybercriminal world, and more sinister motives appear to be at play. One potential motive is sheer bragging rights. Cybercriminals,

SECURITY FOCUS AFRICA FEBRUARY 2018

securityfocusafrica.com

SPECIAL FEATURE: CYBERSECURITY

One thing is certain: with ransomware and “destructionware” being so readily available, the likelihood of further and more evolved attacks occurring is high and now “destructionware”, accessible to anyone who wants to create and capitalise on the havoc it generates. One thing is certain: with ransomware and “destructionware” being so readily available, the likelihood of further and more evolved attacks occurring is high, and business owners need to take the necessary steps to protect themselves as best as possible.

Protecting yourself and your business If organisations do not already have a comprehensive 360-degree security strategy, then the time is right to implement one. A comprehensive strategy incorporates preventative security controls in the form of the necessary Operating System (OS) patches, effective anti-malware solutions, complete system protection, end point security,

securityfocusafrica.com

data centre security, perimeter and access control, and more. New developments in cybersecurity are using data analytics and AI to scour patterns and identify anomalies which could pre-empt or signify attack, with the goal of shutting shown systems connected to the infected device to prevent the malware from spreading. As cybercrime evolves, so does cybersecurity. However, evolving cybersecurity also creates new challenges that hackers are only too eager to crack. As such, a cycle of ongoing cybercrime versus cybersecurity measures is born. A truly effective security strategy needs to be underscored by education. Users within an organisation must be educated on cybercrime and safe browsing habits. When employees understand what to look out

for and how to safely navigate all Internet enabled services, they automatically reduce the risk of infection and attack. Ransomware and “destructionware” cannot succeed without willing participation of the victim in that he or she needs to physically click on the infected link or attachment in order to download the malware. In an environment that is increasingly reliant on internet-connected devices and where Bring-Your-Own-Device (BYOD) is a fairly common practice, even with a comprehensive security strategy there can be vulnerabilities. Users who understand the risks of clicking on unknown attachments or links are less likely to do so without carefully researching and understanding the source of the link or attachment. Education also encourages users to practice safer browsing habits outside of their office, leading to less likelihood of an infected device entering the organisation’s environment. Jolliffe concludes that security needs to be tackled from multiple angles, and not simply opted for as a necessary evil. When profits and reputations are at risk, businesses simply cannot afford not to invest in security, and the value of having a comprehensive system in place to prevent malware attacks must not be underestimated. “Just ask any one of the 65 or more large companies who were hardest hit by “destructionware” and may never recover their losses,” he concluded.

CYBERSECURITY TRENDS

Shake it like a

cloud-based infrastructure By Ralph Berndt, director, sales at Syrex

Think that business is about to change in 2018? You’d be right…

hen it is broken down to its blandest, the New Year is just the beginning of another month. It isn’t a seismic shift in anything other than perception. Unless you’re a business with a vision. Then the start of the next annual cycle is an opportunity to grab hold of new innovations and trends with bold hands and shift profitability and capability into new gears. For those who want to ensure that they are connected, relevant and secure, there are some significant business trends that should be paid close attention to. The first of these is security. It is one of the most talked about topics in businesses today and can be about as entertaining as watching a PC reboot after a major patch, but there are some important changes afoot that are set to make it exciting.

The next few months will see next generation firewall solutions take a prominent place on the security stage and they will bring a change in how the organisation approaches its security. Businesses should look closely at how their security is designed and aligned to ensure that they avoid ongoing adaption from a risk perspective. In South Africa, the business and home markets will find that the fixed line connectivity and ISP services are likely to be far more in line with their requirements. They will be better serviced and more capable. The business benefits include increased capacity, more room for growth and the ability to expand cloud investment. Which, of course, leads neatly into the next major trend, one that has dominated for the past few years and will remain firmly top of mind in 2018 – cloud. In South Africa, the move from managing on-premise ICT solutions towards private

SECURITY FOCUS AFRICA FEBRUARY 2018

and public cloud services will continue to see rapid business adoption. From a tentative market dipping its toes in cloud waters while watching and waiting to see what the Jones’ will do, South Africa is becoming bolder and more invested in what cloud has to offer. This is bolstered by fixed line connectivity and ISP service improvements as well as by advancements in the applications that cloud enables. Applications are becoming increasingly flexible in their scope, tying in with the business need to agilely adapt to market demand. There is also more variety and availability which means that organisations are able to find solutions that are tailored to their specific requirements. This year should finally see the back of shoehorning the business into the solution, and now it is all about ensuring that the solution fits the business. 2018 is about adaptability, flexibility and scale, and the ability to take advantage of what this has to offer.

securityfocusafrica.com

CYBERSECURITY TRENDS

Managing risk through the cloud By Dragan Petkovic, security product leader ECEMEA Oracle

Companies are increasingly turning to the cloud for improved security, efficiency and regulatory compliance.

ata breaches that result in confidential data being compromised, whether it is just released to the general public or used for more malicious purposes, have become almost a daily occurrence, making cybersecurity a non-negotiable for organisations. This includes both educational awareness and the necessary hardware or software tools. The increasing complexity of emerging technologies and advances in hacking practices mean that enterprises and their legacy networks – often built with kit bought from multiple vendors at the cheapest price at auction, by a procurement team over the years – may no longer be safe. Of top concern are infrastructure downtime, security threats and vulnerabilities, and data protection. Companies are responding through several ways, including hiring CEOs who come from the cybersecurity space, as they know how to manage risk, and speeding up their migration to the cloud - with mature users understanding that cloud computing provides better security than poorly deployed or legacy licence (on-premise) systems.

Ensuring regulatory compliance Apart from protecting themselves from external threats, companies around the world are increasingly being required to comply with data privacy regulations, such as the Protection of Personal Information Act (PoPI) in South Africa. The PoPI Act states that organisations

ACCORDING TO A REPORT from The Economist Intelligence Unit and Oracle, over the past two years, organisations have witnessed a

42% increase in hacking 39% growth in malware 23% rise in financial theft Globally, cybercrime is expected to reach $2 trillion by 2019.

securityfocusafrica.com

must take appropriate measures to protect personal information against unlawful access or processing, as well as loss, damage, or unauthorised destruction. Companies must further take measures to identify risks, maintain safeguards against such risks, and ensure that these safeguards are continually updated in response to new risks. In Europe, the General Data Protection Regulation (GDPR) becomes enforceable from 25 May this year, requiring data protection ‘by design and by default’, in addition to the right to access and the right to erase amongst others. Non-compliance can result in significant fines (4 per cent of global revenue or €20 million, whichever is greater) as well as the possible accompanying reputational loss.

Migrating to the cloud

In addition to the right to access, right to erasure and data portability, one of the key legislative requirements of GDPR is to be able to provide any individual with every piece of data an organisation holds on them, including all data records and any activity logs that may be stored. This places the focus firmly on good data management, with the benefits being increased security and operational efficiency, to improved customer service. By turning to cloud computing at the infrastructure, platform and software level, businesses gain the ability to extract, collate and analyse data at incredible volumes and speed - even from across previously disparate systems - to ensure compliance. In a growing number of countries, data privacy regulation now stipulates where data must be stored, presenting organisations with additional challenges; however, the availability of innovative managed “cloud at customer” solutions now gives customers transparency and the choice of having their workloads in a private cloud with all the benefits of stability and real time updates yet keeping critical information and applications within their own building. Or the benefits of

public cloud. In fact, in many cases it will be a hybrid model with a mix of public and private cloud solutions for different systems and applications. Ensuring regulatory compliance is a long term commitment, and investment in implementing a cost-effective supporting infrastructure might represent one of the biggest opportunities for companies to accelerate digital transformation in recent years.

Education and automation With security at the core of a modern organisation, good governance for managing systems and people effectively is critical; strong authentication and encryption becomes a necessity. Backup, archiving and storage helps to further protect against ransomware, and mobile device management becomes an instrumental means of controlling information at the edge. It is also not just about the technology: industry estimates put nearly half of all security breaches down to human error, and educating employees on how to spot suspicious emails can help cut down on phishing, whaling and other attacks that rely on unsuspecting end-users to click on links to infected websites, or open attachments that install malware or ransomware. However, the very advances in technologies that enable the threats are also providing companies with the tools that are required to combat them. Using machine learning and AI techniques, autonomous operations will anticipate outcomes, take remedial action, and be aware of real-time risks. Databases with autonomous auto-tuning and patching capabilities are already on the market, helping combat cyber threats resulting from human error, without it having to be shut down or taken offline. By 2025, 80 per cent of cloud operations risk will vanish entirely, and a higher degree of intelligent automation will permeate the cloud platform, becoming the catalyst that further accelerates enterprise cloud adoption.

SECURITY FOCUS AFRICA FEBRUARY 2018

CYBER TRENDS

Are we there yet? By Eckart Zollner, Head of New Business Development at the Jasco Group

5G, or Fifth Generation networks are being lauded as the vehicle which will launch technologies such as Internet of Things (IoT) and blockchain based applications into mainstream use - and with good reason.

promises significantly faster speeds than its predecessor, 4G. But with 4G only recently being put into proper real play, how ready is South Africa for the next generation network?

5G still a way off As demonstrated by recent trials, 5G is still in the process of having its technical standards ratified and adopted by the industry. Hardware OEMs such as Ericsson, Nokia and Huawei are forging ahead with early stage trial releases, while operators are conducting their own trials and laboratory testing. However, we are still a long way from 5G becoming commercially available in South Africa, with estimated time lines of two to three years before we start seeing real uptake.

A question of cost and spectrum availability 5G networks are expensive to deploy. With many operators only in the middle to final stages of their 4G rollout, investing in the infrastructure required to facilitate 5G is a costly task. However, there are many gaps in both mobile and fibre networks where 5G investments make financial sense, such as remote locations or areas with a high concentration of IoT interest and investment.

Frequency spectrum allocation is another potential impedance to 5G delivery. There is already a shortage of spectrum available for 4G network operators, and South Africa’s spectrum regulator, ICASA, will need to work closely with government and stakeholders to ensure that similar shortages and allocation delays do not occur. For the time being, there is little clarity on 5G spectrum allocation and it is likely that until a clear framework is in place, 5G rollouts will be hampered.

Why 5G? 5G could answer many of Africa’s - current connectivity concerns. Particularly in areas where fibre is unable to reach or too costly to invest in, 5G uptake will be massive. Currently, the speeds and quality of service that 5G promises are limited to users and organisations that can afford fibre. 5G mobile connectivity will enable small business owners and people in rural communities to leverage applications and sites that they have previously been unable to. Of course, this means that the pricing of 5G will need to be carefully evaluated. Data prices in South Africa have a reputation for being too high - these will need to reduce in order for 5G to fully cater to the market. Government will play a large role in controlling data prices, especially as it will seek to use 5G for its own community

SECURITY FOCUS AFRICA FEBRUARY 2018

connectivity projects. It will fall to ICASA to work closely with government and stakeholders to ensure that 5G data prices are affordable. 5G is also expected to spur South Africa’s digital evolution through support of technologies such as IoT and advanced mobile applications. To date, the uptake of these technologies has been relatively slow when compared with the rest of the globe. A lack of affordable, quality mobile connectivity has been the main hurdle to realising their potential, especially in industries like critical service delivery and healthcare, who stand to benefit massively from IoT devices. The demand for IoT and mobility will put pressure on operators and ICASA to formalise 5G plans, and stick to rollout schedules where possible.

Get ready Despite potential delays and hurdles to overcome, Africa should get ready for 5G. Operators and device manufacturers alike, are pushing for 5G to become a reality. Another driver is the score of technologies that stand to benefit businesses across all industries. Businesses investigating IoT, blockchain technology, cryptocurrency, and mobile applications should be preparing to run these off of 5G as soon as it becomes available.

securityfocusafrica.com

INDUSTRY OPINION

Security initiatives boost property prices Living in South Africa, security is always a key concern for potential property buyers and tenants, says Robert Bell, managing director of Frankie Bells Real Estate. And yes, security does affect property prices.

“T

he reason why buyers are so specific about buying in the sought-after areas is due to those communities taking a proactive role in mitigating crime. The areas that have invested in CCTV cameras, 24-hour guards and boomed access tend to achieve higher property values,” he says. The same is true for rental properties, with many prospective tenants actively seeking out homes or apartments already fitted with alarm systems and other security measures like burglar bars, electric fencing or situated in gated communities and complexes. He explains that interested buyers always ask about crime related to the premises and the suburb with break-ins, attempted breakins and violent crimes being top of their enquiry list. “Our buyers generally want to know about access control (boomed estate or gated complex), beams, electric fencing, 24-hour guard, and armed response. Single entry/ single exit areas with signed-in access for non-residents are a real drawcard.” Fidelity ADT’s managing executive, Stuart Clarkson, says it’s great that potential buyers are seeing the value in an integrated security solution and pro-active measures. “Sophisticated security systems historically used by big corporates are now being adopted by private residential clients. More people are using systems that include CCTV

securityfocusafrica.com

cameras, remote surveillance, and other perimeter security systems such as infrared sensors. Home automation systems where residents can monitor their property remotely and respond to alerts in case of an emergency are also growing in popularity,” he says. He adds that neighbourhood watches are also installing camera networks as part of the security systems they put in place, which have proven to be hugely successful. The big advantages of camera systems are the access to views of areas that may not have previously been available and the supply of crucial evidence that can be used in the apprehension of criminals. “We have seen the best success stories in areas where residents have not only put in home security measures but suburb solutions and get actively involved in neighbourhood watches and resident associations,” he says. The most successful areas are those that work very closely with security companies in order to foster strong partnerships. Fidelity ADT has a long standing relationship with many residents associations and community forums, and actively helps to drive these types of community security initiatives into an area. “Over the past few years we have invested heavily in many areas to assist communities to assist with crime prevention, and work hand in hand with these communities to

Stuart Clarkson, Fidelity ADT managing executive

tailor-make a solution that is fit for purpose,” Clarkson adds. Bell says, from his experience, around 70 per cent of people are involved in some way with their neighbourhood security. “It obviously differs from area to area with some people very actively involved in their neighbourhoods, other less so, while some want to be kept informed, but do not want to be a part of the administration. “If a security-related matter has a direct impact on them, they would usually be involved and be prepared to contribute financially to the cause. “Community forums really do help retain property values and reduce crime. We would like to encourage residents to get involved in their communities and crime prevention initiatives. Not only will it curb crime but could also boost your selling price when the time comes,” he concludes.

SECURITY FOCUS AFRICA FEBRUARY 2018

COMPANY NEWS

Over R20 million invested

in vehicle armour and Kevlar uniforms With an estimated 490 000 active private security officers in South Africa working in armed response, cash-in-transit and guarding, South African citizens are spending approximately R45 billion a year on private security making South Africa’s private security industry the fourth largest in the world per capita.

tuart Clarkson, managing executive of Fidelity ADT, which now forms part of the larger Fidelity Security Group, says with crime statistics remaining at unacceptable levels the private security industry plays a pivotal role in supporting the South African Police Force. In a 2016 Stats SA Victims of Crime survey it was noted that the most feared type of crime is house robbery, so much so that 50 per cent of households have taken physical measures to protect their homes and 11 per cent of households employ private security services. In 2018, that category of crime remains unchanged. He says the nature of violent crime has necessitated a significant investment in resources to protect officers who place their lives in danger almost every day. Fidelity ADT has invested over R20 million over the last two years in bullet-resistant vehicle armour for its fleet of 740 vehicles and bulletresistant Kevlar uniforms for its reaction and security officers. “All our vehicles are now reinforced

with Kevlar door inlays and clip on ballistic protection window inserts. These additions to our vehicles provide optimal protection against small calibre munitions, most commonly used in domestic crime,” says Clarkson. The company also makes use of in-vehicle camera systems which record all activities inside and in front of the vehicle. This helps during criminal investigations and accidents to ensure the company has as much information available as possible to assist the South African Police Services and is also used as part of the company’s ongoing training of officers. “Over the years, as technology has improved and the nature of crime has changed, it has become important for the private security industry to evolve in order to adequately protect its officers. “Today, Kevlar jackets and ballistic plating for our officers’ uniforms and reinforced armour in our vehicles with the addition of Kevlar door inlays and ballistic glass is a nonnegotiable,” concludes Clarkson.

SECURITY FOCUS AFRICA FEBRUARY 2018

IDEMIA new appointment IDEMIA, the world leader in augmented identity in an increasingly digital world, sees the chairmanship of its supervisory board renewed with the promotion of Yann Delabrière, former vicechairman of the group.

ormer chief executive officer of Faurecia and current chairman of the management board of Zodiac Aerospace, Yann Delabrière will replace Marwan LAHOUD, who becomes vice-chairman of the group. In May 2017, Advent International invested alongside Bpifrance to bring together the complementary strengths of Safran I&S (Morpho) and Oberthur Technologies (OT). Combining Morpho’s leadership in end-to-end biometric and identity solutions with OT’s leadership in embedded digital security, the new IDEMIA identity was unveiled on 28th September 2017. It is the global leader in augmented identity for an increasingly digital world, with a view to provide citizens and consumers with end-to-end full-secured solutions, when they interact, pay, connect, travel and vote. “As the new chairman of IDEMIA's supervisory board, I am very pleased to continue the work initiated by Marwan Lahoud and all the other members, since OT and Morpho joined forces, to build the group's leadership. “In a fast-changing industry, I know we can rely on the talented and skilled leaders who compose the recently announced top-management team to deliver upon the CEO Didier Lamouche’s strategic vision,” says Mr Delabrière.

securityfocusafrica.com

COMPANY NEWS

Paxton announces recipients of its new scholarship programme Paxton, the global brand of electronic IP access control and door entry systems has announced the first recipients of its new scholarship programme in conjunction with the University of Brighton.

he initiative, launched in November last year, offered the opportunity for students studying engineering and product design related courses at the University to win one of three scholarship places each worth £10 000 plus a 3-month paid work placement with the company from July 2018. As part of the scholarship, the selected scholars will participate in technology research projects at Paxton, that will then form the final year project of their degree course. In November 2017, the company hosted a student open day at its new state-of-theart facility, the Paxton Technology Centre, which was attended by over 100 students from the University of Brighton. The open day provided them with the opportunity to learn more about the company and the application process, meet Paxton’s experts in Product Development and Research, and receive hands on technology demonstrations of the company’s diverse product range. From those that applied, 16 were then invited to an assessment day, where they undertook a series of practical tasks and interviews. Following this, the successful three students were then selected, who are: • Yury Johnson, aged 20 who is studying (BEng) Electronics and Computing • Laurence Budd, aged 21 who is studying (BSc) Computer Science

Pictured left to right: Professor Debra Humphris, vice chancellor, University of Brighton; Sam Innes; Laurence Budd; Yury Johnson; and Adam Stroud, Paxton CEO.

• Sam Innes, aged 20 who is also studying (BSc) Computer Science Commenting on the programme, Adam Stroud, Paxton’s chief executive, said: “I’d like to congratulate the three students that have secured the 2018 Paxton Scholarship. The Paxton Scholarship is a long-term initiative designed to ensure that we can secure the bright-minds needed for the company’s continued success and prosperity. “I am thrilled at how the initiative was embraced by both the team at Paxton as well as the students and staff at the University of Brighton. “We hope that for the students involved, the Paxton Scholarship will mean much more than just financial help. Industry experience, without having to take a year

out, will be invaluable to their development and help them to decide what career they wish to pursue. “We also believe it will continue to highlight the diverse range of roles available within the security industry and the opportunities offered by a growing and exciting business sector.” Sam Davies, University of Brighton’s director of philanthropy & alumni engagement said: “Congratulations to the students and to Paxton for introducing this exciting and unique opportunity. “We are delighted to have partnered with Paxton in establishing this new scholarship programme which provides our students with access to the realities of the workplace and the challenges companies like Paxton face on a day-to-day basis.”

WHO WOULD YOU TRUST TO 021 404 1240 www.sparks.co.za

securityfocusafrica.com

DO THE JOB?

SECURITY FOCUS AFRICA FEBRUARY 2018

ON THE MARKET

Unlock your front door with your smartphone

In the not too distant future, Smart Homes will begin at the front door.

id you know that 55 per cent of homeowners want the ability to control their home security remotely and with this the ability to allow access to their homes without the need

of having to use a key. The days of fussing about keys are over. With a Smart Door Lock from Yale, you have the option to use a PIN code, RF Tag, RF Card, or even a smartphone to unlock your door. We’ve all been there. You’ve come home and your hands are full and you need to fumble around in pockets or your handbag to find keys to unlock your door, if you could only use a PIN code or RF-card to unlock. Or, visitors have shown up early and are left stranded outside your front door whilst you are stuck in traffic. If you could just open the door remotely... All of this is achievable using the latest technology in smart door locks from Yale, providing a completely keyless solution with the ability to remotely monitor and control access to your home when a smart module has been added to your Keyless Connected

SECURITY FOCUS AFRICA FEBRUARY 2018

Smart Door Lock and paired with the Yale Hub. The Keyless Connected Smart Door Lock makes domestic key troubles a thing of the past. You can manage user access remotely (schedule date and time access, revoke user rights, etc.) and there’s no longer any need to have a spare set cut for children, cleaners, carers or temporary workers. Unlocking via PIN code, RF-ID, or simply by a couple of swipes on a smartphone screen, the Keyless Connected Smart Lock works equally well both as a stand-alone solution and when connected to a smart home system. Lise Kimmings, managing director for Yale SA, said: “Yale is renowned for its expertise in locking solutions and we’re using the latest technology to keep your home secure.

securityfocusafrica.com

ON THE MARKET

TomTom Telematics launches

next generation fleet management TomTom Telematics has launched a new product line-up to enable faster, more efficient, fleet management.

he Software-as-a-Service (SaaS) solution, WEBFLEET, has been completely rebuilt and includes brand new features and a fresh, more intuitive user experience that includes advanced customisation capabilities. The revamped software is enhanced when coupled with the new range of TomTom PRO driver terminals. Together they help provide more effective job dispatch, while delivering market-leading routing, navigation and traffic information. “We have drawn upon more than 18 years’ fleet management expertise to develop our

next generation products, incorporating feedback from our 49 000-strong global customer base,” said Thomas Schmidt, managing director of TomTom Telematics. “The simple and clean WEBFLEET interface offers a superior user experience and new architecture enables quicker development of core features. It also facilitates faster development and deployment of connected partner applications, enabling the technology to adapt and evolve according to customers’ needs.” One of the newly enhanced features enables managers to pre-plan specific routes in New WEBFLEET using an increased range of criteria to help ensure drivers follow specified routes, or avoid certain locations.

These routes can then be sent directly to drivers via the new TomTom PRO 5350/7350 driver terminals. This is particularly valuable for industries where drivers are required to follow pre-defined routes, such as waste management, or for avoiding accident hotspots. WEBFLEET maps and reports can be more extensively customised to suit individual preferences, delivering fleet insights faster. The interface has also been optimised for tablets, meaning WEBFLEET offers greater support for flexible working, accessible now on any screen, anywhere. New WEBFLEET is available to all TomTom Telematics customers across 60 countries, in 13 languages. The new TomTom PRO driver terminals are now available throughout Europe, Australia, New Zealand and South Africa. In April, they will be available in the U.S., Canada, Chile and Mexico.

Bitdefender wins ‘product of the year’ award from av-comparatives Bitdefender, a leading global cybersecurity technology company protecting 500 million users worldwide, has won independent analysis firm AV-Comparatives’ Product of the Year award after achieving the highest score possible in all seven rounds of testing in the past year.

he award marks the second time Bitdefender has won the coveted prize. Bitdefender was awarded an Advanced+ rating in tests throughout 2017 covering the following categories: Real World Protection; Performance; Malware Protection; False Alarms; and Malware Removal. “For many years, Bitdefender has been delivering outstanding products that fight online threats with the highest level of effectiveness and are user-friendly and light on resources,” said AV-Comparatives Chief executive officer Andreas Clementi.

securityfocusafrica.com

“We expected a very strong showing by Bitdefender this year, and our testers were not disappointed.” Bitdefender also won AV-Comparatives’ Gold Award in the Real World Protection category which tested products from 21 anti-malware vendors worldwide and measured its ability to fight threats encountered on the Internet. “Independent testing is the most accurate way available to assess the effectiveness and reliability of a product, and we’re proud to score so highly for yet another year,” said Viorel Canja, senior vice president: cyber threat intelligence at Bitdefender.

SECURITY FOCUS AFRICA FEBRUARY 2018

ON THE MARKET

Suprema’s BioStar 2

cybersecurity protection Living in an interconnected world leaves us vulnerable and exposed to cybercrime, and with the advancements over the years in physical security products these too have become open to cyber threats, resulting in monetary and safety damages to the extent that many countries are now enforcing personal data protection laws.

ive major security points can be identified, namely; credentials, data in the edge device, communication between device and server, data in the server, and the communication between the server and the client. The biggest threat in credential security is RF card cloning and fake biometrics. Among the major two types of RF cards, 125 KHz cards are easily cloned, and depending on the 13.56 Mhz cards and their usage, these can be cloned as well. No protection is applied in 125 Khz RF cards, which only support wiegand formats. But, it is possible to duplicate the card including format data. Mifare cards (13.56 Mhz) have IC chips and support encrypted data but, when it comes to CSN and Mifare Classic, they are vulnerable to card cloning. First of all, it’s necessary to choose the right cards that support strong encryption methods. After choosing the right type of card, it is necessary to use a data area on the card that is protected by the encryption method. BioStar 2 supports smart cards that feature secure credential and access on card. Only a device with a matched key can access the data on the card. The second major security point to consider is data protection in the edge device: how safe is the personal data in the device, and

what if a hacker removes a device from a wall to gain access to the data on the device? To address these threats, Suprema encrypts all personal data on the device including the name, pin, finger and face biometrics. User ID and card ID are categorised as system data and are therefore not encrypted. If a device is removed off of a wall, all user data and logs can be deleted at such a tamper event, however it must be stated that this is an optional setting available in device settings on devices loaded with compliant device firmware versions and is supported from BioStar version 2.6 onwards. The new CoreStation intelligent controller offers further security, with no need to store user credentials on edge devices. The CoreStation is based on a centralised topology, where the intelligence, including fingerprint matching, is done on the controller, all data storage and RS485 communication to edge devices is encrypted according to the latest international standards, with no need to have a network access point available to hackers outside of your building. Then there are the concerns surrounding communication between the device and the server/controller. Here one needs to consider device hijacking or data snipping/snooping for both network and serial communication.

SECURITY FOCUS AFRICA FEBRUARY 2018

In TCP/IP connections Suprema offers the highest level of communication protection via optional TLS 1.2, which is widely used in the financial industry. Secure communication for RS485 is through OSDP v2 Key. Keep in mind that Wiegand can be hacked because of its low end protocol method which is without key change encryption and therefore controllers only supporting Wiegand pose security threats. When addressing the protection of personal data in the server in the event of server data leakage or hacking, BioStar 2 server efficiently encrypts all personal data including email, login password, pin and fingerprint template. Suprema also supports encryption key value for your own key value management in BioStar versions 2.6 onwards. “Right to be forgotten” functionality is provided and allows log data to be automatically deleted after a designated period. The final risk point raises the question of the possibility of communication between the server and the client being hacked. BioStar 2 versions 2.5 onwards supports HTTPS as a default, plus TLS version 1.0 and higher to secure communication from poodle/man-inthe-middle attack. There are also additional personal data management methods to consider. Suprema’s BioStar caters for access on cards (AoC) for both physical cards and mobile cards, taking away the need to store credentials and personal data on the device, controller or BioStar 2 server. From version 2.6 upwards, optional functionality is available to automatically delete credential and personal data upon issuing AoC cards for both physical RF and mobile cards. In summary, Suprema’s BioStar 2 cyber security protection features and data management options that help prevent cyber-crime and comply with data protection regulations include enhanced security through encrypted communication including HTTPS encryption between the server and the client and 256 bit AES encryption of communication between the server and devices. Improved security offered through centralised, secure storage of biometric and access group data. There is no Ethernet connection to edge devices and no data is stored on edge devices. Communication is secured via TLS 1.2 and AES-256 encryption.

securityfocusafrica.com

ON THE MARKET

Elvey keeps things on track

for Pyze Auto Electrical on mining project Specialising in auto electrical and electrical spares, repairs and rewiring of earthmoving and trackless equipment, Pyze Auto Electrical has a solid background in the mining industry. As part of its service to a large mining company, Pyze was asked to provide equipment that would open and close train tracks on the mine.

two-year relationship with Elvey provided Pyze with the technology required to undertake sections of the project and included the supply of Dahua CCTV surveillance cameras and DVRs, DSC Systems alarm systems and Sherlotronics remote standalone transmitters, wireless repeaters and mimic bases. The project involved a number of elements which included the protection of several workshops located across a very large area. A control room has been built that is linked on a wireless network to the DVRs. Cost-effective transmission of alarm events was provided through the Sherlotronics Mimic Base MB4000 transmitter, which has a memory capacity of 2 000 remotes and a microSD card for backing up. “Because these structures have a corrugated iron construction, it was necessary to install technology that would ensure uninterrupted transmission so we placed strategic repeaters on a number of high sites,” says Elvey’s intrusion detection specialist Ruaan Fourie. A proof of concept trial is currently underway on a number of the mine locomotives that run on tracks throughout the mine. These locomotives have been fitted with mobile Dahua DVRs and dome cameras. Using the onboard Sherlotronics devices and positioning provided by the cameras, the exact location of each locomotive throughout the site is captured and a triggering system allows the operators in the control room to activate the changing of tracks remotely.

Offering you more than leading world class brands

TECHNICAL SUPPORT . TRAINING EXTENDED WARRANTIES FLEXIBLE FINANCE . PERSONALISED SERVICE . LEVEL 3 BBBEE

CMY

+27 11 401 6700

www.elvey.co.za

ELVEY IS A LEADING DISTRIBUTOR OF ELECTRONIC SECURITY EQUIPMENT IN AFRICA. Our mission is to assist in the protection of people and property by providing quality, innovative products and solutions to the electronic security industry, thereby ensuring a safe and secure future for all.

Brands we associate with

Project product selection.

SYSTEMS a company of TheNiceGroup

SECURITY FOCUS AFRICA FEBRUARY 2018

info@elvey.co.za

ON THE MARKET

Security threats to face recognition and FaceStation 2 Technology Apple recently released its most ambitious product, the iPhone X, in celebration of the 10th anniversary of the release of the first iPhone. The iPhone X especially stands out with its introduction of Face ID, a face recognition technology to replace the fingerprint recognition technology (Touch ID).

ccording to Apple, Face ID will recognise a user’s face wrongly only once in 1 million times, an immense improvement over the once in 50,000 times probability of Touch ID. However, authentication through face recognition is actually as prone to spoofing as fingerprint-based methods. The press was quick to point out after Face ID was announced that it would be easy to recreate through 3D rendering the faces of wellknown politicians or actors that are often exposed in photos or videos as there is a great amount of data available on them. 3D printers, which are used to build face structures, are also no longer hard to find. They can be commonly found in online shopping malls like Amazon.

To prove such spoofing is possible, Bkav, a security company based in Vietnam, succeeded in spoofing Face ID with a face mask that it created. The mask’s face structure was created using a plastic mask and silicon, and an additional application of paper and makeup was enough to bypass authentication. Then what about Suprema’s FaceStation 2, which also authenticates users with face recognition? Is its security also vulnerable to similar methods?

FaceStation 2’s Advanced Face Recognition Technology FaceStation 2’s face recognition method functions differently from the iPhone X’s. The mask that Bkav used to spoof Face ID has

SECURITY FOCUS AFRICA FEBRUARY 2018

eyes, a nose, and a mouth constructed to resemble an actual person’s, but the remaining parts of the face are made of plastic. Through this information, it can be inferred that Face ID uses 3D modeling data and True Depth technology in its authentication process. FaceStation 2, on the other hand, not only uses 140 near-infrared (NIR) LEDs to extract 3D modeling data, but also uses an algorithm to produce various numerical values from the infrared light reflected off of the face. These values include those related to skin tone and skin texture values, which are helpful in distinguishing between similar faces. This special hardware and algorithm render the mask built by Bkav useless when tested against FaceStation 2’s authentication system. FaceStation 2 also uses a matching score when executing face recognition. The matching score is a calculation of the match between a pre-registered face template and the actual face to be authenticated. The score helps guard FaceStation 2 against spoofing, as a low value is produced if the mask used in spoofing does not use a 3D model that exactly matches the actual face. FaceStation 2 was recognised for its technological advancement at the 2017 Detektor International Awards, and was awarded the Best Product Award in the ID & Access category. FaceStation 2 combines Suprema’s most state-of-theart algorithm and hardware to provide a new contactless authentication experience, with a greater variety of features and increased performance.

securityfocusafrica.com

Kedacom - 2.0MP Starlight & Ultra WDR HD Network Varifocal IR Bullet Camera

Dahua - 2MP 30x Starlight Laser PTZ Network Camera

Turnstar – Traffic Master Automatic Industrial Vehicle Barrier

The camera provides excellent image quality and has abundant enhanced features including high efficiency IR and supports edge based advanced video analytics such as guard line, defocus, scene change, gathering, audio surge and many more.

Featuring powerful optical zoom and accurate pan/tilt/ zoom performance, this camera provides an all-in-one solution for capturing long distance video surveillance for outdoor applications. Together with infrared illumination and Starlight Technology, the camera is the perfect solution for dark, lowlight applications.

The Traffic Master is Africa’s preferred solutions for vehicular access control and is designed for ultrareliable performance. It is suited for applications requiring high volume access and medium levels of security. The Traffic Master is used extensively in applications such as parkades, shopping malls, residential estates, office parks, factories, warehouses and mines.

Key features: - 2.0 Megapixel 1/2.8’’ progressive scan CMOS sensor. - H.265 video codec, saves up to 50% bandwidth and storage. - Multi-stream up to 3. - Ultra low illumination, 0.001lux with colour picture. - 3D noise reduction / Auto Iris / HLC. - Supports 90°, 180°, 270° auto correction rotation.

Key features: - 1/1.9” 2Megapixel CMOS. - Powerful 30x optical zoom. - Max. 25/30fps@1080P, 25/30/50/60fps@720P. - Auto tracking and IVS. - Support Hi-PoE. - IR distance up to 500m.

Key features: - Ultra heavy-duty electromechanical rotation locking mechanism. - Tension spring counterweight system with self lubricating plastic bush. - Mechanism plate and adaptor arm zinc plated for corrosion resistance.

Benefits: The TF card slot offers Automatic Network Replenishment (ANR). The camera accommodates 2 audio channels simultaneously. The heating glass offers anti-fog. Operational temperatures of -40°C ~ 70°C.

Benefits: For challenging low-light applications, Dahua’s Starlight Ultra-low Light Technology offers best-in-class light sensitivity, capturing color details in low light down to 0.002 lux. The camera achieves vivid images, even in the most intense contrast lighting conditions, using industry-leading wide dynamic range (WDR) technology.

NetworX - IP Communication Module

ET - TX2-Micro Wired Transmitter and RX2-Micro Receiver

FireClass – Triple Sensor Detector

The Interlogix® NetworX IP Communication Module enables remote management and alarm reporting for NetworX version two (V2) security panels. This module communicates over the internet via an Ethernet connection and can be configured for alarm reporting over IP when Public Switch Telephone Network (PSTN) connectivity is not available. Alternatively, the NetworX panel can utilise PSTN for failover connectivity if the IP communications path is lost.

Introducing the all New TX2-Micro Wired Transmitter and the RX2-Micro Receiver. The most cost effective, simple solution to “Take control of your world”. Compact design, with class leading transmission range of up to 750m. The TX2-Micro and RX2-Micro features Propriety Double Encryption ET-Blu Mix® Rolling Code.

For life protection and when the environmental conditions are challenging, the multisensor smoke, heat and Carbon Monoxide detector provides the ultimate in detector performance. It uses the three sensor elements in concert to accurately determine the presence of fire with false alarm rejection properties that make it the ideal choice for hotel bedrooms where steam from bathrooms is a common source of false alarms.

Key features: - Remote management through the UltraSync application for iOS and Android devices. - Two output relays controllable with the UltraSync application. - DLX900 upload/download support. - Configurable email alerts. Benefits: The NetworX IP Communication Module interfaces with the Interlogix UltraSync™ application and enables remote management of NetworX security panels from iOS® and Android® devices.

+27 11 401 6700

info@elvey.co.za

Key features – TX2 Micro Wired Transmitter: - Energy efficient input operating voltage load. 3mA Standby and 20mA Transmitting @ 5 – 30v DC. - Triple transmission minimises lost transmission. - Each channel can be independently set to transmit using either ET-Blu Mix® or ET Blue rolling codes. Key Features – RX-Micro Receiver: - Two FET outputs total 400mA. - Each channel can, independently, be set to “latch” or “momentary” pulse mode. - Energy efficient input operating voltage load @ 5 to 30v DC. - Can be used with “ET Relay Boards Module” when switching higher loads (400mA).

Benefits: The Traffic Master is unaffected by dust, dirt and moisture and is designed for the harshest of conditions. The double buffered mechanism lowers mechanical stress which means longer operational life.

Key features: - Digital protocol. - Optional bi-directional line isolation. - Remote detector verification & temperature read out. - Programmable alarm LED with 360º viewing angle. - Optional detector locking pin. Benefits: Best in class environmental and detection performance. Automatic self-testing of each sensor element offers reassurance of operation at all times and the 360º alarm, isolated and fault LED on each detector provides instant line of sight.

www.elvey.co.za

Providing Complete Peace of Mind

PRODUCT SHOWCASE

Turn footfall into business opportunities

Deep learning technology in smart retail solution In this ever-expanding era of artificial intelligence (AI), Deep Learning will soon become the foundational technology for the security industry. Technologies that “learn” will become more common and more powerful. This trend will strengthen critical security efforts in every sphere.

oday, Hikvision’s three camera models equipped with Deep Learning algorithms will be introduced in the smart retail industry. In the retail business, with the growing popularity of shopping online, the retail sector has felt the disruptive impact of Internet e-commerce more than most industries. Some have reacted to online competition by closing physical stores, but others are attempting to overcome challenges through technological transformation. Traditional retail lacks intelligent tools for accurate data collection and visualisation, making it unable to provide a basis for business decision-making at the shop.

But now, Hikvision has developed a smart retail solution that provides comprehensive CCTV security to protect staff and customers and assist loss prevention. Not only that, this smart retail solution features data collection and analytics for enhancing business value. Benefiting from Deep Learning Technology, three intelligent functions for retail support include people-counting to track customer traffic and volume, heat mapping to know the popularity of goods in the shopping area, and queue detection to monitor the queuing situation in real-time.

People-counting There is an old saying in the trade industry: “small profits but quick turnover”. And

SECURITY FOCUS AFRICA FEBRUARY 2018

footfall is a “KPI” – key profit indicator – that can help make that turnover. Compared to e-commerce, traditional offline retail stores lack the capabilities to accurately calculate customer flow. Hikvision’s Dual-Lens People-Counting Camera provides accurate customer counting and generates customer flow trends to evaluate performance and strategic initiatives. However, in a real-world scenario, shadows or other objects may easily cause miscounts. The Dual-Lens People-Counting Camera, equipped with two cameras and powered by a Deep Learning algorithm, easily overcomes such interferences to deliver highly accurate people-counting data. A key advantage of Deep Learning algorithms over surveillance cameras’ vision algorithms is that Deep Learning can be continuously trained and improved with better and more data sets. This means the longer it works for you, the smarter it gets. Featuring binocular stereo vision, 3D people detection, and height filtering technologies, the Dual-Lens People-Counting Camera is able to accurately distinguish human beings from non-human objects in the background. Hence, these cameras distinguish human beings from other objects and movements in the background. By analysing customer flow data, store management can optimise the allocation of the workforce to reach higher profits and ensure better customer service. Store managers can schedule staff strategically for peak and off-peak hours. Furthermore, they can also develop strategic marketing activities to attract customers by analysing the data of incoming rates (entering versus passing by).

securityfocusafrica.com

PRODUCT SHOWCASE

regions within a store. In spacious areas, fewer cameras means reduced installation & labour fees. Hikvision’s fisheye cameras are ideal for these areas, maximising monitoring views and image quality insurance.

Queue detection Heat mapping When customers enter the store, retailers are concerned about what merchandise customers are interested in. Before that, what’s more important is how to get what route they walk and where they stop. With Hikvision’s Heat Mapping function, retailers can determine the amount of time shoppers spend in specific areas of a store, identify hot spots and dead zones, and measure the number of people who actually shop for specific products, rather than just casually walk by. Heat Mapping is used to monitor and measure the size of target traffic in a region. It is a graphical representation of data represented by colours, and it is usually used to analyse the visit times and dwell times of customers in a specified area. The Heat Map function is often used in shopping malls, supermarkets, museums, etc., and can find customers’ preferences over time through heat maps, offering insight how to best place items and design the store layout. As a representative product, Hikvision’s Fisheye Cameras, equipped with heat mapping function, not only capture a panoramic high-definition image but also learn about heat conditions in different

securityfocusafrica.com

What do you do if you always have to queue for a long time when you are shopping? Keep waiting, or give up shopping and avoid that store in the future. In the retail industry, waiting time is one of the most important factors affecting the customer experience. Hikvision’s Queue Detection function can help retailers manage checkout lines. When too many customers enter a queue, it can notify management to open a new checkout line. More specifically, Hikvision’s queue detection cameras can monitor the queuing situation in real-time. Firstly, cameras count the number of people in each queue, and then track the dwell time of each customer. Once it is found that the number of people in queue is too many, or the average dwell time of customers is too long, an alarm will be triggered to prompt a response. Store management will be reminded to open checkout windows to reduce waiting times, improving transaction efficiency and the entire shopping experience. Hikvision Smart Retail Solution is designed to help retailers bring offline stores into a digital world, allowing data to support management and operations. And it will promote retailers’ technological transformation in response to increased industry competition through the use of innovative retail technology.

SECURITY FOCUS AFRICA FEBRUARY 2018

EXHIBITION NEWS

Twelve cities, one vision

2018 Hikvision SA Roadshow

ikvisionn, the world’s leading manufacturer of surveillance solutions are delighted to announce the debut of the 2018 Hikvision South Africa Roadshow tour. A series of events where you can discover, learn about and get hands-on with the latest technologies including:

ROADSHOW AGENDA

SA ROADSHOW DATES Johannesburg: 8 March 2018 Cape Town: 8 March 2018 George: 13 March 2018 Durban: 14 March 2018 Port Elizabeth: 15 March 2018 Richards Bay: 15 March 2018 Rustenburg: 20 March 2018

• NEW: EasyIP 3.0 – See how Hikvision innovative technology enables you to have an affordable system with both powerful functionality and easy journey to a better security solution. • NEW: Turbo HD 4.0 – See how Hikvision who is the only one that possesses H.265+ codec technology which enables you to have an analogue security system with both high resolution, up to 4K and extreme encoding efficiency to save data storage cost up to 75 per cent. • NEW: Distribution Partnerships – See how Hikvision's distribution partners can

East London: 20 March 2018 Kimberley: 27 March 2018 Polokwane: 27 March 2018 Bloemfontein: 19 March 2018 Nelspruit: 29 March 2018 add value to Hikvision and help you to grow, thrive and succeed your business. More to be explored and discovered onsite.

TIME DESCRIPTION 10:00-10:30 Registration process / pre-snacks 10:30-10:40 Hikvision introduction 10:40-11:00 Easyip 3.0 introduction 11:00-11:20 Turbo 4.0 introduction 11:20-11:30 Transmission & display 11:30-11:50 Networking session / tea break / snacks 11:50-12:10 Hikvision view / Hikconnect PPT introduction 12:10-12:30 Access & intercom & alarm introduction (Thermal introduction only in Richards Bay, Kimberley & Rustenburg) 12:30-12:40 Introduction to our national distribution co. 12:40-13:00 Ending speech & lucky draw prizes giveaways 13:00 - 14:00 Networking session / tea break / snacks

The most established security exhibition in West Africa encompassing fire and rescue, commercial, homeland and cyber security Incorporating:

Landmark Centre, Water Corporation Road, Victoria Island Annex, Lagos, Nigeria

Brought to you by:

WACSS WEST AFRICAN

CYBER SECURITY SUMMIT 2018

SKETCH 2018/11305

WHAT CAN BE FOUND AT Securex West Africa? Spanning 5 vertical sectors, here is a breakdown of the types of technology and services that will be present at the show.

Lets get social. Sponsored by:

INFORMATION SECURITY

HOMELAND SECURITY

COMMERCIAL SECURITY

PERIMETER SECURITY

NEW IN 2018 FIRE AND RESCUE

EXHIBITION NEWS

Intersec 2018 In March 2018, Messe Frankfurt is going to hold its conference on connected security technology, Intersec Forum, for the third time.

he conference programme covers all current aspects of connecting security technology installations in modern buildings. The Intersec Forum 2018 is starting off with appealing news. Firstly, the conference duration has been extended from two to five days from 19 to 23 March 2018.

MAIN TOPICS 2018:

In addition to speakers from Germany, experts from Europe, Asia and the Middle East regions will contribute to the conference. There is a special conference day “Innovation dialogue on smart access” on Friday 23 March. The Intersec Forum is part of the Safety, Security & Fire portfolio of specialised trade fairs and conferences of Messe Frankfurt, a portfolio that drives nine successful international events throughout the world. The Intersec Forum is an annual conference held in Frankfurt. In March 2018, it is being held in parallel to Light + Building, the world’s leading trade fair for lighting and

1. Industry dialogue for planners and installers. 2. Industry dialogue for operators, facility managers and manufacturers. 3. Fire-alarm technology and fire protection. 4. Access control and monitoring technology. 5. Innovation dialogue on smart access 6. IT and cyber security. building-services technology. The conference is being organised by Messe Frankfurt in close cooperation with the German Electrical and Electronic Manufacturers’ Association (Zentralverband Elektrotechnik- und) Elektronikindustrie e.V. – ZVEI.

Successful launch for innovative CAT system Dallmeier, a worldwide renowned solutions provider for the casino industry, has announced that the recent ICE show in London was extremely positive for the company.

ur new CAT product was extremely well received by the major European casino operators who had attended live product demonstrations during the show”, said Konrad Hechtbauer, Dallmeier’s project & application development director. “This successful show edition has proven to us our plans to extend our CAT product offering into EMEA markets in 2018, with our product portfolio being increased with new additional solutions in the coming months.” At the show Dallmeier’s casino division team presented for the first time in Europe their brand new innovative casino automation technology (CAT) dedicated to live gaming and table gaming automation, which Dallmeier has recently successfully carried out numerous tests in live casino environments and has proven to be an accurate, secure and market ready product. The main function of CAT is overall table game tracking and real-time player rating.

securityfocusafrica.com

The advanced system was created to help casino operators to increase profits, mitigate risks, protect gaming table integrity, streamline operations via real-time data analysis, achieve gaming floor transparency and help casino operations understand gaming table performance as well as reduce labour costs and minimise human fallibility. Dallmeier’s CAT is easy to integrate and install, doesn’t require additional sensors, is not CMS system specific, does not depend on RFID technology (but can integrate with it), interfaces and operates with any smart dealing shoe, uses standard CCTV cameras and is not system specific.

During these past years Dallmeier has invested heavily in their research and development, aiming to develop the best flexible solution for the gaming industry related to overall game tracking and realtime player analysis. The company has closely worked with its customers in developing their system, to be confident the product would best match the operators’ needs and expectations. CAT is an overall table management system and the produced data can be used in many fields of the casino operations, such as marketing, gaming and surveillance, to name but a few.

SECURITY FOCUS AFRICA FEBRUARY 2018

INTERNATIONAL NEWS

Surveillance video storage market worth 1.7B USD in 2017 According to IHS Markit, it is forecasted that over 130 million video surveillance cameras will be shipped globally in 2018. This number has increased dramatically from 2006 when shipments were less than 10 million. The increase in demand for video surveillance cameras has subsequently caused growth in associated storage requirements.

he market for external storage systems (SAN, NAS and external DAS) used for storing video surveillance data is estimated to have been worth $1.7 billion in 2017. In addition to the greater number of surveillance cameras, the latest models typically have higher specifications than previous iterations. Uplifts in specifications such as image resolution are contributing to a net increase in the amount of data the typical camera produces. Also, as the perceived value of surveillance data increases, some end users will store the data for longer. To meet the demands of the market’s increased storage requirement there are external storage systems (SAN, NAS and external DAS/JBOD systems) with greater capacities and configured for video surveillance workloads.

The global market for sales of these systems is estimated to have surpassed $1.7 billion in 2017 with a compound annual growth rate faster than that of the video surveillance camera market over the next 5 years. As with the video surveillance equipment market, the largest regional market for these storage systems is China. Here, government investment in safe city programmes and expansion in underlying IT infrastructure under planned economic policies such as the ‘Xue Liang’ programme have driven China to account for the majority of market revenues and capacity. Many of the Chinese domestic video surveillance vendors are addressing this demand with their own ‘IP SAN’ systems which are installed in regional surveillance data centres.

SECURITY FOCUS AFRICA FEBRUARY 2018

Chinese vendors have also begun selling these external storage systems alongside other video surveillance equipment in emerging markets in South East Asia, the Middle East and Africa. In these markets, they offer competitive prices compared to incumbent IT storage providers which may directly or indirectly be addressing the surveillance market. The video surveillance storage market offers vendors higher potential growth opportunities than many traditional storage markets. There, storage hardware is competing with the movement to cloud infrastructures, this is less so in the video surveillance industry. As highlighted in recent IHS Markit research on the VSaaS market, mass market adoption of cloud storage for video surveillance is still far off. While there are large storage requirements for video surveillance, much of this remains out of the cloud. Traditional IT storage providers are targeting video surveillance by marketing storage solutions which are configured to specific video surveillance workloads and certified with video surveillance software and hardware partners. These solutions may be offered through their own brand or as an OEM product allowing video surveillance brands to offer a “one stop shop” for integrators by offering them complete front and back-end video surveillance systems. Going forward it is likely we’ll see an increasing number of external storage systems rebranded with video surveillance brands. This may also mean more widespread use of enterprise storage systems for video surveillance. Even in mid-sized installations, end users will be able to choose a certified, preconfigured storage solution offering large storage capacity and enterprise functionality but from a surveillance brand with which they are familiar.

securityfocusafrica.com

LAW & SECURITY

Public Protector’s review

under review

By Peter Bagshawe

The Ciex Report, fully-titled Operations on behalf of the South African government, August 1997 – December 1999 was prepared by the United Kingdom-based Ciex company which detailed a proposal to recover allegedly illegal lifeboat payments (in brief terms bail outs) by the South African Reserve Bank to institutions that required assistance to remain solvent.

his report was in terms of a contractual arrangement between the South African Government and Ciex for a 14 month period from October 1997 with a mandate to investigate lifeboat payments, illegal payments to contractors and suppliers by the then government and its agencies during the apartheid era. Various parties were identified by Ciex including the Rembrandt Group, Anglo American Corporation, Armscor, Nebank, ABSA Bank (in its capacity as the current owner of the former Bankorp) with the major recoverable amounts identified as ABSA, Sanlam (the major shareholder in Bankorp prior to its sale and at that time a mutual company), the Rembrandt Group, Aerospatiale and DaimlerChrysler. Ciex continued its investigation and recommended Project Spear be commenced which would have involved the recovery of all illegal lifeboat payments and in effect would have given government control over the operations of the South African Reserve Bank. The bailouts and their legality had previously been investigated by, initially, Willem Heath of the Special Investigative Unit who found that the bailout of Bankorp as investigated was unlawful and at least R1.1 billion could be recovered from Absa. It was, however, recommended that the potential recovery should not be pursued due to negative impact for the banking sector and the economy. Judge Dennis Davis chaired a later commission into the Reserve Bank loans and found they were unlawful. Davis also found that given the elapsed time period it would be difficult to identify the beneficiaries. Davis however specifically found that Absa had not benefited from the lifeboat. In 2010 Advocate Paul Hoffman of the Institute for Accountability in Southern

securityfocusafrica.com

Africa requested the then-Public Protector, Thuli Madonsela to investigate the Ciex Report provided to the government and the government’s failure to follow the recommendations made. Madonsela initially declined as the complaint went further back than the prescribed 2 year period, later Madonsela decided to commence an investigation which was not completed prior to her term ending and the investigation was inherited by the current Public Protector, Busisiwe Mkhwebane. Ms Mkhwebane continued to investigate the Ciex report, and on 19 June 2017 released her report and in it made a number of recommendations. Firstly she ordered as a remedial action that the Special Investigative Unit (SIU) approach the President with a request for instructions to re-open investigations to recover R1.125 billion loan interest (relating to the Bankorp bailout) from Absa. She ordered further action that the Chairperson of the Portfolio Committee on Justice and Correctional Services initiate a process to amend section 224 of the Constitution to amend the primary objective of the Reserve Bank to “ensure balanced and sustained economic growth while ensuring the socio-economic protection and wellbeing of citizens and a responsibility to hold regular consultations with Parliament”. Following an initial review by Judge John Murphy of the North Gauteng High Court which set aside the Reserve Bank order, a further review was heard by a full bench of the North Gauteng High Court comprising Judges Cynthia Pretorius, Nomonde Mngqibisa-Thusi and Dawie Fourie who set aside the finding that R1.125 billion interest must be recovered from Absa Bank for the Bankorp bailout, and granted the South African Reserve Bank an order that the

instruction to amend the Bank’s mandate was not constitutional. The application of the Reserve Bank for an order that Ms Mkhwebane had abused her office was not granted, on a technicality. The judgment of the full bench was unreservedly against Ms Mkhwebane and included a punitive order of costs at 15 per cent of the Reserve Bank’s costs against the Public Protector in her personal capacity with the balance of these costs awarded against her office. A number of specific areas of concern were raised in the judgment, and these will be highlighted by quotations from the judgment in order not to add any element of subjectivity. The court held that the remedial actions in the Public Protector’s report “were a product of a procedurally-unfair process and are unlawful” and further that “the process was not impartial”. Going to the process prior to the release of the report, it was held that Ms Mkhwebane's argument for giving the Presidency, Black First Land First and the State Security Agency the opportunity to consult with her, whilst not affording ABSA and the Reserve Bank the same opportunity, “was disingenuous”, and that her failure to disclose in her report that she had meetings with the Presidency on April 25 2017 and again on June 7 2017 gave rise to a reasonable suspicion of bias and further that she had misled the court. The judgment stated that Ms Mkhwebane “did not have regard thereto that her office requires her to be objective, honest and

SECURITY FOCUS AFRICA FEBRUARY 2018

LAW & SECURITY

to deal with matters according to the law and that a higher standard is expected from her”, and further that Ms Mkhwebane did not fully understand her constitutional duty to be impartial and to “perform her functions without fear, favour or prejudice”. As further background the court noted that the public protector’s office is a constitutional creation which deserves the assistance and protection of the judiciary and should be accorded a measure of deference by the courts. Despite this the North Gauteng High Court stated the court would not be averse to finding Busisiwe Mkhwebane had abused her office under

INDEX OF ADVERTISERS

circumstances where the correct judicial procedure were followed. This in itself is problematic in that should this order be granted the next step could well be for the National Assembly to start proceedings aimed at removing Mkhwebane from her from office. Given the tone of the judgment, the profile of the office of the Public Protector and the adversarial stance of the three parties to the matter it is not unlikely that a further approach may be made. Not surprisingly, Ms Mkhwebane has responded to the judgment expressing her shock and stating that she would be studying the judgment and would respond. An appeal

is probable but it is difficult to see how Ms Mkhwebane can recover from the adverse findings against her. In all, the Ciex report and the legal ramifications that have arisen from it are disturbing on the one hand, but on the other the independence of our judiciary and their appetite to apply legal precepts has again been demonstrated as has the calibre of judges sitting on the various Divisional Benches.

PETER BAGSHAWE holds a Bachelor of Law degree from the former University of Rhodesia and a Bachelor of Laws degree from the University of the Witwatersrand.

February 2018 PAGE

WEBSITE

Elvey Security Technologies

21, 23

info@elvey.co.za

www.elvey.co.za

Hikvision Digital Technology

OFC, 6, 7 overseasbusiness@hikvision.com

www.hikvision.com

KAV

info@kitdirect.co.za

www.kitafrivest.co.za

Magtouch

info@magtouch.co.za

www.magtouch.co.za

Mutual Safe & Security

info@mutual.co.za

www.mutual.co.za

Plaslope

glenda.aereboe@plaslope.com

www.plaslope.com

Pyronix

OBC

michelav@pyronix.com

www.pyronix.com

SASA

IBC

admin@sasecurity.co.za

www.sasecurity.co.za

Sentinel Guard Monitoring

sales@guardreports.co.za

www.guardreports.co.za

Sparks & Ellis

info@sparks.co.za

www.sparks.co.za

Suprema

IFC

enquiry@suprema.co.za

www.suprema.co.za

SUBSCRIBE HERE

ADVERTISER

Contact Publications (Pty) Ltd, PO Box 414, Kloof, 3640 Tel: (031) 764 6977 Fax: 086 762 1867 Email: jackie@contactpub.co.za  Yes, please, I would like to subscribe to Security Focus Africa at R650 per year (RSA only). The subscription includes an annual Buyer’s Guide.  Enclosed please find cheque to the amount of R  Please start my subscription from the Do you require a tax invoice

 Yes

issue.

 No

(If yes, one will be sent to you on receipt of your payment.)

BANKING DETAILS: First National Bank Branch: Kloof Branch Code: 221526 Account No: 50730106925 Name: Contact Publications (Pty) Ltd

NB: Please make cheques payable to Contact Publications (Pty) Ltd Name ................................................................................................ Signature ............................................................................................... Date ...................................................... Company .................................................. Position ........................................................................ Address ........................................................................................................................................................................ Code ............................. Tel .......................................................... Fax .............................................................. Email .............................................................................

SECURITY FOCUS AFRICA FEBRUARY 2018

securityfocusafrica.com

CALENDAR

Conferences, events & exhibitions of interest to the security industry LOCAL EVENTS: 2018

Venue: Brussels, BE | www.infosecurity.be

May 22-24: SECUREX SOUTH AFRICA 2018 | Venue: Gallagher Convention Centre, Midrand, Johannesburg | Tel: +27 (0)11 835 1565 www.securex.co.za

March 19-21: InfoSec World Conference & Expo 2018 | Venue: Lake Buena Vista, Florida, US

May 22-24: A-OSH EXPO Venue: Gallagher Convention Centre, Midrand, Johannesburg | Tel: +27 (0)11 835 1565 | www.aosh.co.za September 16-19: 2018 CAMPROSA Conference | Venue: Spier Wine Farm, Stellenbosch | www.camprosa.co.za

March 19-22: INTERSEC FORUM 2018 | Venue: Frankfurt Fair and Exhibition Centre | www.intersec-forum.com March 20-21: Securex West Africa | Venue: Landmark Centre, Lagos, Nigeria | www.securexwestafrica.com

INTERNATIONAL EVENTS: 2018 March 6-8: ISC (International Exhibition & Conference for Security) Brasil | Venue: Expo Centre Norte, São Paulo, Brazil | www.reedexpo.com/en/Events/6229/ ISC-Brasil

24-26 April: Expo Seguridad Mexico powered by ISC | Venue: Centro Citibanamex, Mexico City, Mexico | www.reedexpo.com/en/Events/6353/ExpoSeguridad-Mexico-powered-by-ISC

March 6-8: Infosecurity Middle East | Venue: Abu Dhabi, UAE | www.infosecurityme.com

25-27 April: Secutech - SMAhome - Fire & Safety - Info Security | Venue: Taipei | www.secutech.tw.messefrankfurt.com/taipei/ en/visitors/welcome.html

March 14-15: Infosecurity Belgium 2018 |

May 23 – 24: Infosecurity Mexico 2018 | Venue: Centro Citibanamex, Mexico | www. infosecuritymexico.com June 5-7: Infosecurity Europe | Venue: London, UK | www.infosecurityeurope.com/

11-13 April: ISC West | Venue: Sands Expo & Convention Center, Las Vegas, NV, United States | www.reedexpo. com/en/Events/6355/ISC-West

March 6-8: International Exhibition of National Security and Resilience (ISNR) | Venue: ADNEC, Abu Dhabi, United Arab Emirates | www.isnrabudhabi.com

17-18 May: Homeland Security Expo | Venue: Pragati Maidan, New Delhi-India | www.homesecexpo.com/India

19-21 June: IFSEC 2018 | Venue: ExCeL London, United Kingdom | www.ifsec.events/international July 25-27: Security Exhibition & Conference | Venue: Melbourne Convention & Exhibition Centre, Melbourne, Australia | www.securityexpo.com.au September 9 -12: 21st Information Security Conference | Venue: London, UK | http:// isc2018.sccs.surrey.ac.uk

14-17 May: CNP Expo | Venue: Rosen Shingle Creek, Orlando, United States | www. reedexpo.com/en/Events/6479/CNP-Expo

October 3-4: Infosecurity North America 2018 | Venue: Hynes Convention Center, Boston, US | www.infosecuritynorthamerica. com. November 6-8: Expoprotection | Venue: Paris Expo Porte de Versailles, Paris, France | www.reedexpo.com/en/Events/6502/ Expoprotection.

TEL: +27 11 452 1115 FAX: +27 11 452 3609 WEBSITE: www.plaslope.com EMAIL: glenda.aereboe@plaslope.com

TAMPER EVIDENT SECURITY BAGS • Debasafe® Tamper Evident Security Bags are used whenever tamper-evident movement is critical. • We manufacture to order and assist in tailor-made solutions to suit your security needs. • A comprehensive range of security features are standard on the bags and additional features can be added. • The sealing strip is used for exacting demands with a heat indicator displaying attempts to tamper. • Tampering by means of cold, heat, solvents, liquids & manipulation is clearly visible. • Bags can be customised according to customer’s requirements with exclusive numbering & bar-coding. • Bags are manufactured in either transparent or opaque LDPE film, in various grades to meet specific requirements.

The bags are used for the safe movement of: • Government Departments • Foreign Exchange • Confidential Documents (Examinations, Elections, Passports, Visas etc.) • High Value Items (Diamonds, Precious Metals, Forensic Evidence, Cellphones, Computer Equipment) • Cash (Banks & Cash-in-Transit companies)

securityfocusafrica.com

SECURITY FOCUS AFRICA FEBRUARY 2018