Security Focus Africa October 2018 by Contact Publications

www.securityfocusafrica.com | Vol 36 No 10 October 2018 The official industry journal for professional risk practitioners: security, safety, health, environment and quality assurance

Available colours:

White

Black

Internal or external version available

PaxLock Pro

Robust, Secure, Wireless Access Control Designed in black or white, with anti-scratch coating to maintain a high quality look and feel. PaxLock Pro is available for internal or external facing doors, making it suitable for a range of buildings and applications.

Standalone or Networked

Compatible with DIN Locksets

IP55 Rated for External Use

IK10 Impact Rated

5-Year Guarantee

Full information:

paxton.info/3601

New and improved

Net2Air Bridge

• Improved aesthetics • Enhanced, low profile design • Easy to install

Security Focus Africa: Serving the South African security industry for 36 years

CONTENTS

VOL 36 NO 10 OCTOBER 2018

10 COVER STORY

FEATURES

SEFEKO 10 Ransomware: $5 billion of damage The new standard for globally in 2017 and still trending guard monitoring Ransomware, a form of malicious software that holds computers to ransom

Security guards on patrol are one of the best crime-prevention measures in South Africa. Just imagine how much more effective your security service would be if you could manage multiple guards, from anywhere, using a real-time guard monitoring system.

by locking or encrypting data, cost the world around US$5bn (R73.2bn) last year, according to Europol’s 2018 Internet Organised Crime Threat Assessment. Expected to continue trending, ransomware has already taken its toll on a wide range of industries and critical infrastructures, hitting more than 150 countries in 2017 alone, and overtaking banking Trojans in terms of financially-motivated malware attacks.

14 Event security: Are private events SA’s new armed The Sefeko guard monitoring system robbery hotspots? enables site owners and security providers to get more value from their security Criminals will target large gatherings of people as they can steal larger guards on patrol by improving efficiency, amounts of valuables in a shorter period of time, and this is particularly true management and safety. of vehicle crimes (theft of and out of motor vehicles)”, says Derek Lategan, managing director of Excellerate Services.

20 14

Official Journal of the Security Association of South Africa

Published by Contact Publications (Pty) Ltd (Reg No. 1981/011920/07)

Vol 36 No 10

TEL: (031) 764 6977 | FAX: 086 762 1867

REGULARS EDITOR’S COMMENT 4 The killing of one security officer is one too many.

ASSOCIATION NEWS 5 SASA: Wage negotiations finalised at last!

NEWS 8 News snippets from around the world.

TECHNICAL SURVEILLANCE COUNTER MEASURES 13 The importance of technical surveillance counter measures in cybersecurity today.

EVENT REPORT BACK 16 G4S Deposita launch event. PERSONALITY 17 In conversation with… Riccardo Battaini.

SURVEILLANCE 18 CCTV and PoPI: What’s the big deal?

FLEET TRACKING 19 6 Benefits of fleet tracking for small businesses.

CYBERSECURITY 20 One year on from SA’s biggest breach.

21 Destroy or redeploy? ON THE MARKET 22 PaxLock Pro: Robust, secure, wireless access control from Paxton. 22 Using technology to combat crime in South Africa. 23 Intrusion with vision. 24 Manage up to 1 000 cameras 24 Sparks shines a light in the dark with new Lumi-viz™ safety tape.

CASE STUDY 25 Clear-sighted security: Fans, visitors and employees trust video technology. 27 Top predator is kept in focus by Hikvision 4K cameras.

LAW & SECURITY 29 VBS Bank heist report. 30 INDEX OF ADVERTISERS 31 CALENDAR 32 DIRECTORY

PUBLISHER: Godfrey King | gk@contactpub.co.za

MANAGING DIRECTOR: Malcolm King | malcolm@contactpub.co.za

EDITOR: Ingrid Olivier | ingrid@securityfocusafrica.com

PRODUCTION & DESIGN EDITOR: Hayley Mendelow | hayley@contactpub.co.za

DISTRIBUTION MANAGER: Jackie Goosen | jackie@contactpub.co.za

HEAD OFFICE PHYSICAL ADDRESS: Suite 1, Fields Shopping Centre, Old Main Road, Kloof 3610

POSTAL ADDRESS: PO Box 414, Kloof 3640, South Africa

PUBLICATION DETAILS: Security Focus Africa has 12 issues a year and is published monthly, with the annual Buyers’ Guide in December. Printed by

, a division of Novus Holdings

Paarl Media KZN, 52 Mahogany Road, Westmead www.paarlmedia.co.za

SUBSCRIPTION RATES: Annual subscription for magazine posted in Republic of South Africa is R650 including VAT and postage. Subscription rates for addresses outside South Africa can be obtained on application to the Subscription Department, Box 414, Kloof 3640. EN

EDITORIAL CONTRIBUTIONS: Editorial contributions are welcome. For details please email hayley@contactpub.co.za.

ADVERTISING ENQUIRIES: Bernadette Fenton Cell: 082 443 8931 Email: bernadette@ securityfocusafrica.com

Security Focus Africa is a member of

www.dallmeier.com

www.securityfocusafrica.com

EDITOR’S COMMENT

The killing of one security officer is one too many

s in any industry, there are the good and the not-so-good employees. And then there are those who rise to the top of their careers on the back of their integrity, commitment and, in the private security industry in particular, courage. So when I chatted to Security Industry Association (SIA) CEO Steve Conradie earlier this month, I was proud to hear that the organisation’s recent 10th Annual Bravery Awards Ceremony saw a record 309 officers being publicly recognised for their courage and service. I was also saddened to hear of the 12 posthumous awards, grim reminders of the dangerous nature of the jobs they do. And I’m deeply concerned about the spate of attacks on security officers in the last few weeks. Two shot in cold blood in Soweto while on patrol and a weapon stolen. A guard shot multiple times in the chest in Midrand. Another guard shot and killed as he went to the assistance of a robbery victim in the Rosebank area. A security guard shot to death in Heidelberg by robbers. I am not pointing fingers at the police, but the lack of arrests of these brazen, violent criminals is a serious concern. Is it because the police service is under-resourced? Or is our justice system not meting out harsh enough punishments to act as a deterrent? In the vein in which I started this editorial, I think it’s important to acknowledge the

EDITORIAL POLICY

vulnerability and successes of our police force, too. Firstly, I’ve just learned of Police Safety Month, celebrated every year in September. This year’s theme was “Be safe today, be alive tomorrow” (which we could adopt in the private security industry too). On 2 September 2018 the SAPS held its Commemoration Day, paying tribute to and remembering 29 police officials who died in the line of duty between 1 April 2017 and 31 March 2018. “The continuous attacks on and (the) killing of our police officials on and off duty remain a grave concern to the management of the SAPS,” said Lieutenant General Tsumane during the keynote address he delivered on behalf of National Police Commissioner, General Khehla Sitole. “These are husbands and wives, brothers and sisters, nephews and nieces who leave behind their loved ones because of their dedication to serving and protecting the citizens of this country. The despicable deeds of criminals wreck families and leave behind terrible pain and sorrow in our homes.” That’s the same for the heroes of the private security industry. Quick to criticise as we are, we need to give the police credit where it’s due, too. These include the recent arrests of a number of cashin-transit (CIT) suspects around the country, caught in the planning stages of heists. In Midrand, a multi-disciplinary operation resulted in the arrest of 12 suspects, found in possession of three firearms as well as several rounds of ammunition and six hijacked vehicles. Another heist was foiled by the South African Police Service Tactical Response Team (TRT) in Mahikeng, acting on a tip-off from Crime Intelligence.

Statements made or opinions expressed in articles in Security Focus Africa do not necessarily reflect the official views of the Security Association of South Africa (SASA) nor those of any of the other security associations listed in Security Focus Africa. Similarly, advertising in this publication does not imply in any way endorsement or approval by these security associations of any products or services. It is the policy of the Security Association of South Africa that any office-bearer who has an executive position in a company, or companies, which supply security products or services should on no account allow his position to be used to promote his company or its objectives in the editorial content of Security Focus Africa, the official journal of the Association. If, at any time, an office-bearer’s position has been quoted in relation to his company or product, this does not imply the Association’s approval or involvement.

SECURITY FOCUS AFRICA OCTOBER 2018

Ingrid Olivier

Editor ingrid@securityfocusafrica.com Also noteworthy was the arrest of 19 suspects alleged to have been involved in the deadly Verulam mosque attack and linked to the discovery of several explosive devices in Durban. Caught with a readymade incendiary device and a chained, malnourished captive on the premises, they are likely to face charges of murder, attempted murder, extortion, kidnapping, contravention of the Explosive Act and arson. In Kwa-Zulu-Natal, long a political hotbed of violence, positive inroads are being made by the Inter-Ministerial Committee on Political Killings (IMC) task team, instructed by South African President Cyril Ramaphosa to resolve all politically related killings in the region as speedily as possible. Minister of Police, Mr Bheki Cele, says the team has been working tirelessly to investigate reported cases and secure convictions in recent months, accordingly increasing its docket total from 126 in July 2018 to 137 by September. Some are in the final stages of investigation and others already before court. A total of 28 suspects has been arrested out of 12 cases, 22 of whom are in custody. Further, the team has confiscated a number of firearms and ammunition. These cases are all major breakthroughs, in my opinion. One can only hope and pray that, with the heightened focus on infiltrating crime rings, intelligencedriven policing and ongoing arrests, the commitment by Police Minister Bheki Cele that the country will see a different picture altogether when the next crime statistics are released, will translate into a safer South Africa for all, including our men and women in uniform. In his words: “One police killing, is one too many.” And one security officer killing is also one too many.

securityfocusafrica.com

ASSOCIATION NEWS

Wage negotiations finalised at last! After months of meetings between the private security industry sector and government, wage negotiations have at last been finalised and gazetted.

hat’s according to Tony Botes, National Administrator of SASA (Security Association of South Africa), who confirms that: • The increase is as per the collective agreement ie 6.7 per cent increase on minimum rates for all categories of employee in all areas; • The figures are correct as per his original calculations; and • The Area 3 Premium, as per clause 3(2) of SD6, has been deleted. The amendment comes into effect on 1 November 2018, and further to this, he says that it must be kept in mind that the National Minimum Wage (NMW) and the amendments to the Labour Relations Act (LRA) and Basic Conditions of Employment (BCEA) are expected in the near future, possible as soon as December 2018. Says Mr Botes: “This will have virtually no impact on Areas 1 and 2, where security officers already earn above the National Minimum Wage (NMW) level of R20 per hour, but it will affect the salaries of clerical assistants and general workers who are below the NMW levels.” “Area 3, on the other hand, will be greatly affected by the NMW, with only Grades B and A, as well as clerks earning above the R20 per hour equivalent, not being entitled to corresponding increases.”

TABLE: 1 MINIMUM WAGES FOR PRIVATE SECURITY SECTOR

SASA CONTACT DETAILS: Office: 0861 100 680 Email: admin@sasecurity.co.za More information and the full SASA membership list is available at www. sasecurity.co.za Source: Government Gazette Vol. 640 12 October 2018 No. 41974

securityfocusafrica.com

SECURITY FOCUS AFRICA OCTOBER 2018

COVER STORY

SECURITY FOCUS AFRICA OCTOBER 2018

securityfocusafrica.com

NEWS IN BRIEF XXX

News snippets from around the world Ace Magashule ‘gives away’ Pierneef painting worth more than R6m The Hawks are investigating the alleged theft earlier this year of a painting by South African landscape master JH Pierneef from the office of Ace Magashule while he was still the premier of the Free State, according to a report by the Daily Maverick. The painting, apparently worth between R6 m and R8 m, was placed among Magashule’s personal belongings when his office was cleared out. According to Daily Maverick, it was given to one of Magashule’s closest aides, Ricardo Mettler, who admitted receiving the painting as a gift from Magashule at the former premier’s house. The painting was then given to a local businessman, who in turn asked auctioneers Strauss & Co to help determine the artwork’s value. The auctioneer placed an advertisement publicising the Pierneef, which drew the attention of Free State authorities, who then discovered the artwork was missing. Strauss & Co then reported the matter to the police. Mettler told the Daily Maverick: “The painting wasn’t stolen at all, it was given to me by Magashule, but afterwards we realised that it was an error.” (Source: News24)

Western Cape youth encouraged to join fight against crime

Police in the Western Cape are encouraging young people to join the fight against crime. They want young people, between the ages of 10 and 25, to join the Youth Crime Prevention Desk. The desk aims to harness young people’s experiences to ascertain the causes of youth violence and crime and to collaborate in creating social crime prevention activities.

SECURITY FOCUS AFRICA OCTOBER 2018

Police spokesperson sergeant Noloyiso Rwexana said: “The national crime prevention strategy embraces the premise that the criminal justice system alone cannot prevent crime. All police stations in the province are supposed to have youth desks.” (Source: EWN / Eyewitness News)

What you need to know about the removal of South Africa’s Transnet CEO

Siyabonga Gama

The board of directors of South African state-owned logistics firm Transnet said it had removed Chief Executive Siyabonga Gama, who has been accused of misconduct in a multimillion-dollar deal. Transnet, which operates nearly three-quarters of the African rail network, the bulk of which is in South Africa, has been investigating allegations of corruption in the procurement of diesel and electric locomotives. The board said that it had lost confidence in Gama. (Source: Reuters / CNBCAfrica)

seized more than 170 000 pounds of tuna. Police also picked up seven luxury vehicles and half a million Euros in cash. (Source: National Geographic)

Digital banking crime statistics: SIM swaps and other scams South Africans fall for

Digital banking crime on the increase and SABRIC (South African Banking Risk Information Centre) can only do that much to help people from falling victim to scams. In 2017, SIM swap fraud in South Africa sat at 4 040. This year, the numbers have doubled, currently sitting at 8 254, according to inaugural digital banking crime statistics of SABRIC. (Source: The South African)

Trauma doctors reveal horror of knife crime ‘epidemic’

How an organised crime ring selling illicit tuna was caught

A multi-country organised crime ring dealing in more than 2 000 tons of tuna annually, or more than ten times the weight of a blue whale, was recently uncovered by the European Union’s law enforcement agency. Europol’s explosive findings suggest that the volume of illicit Bluefin tuna sold in Europe is likely double that of the legal tuna trade. Following a months-long investigation across Spain, Portugal, France, Malta, and Italy, Spanish officials arrested 79 people and

The number of stabbing victims with lifethreatening injuries treated by specialist trauma doctors has increased by 34 per cent in two years, according to NHS (National Health Services) figures obtained by the Guardian. Doctors are also reporting an increase in the severity of attacks, with victims increasingly arriving in hospital with multiple puncture wounds. “Previously we used to see one or two wounds per victim. Now we are frequently seeing multiple wounds, five or sometimes 10 stab injuries on a single patient,” said Dr Ross Davenport, a consultant trauma and vascular surgeon at the Royal London hospital in Whitechapel, East London. Figures from nine of the NHS’s 11 regional major trauma centres in England that treat adults and children show that they dealt with 1 697 victims of serious knife crime in 2015-

securityfocusafrica.com

NEWS IN BRIEF

16 but 2 278 in 2017-18, up 34.2 per cent. Cases involving adults have risen 37 per cent, whereas under-18s have jumped by 24.4 per cent. (Source: The Guardian)

Turkey vows to reveal ‘naked truth’ over Khashoggi death Jamal Khashoggi

Turkish President Recep Tayyip Erdogan has vowed to reveal within days the “naked truth” over the death of journalist Jamal Khashoggi, as Riyadh said it did not know the whereabouts of his body and that Crown Prince Mohammed bin Salman had been unaware of any operation to murder him. The Turkish leader’s statement came the day after Saudi authorities conceded Khashoggi had been killed inside their diplomatic compound in Istanbul. “We are looking for justice here and this will be revealed in all its naked truth, not through some ordinary steps but in all its naked truth,” Erdogan told a rally in Istanbul. In his strongest comments to date on the affair, US President Donald Trump accused Saudi Arabia of lying about the killing of Khashoggi, a Washington Post columnist who fell out of favour with the ultraconservative kingdom, as pressure built on the US administration to strike a tougher line. (Source: News24)

Even if the commission led by deputy chief justice Raymond Zondo gets to the bottom of what’s known as “state capture,” it has no powers to prosecute anyone. Criminal charges would have to be pursued by the police and National Prosecuting Authority, which have been hamstrung by management upheaval and a shortage of manpower and skills to tackle complex cases. “The fear is that there could be fatigue over state capture,” said Mzukisi Qobo, an associate professor at the University of Johannesburg and co-author of a study into how the systemic looting was orchestrated. “The institutional mechanisms for enforcing the rule of law have been depleted. The Zondo commission, while necessary, is insufficient to deal decisively with the legacy of institutional decay that the Zuma administration wrought on the country.” While the commission was initially given six months to complete its work, Zondo said it wasn’t enough and secured an extension. Public hearings only began in August because the State Security Agency delayed the screening of the panel’s personnel. It’s unclear whether the commission will hear testimony from Zuma, who was forced by the ruling party to quit in February and replaced by his deputy, and ruling party leader, Cyril Ramaphosa. Zuma has denied any wrongdoing and called the commission’s work politically motivated. He’s due to appear in court next month to face graft charges related to a 1990s arms deal. (Source: BusinessTech)

City Power spooked after armed robbers raid substation

How those behind looting of South Africa may evade justice Jacob Zuma

Scepticism is mounting that the alleged masterminds of South Africa’s biggest-ever embezzlement of state funds will ever be held to account. A judicial commission set up to probe the looting, which ex-Finance Minister Pravin Gordhan estimates may have cost taxpayers more than R100 billion, has been slowed by procedural issues and may need two years to finish. And while a plethora of reports have implicated businessmen with close ties to former president Jacob Zuma, no one has been convicted so far.

securityfocusafrica.com

A violent copper heist has spooked City Power, which is concerned about the increased brazenness of robberies that result in losses running into millions of rand for Johannesburg. This follows Saturday night’s armed robbery at the utility’s Mulbarton substation where, according to Mayor Herman Mashaba, six men “stormed the substation at around midnight, held up the security officers on duty and a staff member, tied them up with cable before stealing equipment from the site”. Mayor Mashaba said on Sunday that a 500 m drum of cable, five 75 m copper cables, three cell phones belonging to two security guards and an electrician, as well as

the electrician’s R3 500 toolbox, were stolen by robbers during the daring break-in. In November, R80 m worth of stolen City Power infrastructure was found on 10 properties around Gauteng in a sting operation involving various law enforcement agencies. Earlier this year, The Sunday Independent reported that, in the six months leading up to May, Johannesburg had suffered R50 m through cable theft. In its 2016/2017 annual report City Power said it had incurred R9.5 m in losses through 169 cable theft incidents. (Source: IOL-The Star)

As vanilla becomes worth more than silver, crime takes over the Madagascan trade The lush mountains in Madagascar’s northeast produce about 80 per cent of the world’s vanilla, one of the most expensive flavours. Its price has soared, reaching more than R8 541 a kilogram last year (more than silver) compared with R711 a kilogram in 2013. Growing western demand for the flavouring is partly driving the price spike, with vanilla used in everything from ice cream to alcohol to cosmetics. Supply was diminished by a cyclone that ravaged crops last year on the island, which lies off the coast of southeast Africa. With the perfect climate and soil for growing vanilla, the Sava region of Madagascar is in the midst of an economic boom. So-called vanilla mansions have sprung up above traditional thatched grass huts. Even the humblest homes often boast solar panels and LED lights that make once-dark villages glow by night. Gleaming SUVs ply the broken streets of Sambava, the vanilla capital, where bustling markets line the roadsides. The windfall, however, has come at a cost. Vanilla’s high price, combined with rampant poverty and a corrupt, weak state, has made the crop a favourite target of violent criminal networks. (Source: The Independent)

Crime threatens services Municipal staff meant to unblock sewers and fix burst water pipes are refusing to work in the Nelson Mandela Bay Township of SowetoOn-Sea after being robbed multiple times and held at gunpoint. At least two firearms belonging to security officers who escorted the water and sanitation workers were stolen over the past two weeks, further fuelling their fears over their safety. Officials were robbed while fixing leaking pipes and electricity connections in areas such as KwaDwesi and Govan Mbeki Township, with the latest attack taking place in Soweto-on-Sea. (Source: HeraldLIVE)

SECURITY FOCUS AFRICA OCTOBER 2018

SPECIAL FEATURE: RANSOMWARE

Ransomware

$5 billion of damage globally in 2017 and still trending Ransomware, a form of malicious software that holds computers to ransom by locking or encrypting data, cost the world around US$5bn (R73.2bn) last year, according to Europol’s 2018 Internet Organised Crime Threat Assessment.

t the top of its list of malware threats, Europol, the European Union’s law enforcement arm, says ransomware is the most complicated form of malware, itself a contraction of the words ‘malicious’ and ‘software’. Expected to continue trending, ransomware has already taken its toll on a wide range of industries and critical infrastructures, hitting more than 150 countries in 2017 alone, and overtaking banking Trojans in terms of financiallymotivated malware attacks. “Ransomware will continue to flourish, as indicated by industry as well as law enforcement reporting. In a few short years, ransomware has become a staple attack tool for cybercriminals, rapidly accommodating aspects common to other successful malware such as affiliate programmes and as-a-service business models, becoming more available and accessible to all echelons of cybercriminal,” Europol warns. Financial gain aside, the illegal acquisition of data is a major motivation for ransomware cybercriminals, continues the Europol report. A case in point was the Equifax breach, which affected more than 100 million credit users across the globe, while other headlining attackers of 2017 included WannaCry and NotPetya. These, along with Cerber, Cryptolocker, Crysis, 10

SECURITY FOCUS AFRICA OCTOBER 2018

Curve-Tor-Bitcoin Locker (CTB-Locker), Dharma and Locky, are among the most commonly reported ransomware families at the moment.

Muddy Water According to Kaspersky Lab researchers, one of the biggest cyberthreats currently targeting Asia, Africa and Europe is Muddy Water, a personalised spear-phishing campaign aimed at government, military, telecoms and other entities. A massive operation by persons unknown, Muddy Water malware arrives embedded in legitimate-looking office documents, and is activated when users enable macros. Says Kaspersky Lab: “Once the infection is activated, the malware establishes contact with its command server by picking a random URL from an embedded list. After scanning for the presence of security software, the malware drops a number of scripts on to the victim computer, with a final PowerShell payload establishing basic backdoor functionality and destructive capabilities (the ability to delete files). The use of legitimate MS files means the malware can bypass any blacklisting. In addition, the PowerShell code disables the ‘Macro Warnings’ and ‘Protected View’ features to ensure future attacks will not require any user interaction.” It adds that targets have been detected in Turkey, Jordan, Azerbaijan, Iraq and Saudi Arabia, as well as in Mali, Austria, Russia, Iran, and Bahrain. “It is not known for certain who is behind the Muddy Water operation, although the attacks are clearly geopolitically motivated, targeting sensitive personnel and organisations. The code used in the current attacks carries a number of features that appear designed to distract and mislead investigators. This includes the insertion of Chinese into the code and the use of names such as Leo, PooPak, Vendetta and Turk in the malware.”

“Over the last year, we have seen the Muddy Water group implement a large number of attacks, as well as the continuous development of new methods and techniques. The group has active developers improving its toolkit in order to minimise exposure to security products and services. This suggests to us that this type of attack is likely to intensify in the short term. That is why we decided to share our first findings publicly – to raise awareness of the threat so that organisations can take action to defend themselves. We are still analysing the attackers’ arsenal and

securityfocusafrica.com

SPECIAL FEATURE: RANSOMWARE

will keep a close eye on their progression, their strategies and their mistakes,” adds Amin Hasbini, senior security researcher at Kaspersky Lab’s GReAT team.

The Middle East and Africa Previous Europol reports highlighted the growing significance of Africa as a source of both cyber-enabled and increasingly cyber-dependent crime. “This trend continues with several member states emphasising the role of West African OCGs (organised crime groups) in increasingly sophisticated cybercrime. While ‘traditional’ social engineering scams still epitomise the crimes associated with this region, social engineering combined with technical attacks involving malware are becoming more commonplace.” This is supported by Trend Micro, which in its 2017 report, notes the growth of digital crime in the Middle East and North Africa. While the scale and scope of products and services does not compare to more mature markets, according to the report, it anticipates the evolution and maturation of these markets into more serious attacks, “particularly

securityfocusafrica.com

given the already visible influence of the Russian underground”.

South Africa “Cyberattacks all have one thing in common,” says Andrew Wilson, CEO of LucidView, a provider of remote network management and intelligent cybersecurity analysis tools. “Cybercriminals are after data in order to commit online fraud, identity theft and a host of other cybercrimes. Two things are therefore critical for organisations, whether large or small: effective cybersecurity and vulnerability management, which both hinge on visibility.” Trying to protect against something that cannot be seen is a huge challenge, he continues, adding that as fast as businesses are implementing new threat management technologies, new vulnerabilities are appearing just as quickly. The answer, according to Mr Wilson, is the latest in gateway security solutions, which are designed to integrate easily into existing network architecture, redirecting all inbound and outbound internet traffic in order to classify and monitor connections. “The benefit of utilising intelligent gateway solutions to create visibility is

that this unlocks the power of reporting,” he explains. “Without a meaningful view of the internet gateway, an organisation is at risk by default, so the benefit of an intelligent gateway solution is that creating visibility is made possible through the power of reporting. This depends obviously on artificial intelligence (AI), and the AI engine that runs this is the key to unlocking that meaningful network view. By being able to investigate and report on every existing and new connection in the network in real time, it becomes possible to clamp down aggressively on malware, especially ransomware connections.”

Future threats Cryptocurrency In 2014, Europol reported that while more than half of EU law enforcement had encountered ransomware, it related predominantly to police ransomware without encryption. Cryptoware was only just emerging with sporadic cases of Cryptolocker. A year later, cryptoware had become a top emerging threat for EU law enforcement. By 2017, the number of ransomware families had exploded, their impact significantly overshadowing other malware threats such as banking Trojans. With the growth of the cryptocurrency, Europol predicts that users, exchangers and related service providers will be increasingly targeted by hackers, money launderers and extortionists chasing money and personal data. On the back of low reporting and prioritisation rates, it’s difficult to ascertain the impact of cryptomining attacks on victims at the moment, but Europol says cryptomining could well overtake ransomware as a future threat. “Despite the revenues generated by ransomware, there are some predictions that cryptominers may overtake ransomware as money generators,” it says. “Such attacks are infinitely more appealing to cybercriminals wishing to keep a low profile, requiring little or no victim engagement and, at least currently, minimal law enforcement attention (with browser based mining not actually being illegal). Given that during 2017 Bitcoin prices reached a value of almost EUR 17 000 and the more easily mineable Monero reached almost EUR 400 (per coin), the risk versus reward clearly favours cryptomining, given

SECURITY FOCUS AFRICA OCTOBER 2018

SPECIAL FEATURE: RANSOMWARE

that a typically quoted ransomware payment is around EUR 250.”

New legislation The NIS (Network and Information Security) Directive along with the General Data Protection Regulation (GDPR), which came into effect in May 2018, are intended to increase the reporting of data breaches. Failure to report a breach carries with it a substantial fines: potentially EUR 20 million or 4 per cent of the company’s global annual turnover, whichever is higher, says Europol. The problem, though, is that hacked companies may choose to pay

The problem, though, is that hacked companies may choose to pay a smaller ransom to a hacker for non-disclosure rather than a hefty fine for non-compliance a smaller ransom to a hacker for nondisclosure rather than a hefty fine for noncompliance. Such payments, however, will only fund further attacks and other criminal activity, and there’s no guarantee that the attacker will not disclose or otherwise exploit the information in the future, it warns.

Solutions Artificial intelligence and quantum computing Professor Dr Marco Gercke of the University of Cologne in Germany, quoted in Europol’s 2018 Internet Organised Crime Threat Assessment says: “Two topics that are increasingly relevant for the law enforcement community are 12

SECURITY FOCUS AFRICA OCTOBER 2018

AI (which is at least partly discussed) and quantum computing (a topic that is hardly discussed at all). AI and machine learning are already used by offenders. What is not widely communicated is that a number of interesting developments of AI-based tools for law enforcement are on the way. One example is the EU-funded project TENSOR that is developing an AI-based tool for automatic identification and collection of electronic evidence. The second topic – quantum computing – has the potential to have a similar or even more dramatic impact on the work of law enforcement, as a breakthrough in this field

would change computing, and especially the effectiveness of encryption, dramatically. It is time for law enforcement to start developing related strategies.”

Government and private sector cooperation The combination of factors behind the WannaCry and NotPetya attacks of mid2017 have taken malware attacks to a level where they can be an impossible challenge for national law enforcement agencies to handle alone, according to Europol, which advocates “greater and enhanced cooperation between international law enforcement agencies, private sector companies, academia and other appropriate stakeholders”. Europol also advocates the introduction of public awareness campaigns focusing on highlighting cybercrime threats and how to handle them; providing specialised training for law enforcement and investigative and forensic resources in order to enable them to stay abreast of

increasingly complex and sophisticated cybercrime activity; and focusing on emerging technologies such as artificial intelligence (AI) and machine learning which, it maintains, are key to dealing with modern crime and intelligence-led policing. For LucidView’s Andrew Wilson, visibility over every single connection is key to countering ransomware attacks. “On average,” he explains, “a hacker, targeting a specific organisation, takes about 180 days from point of penetration before they can successfully encrypt the entire organisation’s data. In this scenario, it starts with a hacker being able to get software installed on to an employee’s machine within a corporate network. This software enables a phonehome connection and this allows the hacker to enjoy remote access, enabling them to look for opportunities to escalate their rights and steal or encrypt business data. This can take months because they have to look and wait for vulnerabilities. However, if the network administration team has visibility into all of the connections on the network, it becomes possible to more effectively identify suspicious connections, report on them, and have them blocked and thus neutralised in under an hour.” He concludes: “Such an approach to cybersecurity is a very effective way of killing off potentially risky connections in a proactive manner. Unless it’s been deemed safe, disable suspicious connections. Once disabled, it becomes possible to safely assess that connection and if it is deemed safe, it can be added to a whitelist of security exceptions. This approach is two-fold: block all connections to known malware and phishing sites, and report on those with the option to allow or kill. It is this reporting function that is especially important, because these phone-home ransomware connections don’t present themselves as known malware if your organisation has been specifically targeted. As we add more devices to the Internet of Things (IoT), and we start to build more connections with the world and devices around us, it’s better to err on the side of being too restrictive and blocking as much as possible, than not. It must be stressed, however, that technological security measures are insufficient on their own. Given that the weakest link in any security system will always be the human element, security awareness training and risk management education is important and is a necessary component of a successful cybersecurity strategy based on visibility.”

securityfocusafrica.com

TECHNICAL SURVEILLANCE COUNTER MEASURES

The importance of technical surveillance counter measures in cybersecurity today Despite knowing that failing to secure their companies against eavesdropping and cybercrime attacks could lead to “catastrophic” results, many CEOs and security managers still aren’t allocating enough resources to technical security issues.

o says Steve Whitehead of Eavesdropping Detection Solutions (EDS), a leading South African supplier of technical surveillance counter measures (TSCM). Granted the exclusive use of the words Cyber TSCM in South Africa, EDS is a business division of Corporate Business Insight and Awareness (CBIA), which specialises in business counterintelligence services and training. The cybercrime threat has become more complex, shifting from boardrooms to data centres, and capitalising on the growth of smart facilities in South Africa, a trend fuelled by construction, modernisation and legislation around the enhancement of energy efficiency and remote access to systems and data. “The Internet, GSM, Bluetooth and IoT connected systems allow remote management and create alternative access points that could be exploited by malicious actors and would-be spies,” he warns. “The more things become connected, the greater the attack surface.” Threats such as these are usually not covered by physical and IT security. “Charles Patterson, a TSCM professional from the US wrote recently that ‘both cyber and physical security are necessary, but there is an area in between that neither one extends into. That is where TSCM sweeps are needed”. Given the cross-functional and high nature stakes involved to protect corporate information, TSCM resilience can only be achieved through the conduct of regular Cyber TSCM and technical surveillance countermeasure surveys.

Exchange (JSE) now requires listed companies to apply the King IV™ principles and practices. “The JSE can suspend a listed company’s listing if it does not apply all the King IV™ principals and explain how they applied them. So it can be inferred that listed companies that don’t conduct regular TSCM surveys of their sensitive areas, and don’t take prudent and reasonable steps to safeguard their information against possible technical attacks, could lose their listings. The same could apply if a company selects a TSCM service provider that doesn’t comply with the minimum requirements regarding training, experience and equipment for a professional survey service.” In light of this, he strongly recommends that organisations align their information security systems, principles and practices with the King IV™ requirements by incorporating regular technical surveillance countermeasure inspections into their information security architecture in order to enhance their cybersecurity.

The King principles To quote Professor Mervyn King, the main objective of King IV™ (2017), a set of principles and good practices, "is to make corporate governance more accessible and relevant to a wider range of organisations, and to be the catalyst for a shift from a compliance-based mindset to one that sees corporate governance as a lever for value creation”. To this end, King IV™ says that technology governance and security have become critical issues. “Technology is now both the source of many of an organisation’s future opportunities and of potential disruption. The security of information systems has become critical.” “Section 12 of King IV, which deals with technology and information governance, places the onus of the ongoing oversight of the management of information on governing bodies, with the expectation that they should leverage information to sustain and enhance the organisation’s intellectual capital; create an information architecture that supports confidentiality, integrity and the availability of information; protect the privacy of personal information; and continually monitor security of information.” Failure to accurately disclose the state of compliance in terms of the King IV practices could have serious consequences for an organisation, says Mr Whitehead, noting further that the Johannesburg Stock

securityfocusafrica.com

Cyber TSCM™ Surveys All confidential areas and data centres for covert surveillance devices Tel (012) 665-2109 (International +2712) www.tscm-za.com • info@tscm-za.com

SECURITY FOCUS AFRICA OCTOBER 2018

SPECIAL FEATURE: EVENT SECURITY

Are private events SA’s new armed robbery hotspots?

An armed robbery which took place during a wedding at the Riverside Castle Wedding Venue in Pretoria a few weeks ago made headlines all around South Africa. And then, on the eve of this article going to print, the Hillsong Church in Century City, Cape Town, was also hit by armed robbers.

rek Lategan open during the proceedings, et, they’re not a new De phenomenon in the which provides easy access for country, says Derek criminals. Criminals will target Lategan, managing large gatherings of people as director of Excellerate they can steal larger amounts Services. “In 2016, a preof valuables in a shorter wedding party at a Malvern period of time, and this is home was interrupted by three particularly true of vehicle crimes armed gunmen who entered the (theft of and out of motor vehicles). property and robbed guests of their Added to this is that guests at events of this valuables. Then, in 2017, armed men nature rarely carry firearms.” stormed a wedding in Umhlali, shooting and killing the venue owner when he A growing necessity tried to protect the guests and his family Due to the prevailing crime climate in South members.” Africa, the need for comprehensive security It’s important that people don’t consider plans for both public and private events is these events in isolation, he continues, a growing necessity, maintains Mr Lategan. noting that funerals have long been While it’s too early to say that attacks on targeted by same criminal modus operandi. private events are becoming a trend, he’s “Large gatherings such as weddings and in no doubt that security needs to be funerals provide the perfect opportunity considered whenever and wherever large for criminals since guests are less focused groups of people gather. on security and often wearing their finest “The best way to create a security plan for clothes and jewellery. The venues are also an event is to ensure that all access points

SECURITY FOCUS AFRICA OCTOBER 2018

are guarded and monitored at all times, that emergency situations are considered and counter measures put into place to both proactively prevent and reactively deal with emergency situations,” he says. “It’s also critical to employ the services of a professional company that has the event security experience required to protect guests.” For Zakhele Thambe, CEO of Zeus Protection, professional officer training is key to providing Za the necessary kh be e le T h a m protection for events. “We also need to evaluate staff every month to keep them sharp at all times,” he adds. He’s in agreement with Mr Lategan about the need for enhanced event security in South Africa’s high crime environment. To this end, he believes that event organisers also need to make security their first priority. Accordingly, he recommends their attendance at regular safety workshops, to learn about access control, how to prevent unauthorised access, and how to check for weapons. “It’s about being vigilant, making sure that each and every guest is authorised to be there, and that every individual does their part in the interests of safety,” Mr Thambe asserts. Depending on the type of event and its location, each gathering has its own unique set of challenges, says Mr Lategan. Accordingly, his company advocates a set of standard procedures for best practice that include meeting with the client to discuss the nature of the event and their unique requirements; conducting a risk assessment to assess weak links and potential threats, identifying mitigating factors such as security officer placement, marshals for sports events or ushers for concerts, compiling an operation plan along with suggestions and operating procedures for the day, rolling out the operation under the strict supervision of a trained and dedicated event security manager.

securityfocusafrica.com

Integrating Pyronix intrusion and Hikvision surveillance in one app Hik-Connect

www.facebook.com/pyronix

@pyronix

Pyronix Limited, Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY, UK T: +44 (0)1709 700 100 E: sales@pyronix.com W: www.pyronix.com

EVENT REPORT BACK

G4S Deposita launch event The glamorous red-carpet launch of G4S Depositaâ&#x20AC;&#x2122;s new product range, which took place at the N1 Business Park in Samrand, Gauteng, on 18 October, was a feast of high-end products designed for the banking and retail sectors. The event, which attracted guests from all over South Africa, showcased its latest products, allowing for one-on-one demos by its experts. Culminating in the key note address by G4S Deposita President Christo Terblanche, the backdrop of fine food fare and a live band, ensured a memorable evening for all.

Seen there...

(L to R) Chris Venter (G4S Deposita), Philip Meyer (FlySafair) and Anthony Cousins (G4S Deposita).

Christo Terblanche (President of G4S Deposita), Charles Lowings (Spar) and Henk Bezuidenhout (Spar).

Kanyisa Bizana (ABSA), Daphney Tsiana (ABSA), Golda Martin (ABSA) and Theo Bosman (G4S Deposita).

Awie Smit (ABSA), Tania Nipis (G4S Deposita) and Hans Haines (ABSA).

Kagiso Ramashala (FNB) and Kabir Dhupelia (FNB).

SECURITY FOCUS AFRICA OCTOBER 2018

Christo Terblanche President of G4S Deposita.

securityfocusafrica.com

PERSONALITY CYBERSECURITY PROFILE

In conversation with…

Riccardo Battaini Managing director of CAME BPT South Africa By Ingrid Olivier

“Find what you love to do and then pursue it. This will give you a tremendous advantage in terms of energy, results, enjoyment and quality of life.”

hat’s the advice Italian-born and educated Riccardo Battaini gave himself as young graduate, fresh out of university with an electronics engineering degree and the growing realisation that he was better suited to a different career. Today, in his position as Managing director of the South African branch of the CAME BPT Group, it’s still his best advice to youngsters.

The company The CAME Group is a global concern that designs and manufactures access control equipment. With an annual sales turnover of Euro 250 Million – the equivalent of R4 billion – 1 800 employees and 25 branches throughout the world, becoming a giant in the field of intercom systems, domestic and industrial gate and door automation, automatic barriers, turnstiles, access control, CCTV and parking management solutions. Its South African headquarters are in Johannesburg, and it has branches in Durban, Cape Town and Pretoria, which Riccardo visits regularly.

The early years Born in Italy, Riccardo lived there until 2011 when, at the age of 49, he and wife moved to South Africa. Post-school, he attended a telecommunications technical college in Milan before going on to university where he graduated cum laude with a degree in electronics engineering. Less than inspired by R&D (Research and Development) as the years went by, and frustrated by an imbalance between the effort and time he was putting into his career compared with the lack of control he had over budgets and plans, he decided to follow his passion for sales and project

securityfocusafrica.com

development and management. “I felt that this would be a better choice for me, so I worked my way from the field of technology to a position with BPT in Italy,” he explains. A world leader in audio and video intercoms, the company appointed him to the position of Export Manger, where he started working with the South African market.

Challenges and rewards “As the MD of the company, I need to make sure that we operate at the best possible efficiency in terms of results,” he says, quick to add that he couldn’t do it without his team. “And yes, there are always new challenges, whether in the form of new products that need to be introduced to the market, stock to be managed and distributed, or projects to be launched, monitored and successfully completed. The list is very long!” He adds: “For sure the South African security market is enormously challenging for so many reasons. It is very competitive and also very demanding in terms of features and ease of use. Then there’s the stability of the environment, which is another big challenge since it requires an incredible level of consistency and persistency, in my opinion.”

The best part about the job “I love that my job requires a mix of soft and hard skills. And that it is constantly changing. I get great pleasure from finding solutions to fit all involved parties.”

Proudest achievements From a career perspective, Riccardo says he’s particularly proud of growing BPT Italy’s export sales figures from four to 15 million Euros in eight years and working with his

team to realign its product range in keeping with international demand. In his personal capacity, he speaks of his wife and the happiness of their marriage before her untimely passing.

Dreams “I would really like to see our brand expand and become an industry benchmark for not only intercom products but also gate automation and parking systems. To this, I would like to see more recognition for the quality of our products and the effort we put into what we do. Then I would be satisfied and could start looking for and finding new challenges!” “In terms of South Africa, I see so much potential” he adds. “It is a young and wonderful nation and I would love to see it flourishing and seizing the opportunities that exist for all of us.”

Chill time Reading about personal development is one of his leisure time passions, fascinated as he is by how the human mind works. Never content to sit still for long, Riccardo also works out at the gym, enjoys indoor cycling, swimming, walking in the open air and spending time with friends. Once or twice a year he goes to Italy for business and to visit family, but otherwise his preferred holiday destination is South Africa.

Mentors “I think that, like most people, my parents gave me a good set of values to work on. I also had some amazing teachers in the early stages of my career, who showed me how to be more effective. For these wonderful people and for my wife, who always supported, encouraged and advised me, I am so grateful.”

SECURITY FOCUS AFRICA OCTOBER 2018

SURVEILLANCE XXX

CCTV and PoPI What’s the big deal?

The Protection of Personal Information (PoPI) Act can only come into play once the Information Regulator that the Act envisions as its enforcer is fully operational. This could be anywhere between now and 1 December 2018, which is fairly soon if all goes according to the Time Table of Activities on the Information Regulator’s website.

his particular piece of legislation is designed to protect personal and identifiable information by regulating the collection and processing thereof by private and public bodies. However, there is a level of concern in the security industry that the rights granted to individuals over their information will have a hampering effect on surveillance operations, but this is misdirected concern. While this Act is likely to impact how video footage records are stored and processed, it is unlikely to prevent entities from using CCTV surveillance in their place of operation for the purposes of law enforcement and post-incident security management.

personal data can be used, and who can access that data.” Mr Alhadeff makes it clear that while the Act gives individuals rights over their personal information (including the right to request access to that information and to have that information removed and destroyed) that right is not directly affected by CCTV surveillance operations. He adds, “Nor is the right to privacy, which is governed by the Privacy Act, and which allows for surveillance in certain places and under specific circumstances, as long as the cameras are clearly visible and there is a distinct clear notice informing the public as such.”

Keep calm and carry on

CCTV not an infringement of rights

“There has been a fair amount of panic around PoPI, due to the fact that it is possible to argue that video surveillance is essentially creating a record of an individual’s unique identifier – their face,” says Laurence Smith, executive at Graphic Image Technologies. “As a result, people are worried that this would mean, for example, if they’d been a victim of crime in a shopping centre, PoPI would prevent them from obtaining the CCTV footage to ascertain the identity of the perpetrator,” Smith explains. “This is not necessarily the case,” explains Alan Alhadeff, director and attorney at Alhadeff Attorneys. “The PoPI Act is concerned with transparency and accountability in how an individual’s

“Now if I fall victim to a pickpocket in a shopping mall, and I request to see the CCTV footage at the security control room, the manager would have to refuse me access to this footage, but not for the reasons most people think,” Mr Alhadeff notes. “If a crime has taken place, this needs to be reported to the proper authorities straightaway. The footage cannot be shown to third parties before it has become part of the official police record. This would tarnish the evidentiary record, and as part of a criminal case, the prescribed process needs to be followed,” Mr Alhadeff says. The inability to disclose footage to a third party has nothing to do with PoPI itself,

The rugged, reliable device that optimises your security services

SECURITY FOCUS AFRICA OCTOBER 2018

hinges but rather on criminal procedure and privacy law. “We have to believe in the judicial process,” Mr Alhadeff maintains, “and this is not a case where individuals should be allowed to take justice into their own hands, especially in light of the ‘innocent until proven guilty’ principle.”

So what impact is PoPI likely to have on security surveillance? Every conversation around PoPI at this point is speculative, until we know what the Information Regulator looks like and how it will enforce the Act. “Right now, we’re advising our clients to examine how the Act’s requirements will affect their CCTV operations, from a practical perspective.” Mr Smith says, “Responsible parties as defined by the Act will have one year’s grace to achieve compliance.” This means that individuals, businesses and state entities that have CCTV cameras in operation will have to examine their cybersecurity, hosting, storage and their data access, retention and destruction policies to bring them in line with the Act, and they’ll have 12 months to do so. “Even though it’s a ‘best effort’ undertaking, it’s advisable to start sooner rather than later,” warns Mr Alhadeff. “Once PoPI is in effect, compliance services will skyrocket, and it has been my experience that rolling out a comprehensive compliance programme can take anywhere from six weeks to six months ,” he stresses.

• GPS and GSM functionality to track and communicate with your guard in real-time. • No additional maintenance costs. • User-friendly. • RFID reader. • Panic button. • Man-down function. • Access to Active View, a live web interface.

Tel: 011 551 1687 Fax: 086 218 2928 info@activetrack.co.za Facebook: @activetrackSA www.activetrack.co.za

securityfocusafrica.com

FLEET TRACKING

6 Benefits of fleet tracking for small businesses Fleet tracking, telematics, GPS tracking; there are many names for the technology businesses use to keep an eye on their vehicles. And yet, as its list of benefits are so long and far reaching, there still probably isn’t enough. By Trackaphone

ather than you having to go through them all, we’ve put together a list of the six most significant benefits of fleet tracking software and systems for small businesses. After all, such technologies are all about saving precious time and money.

1. Reduce insurance cost It costs a pretty penny to insure a fleet of company cars, particularly when it’s your core business model. But when you install a GPS tracking system in your fleet, it greatly improves the safety of the vehicles and drivers, and as a result, can lead to significant reduction in insurance premiums.

2. Locate your vehicles Businesses can benefit in many ways from using fleet tracking to monitor where their vehicles are at all times. For instance, they’re able to inform customers of arrival or delivery times, record and improve driver behaviour, and ensure that none of the vehicles are used for anything other than company business. Not to mention loss of vehicles through theft almost certainly becomes a thing of the past.

3. Manage maintenance

5. Improve safety

As it provides alerts on things like engine use, time, and mileage, one of the biggest benefits of fleet tracking for businesses is in managing maintenance. Not only does it allow drivers to get support when in trouble, but it also helps avoid accidents and breakdowns altogether, resulting in a lot of saved time, aggravation, and money.

Greater tracking always means greater safety. And when it comes to getting your drivers, goods, and vehicles where they need to be safely, this could not be more true. Should there be a problem on the road, drivers can instantly call for help and another vehicle will be sent to the exact location they’re at. The result is much less downtime and much more time spent on moving forward.

4. Minimise operating costs As you can see, the benefits of fleet tracking always lead in one way or another to saving money. Some of the most significant costs that businesses save on are fuel, overtime expenses, and unauthorised usage. In particular, after installing a fleet tracking system, businesses are often surprised with how much fuel they save simply due to regulating driver behaviour and habits.

6. Build trust Aside from the more apparent benefits of fleet tracking, the technology is also a great way to show your customers another level of commitment and earn their trust. They can be kept in the loop at every stage of the delivery of goods, find out all the details they want to know, and be safe in the knowledge that whatever they’re waiting for will arrive.

A GUARD MONITORING SOLUTION FOR ANY APPLICATION * DB Projects and Agencies

sales@guardreports.co.za 011 888 4982 356 Pretoria Ave, Ferndale, Randburg

* All backed by on-site service

securityfocusafrica.com

SECURITY FOCUS AFRICA OCTOBER 2018

CYBERSECURITY

One year on from

SA’s biggest breach By Kate Mollett, regional manager for Africa South at Veeam

It’s been a year since the private personal data of almost 60 million South Africans was compromised when a database named ‘masterdeeds’ was leaked publicly online, exposing ID numbers, contact details, addresses, and income estimates. Have any lessons been learnt by South African organisations? It would appear not.

ack in May this year, close to a million records of South African citizens were exposed online, including similar information to the ‘masterdeeds’ exposé, but this time with plain text passwords also revealed, it appeared that multiple other breaches had been successfully achieved, that is according to insights from ‘Have I been pwned‘ analyst, Troy Hunt. Given how intelligent data management is growing as a strategic priority, companies must be cognisant of ensuring the security and integrity of systems, especially when it comes to defending against cyberattacks. The reality is that these attacks can happen against any business, in any industry, and at any geographic location. From small startups all the way through to large multinationals, no company can consider itself safe. But, not just that. An old proverb goes, ‘Time and tide wait for no man’. Well, I think you can add ‘data protection’ to that line, too. The ability to get ahead of would be attackers and fix weaknesses

is a never-ending task. By identifying zero-day vulnerabilities and working with software vendors to ensure that patches are developed and distributed, researchers can help close this gap. But the pace of acceleration at which attackers are evolving and becoming more sophisticated is troubling the minds of experts at major security firms, like Cisco’s Talos Threat Intelligence Division. Businesses need to be far more proactive in managing and protecting data and systems and understand that the traditional perimeters they must defend are now much wider. Cloud computing, IoT, mobility technologies, and Shadow IT, all have eroded previous business security boundaries. Even a humble phone charging cable can be used maliciously without a user consciously being aware of the risk posed. The breadth and depth of recent ransomware attacks alone demonstrate how adept adversaries are at exploiting security gaps and vulnerabilities across devices and networks for maximum impact.

Getting the basics right One of the most fundamental steps in this regard is to deliver a company-wide employee training programme on data protection and phishing attacks. Humanled errors are still the weakest link in the security chain for a business. When the stakes are so high, employees must be more aware of their actions. From a technology standpoint, implementing intelligent data management tools that can monitor, automatically spot irregularities, and act accordingly is critical. Businesses collect data at an astounding rate. The traditional method of adopting a policy-based mindset of security and data management is no longer enough. Instead, decision makers need to embrace an automated, behaviour-led approach that can spot inaccuracies and obscure patterns in data usage. For organisations of any scale, the old school way of manually checking and monitoring has become a relic of the past. Yes, it is near impossible to prevent all data leakage and data thefts, but an intelligent data management approach, combined with a strong and versatile incident response process, can help significantly reduce the complaints that naturally would follow.

Evolving threats IBM research shows that beyond reputation damage, there is also a significant financial impact. For example, in the US, the average total cost of a data breach this year has been around R118 million. Canada, Germany, and France each reported more than R59 million per incident while the UK, Italy, and Japan come in at more than R44 million. Sadly, South Africa is not spared either. The country averages R42 million per data breach.

SECURITY FOCUS AFRICA OCTOBER 2018

securityfocusafrica.com

CYBERSECURITY

Now, consider you are a small business owner. Can you realistically survive something as catastrophic as that? With incidents occurring more frequently, both locally and abroad, companies are waking up to the need to better understand their security priorities. 91 per cent of the security professionals said the breaches drove improvements at least to a modest extent, according to the 2017 Cisco Midyear Cybersecurity Report. A breach can offer useful insights into how attackers got into the networks, showing security professionals the chain of entry points, offering a roadmap of where to place security controls. But this information will quickly be redundant as attackers evolve the sophistication and style of attack. Taking preventative action is always better than being caught on the back foot and scrambling to recover. Offsite and offline backups not only mitigate the effects

of ransomware, but when combined with the right security suite and employeeawareness training, can help prevent the problem altogether. When it comes to security and data backups, however, the reality between what should be done, and what is happening is startling. Veeam research suggests that just under half of IT decision-makers test their backups on a monthly basis. Long gaps between testing can increase the chances of issues being found when data needs to be recovered. For those that do test their backups, a mere 26 per cent test more than five per cent of their backups.

Data ready? 3-2-1 go! Despite all the technology innovation happening around us, solid business rules should still apply when it comes to protecting data. In this regard, one of the best strategies is the 3-2-1 rule. This states

that organisations must have at least three copies of their data, store the copies on two different types of media, and keep one backup copy offsite. By following this approach, organisations will always have an available and useable backup of their data and systems. At a time where breaches, attacks, ransomware incidents etc., become a daily threat, this is a vital precaution. Fundamentally, intelligent data management must be viewed in its entirety. In other words, companies cannot only focus on protecting one division or specific elements of their data. Instead, all entry points need to be considered, all databases irrespective whether they are hosted locally or in the cloud need to be protected, and all employees must be continually educated on threats. To do any less, could potentially result in a business having to close its doors for good.

Destroy or redeploy? Companies must be cautious to safely dispose of data-rich electronics, especially in this era of rapid technological and digital change. An even bigger challenge is to decide whether it is more economical to destroy or redeploy old equipment.

ecycling old electronics is the right choice when they are broken and beyond repair, but equipment that still works could be sold or donated to needy organisations and charities. Many underprivileged schools will be happy to take receive old computers and other electronics. The only way to do this effectively is with a proper IT asset management program. While doing so, businesses must take proactive measures to ensure there is no trace of sensitive information left behind, particularly considering the growing number of gadgets now linked to network infrastructure. According to Xperien chief executive officer Wale Arewa, businesses that don’t implement device end-of-life protocols are putting crucial info in unnecessary danger. “One needs to create a strategy to protect data from cradle to the grave. IT Asset Disposition (ITAD) best practices involve both logical and physical destruction

securityfocusafrica.com

of obsolete or unwanted data and equipment.” ITAD vendors often buy equipment from organisations to refurbish and resell or to strip the device for spare parts. For the company, this approach provides steady and predictable revenue that can be offset against the cost of compliant disposal of electronic equipment. “Not everyone is thinking about a cohesive strategy when identifying areas of risk. Items carrying critical data will normally have this data erased, with the item then being refurbished or resold back into the market. However, many businesses take the path of least resistance, finding the lowest price vendor to just take away a device for free,” he warns. Arewa says the biggest misconception is that they can just delete the files and folders, but they don’t realise that the data is still there. “One hard drive can contain millions of files. When a file or folder is deleted, the information remains on the

drive, including deleted emails.” Formatting or overwriting is not enough to prevent confidential, proprietary and sensitive data from being recovered by data thieves using simple techniques and equipment. Physical destruction of old devices is the best way to reduce a company’s data breach exposure. “There is also a legal requirement that needs to be considered. Destroying your hard drives and tapes helps keep your business compliant with the Protection of Personal Information Act 2013 (PoPI) and the European Union’s General Data Protection Regulation (GDPR),” he concludes.

SECURITY FOCUS AFRICA OCTOBER 2018

ON THE MARKET

PaxLock Pro Robust, secure, wireless access control from Paxton Paxton, the global brand of electronic IP access control and door entry solutions, has announced the launch of the PaxLock Pro, the latest addition to its range of wireless access control solutions, in conjunction with the new and improved Net2Air bridge, the connector to the Net2 wireless range.

axLock Pro has a universal design that can operate in standalone mode or as part of a networked system. There is a simple upgrade path from standalone to networked, with no extra hardware required that creates a solution which can evolve with the needs of the customer. There are both internal and external versions available making it applicable for more sites than ever before. This includes residential, educational facilities, commercial buildings and healthcare sites. It has a smart, compact appearance and is available in black or white, complete with anti-scratch fascia ensuring that the product maintains a high-quality look and feel for even the most modern of interiors. The PaxLock Pro is built to last with its robust design and capacitive wakeup, ensuring a time and energy efficient

solution. The kit comes ready-to-it, meaning it can be installed quickly and can replace an existing door handle. Paxton’s new Net2Air bridge provides the wireless communication link between the Net2 software and wireless control units, such as the PaxLock Pro. The improved aesthetics facilitate its positioning on a wall or ceiling for optimal coverage, and the enhanced, low profile design provides a clear display of the status LEDs for ease of use. It is also easy-to-fit with a simple three-step installation process. Gareth O’Hara, Paxton’s Chief sales officer, says: “The PaxLock Pro represents Paxton’s third generation of wireless door handle and comes as a direct response to customer feedback, following two-years in development, we believe it is our best yet. The versatility of the product allows us

to address networked and non-networked systems, and internal and external doors. We believe the PaxLock Pro is the must have product for Paxton installers everywhere. We continuously strive to meet our customers’ expectations and have worked tirelessly to ensure the product is robust, durable and aesthetically pleasing in equal measures. “The launch of the Net2Air bridge perfectly complements the PaxLock Pro with its aesthetically pleasing design. Both new products will be available for installers to purchase on 23rd October 2018.”

Using technology to combat With the multitude of emergency numbers available in South Africa, getting help is not as clear cut as it should be. Adding to the frustration is the time wasted due to the lack of information available to the emergency operator. They don’t know who you are, or where you are.

SECURITY FOCUS AFRICA OCTOBER 2018

amola, a free emergency safety app, supported by Dialdirect Insurance, takes the hassle out of getting help in an emergency. The moment a Namola user pushes the button to request assistance, the app sends through the user’s GPS location and emergency profile so that the user’s dedicated Namola operator knows immediately where the user is and who they are. With a quick confirmation of the nature of the emergency, the Namola operator will then coordinate the right help for the emergency and send the user the help they need.

Thanks to innovative thinking, Namola uses technology to ensure that you are able to get help, no matter the scenario. For example, if a user can’t speak, Namola’s in-app chat feature allows an alternative method of communication with the Namola operator and the first responders. Even if the user is on the move, the GPS location will constantly be updated, giving South Africans peace of mind that no matter what the situation, they can let someone know that they need help. Namola knows that every emergency is different. In addition to having over 1 400 geofenced control rooms on their database, Namola has added counselling services, social

securityfocusafrica.com

ON THE MARKET

Intrusion with vision Hikvision is expanding its horizons with integrated one-platform alarm solutions.

ikvision, the world’s leading provider of innovative security products and solutions, has introduced a new range of intrusion alarm solutions to the security market. Combining Hikvision’s market-leading position and world-class capabilities with over 30 years of intrusion expertise from Pyronix, the new range of alarm solutions supplies professional installers with innovative and reliable security systems for every requirement. With sleek, stylish and discreet designs, the extensive range provides advanced alarm

disarm, view, record and interact with their security like never before via one platform, helping security professionals target new market applications to grow and maximise their business potential. “We are extremely pleased to deliver the next generation of fully integrated, oneplatform alarm solutions that fuse worldleading innovation and proven intrusion technologies,” said Jiang Feng Zhi, head of Hikvision’s alarm division. He continues: “A big advantage of the new Hikvision alarm range is that it provides intrusion and video technologies that have been developed and designed to work in perfect harmony, to deliver market leading advantages and performance to our partners globally. “By delivering one-platform systems via our iVMS and Hik-Connect software and apps, we are maximising the value and effectiveness of security systems to both installers and end users, through feature-rich and innovative products.” Comprising both wireless and wired systems, each support multiple communication paths to enhance flexibility and security. These can then be fitted with the extensive portfolio of wireless and wired Hikvision peripherals, to deliver security and life safety solutions across multiple markets. Welcome to the one-platform revolution.

solutions which support all market segments including residential, commercial and industrial applications. Compatible with the entire Hikvision video portfolio, the range integrates via iVMS and the Hik-Connect smart device application, with standard cloud connectivity. This new and innovative combination offers highly reliable and proven alarm and video capabilities, alongside full remote control and monitoring with IVaaS (Intruder Verification as a Service) for video verification of events. A synergy of intrusion and surveillance technologies enables end users to arm,

crime in South Africa workers and community safety initiatives to the ways South Africans can get help. Recently, the company launched their latest innovation, Namola Watch, which allows established Neighbourhood Watch teams to respond to reported incidents in their communities faster than before. “Namola has changed the way that we are able to respond to emergencies in our community,” says Graham Holmquist of Riga Rescue, a Namola watch responder. ”Knowing the type as well as the exact coordinates of the emergency cuts down time and allows us to give help faster than before. Whenever we get to the scene of an emergency that has not been reported via

securityfocusafrica.com

Namola, we ensure as many people on scene download the Namola app there and then.” Namola encourages South Africans not only to get help for themselves with Namola, but to use it as a trusted resource to get others in your community help. “It’s great to see that so many people are using Namola to report emergencies on behalf of others,” says Maanda Tshifularo, head of Namola’s sponsor, Dialdirect Insurance. ”We love that Namola is fast becoming the tool of choice to combat crime and make communities in South Africa a safer place to live.” Namola is available as a free download at namola.co/sfa.

SECURITY FOCUS AFRICA OCTOBER 2018

ON THE MARKET

How to manage up to

1 000 cameras

Introducing Uniview’s Unicorn, a smart integrated surveillance and security platform with video input, storage, video transfer capability and device management functions designed specifically for digital video surveillance and alarm monitoring applications.

ften a variety of different devices are required to provide a complete solution. But, with Uniview’s new Unicorn, spending hours or even days planning a comprehensive security solution is a thing of the past. The Unicorn has adopted audio/ video compression and decompression, storage, network functionality, and smart technologies. It is suitable for security and surveillance scenarios such as large

residential areas, buildings, campuses, hotels, and shopping centres. Built on a Linux OS, dual-BIOS platform with redundant power and optional two-server hot standby, the Unicorn provides you with a multitude of security functionality options, like unified management of the NVR, an alarm control panel and even door access control so you can monitor and control alarms and access to a premises from the cloud or from one central location.

Not only does the Unicorn cater for monitoring and recording of UNV cameras but it also supports 3rd party cameras thanks to its ONVIF compliance. It can manage and monitor up to 2000 high-definition video streams with its powerful processing capabilities. The unit also boasts with 1 x RS-232 and 1 x RS-485 port for connecting a joystick to control high-end PTZ or speed dome cameras. The integrated 2 x HDMI and 1 x VGA port allows for multiple screens to be connected for viewing cameras and the 24 x alarm inputs and 8 x alarm outputs means devices like passive IR’s, smoke detectors and strobe lights can be connected to the NVR directly.

Sparks shines a light in the dark with new

Lumi-viz™ safety tape

Traffic officers, fire fighters, emergency medical staff, construction workers, miners, in fact anyone who needs to be seen, are vulnerable if they are not clearly visible in all light conditions. Conventional safety clothing usually aims to be conspicuous by the following means: Day time visibility Brightly coloured hi-vis dayglo yellow or orange fluorescent fabrics or trims. Effective only in bright light.

Night time visibility Retro reflective tape which reflects light back to the source e.g. cars headlights or a flashlight. Needs a light source from the right direction to be effective.

The solution lies in new technology The problem is that neither of the above work at all in total darkness or, for example, where a vehicle approaches a roadblock or

SECURITY FOCUS AFRICA OCTOBER 2018

accident scene without its headlights on. Introducing Lumi-viz®, a unique luminous tape that absorbs light from the sun, daylight or even normal home or office lighting. This absorbed light is given off for up to 10 hours making the wearer visible even in total darkness. Sparks & Ellis, one of South Africa’s leading uniform suppliers, are at the forefront of this new technology which offers a whole new level of safety for your workforce. Sparks & Ellis has developed this tape in order to provide extra safety for people who need to be seen in all light conditions. Lumiviz™ tape can be stitched onto garments during manufacture and can be used as a

Reflects in cars headlights

Glows in total darkness

background fabric for badges. It is a highly effective and affordable way of improving safety of your protective clothing.

securityfocusafrica.com

CASE STUDY

Clear-sighted security Fans, visitors and employees trust video technology As an ice skating stadium, ice hockey match venue, the setting for musicals or rock concerts, das Stadtwerk.Donau-Arena in Regensburg is widely appreciated as one of the premier event locations in the region, and as a multipurpose hall it can be adapted to meet an enormous range of requirements.

ver 150 000 visitors every year necessitate a modern infrastructure, not least in terms of security technology. It should be capable of ensuring the safety of visitors, fans and employees, and at the same time satisfy their requirements with regard to maintaining their personal privacy. Therefore, in 2017 the management of das Stadtwerk.Donau-Arena decided to modernise the arena’s video security equipment with a total solution from the Regensburg-based company Dallmeier. A home game for Dallmeier, with everything to play for, because for the first time an ice skating stadium would join the long list of stadium projects undertaken by this global player.

Rapid response time with modest expense The facilities offered by das Stadtwerk. Donau-Arena and its capacity (it can hold over 4 800 ice hockey fans) mean that the multipurpose hall and home venue for the third-tier league (Oberliga) ice hockey team EV Regensburg satisfies the requirements set forth in the 9 000-point plan of the German Ice Hockey League (DEL). Accordingly, it is eligible to host international ice hockey matches and has welcomed the German national ice hockey team among others. It is no surprise, then, that great importance is attached to a security strategy in which the fans can enjoy the party atmosphere without worrying about their safety, and players and employees are also protected from danger. These two primary aspects provide the capability not only to obtain an overall view in the event of acute danger situations (e.g. a fire outbreak), but also to help with the rapid investigation of crimes in the stadium, on the concourses or in the car parks. The operators were particularly keen to keep the installation and operation as simple as possible and the total costs low, while at the same time be able to adapt the systems to various requirements.

securityfocusafrica.com

Privacy and data protection are valuable commodities even in the stadium Data protection and data security are very important to the operators of das Stadtwerk.Donau-Arena. The fact that Dallmeier is based in Germany therefore guarantee compliance with the legal requirements, in particular the new European General Data Protection Regulation for protecting personal data. Examples of this are the Privacy and PeopleMasking functions, with which individuals can be pixellated or certain areas can be covered, or the dual control principle. With the last function certain images can only be accessed by two personnel members at the same time, with different passwords, for use in police investigations, for example. Many other security and protection functions (for example, limiting retention time or resisting hacker attacks targeting the video system), ensure that all legal requirements can be met

with Dallmeier technology, even if the regulations are changed.

Analyse details and still keep the big picture in sight: The ‘Panomera® effect’ Most importantly, das Stadtwerk.DonauArena wanted a system that would enable a rapid response to isolated incidents while maintaining an uninterrupted overview of the total picture. The multifocal sensor system of the patented Dallmeier Panomera® technology is designed to provide them with exactly that: if necessary, the operator can focus on a certain area, while capturing and recording all areas of the scene under observation simultaneously, without interruption and in the highest resolution. This means that an occurrence can subsequently be reconstructed wherever it occurred in a manner that is admissible as evidence, even if the operator was focussing on a different detail of the scene at the time.

das Stadtwerk.Donau-Arena in Regensburg, Germany.

SECURITY FOCUS AFRICA OCTOBER 2018

CASE STUDY

This is not possible with conventional Pan Tilt Zoom (PTZ) cameras. Das Stadtwerk. Donau-Arena has installed several S8 Ultraline series Panomera® cameras offering good low-light sensitivity even in lighting conditions of events such as concerts to ensure the safety of the guests.

Outstanding light sensitivity for car parks and concourse as well

Multifocal sensor technology

Ideal solution for the mining, oil and gas industry! Panomera® was specially developed for the all-encompassing video surveillance of expansive areas. Now huge widths, as well as areas with large distances, such as strip mines, can be displayed with a completely new resolution quality, in real time and at high frame rates of up to 30 fps. In conjunction with intelligent video analysis tools Panomera® offers unique capabilities for monitoring and optimising the operation of heavy equipment such as conveyers or dump trucks as well as for securing the perimeters of mining areas.

Surveillance of the entrances and exits, car parks and concourse/ticket office areas is assured with infrared (IR) box cameras and dome network cameras. The Dallmeier IR cameras have been developed with particular attention to changing light conditions to ensure 24-hour video coverage, combining the very latest sensor and encoder technology. They are thus able to deliver outstanding contrast, brilliant clarity and the highest possible resolution and colour fidelity even under diffuse event lighting. In IR mode at night, the camera’s high infrared sensitivity and semi-discrete 850 nm high-performance LEDs guarantee exceptional results. The IR network cameras are supplemented with two Topline series dome camera models with 3K, high resolution in real-time and good light sensitivity. In addition, a model from the Nightline series with 2K, full HD and excellent low-light performance also contributes to 24-hour video coverage.

Innovative 3D technology encourages planning confidence

Dallmeier Southern Africa Office dallmeiersa@dallmeier.com

www.panomera.com

The customer learned about the successful deployment of a Dallmeier solution for stadium security in the new Regensburg football stadium “Continental Arena” from the operator company das Stadtwerk Regensburg.Bäder und Arenen GmbH. In the request for tender and bidding phase, the operations manager of das Stadtwerk.Donau-Arena, Peter Lautenschlager was particularly impressed by the 3D model presentation, with which the planning experts from Dallmeier’s 3D-Engineering team supported the project from start to finish. “From the very beginning, we were able to obtain a very precise picture of what we would get later. And in the end, everything from the camera viewing angles to image resolutions over the entire observation area matched what was shown in the 3D model simulation exactly. So we were soon able to plan with great confidence, keep a clear idea of costs throughout the process, and were completely satisfied after implementation. What we did find

surprising was how much planning and project work could be done even at a very early stage using the 3D technology, practically at the same time”, recounts Peter Lautenschlager.

Project development and implementation: The “Factory Acceptance Test” as the last hurdle The planning proposal and the bid resulting therefrom convinced the customer, and the project was executed jointly with the installation company, Dallmeier group member IPPI GmbH from late 2017 to early 2018. Prior to installation, the system was preconfigured and tested in the Dallmeier Factory Acceptance Test Center (FAT) to ensure 100% functional capability and trouble-free implementation. The mounting of the Panomeras presented a further challenge, since they had to be mounted on the special ceiling structure at a dizzying height of about 15 metres. Installing the systems while standing in cherry pickers or lifting platforms at such a height was no job for anyone suffering from vertigo. Peter Lautenschlager confirms: “IPPI worked very professionally. We were very satisfied!”

Surveillance, recording, analysis The data recorded on the IPS 10000 appliance can be analysed quickly and conveniently even while the game is in progress at two video analysis stations with Dallmeier Workstations using the recording software SMAVIA Recording Server.

Conclusion: Much more than just video cameras The operators are extremely satisfied with the new systems. Peter Lautenschlager: “In an age characterised by both digitalisation and an increasing unpredictability of events, it was clear to us that we need to upgrade our camera and recording technology from analogue to IP systems and deploy modern security equipment. The quality of the images delivered by the new cameras is exceptional. The perfect harmonisation of camera technology and intelligent (live) observation and analysis enables us to receive meaningful image material so that we can act rapidly if intervention is needed. We want happy visitors and fans. With a solution from Dallmeier, we have obtained exactly the right degree of data protection while offering the highest level of security. We are very glad to have chosen the right partner in Dallmeier.”

SECURITY FOCUS AFRICA OCTOBER 2018

securityfocusafrica.com

CASE STUDY

Top predator is kept in focus by Hikvision 4K cameras

Having one of the world’s top predators take up residence in the middle of your town may not seem like a welcome surprise. But, when that predator is the world’s fastest bird and provides the chance to capture its behaviour at its nest site, courtesy of a top 4K camera from Hikvision, it proved to be too good an opportunity for the people of Taunton and UK peregrine experts to miss.

he peregrine falcon is a large, powerful, and breathtakingly fast bird – the fastest animal on the planet. In normal flight it cruises at 64 km per hour, and can reach 105 km per hour in a chase. But, on the hunt, it can dive towards its prey at more than 322 km per hour. A top predator, the peregrine has little to fear except man, being driven close to extinction in the 1960s due to human persecution and the impact of pesticides in the food chain. With the benefit of stronger legislation and listed species protection, these birds have recovered in their natural strongholds and have now expanded into many urban areas. Just like the urban fox, the peregrine has found our built environment a perfect place to call home, lifelong pairs nesting in their eyries on tall structures and high-rise buildings and feeding predominantly on feral pigeons. St Mary Magdalene Church in Taunton, Somerset, found itself with a pair of peregrine falcons at the top of its 59 m church tower earlier this year and quickly turned to naturalist and ecologist, Michael Leigh-Mallory, to lead the Taunton Peregrine Project. Working with Coomber Security Systems, a total of five Hikvision cameras

securityfocusafrica.com

were installed to monitor the bird’s behaviour, with all the video feeds wirelessly transmitted to a Hikvision NVR and 4K monitor within the church.

Unchangeable church presents challenges Located in the heart of Somerset’s county town, St Mary Magdalene can trace its history to the early eighth century when Christianity was established in Taunton. Since the 12th century, the church has been built mainly of sandstone. This ancient structure provided the first challenge for the installation team as no drilling or permanent fixing to the listed building’s structure is allowed. Naturally, the birds chose the highest point possible to establish their perch, providing the second challenge to the team: placing all five cameras at a height of more than 49 m within the confines of the church tower and in positions that would allow the Peregrine Project to observe the widest possible range of behaviours, including in flight as they arrived at and departed from the site. Finally, the ornithologists were determined that the monitoring activities should not disturb the birds. This meant locating the NVR and 4K monitor at ground level at the opposite end of the church.

Temporary wooden poles key to the solution Coomber Security Systems took on the task of designing and installing the bespoke surveillance system, using Hikvision PoE switches to provide power and data handling for all five IR-equipped cameras that were sited on the tower.

SECURITY FOCUS AFRICA OCTOBER 2018

CASE STUDY A first for peregrine research

The three 4K vari-focal bullet cameras were mounted on wooden poles and then strapped to the tower to overcome the prohibition on making any permanent change to the church structure. Between the three feeds, the project team can see the birds in the air arriving at and departing from the tower, together with comprehensive coverage of the nest box that they installed in the hope that the birds would be encouraged to breed in the future. The project’s observation team also capture video and sound from a 4MP Mini Dome IP camera mounted within the nest box and a small 2MP PTZ camera mounted at the top of the tower to capture all round views, and to ensure the birds are not disturbed, a Ubiquiti AC Nano wireless bridge was used to create a secure connection between the top of the tower and the far end of the church. This means the video and sound from the cameras can be recorded and monitored 24/7 without impacting the natural behaviour of the falcons.

According to Michael Leigh-Mallory, Project Leader of the Taunton Peregrine Project, “With two months of operation under its belt, the new system has been providing 24-hour coverage of the falcon pair, including high resolution images of the peregrines flying in to the perch with their prey. “Despite the difficult and potentially hazardous installation on the ancient building, and the use of an unorthodox mounting system that puts the cameras in very exposed positions, the 4K video from the IP bullet cameras is of amazing quality both day and night.” An open day was held at the end of March to allow the local community to see for themselves the result of their donations that fund the entire project. In addition, the Somerset Ornithological Society and the BBC Springwatch team have shown great interest in the communities’ efforts and a large following is emerging on social media (@tauntonperegrines). Now, the team plan to raise more money so the views of the birds can be live streamed to the Internet via their website, which is currently under construction.

Testimonial from customer Mr Leigh-Mallory said, “The Hikvision cameras have provided images of incredible definition! We have been able to record groundbreaking images of nocturnal hunting and a wide range of behaviour. The 4K images are probably a first for peregrine observation in the UK and this unique 4K footage has been providing valuable information to peregrine experts like Ed Drewitt, naturalist, broadcaster and writer of the book Urban Peregrines.”

Results • Groundbreaking 4K images of nocturnal hunting and a wide range of behaviour

for the first time. • 2 months of uninterrupted operation with cameras operating in very exposed positions. •D ifficult and potentially hazardous installation on ancient building. • Very satisfied end user.

HIKVISION EQUIPMENT DS-2CD2685FWD-IZS – 8 MP WDR Vari-focal Network Bullet Camera • 8MP ultra HD high resolution. • 1/2.5" progressive scan CMOS . • Triple stream – max. 3840 × 2160 @ 20 fps. • 2.8-12mm motorised vari-focal lens. • Up to 50m IR distance. • H.265+ compression. • IP67 weatherproof. • 120dB wide dynamic range. • 3D digital noise reduction. • Supports onboard storage (up to 128GB). DS-2CD2542FWD-IS – 4MP WDR Mini Dome Network Camera • 4MP high resolution. • Full HD 1080p video. • Dual stream. • 2.8 mm/ 4 mm/ 6 mm fixed lens. • 120dB wide dynamic range. • 3D digital noise reduction. • 3-axis adjustment. • Up to 10m IR range. • H.264+ compression. • IP67 weatherproof protection. DS-2DE4A220IW-DE – 2MP Network IR mini PTZ Camera • 1/2.8" progressive scan CMOS. • 1920 x 1080. • 20X optical zoom. • WDR. • 3D intelligent positioning function • Up to 50m IR range DS-7616NI-K2/16P NVR – Embedded Plug & Play 4K NVR • Third-party network cameras supported • Up to 8 megapixels resolution recording. • Support 1-ch HDMI, 1-ch VGA, HMDI at up to 4K (3840 x 2160) resolution. • 8/16-ch network cameras can be connected with 80M/160M incoming bandwidth. • Up to 2 SATA interfaces. • Plug & play with up to 16 independent PoE network interfaces. • Support dual-OS to ensure high reliability of system running. • Support various VCA detection alarm and VCA search. • Support H.265/ H.264/ MPEG4 video formats. 4K Monitor.

SECURITY FOCUS AFRICA OCTOBER 2018

securityfocusafrica.com

LAW & SECURITY

VBS Bank heist report By Peter Bagshawe

VBS Mutual Bank (VBS) achieved prominence with newly-appointed Finance Minister Tito Mboweni making reference to the troubled bank in his Medium-Term Budget speech which took place on 24 October 2018, which was shortly after Mboweni replaced the outgoing Minister of Finance Nhlanhla Nene.

inister Mboweni made further dealing with municipal authorities. reference directly to the Minister Mboweni has indicated that it report, detailing the level is considered that VBS can be saved via of losses and apparent recapitalisation, with this being partly due fraud at VBS submitted by Advocate Terry to the initial model of VBS being correct Motau and Werksmans Attorneys, which in that it encouraged a savings culture was commissioned after VBS was placed geared around uplifting poor communities under curatorship by the South African within a BEE environment. Reserve Bank in March 2018. The South African Reserve Bank has SizweNtsalubaGobodo were appointed guaranteed deposits of up to R100 000, as curator, and their request for an which are payable by an arrangement independent report indicated the gravity of between the South African Reserve Bank the situation with which they were faced. and Nedbank Limited, which further The losses and fraud uncovered were at the reflects the focus put on the smaller core of a liquidity crisis that led to court investors that formed the initial core proceedings for the recovery of deposits, business of VBS. largely around the significant deposits that Municipal deposits fall wide of the were made by municipalities. It is South African Reserve Bank estimated to be in the region guarantee, and this in itself of R2 billion. Of this, some has placed the municipalities R1.2 billion was deposited involved under financial by 14 municipalities, mostly stress. This is likely to impact from the Limpopo and on service delivery and the North West provinces, which payment of running costs. are unlikely to be recovered This cycle will lead to the T it in full. o M b o w e n i likelihood of service delivery VBS started off as the Venda protests and damage to municipal Building Society in 1982, and later property together with an impact on the became the wholly black-owned specialist payment of municipal billings with a corporate finance and retail VBS decrease in the level of income available to Mutual Bank. the municipal authorities. In this role, the majority of the early Following a preliminary review by the investors would have been stokvels, curators and their report to the South burial societies and lower income African Reserve Bank, Advocate Motau individuals. Mutual banks classically are and Werksmans Attorneys were appointed not capitalised, and on this basis tend in April 2018 with a tiered mandate. The to operate more conservatively than first requirement was to determine whether commercial banks in order to protect any of VBS’s business was conducted with the members/shareholders, and have the intentions of defrauding customers, historically weathered some financial crises and whether the bank’s business practices better than commercial banks. were questionable or reckless. It appears that around 2014 this The final requirement was to practice changed markedly when the determine whether there had been National Treasury agreed that VBS would any irregular conduct by shareholders, be permitted to accept deposits from directors, executive management, staff or municipalities. This continued until the stakeholders of VBS Bank. authorisation was withdrawn in February Prior to reviewing the report, entitled 2017, and Treasury issued a directive in The Great Bank Heist, note that both March 2017 which precluded VBS from Advocate Motau and commentators have

securityfocusafrica.com

acknowledged that individuals named in the report were not been given the opportunity of responding, nor were they cross-examined. Some commentators have gone further and said that the report may be tainted by the failure of Matau and Werksmans to interview those implicated, and it may not hold up in legal proceedings. Some criticism has also been levelled against the actions of the South African Reserve Bank and the South African Revenue Services, but these points will, for my purposes, not be taken further. The Great Bank Heist Report found that 3 basic methods were used by executives within VSB to obtain funds and circumvent the normal procedures applicable to bank transactions. Firstly, large sums of money were paid to perpetrators involved in the scheme as rewards for their participation, and bribes were paid to others to not reveal what was taking place within the bank. In this regard, the complicity of the internal and external auditors and orchestrated compromising of both audit functions was highlighted in the report, as were payments made to individuals who would normally be charged with ensuring compliance within the bank with procedures. VBS also granted car or home loans, often without security, and then failed to follow up when no payments were made on those. Overdraft facilities were given that also remained unpaid. There was also a wide campaign to attract large deposits from municipalities by the payment of “commissions” to third parties (largely persons with political connections in the areas where the municipalities were located) for their influence in securing such payments. The final leg was the making of large fictitious payments to the main shareholder within VBS Bank in order to unlock the funds. From here, further apparentlyfraudulent payments were made to

SECURITY FOCUS AFRICA OCTOBER 2018

LAW & SECURITY

individuals. In all, some 53 individuals and organisations were identified in Matau’s report as having received payments of various amounts – some of whom have acknowledged that the payments made were illegal. The Report submitted by Matau was specific in two areas that are unusual, in that there were recommendations made. The first of these was that the authors were of the opinion that the structure of the bank was “rotten to the core”, with hardly anyone in a position of authority not, in some way or other, complicit in the fraud identified. Coming from this, it was recommended that urgent steps be taken for the winding up of VSB’s affairs. Here the report and Minister Mboweni appear to be at odds. A telling

INDEX OF ADVERTISERS

recommendation is that criminal action be taken against those identified as complicit on all sides of the string of transactions, and further that South African Reserve Bank’s Prudential Authority lay complaints with the respective professional bodies of the chartered accountants and attorney identified in order that they be subject to review of the status with those bodies. It is seldom that a local banking institution has faced as extensive an enquiry, and I cannot recall another instance where the information made available to the public has been as extensive or damning in its entirety. Indications are that specialised crime units and prosecuting officials will be, or are currently, investigating the content of the report.

Given the depth of alleged corruption and the simplistic nature of the mechanisms identified in Matau’s report, the processing of the criminal investigation should be relatively rapid and the Assets Forfeiture Unit should also become involved at an early stage. However given the nature of the early investors in VSB Bank and the impact on these individuals, the South African Reserve Bank guarantee should be monitored and, if appropriate, amended to protect the smaller investors as far as possible. PETER BAGSHAWE holds a Bachelor of Law degree from the former University of Rhodesia and a Bachelor of Laws degree from the University of the Witwatersrand.

October 2018 PAGE

WEBSITE

Active Track

info@activetrack.co.za

www.activetrack.co.za

Dallmeier

dallmeiersa@dallmeier.com

www.dallmeier.com

Eavesdropping Detections Solutions (TSCM)

info@tscm-za.com

www.tscm-za.com

Hikvision Digital Technology

OBC

overseasbusiness@hikvision.com

www.hikvision.com

Longse Distribution

sales@longse.africa

www.longse.africa / www.longse.com

Paxton Access

IFC

support@paxtonaccess.co.za

www.paxtonaccess.co.za

Plaslope

glenda.aereboe@plaslope.com

www.plaslope.com

Pyronix

laurencek@pyronix.com

www.pyronix.com

Security Association of South Africa

IBC

admin@sasecurity.co.za

www.sasecurity.co.za

Sefeko / Gendac Software Engineering

OFC, 6,7

info@sefeko.co.za

www.sefeko.co.za

Sentinel Guard Monitoring

sales@guardreports.co.za

www.guardreports.co.za

Sparks & Ellis

info@sparks.co.za

www.sparks.co.za

SUBSCRIBE HERE

ADVERTISER

Contact Publications (Pty) Ltd, PO Box 414, Kloof, 3640 Tel: (031) 764 6977 Fax: 086 762 1867 Email: jackie@contactpub.co.za  Yes, please, I would like to subscribe to Security Focus Africa at R650 per year (RSA only). The subscription includes an annual Buyer’s Guide.  Enclosed please find cheque to the amount of R  Please start my subscription from the Do you require a tax invoice

 Yes

issue.

 No

(If yes, one will be sent to you on receipt of your payment.)

BANKING DETAILS: First National Bank Branch: Kloof Branch Code: 221526 Account No: 50730106925 Name: Contact Publications (Pty) Ltd

NB: Please make cheques payable to Contact Publications (Pty) Ltd Name ................................................................................................ Signature ............................................................................................... Date ...................................................... Company .................................................. Position ........................................................................ Address ........................................................................................................................................................................ Code ............................. Tel .......................................................... Fax .............................................................. Email .............................................................................

SECURITY FOCUS AFRICA OCTOBER 2018

securityfocusafrica.com

CALENDAR

Conferences, events & exhibitions of interest to the security industry LOCAL EVENTS: 2018 October 24: ESDA annual general meeting | esda.org.za/event/annual-general-meeting Hitek Security Roadshow NOVEMBER 6: Port Elizabeth NOVEMBER 8: East London NOVEMBER 13: Durban NOVEMBER 15: Bloemfontein NOVEMBER 16: Cape Town NOVEMBER 18: George NOVEMBER 23: Midrand NOVEMBER 25: Randburg

Convention Centre, Midrand, Johannesburg Tel: +27 (0)11 835 1565 | www.aosh.co.za.

INTERNATIONAL EVENTS: 2018 October 25-27: IFSEC Asia | Venue: IMPACT Exhibition & Convention Center, Bangkok | www.ifsec.events/sea November 6-8: Expoprotection Venue: Paris Expo Porte de Versailles, Paris, France | www.reedexpo.com/en/ Events/6502/Expoprotection. NOVEMBER 14-15: ISC East | Venue: Javits Center, NYC | www.isceast.com

More information: Tel: +27 21 946 3344 Email: sales@hiteksecurity.net www.roadshows.hiteksecurity.net

28-29 November: International Security Expo | Venue: Grand Hall, Olympia, London, United Kingdom | www.internationalsecurityexpo.com

LOCAL EVENTS: 2019

December 5-7: IFSEC India | Venue: Pragati Maidan, New Delhi | www.ifsec.events/india

May 14-16: SECUREX SOUTH AFRICA 2019 Venue: Gallagher Convention Centre, Midrand, Johannesburg | Tel: +27 (0)11 835 1565 www.securex.co.za. May 14-16: A-OSH EXPO Venue: Gallagher

INTERNATIONAL EVENTS: 2019 March 6-8: SECON 2019 | Venue: KINTEX, Seoul, Korea | www.seconexpo.com 19-22 March: Securika Moscow Venue: Expocentre, Moscow

9-11 April: The Security Event | Venue: NEC, Birmingham, UK Tel: +44 1202 022 108 Email: marketing@thesecurityevent.co.uk www.thesecurityevent.co.uk/security-eventhome 10-12 April: ISC West | Venue: Sands Expo & Convention Center, Las Vegas, NV, United States | www.iscwest.com 16-17 April: Securex West Africa | Venue: Landmark Centre, Lagos, Nigeria | Email: abby.cairns@montex.co.uk | www.securexwestafrica.com/conference 21-24 May: CNP Expo | Venue: Marriott Marquis | San Francisco, CA | www.cnpexpo.com May 22-23: Infosecurity Mexico 2018 Venue: Centro Citibanamex, Mexico www.infosecuritymexico.com MAY 29-31: IFSEC Philippines | Venue: SMX Convention Centre, Pasay City, Metro Manila | www.ifsec.events/philippines/ June 18-20: IFSEC International Venue: ExCeL London UK | www.ifsec. events/international/exhibit2019

TEL: +27 11 452 1115 FAX: +27 11 452 3609 WEBSITE: www.plaslope.com EMAIL: glenda.aereboe@plaslope.com

TAMPER EVIDENT SECURITY BAGS • Debasafe® Tamper Evident Security Bags are used whenever tamper-evident movement is critical. • We manufacture to order and assist in tailor-made solutions to suit your security needs. • A comprehensive range of security features are standard on the bags and additional features can be added. • The sealing strip is used for exacting demands with a heat indicator displaying attempts to tamper. • Tampering by means of cold, heat, solvents, liquids & manipulation is clearly visible. • Bags can be customised according to customer’s requirements with exclusive numbering & bar-coding. • Bags are manufactured in either transparent or opaque LDPE film, in various grades to meet specific requirements.

The bags are used for the safe movement of: • Government Departments • Foreign Exchange • Confidential Documents (Examinations, Elections, Passports, Visas etc.) • High Value Items (Diamonds, Precious Metals, Forensic Evidence, Cellphones, Computer Equipment) • Cash (Banks & Cash-in-Transit companies)

securityfocusafrica.com

SECURITY FOCUS AFRICA OCTOBER 2018