www.securityfocusafrica.com
|
Vol 39 No 5 MAY 2021
The official industry journal for professional risk practitioners: security, safety, health, environment and quality assurance
Risk management
• • •
Zero-trust risk management Mitigating African corruption risk New best practices
When will we get rid of passwords?
KEEP YOUR SME CYBER SAFE
SASA An exciting and eventful month
Lessons in preventing violent protest in South Africa Zuma’s legal travails | In conversation with Stuart Wragg and Sue de Wet
S
SINE
S
O
N FO R
B
U
PE
securityfocusafrica.com Security Focus Africa has been marketing suppliers to buyers in Africa since 1980, and is the official industry journal of the Security Association of South Africa. Our readers form the core of Southern Africa’s buyers and decision-makers in the security products and services industry. Our digital platforms have a highly-focused readership of people at the very heart of the security industry. Our news is distributed via website, digital magazine, and social media. Our annual Security Focus Africa Buyers Guide is searchable in our online directory, with over 760 businesses and branches throughout Africa. Need to find a service or supplier? We will help you find exactly what you need.
PO Box 414, Kloof 3640, South Africa Tel: +27 31 764 6977 | Fax: 086 762 1867 Email: contact@contactpub.co.za
Security Focus AFRICA w w w. s e c u r i t y f o c u s a f r i c a . c o m
The official industry journal for professional risk practitioners: security, safety, health, environment and quality assurance
KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
DIGITAL BUYERS GUIDE
to security services & products Promote your business
Attract customers
Increase your sales
Claim your listing on www.securityfocusafrica.com/buyersguide
2 for 1 offer The print listings now mirror our online directory style with basic and premium listings. In fact, upgrading a basic listing in print to premium will include an upgrade to premium on the website and vice versa. The same information online is printed in the print directory.
Security Focus Africa is known for having the most comprehensive directory of service providers in Africa. We have been a trusted source of information for more than 40 years, and now offer this valuable resource online.
The market is tough out there. What makes your business different from any other? For starters, be more accessible on the internet. Online searches are now the preferred method of finding information and contact details, so the better your online presence, the more business you will get.
BENEFITS OF LISTING YOUR BUSINESS: • By claiming your listing, you can keep your company’s information up to date at your own convenience • Upgrade your listing online at any time to maximise your brand exposure • Improve your SEO and online presence • We provide a targeted audience for your business • See your stats – know how many people are seeing your listing
Security
For as little as R2 400 , you can get the edge over your competitors by providing indispensable information to your customers on our online directory.
Affordable advertising is just a click away.
Focus
AFRICA
BUYERS GUIDE
www.securityfocusafrica.com/buyersguide KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
Security Focus Africa: Serving the South African security industry for 41 years
CONTENTS www.securityfocusafrica.com
VOL 39 NO 5 MAY 2021
Vol 39 No 5 MAY 2021
|
al risk practitioners: security, safety,
profession The official industry journal for
health, environment and quality
assurance
Risk management
nt • Zero-trust risk manageme • Mitigating African corruption risk • New best practices
When will we get rid of passwords?
KE EP YOUR SM E CY BE R SAFE
12
SASA An exciting and eventful month
t Lessons in preventing violen protest in South Africa Wet n with Stuart Wragg and Sue de Zuma’s legal travails | In conversatio Security Focus quarter page October 2020.pdf 1 2020/10/08 14:24:39
DELIVERING PEACE OF MIND FOR ALL INDUSTRIES
COVER STORY RISK MANAGEMENT 12 The importance of a zero-trust risk management strategy in 2021 and beyond. 15 How to mitigate the corruption risk in Africa. 16 Mitigating the long-term effects of Covid-19 with new best practices.
38 16
Nemtek is a leading global manufacturer and supplier of innovative electric fencing products used by many governments, local authorities and industries to protect their utilities, correctional facilities and defence infrastructures. Mining sites, solar farms, oil refineries and steel industries often need to be protected from intruders, both from a safety and a security point of view. We deliver peace of mind with our range of fencing solutions, modular designed energizers to enable multiple fence zones, and our monitoring technology which allows for advanced warning of any fence breach or tampering. Contact our Head Office for more information on 011 462 8283 or websales@nemtek.co.za 2 SECURITY FOCUS AFRICA MAY 2021 www.nemtek.com
securityfocusafrica.com
Official Journal of the Security Association of South Africa
18
Published by Contact Publications (Pty) Ltd (Reg No. 1981/011920/07)
Vol 39 No 5
TEL: (031) 764 6977 FAX: 086 762 1867
REGULARS EDITOR’S COMMENT 4 The fierce urgency of now and why impact investment is so important.
ASSOCIATION NEWS 6 Update from SASA. NEWS IN BRIEF 8 News snippets from around the world.
NEWS 11 Sophos uncovers 167 fake
android and iOS trading and cryptocurrency apps. 24 The NCCF joins forces with FinChatBot and Ozow to launch a donation solution. 25 SendSpend’s digital card and e-wallet chosen by TravelTicket as preferred payment method in emerging markets. 26 SA startup, AURA, on what it takes to go global.
INSTITUTE FOR SECURITY STUDIES 18 Lessons in preventing violent protest in South Africa.
MANAGING DIRECTOR: Malcolm King
TRENDS 20 Digitally protecting your
intellectual property helps safeguard future business success. 22 Built for resilience through innovation.
TECHNOLOGY UPDATE 23 47% of users in SA think that software update time may be used constructively.
COMPLIANCY 27 Is your website POPIA compliant?
INDUSTRY OPINION 28 When will we get rid of passwords?
CYBER SECURITY 30 ENHALO - 7 simple steps to
keep your SME cyber safe. 32 Operation TunnelSnake: formerly unknown rootkit used to secretly control networks of organisations in Asia and Africa.
PERSONALITY PROFILE 34 In conversation with… Stuart Wragg and Sue de Wet.
ON THE MARKET 36 TOA Electronics Southern Africa.
37 Contactless access control with Paxton10.
malcolm@contactpub.co.za
EDITOR: Ingrid Olivier ingrid@securityfocusafrica.com
SENIOR GRAPHIC DESIGNER: Vincent Goode vincent@contactpub.co.za
DISTRIBUTION MANAGER: Jackie Goosen jackie@contactpub.co.za
POSTAL ADDRESS: PO Box 414, Kloof 3640, South Africa
PUBLICATION DETAILS: Security Focus Africa has 12 issues a year and is published monthly, with the annual Buyers’ Guide in December. Due to the Covid-19 crisis, we will only be publishing digitally, until further notice.
EDITORIAL CONTRIBUTIONS: Editorial contributions are welcome. For details please email editorial@securityfocusafrica.co.za.
ADVERTISING ENQUIRIES: Malcolm King Email: malcolm@contactpub.co.za
Security Focus Africa is a member of
THE LAST WORD 38 Legal travails.
27 securityfocusafrica.com
39 INDEX OF ADVERTISERS & CONTRIBUTORS 40 DIRECTORY
www.securityfocusafrica.com 3
EDITOR’S COMMENT
The fierce urgency of now and why impact investment is so important In its thought-provoking article “Justice delayed is justice denied”1, the non-partisan Aspen Institute says that this ancient legal maxim has been cast into stark relief as the Covid-19 pandemic continues to expose inequality and injustice all around the world.
I
ts call-to-action, with the focus on income inequality, gender parity, action against climate change, and racial equity, echoes the words of Dr Martin Luther King Jr who spoke of “the fierce urgency of now” during his 1963 civil rights march on Washington. The Aspen Institute, a platform for thought leaders to address the world’s most complex problems beyond the boardroom, pulls no punches when it says that systems have reached a breaking point globally. I, for one, feel a bit punch-drunk after reading/watching all the bad news, not least of all that Israel and Palestine are at loggerheads again, with casualties mounting. Here in South Africa, our beloved but oh-so-flawed country, it’s plain to see that many of our systems are broken. And yet there is hope. While I get that the cynics will be having an emotional field day as a result of former president Jacob Zuma’s latest delaying tactics ahead of his corruption trial (the new trial date has been set for 26 May, by the way), former Free State premier Ace Magashule’s attempt to get his position as secretary-general in the ANC back, the deadlock between government and the unions around public service salaries, the latest deeply disturbing police crime stats and the arrival of a third wave of Covid-19, amongst many, many other negative events, South Africa has the potential to turn things around. The Daily Maverick’s Sean J Gossel puts it well2 when he says: “The Ramaphosa ANC has the upper hand, but the hard part is still to come. To win back voter trust and support, the ANC will need to
4
SECURITY FOCUS AFRICA MAY 2021
Martin Luther King Jr.
professionalise the public service, choke off the patronage networks, stop protecting or excusing its corrupt members and adapt to being an open and transparent political party. Enforcing the step-aside rule was the first step in a long journey to modernise the ANC. Let us hope that Cyril Ramaphosa has the courage, stamina and political determination to carry on.” The step-aside rule is, to my mind, a critical element of “Ramaphosa’s ANC” with its potential to weed out the corrupt elements of the party. Justice that’s seen to be done is desperately needed in South Africa for the sake of its long-suffering
citizens and its tarnished world image. The recent annual meeting of the Aspen Global Leadership Network (AGLN) saw about 500 of its members connecting with each other remotely, rather than in person, on the Aspen Meadows campus as has been the norm since 2013, thanks to Covid-19. Among the topics discussed was the need for immediate action. “Given the confluence of a global pandemic, crumbling economies and livelihoods, and reckonings on widespread racial inequities, (immediate action) is what the world needs.” The takeaways from the meeting included an observation by Lisa Fitzpatrick,
securityfocusafrica.com
EDITOR’S COMMENT
a Health Innovators Fellow and the founder of Grapevine Health, that trust is linked to vaccine uptake. South Africa has had a wobbly start in this area, with Business Insider reporting that stage two of the vaccine rollout programme had been set back owing to a lack of operational capability by a large number of the promised 3 000 sites3. Hopefully it’s a case of teething problems that may be quickly resolved, according to health minister Dr Zweli Mkhize, and in so doing, regaining some lost trust. Poverty, another topic on the Aspen agenda, was addressed by Jacqueline Novogratz, the author of a book titled Manifesto for a Moral Revolution: Practices to Build a Better World. When it comes to building trust, says the founder of Acumen, named by Fast Company as one of the world’s top ten Most Innovative Not-for-Profits, we have to start from a place of deep listening. “We must listen from a place of inquiry and not certainty, not to convince or convert, but to change ourselves,” she says. Her’s is a fascinating story, in case you’re looking for a mentor. When she founded Acumen4, not many people knew what impact investing – doing well by doing good, which is the cornerstone of the
securityfocusafrica.com
organisation – was about. Under her leadership, Acumen has invested $135 million in social enterprises across Africa, Latin America, South Asia and the United States. These entities have, in turn, leveraged another $746 million to bring basic services such as affordable education, healthcare, clean water, energy and sanitation to more than 308 million people. “Impact investment is not only morally defensible, but now also economically advantageous, even necessary,” she maintains. I think that our own leaders should order her book, which is in the running for the Porchlight Business Book of the Year Award5. To quote the google review, she “draws on inspiring stories from change-makers around the world and on memories of her own most difficult experiences, (divulging) the most common leadership mistakes and the mind-sets needed to rise above them.” “The culmination of thirty years of work developing sustainable solutions for the problems of the poor, Manifesto for a Moral Revolution offers the perspectives necessary for all those – whether ascending the corporate ladder or bringing solar light to rural villages – who
seek to leave this world better off than they found it.” Just imagine it: a moral revolution in South Africa…
Ingrid Olivier, Editor ingridolivier@idotwrite.co.za
1. https://www.aspeninstitute.org/blog-posts/ justice-delayed-is-justice-denied/ 2. https://www.dailymaverick.co.za/article/2021-0516-by-enforcing-the-step-aside-rule-the-anc-hastaken-the-first-step-towards-becoming-a-politicalparty/ 3. https://www.businessinsider.co.za/vaccine-rolloutphase-2-in-south-africa-what-you-need-toknow-2021-5 4. https://acumen.org/jacqueline-novogratz/ in 2001 5. https://books.google.co.za/books/about/ Manifesto_for_a_Moral_Revolution html?id=g0UgEAAAQBAJ&source=kp_book_ description&redir_esc=y
SECURITY FOCUS AFRICA MAY 2021
5
ASSOCIATION NEWS
SASA UPDATE
Update from SASA
This last month has been quite exciting! Here’s what’s been happening within the industry as well as SASA. From the desk of Tony Botes, SASA National Administrator.
N
ational Bargaining Council for the Private Security Sector (NBCPSS) The National Bargaining Council has begun the verification process to determine the seat allocation for both Organised Employers and Organised Labour. SASA is pleased to confirm that our current 69 member companies collectively employ very close to 100,000 security officers and support staff: we are growing from strength to strength! We are confident that SASA will continue playing a positive role in the NBCPSS, as we have since its inception, even though it is expected that a third employers organisation will be joining the
6
SECURITY FOCUS AFRICA MAY 2021
Council. The three organisations will share twelve seats on the board of the Council. The trade unions, more than twenty in total, are also busy submitting their membership numbers and, as per the NBCPSS constitution, will continue to share their twelve seats on the Board. NBCPSS Exemption The private security industry, like the rest of the country, has been experiencing serious challenges with regard to Covid-19: losses or reductions of contracts, unprecedented mass retrenchments and seriously increased costs. Client resistance to the March 2021 statutory increases has also been a major challenge.
SASA and SANSEA (South African National Security Employers’ Association) applied for a partial exemption on the increases that became effective on 1 March 2021. After successful consultations with organised labour, we reached an agreement, which resulted in a positive outcome from the external independent NBCPSS Exemption Appeals Committee: • The Security Officer Premium Allowance increase from R175 to R270 was deferred for 12 months; and • The PSSPF (Private Security Sector Provident Fund) has been requested by organised employers and organised labour to apply for a change in their rules, reducing the employer/employee
securityfocusafrica.com
ASSOCIATION NEWS
contributions from 7.5% each to 5% for a period of 12 months. This is expected to be approved shortly. This process was, to say the least, extensive and expensive. It included consultations with senior counsel and an extremely detailed economic report on the status of the country and the private security sector itself. SASA has borne their share of the costs of the application out of its reserves so it wasn’t necessary to raise any special levies from our members. It must be stressed that this exemption will, at this stage, only apply to members of the abovementioned associations who are, and remain, compliant with all statutory legislation and, if NBCPSS agents (inspectors) identify non-compliance, those security service providers will lose the benefit of the exemption. Non-members of the associations also have this right to apply for identical, or other, exemptions, but will have to follow the long, involved and expensive processes required, which include consultations with their employees or representative trade unions.
SASA is pleased to confirm that our current 69 member companies collectively employ very close to 100,000 security officers and support staff: we are growing from strength to strength!
www.capsi.in
on 30 April 2021! SASA was represented by our office bearers, the National President, National Chairperson, National Deputy Chairperson and the National Administrator. CAPSI attendance was close to sixty, which included representatives from their National Committee, various regions and specialised subcommittees. We express our deepest condolences to India, which is experiencing unprecedented Covid-19 infections and deaths and wish the country and its people a speedy recovery. The details of these two associations have been loaded onto our website and we hope to be able to add a number of additional reciprocal agreements with associations around the world. While legislation may differ from one country to another, we all face common challenges, including the battle against Covid-19.
International reciprocal agreements International reciprocal agreements have been finalised with: • SAN – Security Association of Namibia, and • CAPSI – Central Association of Private Security Industry of India The formal signing of the reciprocal agreement with CAPSI was quite an event and took place via a large Teams meeting
PSIRA Fees PSIRA gazetted their annual and administrative fees with effect from 1 April 2021. These increases are significantly higher than CPI (Consumer Price Index) and we are concerned that many of our members won’t be able to absorb the increased financial burden. Accordingly, SASA and SANSEA have been involved in intensive discussions with PSIRA, which have already been very fruitful. The interaction is ongoing, with
www.securityassociationnamibia.com
securityfocusafrica.com
both sides keen to resolve the matter without protracted, expensive litigation. We (SASA and SANSEA) have been invited to work on a solution to make the increases more equitable, without seriously affecting the revenue required by PSIRA to meet their statutory obligations and mandate. We are extremely positive that this matter will be resolved soon and SASA will communicate the outcome to its members once finalised. In the meantime, SASA urges its members to pay the increased fees ‘under protest’, which will mean that, if the fee structure exercise is positive, PSIRA will be requested to refund any excessive amounts paid by the relevant security companies. We must stress that the efforts and expenses incurred in this exercise will, if successful, benefit the entire private security industry, including security officers and not just our members. Benefits of SASA membership: • A strictly applied Code of Ethics • Representation at national and local government level • Industry exposure in the media as well as at major shows and exhibitions • Contacts and networking opportunities • Discounted training courses, events and seminars • Access to a security library managed by UNISA (University of South Africa) • Updates on new legislation and other industry-relevant information • Access to security-related and affiliated associations in South Africa and overseas • The SASA national website • A central administration office • Free digital subscription to Security Focus Africa magazine, the official journal of SASA • A mentorship programme which is designed to guide and assist start-up security companies with attaining the compliance standards required to qualify for Gold Membership For more information about what SASA does and how it can help you and your company, please contact: Tony Botes, SASA National Administrator, at: Tel: 0861 100 680 / 083 650 4981 Cell: 083 272 1373 Email: info@sasecurity.co.za / tony@sasecurity.co.za Website: www.sasecurity.co.za
SECURITY FOCUS AFRICA MAY 2021
7
ASSOCIATION NEWS
News snippets from around the world With violent crime spiking, the push for police reform collides with voters’ fears One of the top candidates for mayor of New York is a former police captain who has said that addressing the city’s surging violent crime rate will be his highest priority. It has been less than a year since George Floyd was murdered by a police officer in Minneapolis, spawning a national movement to reimagine the American criminal justice system and end race-based abuses. Yet, with shootings spiking in cities nationwide during the pandemic, there are growing signs that the thirst for change is being blunted by fears of runaway crime. (Source: www.washingtonpost.com)
Drugs and alcohol abuse rage in crime stats In a single day, 105 people reported being raped, and the murder rate sits at 55 per day, according to South Africa’s latest police crime statistics, released last week. Other findings were that in the first three months of the year 9 518 people were raped and 4 976 murdered. Many victims of murder and rape knew their attackers. Reported assault cases have decreased from about 41 000 in the first quarter of 2020 to 36 000 in January to March 2021. Substance abuse has emerged as a reason for the spike in crimes during the first quarter of 2021. Police Minister Bheki Cele began his address by lamenting the death of 24 police officers, eleven of whom were killed while on duty. (Source: www.mg.co.za)
SARS, NPA join forces to combat tax crime The organisations announced in a joint statement that SARS (SA Revenue Service) commissioner Edward Kieswetter and NPA (National Prosecuting Authority) boss Shamila Batohi had agreed to further enhance their collaboration on non-compliance by employers. SARS and
8
SECURITY FOCUS AFRICA MAY 2021
the NPA are joining forces to combat tax crime and non-compliance with tax laws, which they said erode both revenue and the integrity of the tax system. Some employers deduct PAYE (Pay As You Earn) but never turn those taxes over to SARS – as well as other general corrupt activities. (Source: www.ewn.co.za)
Magashule wants court bid heard urgently Suspended Afriw National Congress (ANC) Secretary-General Ace Magashule has called for his court bid against the ANC to be heard on an urgent basis citing fears of intra-party violence if there’s a delay. In court papers filed to the Johannesburg High Court, and seen by Eyewitness News, President Cyril Ramaphosa and ANC Deputy SecretaryGeneral Jesse Duarte have also been cited as respondents in addition to the governing party. Magashule wants the court to enforce a suspension letter he issued to the governing party’s president, for his suspension and the step-aside resolution to be declared unlawful and to return to Luthuli House to manage the affairs of the ANC. (Source: www.ewn.co.za)
Alleged crime boss Modack charged with ordering hit on Detective Kinnear Alleged crime underworld figure Nafiz Modack has been charged with allegedly ordering the assassination of Anti-Gang Unit detective Charl Kinnear. Modack appeared at the Blue Downs Regional Court last Friday morning alongside four co-accused – among them an Anti-Gang Unit Member. Modack – along with Ricardo Morgan – also faces charges for their alleged role in the attempted hit on defence attorney William Booth. Nafiz Modack now joins Zane Kilian as the accused charged in connection with the September murder of Kinnear. They face over sixty charges. (Source: www.ewn.co.za)
UK police brace for rise in knife crime as lockdown restrictions lifted UK police are expecting an increase in knife crime and violence this summer as lockdown restrictions are lifted. Detectives fear spats between gangs will be settled on the streets as crowds return and pubs fully reopen, despite ONS (Office for National Statistics) figures showing recorded knife crime dropped nine per cent across England and Wales in 2020. The ONS said that
securityfocusafrica.com
NEWS IN BRIEF
during an oversight visit by Parliament’s Portfolio Committee on Police to the CFR this weekend, it became clear that it is dysfunctional and cannot fulfil its mandate. Photos posted on social media about the dire state of the CFR include files piled up in corridors on every floor due to a lack of space; the poor use of IT systems; staff shortages and a building which has been declared unsafe. (www.mybroadband.co.za)
Without a legal team, Zuma’s defence strategy in corruption trial is unclear
the ‘majority’ of fluctuations in crime rates for last year were due to fewer people being on the streets during extended periods of lockdown. (Source: www.express.co.uk)
Phase 2 of South Africa’s vaccine rollout already hitting roadblocks South Africa’s vaccine rollout programme is struggling to get off the ground, despite plans for its start on Monday, 17 May. According to the City Press, the programme has experienced low registration rates in the target group – those aged 60 and over, or with comorbidities – while those who have registered have not yet received any information on what to do. The second phase of the rollout was scheduled to begin on Monday 17 May, with the government targeting approximately 16.6 million vaccinations over six months, or 100,000 vaccinations each day. (Source: www.businesstech.co.za)
Ireland shut down health IT system after ransomware attack Ireland’s health authority said last Friday that it had shut down its computer systems after experiencing a ‘significant ransomware attack’, a week after the largest US fuel pipeline network was also targeted. The Irish attack was blamed on international criminals and was said to be targeting healthcare records. Government minister Ossian Smyth told the state broadcaster that it was “possibly the most significant cybercrime attack on the Irish State,” calling it an “international attack” but “not espionage”. “These are cyber-
securityfocusafrica.com
criminal gangs, looking for money,” he told Ireland’s state broadcaster. (Source: www.ewn.co.za)
Car jamming theft on the rise in South Africa – and insurance companies won’t always pay Insurance brokerage and risk advisors, Aon South Africa, says that South Africans should be aware of unexpected insurance costs when dealing with car theft. “The best advice is to mitigate your risk as far as possible with correctly scoped insurance and advice, deploying security measures to deter would-be criminals, strictly adhere to road safety rules and to drive defensively,” said Mandy Barrett, of Aon South Africa. One key issue raised by the group relates to car jamming, which is seen as a growing trend in South Africa – especially in public parking lots such as shopping centres and petrol stations. Car jamming occurs when a criminal uses signalblocking technology which effectively blocks a vehicle from locking properly. This is because South African motorists often walk away from their cars while pressing their remote without ensuring that their vehicles are physically locked. (Source: www.businesstech.co.za)
The trial against former President Jacob Zuma and French arms company Thales was due to begin in the Pietermaritzburg High Court on 17 May 2021. Zuma and Thales face corruption, racketeering and money laundering charges linked to the arms deal. However, with uncertainty over Zuma’s legal representation, some legal experts say that the matter could be postponed once more. (Source: www.ewn.co.za)
Deadlock continues between government, unions in public service salary dispute The government and unions representing public servants will attempt to resolve their salary dispute over two parallel processes in the next month. The Public Servants Association (PSA) and the SA Policing Union (SAPU) have declared a dispute with the government at the Public Service Coordinating Bargaining Council (PSCBC). Trade union federation Cosatu this week slammed the government and economists for pushing for a freeze of public servants’ salaries. The country’s biggest federation described the government’s delay in improving its 0% offer to its employees as insulting. (Source: www.grocotts.co.za)
South Africa’s Central Firearms Registry a complete mess South Africa’s Central Firearms Registry (CFR) needs to move into the twenty first century with urgency and take the entire firearms application process online. This is the view of the DA’s Shadow Minister of Police Andrew Whitfield, who said
SECURITY FOCUS AFRICA MAY 2021
9
NEWS IN BRIEF No increases for ministers, deputy ministers, premiers as salaries frozen High-ranking political office bearers take home the same salaries this year, for the third year in a row. President Cyril Ramaphosa signed off and gazetted the salaries this week. (Source: www.sowetanlive.co.za)
Khayelitsha mass shootings update At least 24 Somali shopkeepers and owners have been killed since January, according to the Somali Community Board of South Africa, which blames police inaction for the unabated extortion of foreign-owned businesses and killings in the townships. The group was commenting after twelve people were killed in Site B, Khayelitsha, in suspected gang shootings linked to “protection fees” last Saturday. (Source: www.iol.co.za)
SARS commissioner Edward Kieswetter will not tolerate political interference SA Revenue Service (SARS) commissioner Edward Kieswetter has pledged to resign from his position rather than allow political interference in the affairs of the tax revenue service. Kieswetter made the undertaking in parliament last Wednesday, at a standing committee on finance meeting, where he presented the SARS annual performance plan for 2021/2022. DA MP Geordin Hill-Lewis had challenged Kieswetter at the meeting to assure the public that SARS would go after any employer who deducted pay-as-you-earn (PAYE) from employees but failed to pay it over to the taxman – a criminal offence in terms of the Income Tax Act. (Source: www.sowetanlive.co.za)
Maputo asks Johannesburg High Court to order South Africa to extradite former Mozambican finance minister The Mozambican government has launched an application in the Johannesburg High Court for an order compelling Justice Minister Ronald Lamola to extradite former Mozambican finance minister Manuel Chang ‘without further delay.’ Maputo complains that South Africa has violated Chang’s right to justice by holding him in prison for nearly 29 months awaiting extradition either
10
SECURITY FOCUS AFRICA MAY 2021
FILE - People hold pictures of journalist Daphne Caruana Galizia, who was slain in October 2017, as they protest in Valletta, Malta, Nov. 29, 2019.
back to Mozambique or to the US to face corruption and fraud charges arising from a $2-billion loan scam in Mozambique in 2013 and 2014. (Source: www.msn.com)
Dintwe on corruption and nepotism in state security Dr Setlhomamaru Dintwe, the InspectorGeneral of Intelligence, appeared before the Zondo Commission on 5 May to continue with his State Security Agency (SSA) related evidence. The three arms of state security – Intelligence, Crime Intelligence (CI) and the SSA – fall within his oversight purview. When he first appeared before the commission on 20 April, he alleged that the ministers of police, defence and state security had attempted to prevent him from testifying, for the reason that he hadn’t consulted with them first. (Source: www.moneyweb.co.za)
How the global network of journalists helps expose organised crime Before she was murdered in 2017, Maltese journalist Daphne Caruana Galizia was investigating two companies named in the Panama Papers – a leak of millions of records that exposed corruption in offshore finance. Caruana Galizia, a harsh critic of the government in her Running Commentary blog, uncovered apparent trails between Malta and overseas companies that she suspected were tied to top Malta politicians. But she never had the chance to finish her reporting. In October 2017, the journalist was killed by a car
bomb. One of three men accused of carrying out her murder has been sentenced to fifteen years in prison. His alleged accomplices have pleaded not guilty. A fourth man, businessman Yorgen Fenech, was charged with organising and financing the murder. He denies the charge. (Source: www.voanews.com)
REUTERS Factbox: the International Criminal Court (ICC) and the IsraeliPalestinian conflict Individuals involved in a new eruption of Israeli-Palestinian bloodshed may be targeted by an International Criminal Court investigation, now under way, into alleged war crimes in earlier bouts of the conflict, its top prosecutor said in an interview. (Source: www.reuters.com)
Security guards vs police officers in South Africa The Private Security Industry Regulatory Authority (PSIRA) has published its annual performance plan for 2021/2022, showing a steep increase in the number of security officers in South Africa over the last decade. The report shows that there are now over 2.5 million registered security officers across the country, of which over 556,000 are active. These officers are employed by just over 10,380 registered and active security businesses. “The number of active employed security officers has increased by 42% since 2010, while the number of security businesses has increased by 45%,” PSIRA said. (Source: www.businesstech.co.za)
securityfocusafrica.com
NEWS
Sophos uncovers 167 fake android and iOS trading and cryptocurrency apps IT security company Sophos has identified a stash of 167 counterfeit Android and iOS apps that attackers are using to steal money from people who believe they have installed a financial trading, banking or cryptocurrency app from a well-known and trusted organisation.
A
report on the findings, Fake Android and iOS apps disguised as trading and cryptocurrency apps1, shows how the attackers used social engineering techniques, counterfeit websites, including a fake iOS App Store download page, and an iOS app-testing website to distribute the fake apps to unsuspecting users. Sophos researchers investigated the fake apps and found that many were very similar. Some included an embedded customer support ‘chat’ option. When researchers tried to communicate with the support teams using the chat, the replies they received used near-identical language. The researchers also uncovered a single server loaded with 167 fake trading and cryptocurrency apps. Taken together, this suggests that the scams could all be operated by the same group, according to Sophos. In one of the schemes investigated, the scammers befriended users via a dating app, setting up a profile and exchanging messages with individual targets before attempting to lure them into installing and adding money and cryptocurrency to a fake app. If targets later tried to withdraw funds or close the account, the attackers simply blocked their access. In other cases, targets were caught through websites designed to resemble
securityfocusafrica.com
that of a trusted brand, such as a bank. The operators even set up a fake ‘iOS App Store’ download page featuring fake customer reviews in order to convince targets they were installing an app from the genuine App Store. If people clicked on the links to download the fake apps for either Android or iOS, they received something that looked like a mobile web app, but was in fact a short-cut icon that linked to a fake website. The operators also distributed some of the fake iOS apps via third-party websites that help iOS developers test new applications with a limited number of Apple device users before they submit apps to the official App Store. “People trust the brands and people they know – or think they know – and the operators behind these fake trading and cryptocurrency scams ruthlessly take advantage of that,” said Jagadeesh Chandraiah, senior threat researcher at Sophos. “The fake applications we uncovered impersonate popular and trusted financial apps from all over the world, while the dating site sting begins with a friendly exchange of messages to build trust before the target is asked to install a fake app. Such tactics make the fraud seem very believable. “To avoid falling prey to such malicious
apps, users should only install apps from trusted sources such as Google Play and Apple’s app store. Developers of popular apps often have a web site, which directs users to the genuine app and, if they have the skills to do so, users should verify if the app they are about to install was created by its actual developer. Last, but not least, if something seems risky or too good to be true – high returns on investment or someone from a dating site asking you to transfer money or cryptocurrency assets into some ‘great’ account – then sadly it probably is.” Sophos detects these apps as Andr/ FakeApp-DC, iPh/FakeApp-DD and iPh/ FakeApp-DE. Sophos also advises users to install an antivirus app on their mobile device, such as Intercept X for Mobile2, to protect Android and iOS devices from cyberthreats. Further information on the Android and iOS fake trading and cryptocurrency apps and other mobile threats reported on by Sophos is available at SophosLabs Uncut3. 1. https://news.sophos.com/en-us/2021/05/12/ fake-android-and-ios-apps-disguise-as-tradingand-cryptocurrency-apps/ 2. https://www.sophos.com/en-us/products/ mobile-control/intercept-x.aspx 3. https://news.sophos.com/en-us/category/ sophoslabs/sophoslabs-uncut/
SECURITY FOCUS AFRICA MAY 2021
11
RISK MANAGEMENT
The importance of a zero-trust risk management strategy in 2021 and beyond Well into its second year, the global Covid-19 pandemic has impacted on every business sector imaginable, and risk management is no exception. It is certainly one of the major factors in Allied Market Research’s prediction that the global risk management market will grow to an astronomical $28.87 billion by 20271.
A
mong the main concerns of business leaders (74% of those interviewed), according to a recent study by Forrester Consulting2, is Insider Risk Management (IRM). “The -19 outbreak and followed lockdown had a positive impact on the market, owing to largescale adoption of the work-from-home culture among industries and the surge in the risk of cyber-attacks and other security concerns,” it says, adding: “The pandemic brought radical changes in daily lives, especially in work. The strict compliance of social distancing and digital transformation of business increased the demand for risk management services.”
12
SECURITY FOCUS AFRICA MAY 2021
What is Integrated Risk Management? “Integrated risk management (IRM) is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organisation manages its unique set of risks,” says Gartner3. According to Gartner, IRM needs to include six key areas: • Strategy: Enablement and implementation of a framework, including performance improvement through effective governance and risk ownership • Assessment: Identification, evaluation
and prioritisation of risks • Response: Identification and implementation of mechanisms to mitigate risk • Communication and reporting: Provision of the best or most appropriate means to track and inform stakeholders of an enterprise’s risk response • Monitoring: Identification and implementation of processes that methodically track governance objectives, risk ownership/accountability, compliance with policies and decisions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
securityfocusafrica.com
RISK MANAGEMENT
• Technology: Design and implementation of an IRM solution (IRMS) architecture Managing risk in the age of digital transformation Michael Jabbara, Vice President of Global Risk at Visa, which commissioned a study into global digital trends and the evolution of risk strategies by Forrester Consulting4, writes: “For months, the world watched as country after country tackled the challenge posed by the coronavirus in hopes of preventing widespread infections and saving lives. In most cities, businesses closed as a precaution and those with a digital footprint to serve consumers remotely fared better than those without. We’ve learned, though, that simply having a digital footprint does not ensure smooth and secure commerce. Only true digital transformation, with a holistic approach to risk management, will enable businesses to serve customers online through efficiency, personalisation, insight and safe transactions.” The main takeaways of the study are: • Identify and prioritise key digital transformation initiatives and the necessary risk management capabilities for each • Determine what changes are most important to your company and be aware of the risk considerations. You cannot eliminate risk, but you may prepare for it with careful planning. Retrofitting risk protection after the fact will slow down your digital transformation and even impact your customer experience. Approach digital transformation in manageable phases to ensure you are able to apply the proper risk protections at each step. • Recognise that change is constant and stay ahead of emerging risks. Risk management is not static; it is constantly changing in response to market dynamics. Firms should not only manage present risks but also plan for risks that are on the horizon. • Leverage data from risk management systems to inform and improve ongoing business and technology decisions. • Bring risk functions to the technology and business decision-making tables. Risk management is more than a menagerie of technologies; it is a strategy to protect your greatest assets. Investing in technology may help automate and streamline risk and compliance, but it will not compensate for a lack of process. Start with a risk
securityfocusafrica.com
management strategy that aligns with strategic business goals, then select technologies to enable them. Risk management has to catch up with the business “’Move fast and break things’ was the mantra of tech firms, and it spread to businesses that embarked on digital transformations,” avers PwC, in its recent PwC Pulse Survey5. “Often the ones left behind were risk managers who had been thought of as hurdles, people who would stop a transformation initiative in its tracks. Not anymore. There have been enough failed initiatives, bad investments, costly cyber breaches, disappointed workforces and disgruntled consumers to change the norm to ‘move fast and do not break things’. That is being accomplished by having risk professionals embedded in business units and product development teams that lead the charge on transformation.” Transformation comes with opportunities – and accentuated risk “But,” warns PwC, “with tremendous opportunities come increased risks and accentuated risk profiles for many companies. Sixty-five per cent of risk management leaders say that risks from transformation adoption and tech will increase in 2021. Because of the nature and scope of transformation, these risks may be encompassing and highly interconnected with other risks expected to increase this year: cyber and data protection risks (65%), data governance (63%), human capital and talent
management (59%), third-party and supplier management (57%), regulatory compliance (55%) and enterprise resiliency (48%).” The ‘intelligence-driven one risk office’ accordingly needs to find the right balance between ‘human-led’ and ‘tech-powered’, says PwC, through collaboration, fixing disconnects, laying a clear and common foundation, and embracing integration. Data protection is becoming more and more challenging “An alarming number of South African enterprises have a resiliency gap that’s putting their data at risk,” says Lee-Anne Williams, Veritas product manager at Axiz. “Today’s digital data deluge has heralded changes in enterprise workloads, with data analytics, artificial intelligence, and machine learning all taking advantage of – and ultimately creating more – data throughout the enterprise. As organisations shift away from legacy relational databases toward new open source and cloud-based platforms, the very nature of applications and data is constantly shifting, making data protection increasingly challenging.” It’s not that organisations don’t know the importance of backups, she continues, it’s that they’re battling with cobbled-together, fragmented systems in the face of growing cybercrime. “Cyber incidents continue to grow yet data shows many organisations are simply not prepared and remain vulnerable. Not only has ransomware grown exponentially, but data privacy regulations are in full effect and taking chances isn’t an option anymore.
SECURITY FOCUS AFRICA MAY 2021
13
RISK MANAGEMENT
Building cyber-resilient back-ups Fortifying backup environments and leveraging technologies that focus on speed of recovery are the two critical elements required to build a cyber-resilient backup strategy, says Williams. “Covid-19 and the subsequent need for remote working has resulted in more companies pursuing multi-cloud strategies and moving more of their data, workloads and applications into the cloud quickly. However, many companies, particularly small businesses, weren’t ready for such a transition and the increasing IT complexity from multi-cloud environments, coupled with lagging resiliency and backup and disaster recovery measures that aren’t robust enough – is making too many enterprises an inviting target for malicious actors.” She continues: “There is no doubt that cyberthreats are on the rise. Just recently, a well-known health club experienced a sophisticated cyberattack and data breach, and it is only a matter of time before other companies experience the same fate. We are seeing an increase in ransomware, and with ransomwareas-a-service (RaaS) gaining momentum, which enables cybercriminals to use already-developed ransomware tools to execute attacks, we are likely going to see a spike in the coming months. In fact, even big US tech companies are pushing for ransomware to be designated as a national security threat.” According to a recent Veritas Resiliency
14
SECURITY FOCUS AFRICA MAY 2021
Report, 42% of respondents said that their companies had experienced ransomware attacks and among those that have, on average they say they’ve faced 4.5 attacks, with larger companies being attacked more often. What’s more, 54% of organisations have had flat or decreased funding levels for IT security during the pandemic, at a time when distributed workforces and increased demand for edge data protection has put additional strain on security resources. It’s not so much about being hit as being able to recover “More frightening is that 57% of companies haven’t tested their disaster recovery plan within the past two months,” says Williams. “This means that many companies aren’t following best practice. Not only is it critical to have a comprehensive backup approach, but having a system recovery plan in place is imperative to minimise downtime and restore critical operations. After all, it’s not about being hit, it’s about how you recover.” According to Williams, data protection should be simple, secure and unified. “The resiliency gap is real and widening. Forewarned is forearmed, and with the integrity of data at stake through increased cyber-attacks and an increasing push to regulate how enterprises meet data compliance, businesses cannot negate their backup and recovery strategies now more than ever,” she warns.
Lee-Anne Williams
1. https://www.prnewswire.com/news-releases/ risk-management-market-to-garner-28-87-bnglobally-by-2027-at-18-7-cagr-allied-marketresearch-301282858.html 2. https://www.businesswire.com/news/ home/20210429005907/en/Insider-RiskManagement-Concerns-Rise-as-SecurityPriorities-Shift-Post-Pandemic 3. (https://www.gartner.com/en/ information-technology/glossary/ integrated-risk-managementirm#:~:text=Assessment%3A%20 Identification%2C%20evaluation%20 and%20prioritization,of%20an%20 enterprise’s%20risk%20response) 4. https://usa.visa.com/visa-everywhere/ security/forrester-consulting-managingrisk-in-digital-transformation.html 5. https://www.pwc.com/us/en/library/ risk-management-leader.html
securityfocusafrica.com
RISK MANAGEMENT
How to mitigate the corruption risk in Africa Conducting business in Africa can be risky in terms of reputational costs and financial losses. A review of the corrupt malpractice by Panalpina in Nigeria provides a useful insight into what you should not do when conducting business on the continent. Opinion piece by Benedict N. Weaver CPP, managing partner of Zero Foundation Africa, a strategic risk management firm that provides intelligence-driven solutions.
P
analpina World Transport (Nigeria) Limited was an agent of the global freight forwarding and logistics services company that operates in more than 160 jurisdictions. Yet, between June 2002 and October 2007, the Nigerian agent paid customs officials to ignore local and legal regulatory requirements for the importing of goods, specifically deep-water oil drilling rigs. The bribes were allegedly knowingly paid on behalf of Panalpina’s clients (Transocean and Tidewater) and the amounts were subsequently charged to these clients as ‘load processing fees’ or ‘administration/transport fees’ on their invoices. When Panalpina was finally investigated and charged for this corrupt malpractice by the US Department of Justice (DoJ) in August 2010, the company had to pay $70.56 million in criminal fines and $11.3 million in civil penalties. Since then, British and European regulators have targeted organisations suspected of engaging in corrupt malpractice in Africa. Country risk profiles not only identify the geopolitical, security and competitive risks, but also highlight the risk of corruption in that country. In Uganda, the law does not distinguish between ‘a bribe’ and ‘a facilitation payment’. Corruption risks exist in the police, judiciary and procurement areas where cash payments are the norm. A
securityfocusafrica.com
recent survey conducted by a Kampalabased business NGO (non-governmental organisation) reported that one in six companies complain that the legal system is a major obstacle to their ability to conduct business in Uganda owing to political interference. Botswana is generally perceived to be the least corrupt country on the continent. But, in November 2015, seventeen Botswanan police officers at the Kopfontein border post were arrested for bribery when helping a syndicate of counterfeit cigarette smugglers. Also, in August 2018, former President Ian Khama and his Director of Intelligence Services, Isaac Kgosi, were accused of nepotism and patronage with the payment of nearly BWP 30 billion from operational funds to a company styled Power Force (Pty) Ltd. Other companies have since been implicated. Therefore, mitigating reputational and financial risk in any organisation relies on a clear understanding both of the terms used, and the practices involved. Reputational risk is based on the behaviour of individuals, whereas financial risk is based on operational decisions. Implementing an effective risk management programme will protect a company’s corporate assets, especially reputational and financial ones. The success of such a programme relies on the following seven steps to create an effective risk management plan:
1. Conduct a risk analysis to identify potential risks. Prioritise and document these risks. 2. Evaluate and assess the probability of each potential risk, its consequence and impact. 3. Assign roles and responsibilities to individuals to manage each risk. 4. Develop preventative strategies and countermeasures for each risk. 5. Create a contingency plan in the event that a critical situation occurs because of unforeseen or unplanned risks. 6. Continually liaise with your company’s stakeholders and regularly measure your appetite for risk. 7. Regularly monitor and report on each risk to determine its likelihood and severity of impact so that you may fine-tune your preventative strategies. The above steps are designed to ensure that all the stakeholders in an organisation comply with the rules for mitigating identified risks and support the roles and responsibilities of the risk manager and their department. In conclusion, consider that reputational and financial risks occur because of adverse behavioural and operational circumstances. By maintaining a comprehensive risk management programme that identifies, monitors, and responds to such risks, you will ensure the continued profitability of your organisation.
SECURITY FOCUS AFRICA MAY 2021
15
RISK MANAGEMENT
Mitigating the long-term effects of Covid-19 with new best practices Two forward-thinking CEOs share their thoughts
I
nvixium Regularly asked “What’s next?”, Shiraz Kapadia, CEO and president of global touchless biometrics solutions giant Invixium1, says that the answer is clear: Adaptive, intelligent systems that address long-term workplace health, safety, security and productivity. “Security management has evolved over the last several years to increase the efficiency of building systems and operations. Covid-19 has radically changed what we understood as bestpractices in our industry, and we are once again preparing to adapt: this time, to a vaccinated society,” he avers. Keeping throughput high as well as safe Faced with the inevitable slow-down of
16
SECURITY FOCUS AFRICA MAY 2021
employees on arrival at work due to temperature screening, many companies have lost their edge when it comes to high throughput. The solution, says Kapadia, is to add a new layer to security systems – something that’s user-friendly and keeps people moving quickly, such as walk-through monitors and automated screening kiosks. “Before Covid-19, many businesses were using security analytics to monitor doors, manage employees and more,” he says. “Since Covid-19, our industry has seen a sudden inclusion of healthmonitoring software. It’s one thing to have software that tracks and audits data. It’s something else entirely to invest in software that is able to perform deep analysis. Consider what you could do if your security analytics software
integrated with your temperature screening solution. Your software would aggregate temperature screening results over time – anonymously, if you choose – so you could monitor trends and take any steps you feel are necessary if someone arrives at your business with an elevated body temperature. You could advise staff who were present at the time to selfmonitor symptoms in a proactive effort to limit the spread of illness, safeguarding your healthy building at the first sense of potential danger.” Automation is more important than ever Kapadia believes that automation means more now to companies than it did before the pandemic. “For most of our customers, it comes down to both cost and sanitation. The pandemic has made
securityfocusafrica.com
RISK MANAGEMENT
security costs go up as businesses purchase new equipment, pay more working hours for security or HR staff and restructure… to accommodate workfrom-home and social distancing in offices. Automation can bring these costs back down. With an automated solution, you give your existing security staff peace of mind that the job is getting done, and you may prevent a door from opening for someone without a mask. This simple, powerful option provides a fast and easy solution to a pandemic-related security measure that will persist throughout the year.” Lady Askari Another forward-thinking company is Kenya-based Lady Askari2. Founded by James Dutkowski, Lady Askari is a risk management company dedicated to providing bespoke solutions to meet their customers’ security needs. “In order to implement risk management solutions and have compliance from the client, it is important to know their risk appetite and create a solution that fits their needs and will get top-down buyin,” says Dutkowski. “These days, even with the additional risk, security is still often regarded as just another line item in
securityfocusafrica.com
the budget.” On the back of the global Covid-19 pandemic, as well as increasing cybercrime and other forms of crime, the need for professional security risk assessments has never been greater, avers Michelle Brenda, who heads up Lady Askari’s reception division. “A security risk assessment is the overall process of risk identification, risk analysis and risk evaluation. It allows you to put mitigation measures in place to prevent future problems related to security defects and looks for vulnerabilities as well as saves money.” Organizations are facing ever-evolving threats, Brenda says, hence the need to develop a framework that will allow them to identify, understand and mitigate risk. It then has to be integrated into all processes at every level as part of an efficient corporate culture that is proactive rather than reactive. Risk management should be regarded as a part of a holistic security system, she continues. “Lady Askari’s clients range from non-profits to multinationals and private, often high-net worth individuals. Where Lady Askari differs from the norm is its focus on female employees. Although the security industry is dominated by men, women
have been some of the fiercest warriors throughout history – from protecting the homestead to going to war in defense of their country. Women have protective instincts and are highly attuned to threats and danger. As close-protection officers, women may usually blend in more easily than men because they are assumed to be personal assistants or secretaries, whereas male close-protection officers often stand out.” “High-profile women may feel uncomfortable with male close protection officers at their side for extended periods of time or when using the bathroom. High-profile men also often prefer to have women protecting their wives and children.” A vital role to play Brenda concludes by saying: “Companies that do not recognise the vital role women have to play, thanks to their intuition, emotional intelligence, empathy, innate leadership skills, caregiving and collaboration are losing out on an increasingly valuable risk management resource.” 1. https://www.invixium.com/ 2. https://ladyaskari.com/
SECURITY FOCUS AFRICA MAY 2021
17
SPECIALISS FEATURE
Lessons in preventing violent protest in South Africa Good communication and respectful responses to local service delivery problems may prevent anger and violence. By Chandré Gould of the Institute for Security Studies. First published by ISS TODAY – https://issafrica.org/iss-today/ lessons-in-preventing-violent-protest-in-south-africa
I
t is very difficult to show or prove that something did not happen because of action taken to prevent it. This is one of the challenges facing anyone working to prevent violence. So, when one actually witnesses actions that prevent violence, this is a good opportunity to draw lessons. I had this opportunity over the past ten days, when water was cut off for seven days to the communities of Hoekwil and Touwsranten in the Eden district of the Western Cape in South Africa, where I live. Anyone privileged enough to have water gush out of a tap in their house every time they open it knows how frustrating it is when that luxury is no longer available. For those who have to collect water outside from a communal tap, the challenges are even greater. Add a baby, or an incontinent elderly family member, or a child with diarrhoea, and
you have an incendiary mix – and an example of gendered, structural violence. The Institute for Security Studies’ Public Violence and Protest Monitor shows that in South Africa, frustrations with water and sanitation delivery failures resulted in 585 cases of public protest between January 2013 and April 2021. Of those incidents, 378 (65%) turned violent (see graph). The protests directly affected over 57 000 people. This is if one tallies only the number estimated to have been involved in the demonstrations. It does not include those affected because roads were blocked or infrastructure damaged or because they were police officers or health workers who responded. The number of people indirectly affected by not having access to water or sanitation is far greater. The cost to the government, communities and individuals is vast – probably far greater than it
would have cost to fix the problem that caused the anger in the first place. Why did the lack of water not lead to violence in Hoekwil and Touwsranten? It was not because we have not experienced violent protests in the past, or because there is something special about this small town, nor is it because it is a small town. Indeed, a significant number of protests in response to water and sanitation failures were in small or medium-sized towns in all provinces across the country. Rather, violence in Hoekwil and Touwsranten was prevented due to four key factors. The first was good communication via multiple platforms. When a main water pipe burst and water was cut off, residents were informed within 24 hours what the problem was, what was being done to fix it and how long it would take for water to be restored. Messages came from the mayor, local councillors, people
Water and sanitation delivery failures saw 585 public protests between January 2013 and April 2021 18
SECURITY FOCUS AFRICA MAY 2021
securityfocusafrica.com
SPECIAL ISS FEATURE
Water-related violent protests: Jan 2013 – April 2021
living in the community and working on the pipe. They were relayed by word of mouth, through WhatsApp groups and on Facebook. Second was the deployment of effective, non-threatening law enforcement. No South African Police Service members were involved. Instead, municipal law enforcement vehicles were stationed at the community centre and monitored the area. Officials staffing the vehicles answered questions about when and where water tankers would be available and explained why at times, they were late. Third, those affected were treated with respect. One water tanker was stationed in the affluent part of town to serve a community who mostly have their own cars. Two or three tankers were sent to where people mostly do not have private transport and would have to carry buckets. One tanker moved around the informal settlement for ease of access (so that residents did not have to walk far with
securityfocusafrica.com
heavy buckets), while another was stationed at the community hall. And the people staffing the tankers were friendly and helpful and spoke kindly to the groups of curious children who gathered to watch and help and play around the truck. Fourth, the problem that caused the water to be cut off was fixed by installing new pipes. While mostly middle-class folk lamented the failure, no one from Touwsranten or Hoekwil could really get angry because they knew what was happening, could get water if needed and felt heard and cared for. These four simple, effective steps by local government that prevented anger spilling over into protest beg deeper questions about the relationship between citizens and the state. This example shows what’s needed to build trust between citizens, local elected officials and national government. These lessons may help avoid the human and financial costs of failures in relationships and infrastructure.
Ward committees (elected bodies of citizens who meet regularly with their local councillors) would be the right place for problems to be raised and resolved locally. But research conducted in 2009 showed that ward committees work only when you have ‘capable councillors, when the local governing political party supports the local community on key issues, and when the municipality is well run.’ Unfortunately, such conditions have not been met in most municipalities. It is also doubtful whether most citizens are even aware of the existence of ward committees in their areas. Maybe residents and local councillors would only engage in constructive relationships which prevent service delivery crises and the accompanying harms if party politics did not feature in local government. While that is unlikely, the Hoekwil and Touwsranten case shows that prevention is possible and that quick, respectful responses by local government can offset the damage of failed service delivery.
SECURITY FOCUS AFRICA MAY 2021
19
REPORTBACK TRENDS
Digitally protecting your intellectual property helps safeguard future business success In today’s increasingly knowledge-based economies, intellectual property holds value because of its ability to generate future profits and wealth, as it fuels innovation and growth. Therefore, it is logical that companies need to take precautions to safeguard their intellectual property. By Richard Broeke, MD: Securicom
O
ne definition of intellectual property is as follows: “Law: property that results from original creative thought, as patents, copyright material, and trademarks, OR an individual product of original creative thought.” Protecting an intangible asset As may be seen from the above, whether it is a legal or non-legal definition, original creative thinking is an integral part of intellectual property, meaning that it is an intangible asset which may take many forms. Some of the most well-known forms of intellectual property include copyrights (covering literary and artistic works in a wide-ranging manner, including novels, films, music, website pages, photographs and architectural design); patents (rights granted to inventors that allow them to exclude all others from making, using or
20
SECURITY FOCUS AFRICA MAY 2021
selling their invention for a specified time frame); trademarks (such as the Nike swoosh symbol); trade secrets (for example, a chemical formula for a new medicinal drug, or any other data that gives the user an advantage over their competitors); IT software; and proprietary products and parts. Moving on from this, it is easy to understand that intellectual property may be more valuable than a company’s physical assets. In today’s information age, intellectual property may represent a competitive advantage and, as a result, should be carefully protected by the companies by which it is owned. However, intellectual property today needs to be guarded by more than simply walls, doors and locked safes. Picture this: 100 years ago, a firm’s science or engineering department would have been dealt a severe blow if faced with the physical theft of blueprints
depicting a prototype invention with pending patents. Today, we think of a hacker accessing the copyrighted source code of a software development company’s flagship program. In each instance, intellectual property has been compromised. As a specialist managed IT security services company, Securicom provides holistic protection and intelligent monitoring for IT infrastructure, from the core and beyond. The securing of your intellectual property is one of our main tenets. The hidden costs of compromised intellectual property It is important to secure your intellectual property, both physically and digitally. Physical protection has been understood for as long as people have been interested in stealing others’ great ideas to use to their own advantage. Digital protection,
securityfocusafrica.com
TRENDS REPORTBACK
of course, is a little newer than this, in the grand scheme of things. According to professional services company Deloitte, intellectual property loss is among the hidden or less visible costs of a cyberattack, along with lost contract revenue, potential devaluation of your company’s trade name, and damaged or lost customer relationships. Deloitte notes that, because your company owns the intellectual property, whether trade secrets, drawings and plans, or proprietary know-how, then you may – in the event of a cyberattack - have an obligation to shareholders and stakeholders to identify what has been stolen, assess potential impact and loss, and seek potential recovery of the intellectual property as soon as possible. It is also critical to understand that your competitive advantage may be at risk if your intellectual property is compromised. Thus, the importance of digitally protecting your intellectual property today is paramount. Let’s begin with networking… As the services we consume move to the cloud, the networks underpinning these services become more complex. This, in turn, makes securing networks a more specialised skill. Over and above the traditional layered defence model, visibility and control is vital, and a multi-faceted approach is needed. Through the use of both on-premise and cloud-based offerings from various international vendors we may secure any network: anywhere, any time. Our solutions are infinitely customisable. Using traditional layered defence security with advanced monitoring and management capability, we secure your perimeter, external web presence, enterprise wireless solutions, SoftwareDefined Wide Area Network (SD-WAN), and application performance visibility and management. Endpoint monitoring, management and response The rise of remote working and bringyour-own-devices (BYOD) have all contributed to the fact that businesses’ intellectual property is no longer contained within their physical premises. This calls for a new set of security services that may provide security to the data that is not under your direct control. When we consider the current, significantly increased numbers of
securityfocusafrica.com
employees working from home, we may understand how the endpoint has become an even more crucial vector for attack. Companies must ensure that their endpoints are protected by a next generation anti-virus and closely monitored for any malicious activity. The endpoint also needs to be able to create a secure connection to the private network at head office. Endpoint detection and response (EDR) may identify threats that exist in your networking environment and then respond to them, as well as analyse the nature of the threat and give your IT team information about the threat, including how to stop the attack altogether. Incorporating EDR may improve the security of both the devices connected to your network and your overall IT system. Becoming ever more complex I think it is fair to say that the cybersecurity landscape has never before been as dangerous as it is now, making the ways in which it needs to be defended ever more complex. And it is not going to get any simpler over time. Addressing these security risks requires managing your security – rather than technologies – which requires a full time, always-on monitoring and response approach. In a data-driven information age, producing valuable intellectual property requires heavy investments in the brainpower and time of your skilled personnel. This makes it even more important to be able to digitally protect your intellectual property. When your data is not only ‘at rest’ within your network but is also moving and has, quite literally, left the building, this implies that your intellectual property is most likely also leaving the building. Switching the thinking… Addressing today’s security risks therefore requires new thinking around how best to leverage the number of technologies available to us. This switch needs to be focused around managing your security, rather than technologies. Our security offering encompasses mature consumption-based security services for the securing of email, web and the endpoint; network security services; and data privacy via SIEM-only customer managed security, which provides automated monitoring of events and alerting based on requirements, as well as SOC services, whereby analysts
interpret the traffic and alert customers as required, providing remediation advice and assistance. Through subscription to a combination of these, we offer our clients the promise of managed security, through which we bring together these complex technologies and components as a single offering. Commentary from Networks Unlimited Africa Stefan van de Giessen: General Manager: Cybersecurity “Through the delivery of managed security, Securicom is able to deliver a cost-effective premium cybersecurity offering for any size business, anywhere. We have been proud to partner with Securicom for over 15 years. We wholeheartedly endorse their philosophy that, in navigating today’s cyber landscape, it is critical for organisations to make use of a service, rather than simply replacing technology at regular intervals.” About Networks Unlimited Africa Networks Unlimited is a value-added distributor, committed to empowering African businesses through innovative technology solutions. Our focus includes the world’s leading security, networking, storage, enterprise system management (ESM) and cloud technologies. As a company, we are dedicated to taking our partner ecosystem to new heights. We support our partners through operational excellence, a competitive pricing strategy and strong focus on education, with the view of investing in long-term relationships. We work with competitive, resilient businesses, who are leaders in their field of excellence. Our offerings include a portfolio of products highly regarded by Gartner, such as Altaro, Attivo Networks, Carbon Black, Cofense, Fortinet, F5, Hitachi Vantara, NETSCOUT, NVIDIA, ProLabs, RSA, Rubrik, SentinelOne, SevOne, Silver Peak, Tenable, Tintri and Uplogix. Contacts Networks Unlimited Africa David Wilson Email: david.wilson@nu.co.za Tel: +27 (0) 11 202 8400 icomm Vivienne Fouché Tel:+27 (0) 82 602 1635 Email: vivienne@pr.co.za Web: www.icomm-pr.co.za
SECURITY FOCUS AFRICA MAY 2021
21
TRENDS
Built for resilience through innovation External disruptors and start-ups are constantly shaking up the business world, pushing technological boundaries and reimagining the future. According to Leona Mentz, Regional Operations Manager, Asia, Middle East and Africa at BT, it has become crucial to not only identify the most relevant digital trends that will redefine the world in the new normal, but to find ways to best harness their potential.
B
y more rapidly embracing digital change and the associated innovation that this entails, businesses may make themselves more resilient against future events. We have found, for example, that businesses further along the digital journey are weathering the impacts of the pandemic and resulting lockdown measures with far more flexibility and resilience. There are five innovation priorities that business leaders must be mindful of if they intend to ensure that they are built for resilience. These are artificial intelligence (AI) and machine learning (ML); big data and analytics; 5G; the Internet of Things (IoT); and security. AI and ML have already become an everyday part of our lives. And Gartner predicts that by 2024, 75% of enterprises will shift from piloting AI to operationalising it1. Already, companies are developing AI that draws on the large, open, and free data repositories which the likes of Google, Facebook, and Apple are creating. These pools of data may be used for new types of modelling to help communities plan and manage resources better. Incorporating AI and ML into the business isn’t a question of simply flipping a switch and powering ahead. Getting it right takes a radical rethink of how data is managed throughout the business to make sure it’s accurate. Secondly, big data and analytics are transforming the customer experience. For businesses, these components are used to gain a comprehensive view of the customer and facilitating the development
22
SECURITY FOCUS AFRICA MAY 2021
of products and services that best meet their needs. Along the way, this helps the business grow loyalty and reduce churn which are vital in a challenging economic environment. But big data nowadays goes beyond just that. It also means businesses may make better decisions, faster and more costeffectively. From matching resources to where they’re needed, to preventing events rather than just predicting them, big data, together with AI and machine learning, are automating complex processes that would otherwise be too expensive to contemplate. This frees people from tedious and time-consuming tasks to do something more productive. The third priority, 5G, is enabling more sophisticated and flexible services that have ultra-low latency. Think things like network splicing and edge computing, automating production lines, and proactively identifying faults. And, as industries search for ways to operate safely and effectively throughout the pandemic, 5G is emerging as the smart choice in many scenarios, such as where businesses need new ways to collaborate remotely. It has become the linchpin of an ecosystem that has data at its heart. This technology will help any business get the most from other emerging technologies that are maturing now. With reliable, high-speed connectivity in place, IoT becomes a given. Thanks to affordable chips and sensors, as well as widespread wireless networks, it is now possible to connect anything to the Internet. Machine-to-machine network connections are expected to grow globally from just under 1 billion in 2017 to 3.9
billion in 20222. For example, smart cities are increasingly managing their own infrastructure to improve life for residents, influencing everything from parking to crime detection. The pandemic has also accelerated IoT adoption as companies are using the likes of smart wearable devices and workforce tracking systems to keep employees apart. Finally, security has become a missioncritical aspect of the new operating environment. With an increasingly disparate workforce relying on cloud usage more than ever, businesses have opened themselves up to the potential risks of cybersecurity attacks. Businesses must understand how their risk profiles have changed and what they need to do to remain operational while still safeguarding data and network access. The urgency to adapt to the ‘new normal’ for sustained business continuity has made businesses more receptive to new possibilities – and businesses should not return to how things were before. Instead, they are presented with an exciting opportunity to transform into completely different organisations – and towards increased resilience. 1. Gartner Top 10 Trends in Data and Analytics for 2020 – https://www.gartner.com/ smarterwithgartner/gartner-top-10-trends-indata-and-analytics-for-2020/ 2. Cisco Annual Internet Report (2018–2023) White Paper – https://www.cisco.com/c/en/us/ solutions/collateral/executive-perspectives/ annual-internet-report/whitepaper-c11-741490.html#_Toc953331
securityfocusafrica.com
TECHNOLOGY UPDATE
47% of users in South Africa think that software update time may be used to increase productivity and engage in self-development Kaspersky has announced the campaign “Pain in the neck”, exploring users’ attitudes to updating devices. According to a study commissioned by Kaspersky in April 2021, installing updates is considered a routine boring task and half of respondents commonly snooze them.
A
t the same time however, four-in-ten (47%) respondents locally admit that the time spent waiting for updates to take place may be used productively and they are making this a reality in their day-to-day lives. Updates to devices are not only necessary to gain access to new features or interfaces, they also help to maintain a high level of security. Vendors regularly test their offerings to find new potential vulnerabilities that could be exploited by attackers. The timely installation of updates may serve as an effective defense against cybercriminals. This downtime may also increase people’s productivity and help with well-being. Respondents agree that the time spent waiting for devices to update could be valuable, with 47% saying that this may be used for other purposes even if it affects their productivity, and 34% even enjoy the break away from technology. Generally, users mostly prefer to shift to other activities while updates are installing. For example, when their devices are unavailable, 37% of respondents locally try to switch off and relax (watch TV or read a book), 18% distract themselves by cooking, and 5% prefer sports or going for a walk. Almost
securityfocusafrica.com
a quarter of respondents (22%) continue to do what they were doing, simply switching to another device. Despite the benefits of such pauses, once they receive update notifications on their devices, 56% usually postpone the installation of updates. The most popular reason is because users are busy at work (39%), followed by options where users do not want to stop using their device in that moment (30%), and just over a quarter (29%) do not want to close the application. All in all, 55% see no harm in such delay. “It makes complete sense to switch to another device while the gadget you were originally using is going through an update cycle. Playing sports, cooking, or a little meditation could be a timely break from the working day, helping people to relax and reboot. We were pleased to see in our survey that many people already follow healthy practices, and we call on others to follow their example. Doing so will not only help to improve your mood but may also increase productivity,” comments Maria Namestnikova, Head of GReAT Russia, Kaspersky. In terms of the campaign “Pain in the Neck”, Kaspersky, in collaboration with the well-known blogger, yoga
teacher, and personal trainer Shona Vertue, also prepared a short course of simple exercises that may be completed during the installation of updates. The course itself is very simple and may be performed at home by people of all abilities. Link for the video1. The full report is available via this link2. About the survey In April 2021, Kaspersky commissioned Savanta to conduct an online survey of 15,000 respondents to explore people’s device update tendencies. The sample included 1,000 respondents from each of the UK, France, Germany, Italy and Spain; and 500 from each of the United States of America, Netherlands, Austria, Portugal, Romania, UAE, Turkey, South Africa, China, India, Australia, Brazil, Mexico, Argentina, Colombia, Chile, Peru and Russia. All respondents used a personal computer, smartphone and/or tablet for either their personal or work lives, and 76% of the respondents were currently employed. 1. https://www.youtube.com/watch?v=hrOA00lm_Y 2. https://www.kaspersky.com/blog/deviceupdates-report/
SECURITY FOCUS AFRICA MAY 2021
23
NEWS
we can achieve more and can make an impactful difference not only to our partners but also to the children’s lives that we touch daily. We challenge you to work with us to make a positive difference in the communities and beyond, together we will achieve greater heights,” continues Venter. “The development of NASH is an example of how technology can assist to further drive our efforts in raising funds and improving the lives of those in need. I am extremely grateful for the collaborative efforts of FinChatBot and Ozow in harnessing the power of technology to support our communities.”
The NCCF joins forces with FinChatBot and Ozow to launch a donation solution The Nashua Children’s Charity Foundation (NCCF) recently teamed up with FinChatBot and Ozow to develop a first-of-itskind, end-to-end conversational-AI donation solution that allows benefactors to donate to the foundation in just a few seconds from their desktop or mobile phone.
T
he chatbot, known as NASH, is Artificial Intelligence (AI)-driven and is available on the Nashua/NCCF website, and accessible via a QR code and URL across social media and other marketing channels. It allows prospective donors to choose whether they would like to donate money, goods, or their time by engaging with NASH and completing a few simple, user-friendly steps. The idea for NASH was conceived by FinChatBot, a company focused on revolutionising the financial services industry by helping brands digitalise and guide Customer Experiences (CX) at scale, in October last year. The team was excited to help the NCCF raise funds and innovatively collect donations, especially considering the unpredicted effects of Covid-19 across charities and sponsors. FinChatBot approached the NCCF with this innovative concept and organised a company-wide two-day Hackathon to develop the solution, in December 2020. A payment gateway was later integrated into the chatbot with the help of Ozow, an organisation that offers secure, integrated payment solutions to businesses. NASH gives donors the option to either provide their details or remain anonymous, should they wish to donate money, time, or goods. For monetary donations, users are
24
SECURITY FOCUS AFRICA MAY 2021
taken to a secure instant EFT payment portal, using their South African online banking profile. Those who do not have a banking profile can choose an option to donate later via a direct deposit to the NCCF’s bank account. NASH also enables benefactors to request an 18A tax certificate. Business and individuals who want to donate goods to the foundation are prompted by NASH to choose from various categories such as school supplies and clothing, stationery or nappies, among others, to ensure that the items are suitable for children to use. Those wanting to donate their time need to provide their details and complete a verification process. Helping the less fortunate “Nashua is committed to providing support to those less fortunate and established the NCCF as part of its corporate social investment (CSI) efforts during 2006. The foundation currently provides approximately 600 000 meals per month to about 15 000 children,” says Nashua CEO Barry Venter. “At Nashua we pride ourselves in being a brand that is actively involved in uplifting communities, especially when it comes to strengthening the youth of South Africa. We believe that when we work together,
Using technology for good Antoine Paillusseau, CEO and Co-founder of FinChatBot, explains that the company believes in positively transforming people’s lives through intelligent digital solutions, with NASH being a good example of technology being used for good and for the benefit of those who are less fortunate. “Technology has been adopted in many revenue-generating organisational aspects, so the use of technology to benefit the community is the next step in the adoption progression. Organisations should look at including technology in their CSI portfolios as they endeavour to transform other parts of their businesses,” he says. Ozow CEO Thomas Pays says that since the company integrated a secure, nongovernmental organisation payment gateway solution into the chatbot, there are no charges for payments processed on the system. “Thus, the solution is a full end-to-end donation solution for charitable donations – a real first. Those who wish to donate may do so quickly and easily from any webenabled device anytime, anywhere,” he adds. In addition to supplying meals to children, which include two meals a day and a school lunch pack per child, the NCCF also focuses on education. The foundation supplies school uniforms, school stationery, school bags, educational toys, tables, chairs and even wall charts to schools, including special needs schools, daycare centres and pre-schools. “This unique chatbot solution comes at a time of great uncertainty, and shows that through collaboration, we are always able to find a way to make South Africa a better place for our future leaders,” says Helen Fraser, Operations Director at the NCCF. Link to meet NASH: www.nashua.co.za/ nccf-charity-foundation/
securityfocusafrica.com
NEWS
SendSpend’s digital card and e-wallet chosen by TravelTicket as preferred payment method in emerging markets London-based alternative payments leader, SendSpend is pleased to announce their partnership with TravelTicket App in South Africa. SendSpend’s offering is specially tailored for the global unbanked and an ideal platform for South Africa’s transport industry.
L
ong-haul bus travel made simpler and safer TravelTicket enables consumers to purchase tickets from hundreds of domestic long distance and cross-border bus companies using the TravelTicket mobile App and paying electronically. “SendSpend’s Payment Gateway helps monetise apps and enables online stores to receive digital payments from anyone, even those without a payment card.” SendSpend will save hard-pressed consumers time and money by empowering them to purchase bus tickets without leaving their home or having to take time off work. SendSpend’s free pre-paid digital card and e-wallet is easily downloaded from Google Play Store onto an Android phone, and registration is done via the app. Customers are up and running within minutes. This innovation radically improves bus drivers and passengers’ safety, who are soft targets for thieves after their cash takings. The bus companies also benefit, as there is no need for them to print tickets anymore, thus avoiding ticket counterfeiting schemes. “This is a significant moment for emerging market companies in the transport industry,” says Graham Davies, joint CEO. “SendSpend’s E-Commerce Payment Gateway helps monetise apps and
securityfocusafrica.com
enables online stores to receive digital payments from anyone, even those who don’t have a traditional payment card. It not only opens up online products and services to the unbanked, it provides a platform for e-commerce merchants and e-tailers to receive payments from a massive market audience that previously had no method of paying them.” What makes SendSpend so special? Unlike existing online payment platforms, SendSpend allows payments and transfers to occur instantly without the need for a credit card or bank account. The digital card is “topped up” with cash by users, at registered agents or ATMs. Wages may also be paid directly into it. SendSpend’s innovative search and price comparison AI technology enables customers to search for and locate available Cash In/Out agents in their area and compare deposit or withdrawal fees in real-time. This creates a competitive market place for cash services which is sure to make remittances and payments more affordable and accessible to the consumer. The road to cash-free transport While the predominant form of public transport in South Africa is the minibus taxi (37.8%), buses are the second most popular form of public transport, at 5,6%,
well ahead of passenger rail. This translates into at least 960 000 bus trips per day during the workweek and excludes weekend travel, long-distance and cross border trips. The strategic combination of TravelTicket’s app and SendSpend’s digital card and e-wallet ensures that none of these passengers need to pay cash for a bus ticket again, whilst operators may say goodbye to the headache that comes with having to manage large amounts of cash each day! “SendSpend is a big game-changer for the travel industry and comes at a time when the average day traveller really needs a new and fresh solution, to not only book tickets remotely, but enabling them to make risk-free payments,” says Ruan du Plessis GM of Travel Ticket. “We see the impact of SendSpend being a huge benefit, especially for the long-distance and cross-border travel companies who always struggle with people paying for their bus tickets in cash. This not only opens up a whole new audience for the bus companies but significantly reduces their cash and pilferage risks, by enabling prospective travellers to pay electronically.” Additionally, SendSpend is perfect for point-of-sale and commuters may also use SendSpend to pay in person at ticket offices across South Africa. Everybody wins! With over 95% of households in South Africa having access to a cellphone and 90% of internet traffic conducted on a smartphone purchasing online or via an APP using SendSpend is a new way forward. SendSpend Customer: https://www. youtube.com/watch?v=gDSDssHHDo&ab_channel=SendSpend About SendSpend Limited SendSpend Limited is a Fintech company headquartered in London, United Kingdom, with operations in South Africa and India. SendSpend Holdings (Pty) Ltd, registered in South Africa, is an authorised financial service provider (FSP# 50673). SendSpend promotes financial inclusion of the unbanked through the SendSpend Payment System, a global, multi-currency, peer-to-peer payment system connecting merchants, consumers, and cash in/out services via a series of APIs, payment gateways and smartphone apps. The SendSpend apps are currently available on Android.
SECURITY FOCUS AFRICA MAY 2021
25
NEWS
SA startup, AURA, on what it takes to go global AURA, South Africa’s leading security and medical response platform, recently announced its expansion into Kenya, followed closely by a move into the UK where it aims to have over 10,000 users receiving the company’s service within seven months. Later this year, the startup will look at possible expansions in Mexico and Nigeria. Press release – 29 April 2021
W
arren Myers, AURA’s CEO believes that South African startups are able to compete with the best in the world thanks to a focus on smart innovations that answer real-world issues. “The biggest problems in the world are starting to feel fixable for the first time in history. Many people are still unaware of just what will be achievable with hyperscale technology tools like AI, IoT, blockchain, and nanotechnology, among others,” notes Myers. He adds that startups have a unique role to play in deploying technology to solve local problems that have real relevance on a global scale. “Although the severity and types of crime differ across the world, it is still an unfortunate reality almost everywhere. At AURA we believe that much of the crime problem is able to be fixed. Technology is making it harder than ever to be a successful
26
SECURITY FOCUS AFRICA MAY 2021
criminal which means we may make a meaningful difference wherever our technology is used.” AURA’s technology platform enables anyone to access the closest vetted private security and medical response unit to their location, anywhere, anytime, using a connected device. A shared vision and dedication to continuously improving the safety of everyone has led to a successful partnership with Uber which added an emergency button, powered by AURA, to the Uber app in South Africa and Kenya. Myers says that building a global business requires a skilled team together with the right culture and organisational practices to ensure a startup’s long-term sustainability. “Equally important is finding and nurturing the right partnerships. Our VC partner, HAVAÍC, understood and saw the potential of our business at an early stage and provided
Warren Myers, AURA’s CEO
the strategic insight needed for us to expand at the right time and into the right locations.” In addition to being game changers in the technology space, Myers says startups and technology entrepreneurs may be at the centre of creating real social good for the benefit of everyone, irrespective of their social status or geography. “The biggest opportunities for startups are in areas of common human necessity. Necessity truly is the mother of invention. The belief that all people have a right to feel safe and secure is how AURA first came about. There are numerous other examples, including health and education, where startups may create and use innovative technologies that have the potential to go global.”
securityfocusafrica.com
COMPLIANCY
information page for visitors as to what data is stored and how the business manages it.
Is your website POPIA compliant? The Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR) have a significant impact on websites and other digital platforms like social media, email marketing and e-commerce activities. Businesses have until 1 July 2021 to comply and to make their websites compliant. By Bluegrass Digital CEO Nick Durrant.
P
OPIA and GDPR are data privacy laws that affect all business websites that collect data. The regulations are there to protect the online privacy of visitors and it covers how personal data is used and extracted when users visit and interact with a website. Websites collect information in various ways and if a site uses analytics, opt-in forms, WordPress forms or email marketing, then they are collecting personal information. It is essential for businesses to obtain consent from visitors to collect and process their personal information. Without consent, they maynot share this information with their marketing team as these regulations have been designed to protect people against data breaches. To avoid massive fines and lawsuits, businesses need to comply by informing users about the data that their website collects. Here are some key areas that business leaders should review and discuss with their web development team. Business websites must explicitly disclose if they are collecting personal data They must inform visitors about why, how and where they store and process this personal data. Visitors may request a copy of the personal data collected from them.
securityfocusafrica.com
Visitors may request to have their personal data erased. Businesses must report serious breaches within 72 hours. More importantly, they need to review all data collection points on their website. This could include the registration page, IP addresses, a checkout page and other analytics. It is critical to cover all these areas and to obtain consent to collect information. WordPress The latest version of WordPress has built-in privacy and compliance features as part of its core. Merely by updating WordPress, one could ensure a higher level of compliance. Some new key features of WordPress include explicit consent, new data erase and export features and a policy generator. WordPress previously stored data to ensure that people did not have to retype their personal information when making a new comment. Now, people have to click a checkbox to ensure their personal data is stored and reused. The data export and erase feature enables businesses to easily export a user’s information into a .zip file or completely erase it from the database. This feature helps simplify managing visitor’s personal information. WordPress also offers a privacy policy template that enables one to create an
WooCommerce WooCommerce also offers built-in tools to manage user privacy. One may enable the options for personal data retention, data erasure and a privacy policy. It is now easy to add the necessary information and disclosure to a WooCommerce privacy policy, especially related to shopping and payment security. Contact forms Visitors should be made aware that your site will collect their personal information when they complete any contact forms including registration forms and opt-in forms. One may easily create a tick box to accept the terms of service. Cookies One also needs to inform visitors that your website collects cookies. Notifications Businesses must inform visitors about any policy updates or data breaches, this may be done via email. Analytics Third-party services or plugins like Google Analytics and Google Adwords need to be managed correctly, one needs to anonymise the data before storage and processing. This could be complicated but there are POPIA and GDPR compliant plugins available, they automatically connect Google Analytics to your website and they may make data anonymisation easy. Online payments e-Commerce businesses likely use a payment gateway and your own website may be collecting personal data before passing it onto the payment gateway. If so, the regulations require you to remove any personal information after a reasonable period. Conclusion Compliance reassures visitors, they are likely to share personal information when they understand how your will use their information. Adding compliance policies will certainly benefit your business, it will prevent future data breaches and protect personal and company information. It will also ensure that visitors’ personal information is not compromised.
SECURITY FOCUS AFRICA MAY 2021
27
INDUSTRY OPINION
When will we get rid of passwords? Passwords are inconvenient and create numerous security vulnerabilities, so why can’t we just replace them? By Shuman Ghosemajumder, Global Head of AI at F5
T
he short answer is that there is no better method. Yet. Companies are beholden to their users, and while most users claim to value security over convenience, their actions speak otherwise. As a case in point, research conducted by Google suggested that even when users have experienced their accounts being taken over, fewer than 10% will adopt multifactor authentication (MFA) because of the associated complexity and friction.1 All authentication is a balance of usability, security, and deployability. To replace passwords, a new solution must equal passwords on all three fronts and exceed them on at least one. Trading off one set of advantages for another will not be enough to incentivise both organisations and users to switch. So, what could we do today to ease the password-driven bottlenecks and edge ever closer to friction-free nirvana?
28
SECURITY FOCUS AFRICA MAY 2021
A Better MFA A hypothetical solution to our maximisation problem is invisible multifactor authentication (iMFA). Unlike the MFA solutions of today, which typically rely on a password combined with an SMS or a one-time password via email or a physical token, iMFA would rely on factors that are invisible to the user. Specifically, it would collect and process the maximum number of effort-free signals. Let’s break that down: • Maximum number. Web authentication is converging on a non-binary authentication model where all available information is considered for each transaction on a best-effort basis. All of the context of a user’s interaction with a website may be used to grant the best visibility into a user’s risk profile. • Effort-free signal collection and processing. Security should be provided on the backend, so it doesn’t impede
customers. By providing security without customer impact, companies may mitigate threats at minimal cost without introducing friction and upsetting users. For example, most email providers have settled for approaches that classify mail based on known patterns of attacker behavior. These defenses are not free or easy to implement, with large web operators often devoting significant resources towards keeping pace with abuse as it evolves. Yet, this cost is typically far less than any approach requiring users to change behavior.3 iMFA could be implemented with a combination of tools like WebAuthn and behavioural signals.4 The credential storage and user verification may be securely provided by WebAuthn, and the
securityfocusafrica.com
INDUSTRY OPINION
continuous authorisation could be augmented with behavioural signals. The traditional MFA factors – ‘something you know,’ ‘have,’ and ‘are’ – come from WebAuthn. And the newest factor, ‘something you do,’ comes from behavioural signals, including new types of biometrics. Further, generating this variety of signals requires just a single gesture from the user, which is far less effort than entering a password. By combining these methods, and constantly recomputing trust through machine learning, we are able to achieve the rare simultaneous outcome of increased security with decreased user friction. An Interim Solution But iMFA cannot replace passwords overnight. Change-resistant users will need a gradual transition. Websites will still have to incorporate a solution like WebAuthn into their authentication protocols. Without pressing urgency from a specific security threat, many sites will likely take their time adopting this standard. Furthermore, the integration process for a behemoth like Amazon could be extremely complicated, which is likely why there has been initial support from browser companies but not from e-commerce companies or social media sites. If adoption of a new method will take years, what should businesses do in the meantime? Outlast the attackers by denying them their most precious resource: time. Attackers conducting credential stuffing5 are usually financially motivated and do not have infinite capital. If an organisation could significantly increase the time that it takes them to monetise their attacks, most cybercriminals will abandon the pursuit in favour of weaker targets. Introducing more time into the credential stuffing kill chain A good first step is to make credential spills more difficult to decode. It might seem obvious, but every company needs to upgrade their password security methods. If passwords are being hashed with MD5, organisations need to upgrade to something more secure like bcrypt. This would ensure that when an attacker manages to breach their database, it will take a reasonable amount of time for attackers to crack the compromised credentials before they are
securityfocusafrica.com
able to even launch an attack. Organisations should also explore how they may force attackers to develop unique attacks for each target. Suppose a sophisticated attacker has gotten their hands on 100,000 decrypted credentials that they are fairly confident no one else has access to, at least for the moment. The attacker knows that 100,000 fresh credentials should lead to, on average, around 1,000 account takeovers on a large website. Now, for such a sophisticated attacker, taking over 1,000 retail accounts might not be worth the several weeks of time it would take to develop, test, launch, and monetise the attack. However, it would be worth their time to attack multiple targets simultaneously, breaking into tens of thousands of accounts at once. The key would be to find companies that could be attacked using the same software – in other words, targets with similar infrastructure. As a result, this attacker targets not just one company, but several simultaneously – in this case, a retailer, bank, social media company, and ride-hailing mobile app. They have developed an attack that targets the Android version of mobile apps that have been built on the same framework. Their attack is very sophisticated, not reusing any resource more than twice, evading any ratelimiting measure the targeted company has implemented. Yet, while the attacker was too sophisticated to reuse something like an IP address when attacking a single target, they didn’t think they would be caught recycling resources across different targets. We know this is how attackers think because this exact situation occurred in 2018 to four of Shape’s customers.
Because they all operated on a shared defence platform, an attack on one of them was, in effect, an attack on all of them. Because the attacker recycled resources and behavioural patterns across all four companies within a very short time period, Shape was able to very quickly gather enough data to identify the attack. Thus, bundling the attacks actually worked to the attacker’s disadvantage, but only because intelligence was shared across different targets. Don’t give up! It is impossible to detect 100 per cent of attacks instantaneously 100 per cent of the time. What is possible is to make attacks so costly that attackers give up quickly or do not even try again. Cybercrime is a business – attacks are organised based on a predictable rate of return. If there is one thing that holds true across the worlds of cybercriminals and businesspeople, it is that time is money. 1. https://www.f5.com/labs/articles/cisotociso/ when-will-we-get-rid-of-passwords-?utm_ medium=owned-social&utm_ source=linkedin&utm_campaign=ww-as_ f5shp&utm_content=ar-organic#_ftnAutoIncr1 3. https://www.f5.com/labs/articles/cisotociso/ when-will-we-get-rid-of-passwords-?utm_ medium=owned-social&utm_ source=linkedin&utm_campaign=ww-as_ f5shp&utm_content=ar-organic#_ftnAutoIncr3 4. https://www.f5.com/labs/articles/cisotociso/ when-will-we-get-rid-of-passwords-?utm_ medium=owned-social&utm_ source=linkedin&utm_campaign=ww-as_ f5shp&utm_content=ar-organic#_ftnAutoIncr4 5. https://www.f5.com/labs/articles/education/ what-is-credential-stuffing-
SECURITY FOCUS AFRICA MAY 2021
29
CYBER SECURITY
ENHALO – 7 simple steps to keep your SME cyber safe Cybersecurity for Small Business has come to the fore as many SME’s shifted towards digitalisation to survive in the unstable environment caused by Covid-19. Yet, shockingly, according to research from IBM and the Ponemon Institute released in 2020, a whopping two out of five companies in the United States and the United Kingdom with fifty or fewer employees do not have any type of cybersecurity defence plan in place.
T
hat begs the question for SME owners in South Africa: if you faced a data breach today, would you be prepared? Cybersecurity experts at ENHALO, an advanced, full-circle cyber defence group, know all too well the challenges facing the SME owner. Here are their seven simple steps to keep your SME cyber safe in 2021: 1. Education must be a priority An educated workforce has to be a top priority. The truth is, many cyberattacks target a business where it is most vulnerable: the employees. Therefore, educating staff on the type of threats and
30
SECURITY FOCUS AFRICA MAY 2021
how to deal with them must take centre stage of your cybersecurity awareness plan. Each security incident should be an opportunity to educate, test and reinforce details on what the business is protecting and why it’s important to behave in a certain way. Once staff understands what the business is trying to protect, and buy into the importance of following secure behaviours, they become accountable and actively participate in creating a secure environment. The National Institute for Cybersecurity Training (NIST) provides good content for security awareness training and activities.
2. Backup your data and restore it quickly Having your data backed up and restored effectively is the foundation of cybersecurity. Data that is unable to be restored to its original state is useless, so you need to consistently backup and check the reliability of the data once restored. Backup systems may be automated with a minimal time investment required. In fact, this process may take only fifteen minutes every month. Checking that your data may be fully restored, which should only take three hours a year, is the best security investment you could make.
securityfocusafrica.com
CYBER SECURITY
3. Defend with multifactor authentication Every small business should be using Multifactor Authentication (MA) as the first line of defence because it is difficult for cyber attackers to get around. Multifactor authentication is simple and available on most cloud platforms at either no or a low cost. 4. Encrypt remote access to your network Protecting and encrypting remote access on your internal network is a critical layer of cybersecurity because employees and third parties are able to log into your system remotely using their phones or other devices. Using VPN encryption or SSL/ TLS level security to protect access to your network, adds a layer of assurance as employees and third parties may not have adequate security from their end. 5. Rule of least privilege This is a simple step to implement, yet many small businesses are not vigilant about who gets access to what. Your people should only access what they need for their role and level. Also, when roles change, access should be reviewed using this principle.
securityfocusafrica.com
Systems should be treated like people; they should also only have access that is essential for their function. If a computer or device does not require access to a server, then do not grant it access. For example, mobile or IoT devices such as kettles or fridges should not be on the same network as your file server containing your critical business data. Such devices should be on a separate network so that if compromised, cybercriminals cannot use them to gain access to your confidential files. 6. Reduce the attack surface area Not everything has to be online, on the cloud or on a computer connected to the internal network. Something that cannot be accessed is essentially an impenetrable vault; hackers cannot attack something that they cannot reach. 7. Patch management is a must Software is being updated all the time to address any security vulnerabilities as well as providing new features. Regularly check for software updates to make sure that you are on the latest, stable and tested version. Remember that patching does not only apply to operating systems and applications but also to the firmware for all devices such
as routers, firewalls, and printers. While there is some automation in patch management, this is not a step that you should leave to vendors to control. It requires hands-on diligence and because hackers know that it is the one area that is often neglected by small business, they easily exploit this space. If you follow these cybersecurity steps for small business, bearing in mind the principles of simplicity, access control (AC), confidentiality, integrity, availability (CIA) and layering, you will be able to build a more secure and resilient company. To get expert advice on how to keep your company secure, visit ENHALO’s website at https://enhalo.co/ ABOUT ENHALO (Pty) Ltd ENHALO (Pty) Ltd is an advanced, full-circle cyber defence group who focuses on three business pillars: Reducing Risk through its cybersecurity offerings, Reducing Cost through digital transformation and Increasing Revenue through automation. ENHALO is a group of global companies under one brand that is locally engaged, while globally operated. The vision goes beyond the current global crisis as ENHALO co-innovate to enable businesses to prosper during difficult times.
SECURITY FOCUS AFRICA MAY 2021
31
CYBER SECURITY
Operation TunnelSnake: formerly unknown rootkit used to secretly control networks of organisations in Asia and Africa Kaspersky researchers have uncovered TunnelSnake, an ongoing advanced persistent threat (APT) campaign, active since 2019, which has targeted regional diplomatic entities in Asia and Africa. The attackers deployed a previously unknown rootkit dubbed Moriya.
T
his piece of malware, with nearly absolute power over the operating system, enabled threat actors to intercept network traffic and conceal malicious commands issued to the infected hosts. This led to the attackers secretly controlling the networks of the targeted organisations for several months. Rootkits are malicious programs or collections of software tools that give attackers practically unlimited and covert access to an infected computer. Rootkits are notorious for stealth and evasion due to their ability to blend into the fabric of the operating system. Thanks to measures taken by Microsoft over the years to protect systems, successful deployment and execution of a rootkit component has become a difficult task, especially in the
32
SECURITY FOCUS AFRICA MAY 2021
kernel space, with most Windows rootkits now being leveraged in high profile APT attacks, such as TunnelSnake. The investigation into the campaign began when Kaspersky received a set of alerts from its product upon detection of a unique rootkit within the targeted networks. This rootkit, which was dubbed Moriya, was particularly evasive thanks to two traits. It intercepts and inspects network packets in transit from the Windows kernel’s address space, a memory region where the operating system’s kernel resides and where typically only privileged and trusted code runs. This allowed the malware to drop the unique malicious packets delivered to it before they are processed by the operating system’s network stack - which
enabled the attackers to avoid detection by security solutions. Secondly, the rootkit did not reach out to any server to request commands, as is the case for most common backdoors, but rather received those in specially marked packets, blended in the bulk of network traffic that the malware inspected. This allowed the rootkit to avoid the need to maintain a Command and Control infrastructure, thereby hindering analysis and making the activity harder to trace. Moriya was mostly deployed through a compromise to vulnerable web servers within the targets’ organisations. In one case, the attackers infected a server with the China Chopper webshell, a malicious code allowing remote control of the
securityfocusafrica.com
CYBER SECURITY
infected server. Using the access obtained with that webshell, the Moriya rootkit was deployed. Additionally, a set of various tools – tailor-made or previously seen in use by various Chinese-speaking actors, was employed alongside the rootkit, which allowed the attackers to scan hosts in the local network, find new targets, and perform a lateral movement to spread to them and exfiltrate files. “While we were not able to attribute the campaign to a specific actor, both targets and tools used in the APT have a connection to known Chinese-speaking groups, thereby pointing to the actor likely also being Chinese-speaking. We also found an older version of Moriya used in a stand-alone attack in 2018, which points at the actor being active since at least 2018. The targets’ profile and leveraged toolset suggest that the actor’s purpose in this campaign is espionage, though we could only partially attest to this with lack of visibility into any actual siphoned data,” comments Giampaolo Dedola, senior security researcher at Kaspersky’s Global Research and Analysis Team. “As we continue to gear up and better defend from targeted attacks, threat actors have been responding by changing their strategy. We see more and more covert campaigns such as TunnelSnake, where actors take additional steps to remain under the radar for as long as possible, and invest in their toolsets, making them more tailored, complex and
securityfocusafrica.com
harder to detect. At the same time, as seen by our discovery, highly covert tools may also be spotted and stopped. This is an ongoing race between security vendors and threat actors, and to win it, we as the cybersecurity community, need to continue to work together,” adds Mark Lechtik, senior security researcher at Kaspersky’s Global Research and Analysis Team. Read the full report about TunnelSnake campaign on Securelist1. Detailed information on Indicators of Compromise related to this operation, including file hashes, may be accessed on the Kaspersky Threat Intelligence Portal2. To protect your company from advanced persistent threat campaigns such as these, Kaspersky experts recommend: • Performing regular security audits of an organisation’s IT infrastructure to reveal gaps and vulnerable systems. • Ensure that you’re using a proven endpoint security solution, such as Kaspersky Endpoint Security for Business3 and always keep it up to date, so that it is able to detect the latest types of malware, such as this rootkit. Install anti-APT and EDR solutions. This will enable threat discovery and detection, investigation and timely remediation of any incidents. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within Kaspersky Expert Security Framework4.
• Upskill your cybersecurity team to tackle the latest targeted threats with the Targeted Malware Reverse Engineering5 online training recently developed by Kaspersky GReAT experts. About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.co.za. 1. https://securelist.com/operation-tunnelsnakeand-moriya-rootkit/101831/ 2. https://opentip.kaspersky.com/ 3. https://www.kaspersky.co.za/small-to-mediumbusiness-security/endpoint-advanced 4. https://www.kaspersky.co.za/enterprise-security 5. https://xtraining.kaspersky.com/courses/ targeted-malware-reverse-engineering?utm_ source=threatpost&utm_medium=blog&utm_ campaign=gl_xtr-rema-launch_ay0073&utm_ content=banner&utm_term=gl_threatpost_ organic_nb735570xob3cgq
SECURITY FOCUS AFRICA MAY 2021
33
PERSONALITY COMPLIANCY PROFILE
In conversation with… Stuart Wragg and Sue de Wet Veterans of South Africa’s security industry and long-time associates, Stuart Wragg and Sue de Wet have a lot in common, including a new business relationship following the launch of Quantum Security. Stuart’s brainchild, Quantum Security opened its doors on 1 March in the Western Cape this year, with Sue’s company, Sparks & Ellis, as its chosen uniform supplier.
W
hy a new security company? Stuart: “My vision was to create a company that would be both competitive and relevant in this fast-evolving industry by taking full advantage of the fourth industrial revolution. And that’s exactly what Quantum Security is all about. We offer a finely tuned, fully digitised security guarding service for corporate offices, business parks, prime residential properties and the industrial sector using cutting-edge technology to provide highly
34
SECURITY FOCUS AFRICA MAY 2021
effective digital solutions that expedite response times, provide accurate reporting and give our security officers all the tools they need to operate at optimum levels. Our technology also allows us to collate and analyse data, which is a critical component of predictive security, and to deploy our resources effectively.” “Another key differential is that our senior management is involved on the ground, so they understand all the issues first-hand. Also, right from the beginning, I resolved to put people before profit, and to create a sustainable business that
offered people a career and not just a job. For me, it’s essential to provide upskilling and mentoring programmes for our guards to give them a sense of belonging, purpose and total professionalism. And, of course, the uniform they wear should reflect this, which is where Sparks & Ellis comes in!” “As well as kitting our guards out with smart devices that allow them to track and record vital security information, we’ve worked with Sparks & Ellis to create a uniform designed to promote confidence and pride. It features the
securityfocusafrica.com
PERSONALITY PROFILE
unique red leg stripe detail that mirrors what my partners and I introduced when we co-founded Orbis in 2005 – and which was copied by a number of other security companies! I’m bringing this feature back as a mark of distinction and of the premium service we are providing – and our guards are very excited.” What does your typical day look like? “As MD and founder, my workday is filled with everything from marketing and brand awareness to engaging with existing and potential clients, drawing up and submitting proposals, liaising with service providers and ensuring that all compliance and regulatory requirements are in place and up to date. I also handle staffing and finances.” “Of the challenges, one of the biggest faced by any start-up is convincing clients to change service providers. We’re overcoming this thanks to our many sound, long-term relationships with customers who share the same values, and a winning digital marketing strategy that’s focused on brand awareness and cost-saving. Our service offering includes hands-on senior management and a client-centric approach that is tailored to suit individual requirements, environments and budgets, and is fully legally compliant.” “Covid-19 is another challenge, not only for us but the industry as a whole and indeed the world. It has made it a lot more difficult to forecast sales, for one thing. And then there’s the age-old challenge of pricing: some clients, especially now, want lower prices but not cheaper quality products. We’re dealing with these challenges by thinking out of the box and creating new and more cost-effective product ranges while being true to our principles of quality and integrity. We’re very focused on the needs of the customer at all times.” The early years “I spent a long time in a corporate environment where the focus was mainly on the bottom line. This gave rise to my idea of creating a business that would be more people-focused – a boutique security solutions company that offers an efficient and cost-effective service to clients who share the same values on the one hand, and which also offers a professional but family-orientated environment where employees feel valued and may be excited about personal
securityfocusafrica.com
“My vision was to create a company that would be both competitive and relevant in this fast-evolving industry by taking full advantage of the fourth industrial revolution.” growth on the other. I believe firmly in the “people before profit” principle, from a moral standpoint as well as it being key to running a sustainable business. In the security industry, the people are the business – they are far more than the faces and words on any marketing brochure.” “After completing my schooling in northern KwaZulu-Natal, I joined the South African Marines, which were based in Simons Town. Six years later, I left as an officer and entered the corporate world. My first job was with Spence Mouton and Associates as an investigations manager. Four years down the line, I joined Gray Security, which was then sold to Securicor, and went on to merge with Group 4 Falck to become G4S. I was there for ten years before leaving to become one of the founding members of Orbis Security Solutions and an operations director. We sold our equity to Securitas SA, where I remained as vice president of the Eastern and Western Cape, before deciding to take a leap of faith and start up Quantum (Pty) Ltd. Why Sparks & Ellis? “I chose Sparks and Ellis because of a long-standing relationship where I have always experienced excellent and personalised service. It provides made-toorder, quality uniforms which represent the company brand displayed by employees on a daily basis. Sparks & Ellis shares the same values as Quantum, with their senior management team involved on all levels.” The people who have influenced and mentored you along the way? “There have been several. Commander Daan van Niekerk who was my Officer Commanding in the Marines, Spence
Mouton, John Hitchcock, MD of Gray Security, John Tunstell, executive risk manager at UCT and Angus Buchan of the Mighty Men Ministries.” Your goals? “My goals are to essentially bring people into Quantum who share the same values; to develop a young and vibrant management team who may take over the reins while I eventually step back to focus on relationships in the business, offering expertise and experience where needed, and to spend more time on my passion for developing youth within business.” Sue: in brief Sue’s career path is both exceptional and pretty unique – she’s only ever worked for one company namely the Cape Union Mart Group and Mthucebi (Pty) Ltd. It owns Sparks & Ellis, a Level 1 BBEEE company, and K-Way, the manufacturing arm, and has branches in all of the country’s major centres. Sue began in sales, progressed to administration, then to tender specialist and now she heads up Sparks & Ellis. Of her mentors, Philip Krawitz, chairman of Cape Union Mart, tops her list. “He always encouraged everyone to continue striving to be the best that we could be,” she says. And her goals? “I want to continue growing the Sparks & Ellis brand, which has long been one of South Africa’s leading uniform suppliers and manufacturers. This encompasses developing technologically advanced products and equipment for the security, traffic, fire and rescue, ambulance, law enforcement, and corporate sectors. It’s hugely exciting!”
SECURITY FOCUS AFRICA MAY 2021
35
ON THE MARKET
TOA Electronics Southern Africa TOA’s new 15W IP Horn Speaker combines Video and Audio Systems to help you respond immediately to an emergency situation by means of a live announcement.
T
his unit allows the user to communicate with those that are under CCTV surveillance and enables the user to remotely address the situation in real-time. The IP-A1SC15, with built-in amplifier, supports various industrial network protocols and has four different audio broadcasting modes to seamlessly integrate audio endpoint devices into your preferred Video Management System (VMS). Prioritise network announcements and prerecorded messages over SIP or common protocol for IP cameras with intuitive browser software. The unit offers sensitive volume control using Remote API which allows volume adjustments for different environments. KEY FEATURES: • Maximum Sound Pressure Level: 124dB
36
SECURITY FOCUS AFRICA MAY 2021
@ rated power output of 15W powered by PoE+ • IP66 Rating for Outdoor Environments (Operating Temperature: -30 °C to +55 °C) • Pairing of Camera and IP-A1SC15 is enabled via your preferred VMS (Video Management Software) • Broadcasting mode options: SIP, Multicast, VMS and Internal Message Broadcasting Modes • Group paging function is available with 10 Multicast ports for zone paging requirements • Storage for up to 20 Pre-Recorded Messages in WAV or MP3 format (Maximum capacity of 80MB) • Manage Audio Files via browser setting – no dedicated software required • Individual volume adjustment for each audio source in different environments • Triggers: Remote API Protocol (HTTP) and
2 x Contact Inputs on the unit • PC Requirements: OS – Windows 10 Pro / Home (64-bit); Browser – Google Chrome or Microsoft Edge View the IP-A1SC15 demonstration videos on YouTube: • https://youtu.be/_HUas0qtUQk • https://youtu.be/-mrxyjMOEgk • https://youtu.be/aqEgmIjW87w • https://youtu.be/6GrF7knxYJU • https://youtu.be/YNuX2XXkYVI Contact details For more information: Email: marketing@toasa.co.za Web: www.toa.co.za
securityfocusafrica.com
ON THE MARKET
expands or users come and go. What steps have you taken to secure personal data linked to smart credentials? We access and store zero personal data. There are some cloud security checks to ensure that smart credentials cannot be cloned or copied, however all this is done completely anonymously.
Contactless access control with Paxton10 Paxton’s CEO, Adam Stroud, discusses how access control and contactless technology may future-proof the security of a building by utilising smart devices with free Bluetooth® smart credentials.
W
hat motivated Paxton to develop the new Paxton10 platform? We have been producing access control systems for over 30 years. Over the last decade we have seen a clear desire for customers to have a single point of management for their security systems, which includes access control, video surveillance and alarm systems. Traditionally this has been achieved by integrating different products together, but unfortunately, integrating systems is complicated. We believe that simple installation and a good user experience are key to value and effectiveness. This is exactly what inspired us to create Paxton10, a single combined platform that allows the seamless installation and simple management of access control and video surveillance. In your opinion what are the benefits of contactless access control? Access control is there to do a job; to keep unauthorised people out of a building or specific area. The rest of the time, we do not want to notice it; so, the more convenient we are able to make passing through an access point whilst maintaining
securityfocusafrica.com
security, the better for the end-user and system managers. This is what makes contactless access control so important, and why it was imperative that we make it simple to achieve with a Paxton10 system. With free Bluetooth smart credentials, an authorised person may pass through an access control point without any contact required, therefore hardly noticing the process. A perfect ergonomic experience. Why is it important to include free smart credentials in Paxton10? It comes back to a recurring theme we have at Paxton, simplicity. In truth, there is very little cost associated with the production and distribution of smart credentials, as unlike a physical RFID token, they are purely virtual. This gives us an opportunity to make Paxton10 a system that offers excellent value and provides a great user experience. Removing the need to register for payments allows the setup and management process to be greatly simplified whilst maintaining a high level of security. A Paxton10 administrator is able to create and issue a smart credential within seconds, with no ongoing costs to budget for, as the site
How could the update to the Paxton Key help address the ongoing challenges that have arisen because of the current pandemic? Paxton Key is the application that hosts the Bluetooth smart credentials for Paxton10. The latest update provides more contactless functionality, including the ability to access a Paxton10 controlled door without ever taking your smartphone out of your pocket. With these improvements, the most obvious benefit is that by using contactless identification you may cut down on common touch points and therefore reduce the spread of germs. However, it goes much further than that. Paxton Key is an important tool to help in the pandemic as it makes the implementation of access control systems quick and simple for new sites looking for a solution to help. This allows building managers and end-users to benefit from all the advantages an access control system may bring in this situation, such as: • Ensuring that people remain within their permitted areas, to cut down on virus transmission • Controlling the maximum people density to assist with social distancing • Ensure that only approved people are allowed to enter the premises What is next for Paxton10? There are exciting plans for Paxton10 coming this Spring. However, our development team would not be very happy if I talked about it just yet. Keep an eye on the Paxton website and our social media channels for more updates. Paxton is currently offering virtual training to help install and manage Paxton10. You may find out more on the Paxton training page. Additionally, you may find out more about the free Bluetooth smart credentials for Paxton10 on the Paxton Key page. To keep informed of up-and-coming product updates you may follow Paxton on Twitter, Facebook, or LinkedIn.
SECURITY FOCUS AFRICA MAY 2021
37
THE LAST NEWS WORD
LEGAL TRAVAILS The Constitution of South Africa, the Constitutional Court, The Zondo Commission, the Supreme Court of Appeals and High Court Divisions have all featured prominently in the media with the common theme being matters related to former President Jacob Zuma. By Peter Bagshawe
T
he most recent of the court decisions that is noteworthy is the decision by the Supreme Court of Appeals that Zuma be denied State funding for the legal fees for his corruption trial scheduled for May 2021, and further ordering he pay back legal fees that have been paid out by the State. The amount of the fees to be repaid vary in estimates between R15 million and R25 million and reflects amounts paid by the State Attorney as fees between June 2005 and March 2018. The Supreme Court confirmed the December 2018 Full Bench decision of the North Gauteng High Court as correct, clarifying that assistance by the State Attorney cannot be granted in criminal matters and further made an adverse costs award against Zuma. Immediately following this decision, an
38
SECURITY FOCUS AFRICA MAY 2021
announcement was made that Jacob Zuma’s current legal team would no longer be representing him in the corruption trial involving Zuma and French arms company Thales scheduled between 17 May and 20 June 2021 in the Pietermaritzburg High Court. Initially the withdrawal was seen as a response by Mabuza Attorneys to the Supreme Court decision denying funding of legal costs. Subsequently it was announced that Zuma had discharged his legal team and would be handling his corruption trial himself. The question that immediately arises is whether the Pietermaritzburg High Court would permit this to take place. The next point of debate is whether the lack of a legal team (Mabuza Attorneys appointed Advocate Muzi Sikhakhane and there is currently a lack of clarity on whether the
advocate will continue with the trial) will lead to a postponement of the matter in order that a replacement legal team may be appointed by Zuma. Debate exists that the lack of a legal team is a tactic to force a further postponement and a manipulation of the legal system. In this regard, Section 342(a) of the Criminal Procedure Act permits an investigation by the court if it suspects that the changing of legal teams is a tactic being adopted to obtain postponements. I am not aware that this type of investigation has ever been undertaken by the courts. An additional possibility is that Legal Aid could be applied for subject to Jacob Zuma being able to prove that he fulfils the qualifications. This would require that Zuma opens his financial records to scrutiny, which is unlikely. A final piece of input is the recent offer from Attorney
securityfocusafrica.com
THE LAST NEWS WORD
Richard Spoor to appear pro bono on Zuma’s behalf. The third court judgment that has noteworthy content is that delivered by the Constitutional Court. In brief, Zuma refused to comply with a summons requiring his appearance before the Commission. The Commission applied to the Constitutional Court for a declaratory order that Zuma was obliged, by law, to cooperate. The rationale behind this is clear in that the Zondo Commission has the rights of a High Court and would have, in any event, had the right to issue a summons to secure attendance at the Commission. The Constitutional Court confirmed that the refusal to attend the Commission hearings as required constituted contempt of court and Zuma was under a legal onus to appear. In respect of the Commission’s application that the Constitutional Court determine the punishment that should be applied for refusing to appear (with the Commission requesting a two year period of imprisonment), Chief Justice Mogoeng Mogoeng instructed that Zuma supply a maximum fifteen page affidavit on the sanction to be applied should he be found guilty. This is, of itself, highly unusual. Zuma declined to supply the affidavit as required. In addition, the Constitutional Court was critical of the administration of the Zondo Commission, with Justice Chris Jafta stating clearly that the Commission (which had secured attendance of some 2,000 witnesses via summonses) invited Jacob Zuma to appear before it. Initially, this was a large portion of the necessity for an urgent application to the Constitutional Court because of the lack of summons. Additionally, the Commission went through an unnecessary process of a hearing on whether to issue summons when the right to issue summons was well known and often used. This led to the Constitutional Court querying why former President Zuma had
been accorded preferential treatment. A starting point to the debate around the appearance and non-appearance before the Zondo Commission by former President Jacob Zuma, relating to the period when he was in office (between 9 May 2009 and 14 May 2018), must have as a starting point, be the duties that he was required to fulfil whilst in office. Inserted below is the oath that he took before Chief Justice Pius Langa on 9 May 2009 and again on 20 May 2014 before Chief Justice Mogoeng Mogoeng: “Oath or solemn affirmation of President and Acting President. In the presence of everyone assembled here, and in full realisation of the high calling I assume as President of the Republic of South Africa, I swear that I will be faithful to the Republic of South Africa, and will obey, observe, uphold and maintain the Constitution and all other law of the Republic; and I solemnly and sincerely promise that I will always • promote all that will advance the Republic, and oppose all that may harm it; • protect and promote the rights of all South Africans; • discharge my duties with all my strength and talents, to the best of my knowledge and ability and true to the dictates of my conscience; • do justice to all; and • devote myself to the well-being of the Republic and all of its people.” Building from this is the first right listed in the South African Constitution’s Bill of Rights, namely: “Section 9.(1) Everyone is equal before the law and has the right to equal protection and benefit of the law.“ The Zondo Commission (Judicial Commission of Enquiry into Allegations of State Capture) was established (via enactment by Jacob Zuma) to review allegations relating to allegations of corruption, fraud, maladministration and State capture in terms of the recommendations contained in former
INDEX OF ADVERTISERS AND CONTRIBUTORS
Public Protector Tuli Madonsela’s “Captured State Report”. Building from this is the first right listed in the South African Constitution’s Bill of Rights: “Section 9.(1) Everyone is equal before the law and has the right to equal protection and benefit of the law.” An analysis of the Oath of affirmation details that the Constitution, laws of the country, advancing the interests of the Republic, the rights of all South Africans and well-being of the Republic and its citizens are duties specifically acknowledged and undertaken. The Judicial Commission of Enquiry into Allegations of State Capture is required to examine, hear evidence and recommend actions in respect of specific allegations and, given that Jacob Zuma has been named by some four hundred witnesses, the Commission cannot complete its function without his evidence and input. The counter argument to his appearance is that Zuma states that he will not receive a fair and impartial hearing at the Commission and that the legal system and hierarchy of courts that serve it are being used to persecute him. This, in effect, begins with the apex court being the Constitutional Court, working through the Supreme Court of Appeals into Divisional High Courts as well as the Zondo Commission. If there was compliance with his oath of office, the required appearance and protection of Section 9.(1) should afford ample protection. The sequela of the above in May 2021 will be interesting and, given the split between the Zondo Commission and Pietermaritzburg High Court, should provide clear direction on whether our legal institutions will provide protection to the Rule of Law. PETER BAGSHAWE holds a Bachelor of Law degree from the former University of Rhodesia and a Bachelor of Laws degree from the University of the Witwatersrand.
May 2021
ADVERTISER
PAGE
WEBSITE
Nemtek
3
websales@nemtek.co.za
www.nemtek.com
Paxton10
37
support@paxton.co.uk
www.paxton-access.com
Security Association of South Africa
6, IBC
admin@sasecurity.co.za
www.sasecurity.co.za
TOA Electronics Southern Africa
36
marketing@toasa.co.za
www.toa.co.za
securityfocusafrica.com
SECURITY FOCUS AFRICA MAY 2021
39
DIRECTORY
SECURITY ASSOCIATION OF SOUTH AFRICA (SASA) ADMINISTRATION Suite 4, Blake Bester Building, 18 Mimosa Street (cnr CR Swart Road), Wilro Park, Roodepoort Suite 147, Postnet X 2, Helderkruin 1733 National Administrator: Tony Botes t: 0861 100 680 | e: tony@sasecurity.co.za c: 083 272 1373 | f: 0866 709 209 Membership, accounts & enquiries: Sharrin Naidoo t: 0861 100 680 | e: admin@sasecurity.co.za c: 083 650 4981
SASA OFFICE BEARERS
REGIONAL OFFICE BEARERS
National President: Marchél Coetzee c: 084 440 0087 e: marchelcoetzee@omegasol.com
Gauteng: Gary Tintinger c: 084 429 4245 e: gary.tintinger@cwexcellerate.com
National Chairperson: Franz Verhufen c: 082 377 0651 | e: fverhufen@thorburn.co.za
KwaZulu-Natal: Clint Phipps c: 082 498 4749 e: clint.phipps@cwexcellerate.com
National Deputy Chairperson: Louis Mkhethoni c: 082 553 7370 e: louis.mkhethoni@securitas-rsa.co.za
Western Cape: Koos van Rooyen c: 082 891 2351 | e: koos@wolfgroup.co.za
SECURITY AND RELATED ASSOCIATIONS AND ORGANISATIONS PSIRA (Private Security Industry Regulatory Authority) Eco Park, Centurion t: +27 (0)12 003 0500/1 | Independent hotline: 0800 220 918 | e: info@psira. co.za | Director: Manabela Chauke | Chairperson: T Bopela | Vice chairperson: Z Holtzman | Council members: Advocate A Wiid | Commissioner A Dramat APPISA (Association for Professional Private Investigators SA) Bertie Meyer Crescent, Minnebron, Brakpan | e: info@appelcryn.co.za | www.appelcryn. co.za | c: +27 (0)73 371 7854 / +27 (0)72 367 8207 | Chairperson: Ken Appelcryn ASIS International Johannesburg Chapter No. 155. Box 99742, Garsfontein East 0060 | t: +27 (0)11 652 2569 | www.asis155jhb.webs. com | President/chairperson: Johan Hurter | Secretary: Chris Cray ASIS International (Chapter 203: Cape Town – South African Security Professionals) President/chairperson: Yann A Mouret, CPP Secretary: Eva Nolle t: +27 (0)21 785 7093 f: +27 (0)21 785 5089 | e: info@aepn.co.za | www.asis203.org.za BAC (Business Against Crime) Box 784061, Sandton 2146 | t: +27 (0)11 883 0717 | f: +27 (0)11 883 1679 | e: info@bac.org.za CAMPROSA (Campus Protection Society of Southern Africa) President: Des Ayob | e: 27149706@nwu.ac.za Executive Secretary: Derek Huebsch | e: huebsch. derek@gmail.com | www.camprosa.co.za CISA (Cape Insurance Surveyors Association) Shahid Sonday t: +27 (0)21 402 8196 | f: +27 (0)21 419 1844 | e: shahid.sonday@saeagle.co.za | Mike Genard t: +27 (0)21 557 8414 | e: mikeg@yebo.co.za DRA (Disaster Recovery Association of Southern Africa) Box 405, Saxonwold 2132 | Chairperson: Grahame Wright | t: +27 (0)11 486 0677 | f: (011) 646 5587 | Secretary/treasurer: Charles Lourens t: +27 (0)11 639 2346 | f: +27 (0)11 834 6881 EFCMA (Electric Fencing and Components Manufacturers Association) Box 411164, Craighall 2024 | t: +27 (0)11 326 4157 | f: +27 (0)11 493 6835 | Chairperson: Cliff Cawood c: +27 (0)83 744 2159 | Deputy chairperson: John Mostert c: +27 (0)82 444 9759 | Secretary: Andre Botha c: +27 (0)83 680 8574 ESDA (Electronic Security Distributors Association) Box 17103, Benoni West 1503 | t: (011) 845 4870 | f: +27 (0)11 845 4850 | Chairperson: Leonie Mangold | Vice chairperson: David Shapiro | www.esda.org.za ESIA (Electronic Security Industry Alliance) Box 62436, Marshalltown 2107 | t: +27 (0)11 498 7468 | f: 086 570 8837 | c: 082 773 9308 | e: info@esia. co.za | www.esia.co.za FDIA (Fire Detection Installers Association) Postnet Suite 86, Private Bag X10020, Edenvale, 1610 | t: +27 (0)72 580 7318 | f: 086 518 4376 | e: fdia@fdia. co.za | www.fdia.co.za | President/chairperson: Clive Foord | Secretary: Jolene van der Westhuizen
FFETA The Fire Fighting Equipment Traders Association) Postnet Suite 86, Private Bag X10020, Edenvale 1610 | Chairperson: Belinda van der Merwe Administration manager: Rosemary Cowan | t: +27 (0)11 455 3157 | e: rosemary@saqccfire.co.za | www.ffeta.co.za FPASA (Fire Protection Association of Southern Africa) Box 15467, Impala Park 1472 | t: +27 (0)11 397 1618 | f: +27 (0)11 397 1160 | e: library@fpasa.co.za | www.fpasa.co.za | General manager: David Poxon GFA (Gate & Fence Association) Box 1338, Johannesburg 2000 | t: +27 (0)11 298 9400 | f: +27 (0)11 838 1522 | Administrator: Theresa Botha HSA (Helderberg Security Association) Box 12857, N1 City Parow 7463 | t: +27 (0)21 511 5109 | f: +27 (0)21 511 5277 | e: info@command.co.za | www.command.co.za | Chairperson: Stephen van Diggele IFE (Institution of Fire Engineers (SA) Treasurer: Andrew Greig | President: Mike Webber | Administrator: Jennifer Maritz | PO Box 1033, Houghton 2041 | t: +27 (0)11 788 4329 | f: +27 (0)11 880 6286 | e: adminstaff@ife.org.za | www.ife.org.za ISA (Insurance Surveyors Association) Box 405, Saxonwold 2132 | Chairperson: Graham Wright | t: +27 (0)11 486 0677 | Vice chairperson: Alan Ventress | Secretary: Alex dos Santos LASA (Locksmiths Association of South Africa) Box 4007, Randburg 2125 | t: +27 (0)11 782 1404 | f: +27 (0)11 782 3699 | e: lasa@global.co.za | www.lasa.co.za | President/chairperson: Alan Jurrius | Secretary: Dora Ryan NaFETI (National Firearms Education and Training Institute) Box 181067, Dalbridge 4014 | Chairperson: MS Mitten | Vice chairperson: Ken Rightford | t: +27 (0)33 345 1669 | c: +27 (0)84 659 1142 NaFTA (National Firearms Training Association of SA) Box 8723, Edenglen 1613 | National chairperson: Peter Bagshawe | t: +27 (0)11 979 1200 | f: +27 (0)11 979 1816 | e: nafta@lantic.net POLSA (Policing Association of Southern Africa) t: +27 (0)12 429 6003 | f: +27 (0)12 429 6609 | Chairperson: Anusha Govender c: +27 (0)82 655 8759 PSSPF (Private Security Sector Provident Fund) Jackson Simon c: +27 (0)72 356 6358 | e: jackson@ psspfund.co.za | www.psspfund.co.za SAESI (Southern African Emergency Services Institute) Box 613, Krugersdorp 1740 | t: +27 (0)11 660 5672 | f: +27 (0)11 660 1887 | President: DN Naidoo | Secretary: SG Moolman | e:info@saesi.com SAIA (South African Insurance Association) Box 30619, Braamfontein 2017 | Chief executive officer: Viviene Pearson | Chairperson:
Lizé Lambrechts t: +27 (0)11 726 5381 | f: +27 (0)11 726 5351 | e: info@saia.co.za SAIDSA (South African Intruder Detection Services Association) | Association House, PO Box 17103, Benoni West 1503 | t: +27 (0)11 845 4870 f: +27 (0)11 845 4850 | e: saidsa@mweb.co.za www.saidsa.co.za | Chairperson: Johan Booysen Secretary: Cheryl Ogle SAIS (South African Institute of Security) Postnet Suite 86, Private Bag X10020, Edenvale, 1610 Chairperson: Dave Dodge | Administration manager: John Baker | t: +27 (0)63 782 7642 | e: info@instituteofsecurity.co.za | www.instituteofsecurity.co.za SAN (Security Association of Namibia) Box 1926, Windhoek, Namibia | Administrator: André van Zyl | t: +264 81 304 5623 | e: adminsan@iway.na SANSEA (South African National Security Employers’ Association) Box 62436, Marshalltown 2107 | Administrators: SIA t: +27 (0)11 498 7468 | f: 086 570 8837 | e: galen@sansea.co.za SAPFED (Southern African Polygraph Federation) President: Flip Vorster | c: +27 (0)82 455 1459 | e: info@sapfed.org | Secretary: Anrich Gouws | e: admin@sapfed.org | www.sapfed.org SAQCC FIRE (South African Qualification Certification Committee) Postnet Suite 86, Private Bag X10020, Edenvale 1610 | t: +27 (0)11 455 3157 | www.saqccfire. co.za Executive Committee: Chairperson: Duncan Boyes Vice chairperson: Tom Dreyer 1475 Committee: Chairperson: Lizl Davel Vice chairperson: John Caird D&GS Committee: Chairperson: Nichola Allan; Vice chairperson: Clive Foord General Manager: Rosemary Cowan | e: rosemary@saqccfire.co.za – Address, phone and website all remain as is. SARPA (South African Revenue Protection Association) Box 868, Ferndale 2160 | t: +27 (0)11 789 1384 | f: +27 (0)11 789 1385 | President: Naas du Preez | Secretariat: Mr J. Venter, Van der Walt & Co SIA (Security Industry Alliance) Box 62436, Marshalltown 2107 | t: +27 (0)11 498 7468 | Chief executive officer: Steve Conradie | www.securityalliance.co.za SKZNSA (Southern KwaZulu-Natal Security Association) t: +27 (0)39 315 7448 | f: +27 (0)39 315 7324 | Chairperson: Anton Verster c: +27 (0)82 371 0820 VESA (The Motor Vehicle Security Association of South Africa) Box 1468, Halfway House 1685 | t: (011) 315 3588/3655 | f: +27 (0)11 315 3617 | General manager: Adri Smit VIPPASA (VIP Protection Association of SA) Box 41669, Craighall 2024 | t: +27 (0)82 749 0063 | f: 086 625 1192 | e: info@vippasa.co.za | www.vippasa.co.za | Enquiries: Chris Rootman c: +27 (0)82 749 0063 | e: vippasa@protectour.co.za
* Every attempt has been made to keep this information up to date. If you would like to amend your organisation’s details, please email jackie @contactpub.co.za 40
SECURITY FOCUS AFRICA MAY 2021
securityfocusafrica.com
DRIVING COMPLIANCE in South Africa’s Private Security Industry
With a five decade legacy, SASA is the greatest advocate of industry compliance, serving as resource for its members, an educational platform for consumers of security services, and an essential link between the private security industry and government. The Security Association of South Africa (SASA) is nationally recognised by the Government, South African Police Service and all Municipalities as having members with a proven track record within the industry and a Code of Ethics by which members must abide. SASA Gold Membership promotes compliance not only to the industry role-players, but to the end-users of security services as well. Join SASA today and find out more about how we can fight the scourge of non-compliance, promoting SASA Gold Membership as an essential requirement for all security service providers, ensuring industry excellence for the private security industry.
For more information, contact the SASA Administrator on admin@sasecurity.co.za Postal Address: Suite 147, Postnet X2 Helderkruin, 1733. Tel: 0861 100 680 Fax: 086 670 9209
www.sasecurity.co.za
DIGITAL BUYERS GUIDE
to security services & products Promote your business
Attract customers
Increase your sales
Claim your listing on www.securityfocusafrica.com/buyersguide
2 for 1 offer
The print listings now mirror our online directory style with basic and premium listings. In fact, upgrading a basic listing in print to premium will include an upgrade to premium on the website and vice versa. The same information online is printed in the print directory.
Security Focus Africa is known for having the most comprehensive directory of service providers in Africa. We have been a trusted source of information for more than 40 years, and now offer this valuable resource online.
The market is tough out there. What makes your business different from any other? For starters, be more accessible on the internet. Online searches are now the preferred method of finding information and contact details, so the better your online presence, the more business you will get.
BENEFITS OF LISTING YOUR BUSINESS:
• By claiming your listing, you can keep your company’s information up to date at your own convenience • Upgrade your listing online at any time to maximise your brand exposure • Improve your SEO and online presence • We provide a targeted audience for your business • See your stats – know how many people are seeing your listing
Security
For as little as R2 400, you can get the edge over your competitors by providing indispensable information to your customers on our online directory.
Affordable advertising is just a click away.
Focus
AFRICA
BUYERS GUIDE
www.securityfocusafrica.com/buyersguide KEEPING YOU IN THE KNOW | CONNECTING PEOPLE WITH PEOPLE
