18 minute read
Cybercrime in Focus
CYBERCRIME IN FOCUS
BY CHARNDRÉ EMMA KIPPIE
Action against Cybercrime
Here are a few tips on how you can avoid Cyber Fraud
International Fraud Awareness Week takes place between 15-21 November annually. This commemoration encourages organisations, businesses and individuals to proactively take the necessary precautions to minimise the devastating impact of fraud by promoting anti-fraud awareness and education.
Raising awareness on fraud is essential, as organisations around the world are currently losing an estimated 5%of their annual revenues as a result of cybercrimes and cyber fraud — according to the 2020 ACFE Report to the Nations. In light of International Fraud Week, it is an optimal time to address cybercrimes, especially cyber fraud.
WHAT IS CYBER FRAUD?
Cyber fraud is a crime committed by way of utilising a computer/ electronic device with the intent to corrupt another individual's personal and financial data, which has been stored online. This type of data can be used by a cyber fraud perpetrator to financially fund themselves, or they might intend to use this money to fund illegal activities.
WHERE DO WE STAND?
This particular type of cybercrime may harm someone's overall security and reputation as well. And one way for this crime to be committed is through the use of ransomware.
Ransomware is everywhere and just about anyone can fall prey to this type of attack. Research has shown that throughout the first half of 2021, Africa accounted for 1,7% of ransomware attacks worldwide.
South Africa made up 1,05% of these recorded attacks. This indicates that only 0,65% of the total recorded attacks were actually against users in other parts of the African continent — Trend Micro’s midyear Cybersecurity Report 2021. The Trend Micro’s midyear Cybersecurity Report also highlighted a 47% year-on-year surge in email threats, as well as malicious files and URLs.
We were able to sustain our operations by continuously innovating, implementing robust turnaround strategies
“Pre-pandemic, when most of the workforce was office-based, it was easier to secure endpoints and a company’s data centre. Traditional perimeter security has disappeared. It is now found wherever your workforce is located – at their homes, in hotel rooms, coffee shops or coworking spaces. Now, the task requires moving workloads to the cloud and securing every employee,
their homes and personal mobile devices, all of which have become companies’ new data centres,” explained Zaheer Ebrahim, Cybersecurity Consultant at Trend Micro.
“As cybersecurity threats continue to increase in frequency and sophistication, Security Operations Center (SOC) teams must streamline their security processes without sacrificing reliability. One way to do that is through Endpoint Detection and Response (EDR), which continually monitors and responds to mitigate cyber threats. EDR acts like a CCTV camera that records all the activities that occur at an endpoint. While it might not be able to prevent a cybersecurity threat, it can playback the breach to strengthen cybersecurity retrospectively and secure any vulnerabilities from future attacks”, Ebrahim concluded.
LAYING DOWN THE LAW
New laws documented in the Cybercrimes Act 19 of 2020, are bringing South Africa up to speed in terms of international standards for fighting cybercrime. A spike in global internet-based offences has been acknowledged this year. This has been due to the workfrom-home trend which came into play as a result of the global Covid-19 pandemic. Thus, there is no surprise why these laws have been updated.
Our Cybercrimes Act has been described as “a groundbreaking and decisive step in the country’s cyber governance and policy space”, by Advocate Doctor Mashabane — Director-General in the Department of Justice and Constitutional Development and South Africa’s former Cyber Envoy to the United Nations. In addition to the Cybercrimes Act, the Protection of Personal Information Agreement (POPIA) Act 2020, is also now in play. Together, these two strategies play a key part in South Africa’s defence against cybercrime.
Advocate Mashabane has also indicated that the Cybercrimes Act will further “bolster our engagement at diplomatic and multilateral platforms with a view to developing a global framework on cybercrimes and cyber security.”
South Africa does, however, stand as a major player internationally, contributing to multiple UN forums geared towards coming up with the best recommendations for how to govern cyberspace efficiently. It is an ambitious mission to successfully complete. However, if we continue to enact new domestic legislation, our nation will convey a critical message to the world of its steadfast commitment to laying down the law and combating cybercrime, especially in relation to cyber fraud.
THE CYBERCRIMES ACT 19 OF 2020 INTENDS TO:
• Define offences which have a bearing on cybercrime;
• Criminalise the disclosure of data messages which are harmful and to provide for interim protection orders
• Further regulate jurisdiction in respect of cybercrimes
• Further regulate the powers to investigate cybercrimes
• Further regulate aspects relating to mutual assistance in respect of the investigation of cybercrimes
• Provide for the establishment of a designated Point of Contact; to further provide for the proof of certain facts by affidavit
• Impose obligations to report cybercrimes
• Provide for capacity building
• Provide that the Executive may enter into agreements with foreign states to promote measures aimed at the detection, prevention, mitigation and investigation of cybercrimes;
• Delete and amend provisions of certain laws
• Provide for matters connected therewith
COMBAT ONLINE FRAUD
• The National Anti-Corruption
Hotline for the Public Service is a government initiative.
• • It ensures that all cases of alleged corruption are reported centrally and re-directed to the relevant departments/provincial administration for further attention.
• To report acts of corruption or fraud, call the toll-free number 0800 701 701 or SMS 39772.
• You can also join the global effort to minimise the impact of fraud by promoting anti-fraud awareness and education
• For more information: fraudweek.com
HOW TO PREVENT CYBERCRIMES
KEEP YOUR INFORMATION SAFE
» Backup all your important files, and store them independently from your system (e.g. in the cloud, on an external drive);
» Always verify you are on a company’s legitimate website before entering login details or sensitive information.
CHECK YOUR SOFTWARE AND SYSTEMS
» Always upgrade to the latest anti-virus software
» Secure email gateways to catch threats sent via spam
» Bolster your home network
» Secure system administrations vulnerabilities that attackers could abuse
» Disable any third-party or outdated components that could be used as entry points
» Download mobile applications or any other software from trusted platforms only
» Perform regular health scans on your computers or mobile devices
BE HYPERVIGILANT
» Chat to your family members about how to stay safe online
» Always check and update the privacy settings on your social media accounts
» Change your passwords regularly and ensure they include a strong mix of uppercase, lowercase, numbers and special characters
» Do not click on links or open attachments in emails which seem suspicious n
FM SOLUTIONS
INTERVIEW
Lydia Hendricks
BUSINESS DEVELOPMENT DIRECTOR | FM SOLUTIONS
WHY ARE YOU PASSIONATE ABOUT FACILITIES MANAGEMENT, AND WHY IS THIS FIELD AN ESSENTIAL ONE?
No matter what business or industry you find yourself in, facilities management touches and impacts the lives of every person accommodated in that organisation. The discipline of FM is that of anticipating the needs of the organisation, planning and coordinating its support systems, and ensuring a functional, safe and pleasing environment for the occupants, and its visitors.
What I find stimulating about facilities management is that it is so diverse. No matter what you have planned for the day, no day is the same and, therefore, you need to be an organised person and have the ability to think on your feet, be people-focused, whilst addressing the challenges in the best interest of the business. Change management and demand management are also essential competencies needed to be successful in this line of work.
WHAT ARE THE MAIN TASKS OF FACILITIES MANAGERS, AND WHAT CHALLENGES HAVE YOU COME ACROSS THUS FAR?
The responsibilities of facilities managers will vary depending on the nature of the organisation, but generally entail maintaining the buildings and grounds of an organisation, overseeing the upkeep of equipment and supplies, determining and scheduling repairs or renovation projects, and coordinating safety inspections.
For Government, it has become an employment drive, and I agree this must be the goal. Given the urgency, it is imperative that employment must not override the objectives of sound facility management for well-run buildings. By getting Government’s house in order, we’ll create the right platform to build on.
IN YOUR OPINION, WHAT STRATEGIES ARE THERE FOR EFFECTIVE FACILITIES MANAGEMENT IN GOVERNMENT AND THE PUBLIC SECTOR?
At national key points within Government these services have been outsourced to FM companies. The system put in place has enabled the Government to increase the pace in driving the public sector buildings’ agenda. It is evident that Government’s strategy is to procure FM service providers, to assist them in bringing their buildings up to standard.
Through their outsourced service drive skills transfer, and driving their employment, objectives are achieved and in so doing capacity is built. Consistency and performance management of Government staff and contractors will be key once these structures are set up, and performance measurement of both staff and service providers will be paramount.
ARE YOU WITNESSING ANY KEY TRENDS EMERGING IN THE FACILITIES MANAGEMENT FIELD IN SA? IF SO, PLEASE ELABORATE.
Trends in the facilities management field are:
• Big data: drives procurement and long-term building sustainability and strategy • Energy efficiency and sustainability given the impact of power outages
• Planning and positioning business to meet Government’s 2030 environmental agenda.
• Hybrid workplace solutions: the workspace is being re-engineered to support hybrid working environments
• Business sustainability: the hybrid workplace has resulted in a decreased demand for office space and related support services. Innovative solutions whilst protecting jobs are at the forefront of decisionmakers for business survival
WHAT ADVICE WOULD YOU GIVE TO SOUTH AFRICANS WHO ASPIRE TO WORK IN YOUR FIELD OF EXPERTISE?
Facilities Management is not for the fainthearted and having a passion for what you do in this industry is the first step to success. My advice to South Africans who wish to operate in this environment is to make a positive contribution to the economy of this country through sustainable business solutions. n
Contact:
Address: Unit 169, Block F, Millenium Business Park, 19 Edison Way, Century City Cape Town (Head Office) Tel: 021 528 8980 Website: www.fm-solutions.co.za Email: lhendricks@fm-solutions.co.za
PSIRA
INTERVIEW
ENSURING SECURITY Manabela Chauke DIRECTOR OF PSiRA
PLEASE DESCRIBE THE ROLE
AND RESPONSIBILITIES OF THE
PRIVATE SECURITY INDUSTRY
REGULATORY AUTHORITY (PSiRA).
The Private Security Industry
Regulatory Authority was established in 2002 in terms of section 2 of the Private Security Industry Regulation Act No. 56 of 2001.The Regulator was founded with the aim to regulate the private security industry to exercise effective control over the practice of the occupation of security service providers.
Our mandate is to promote and ensure effective regulation of the security industry and to monitor compliance within the security industry. The private security industry consists of security service providers (i.e., private security companies and security officers) and inhouse security services – that are government departments, SOEs and municipalities that employ security officers and close protection officers.
AS THE DIRECTOR FOR PSiRA WHAT ARE YOUR MAJOR FOCUS AREAS?
My focus in the next few years is to achieve the Strategic Plan outcomes for the 2020-2025 Medium-Term Strategic Framework (MTSF) period and amongst others and in the endeavour to fully implement the PSiRA Digital Transformation Strategy, which is geared toward automating the service offerings to our customers, and mitigating the effects of Covid-19 pandemic while improving service delivery.
WHAT ARE THE DIFFERENT LEVELS AND TYPES OF CERTIFICATES YOU ISSUE FOR PRIVATE SECURITY COMPANIES AND INDIVIDUALS? IS THERE A REQUIREMENT FOR REFRESHER COURSES?
We issue certificates to security businesses to ensure compliance in terms of the PSiRA Act and regulations. This is the only type of security business certificate that will legitimise a business function within the private security industry. Secondary to the business certificate is the accreditation award certificate for security training providers who have been accredited to offer security training in the industry.
The other certification is that of individual security officers who are certified for their Grades Training on various levels (Grades E to A), predominantly in the guarding sector. We are also looking at the accreditation of other courses in the private security sector, especially certification for different categories which are more into specialisation. Currently, regulation 11(7) of the Code of Conduct for Security Service
Providers requires employers to provide staff in their employ at least once a year with refresher courses on legal aspects of regulation. We recently embarked on developing new grades training material to modernise the training and ensure equitable standards. However, we are very confident that the introduction of the newly revised Grades and review of the current specialised courses will call for all security service providers to conform to the new standards and advance proficiencies by deployed Security Officers.
WHAT WAS YOUR JOURNEY THAT LED YOU TO JOINING PSiRA?
My career journey started in the Police Force as an Officer after obtaining a Law Degree, and over the years, a management qualification. From the Police, I worked for the National Prosecuting Authority as a Regional Public Prosecutor and later joined the then Security Officers Board, affectionately known as (SOB), as an inspector, and later PSiRA as a Prosecutor. After a stint at PSiRA, I moved to the private sector in different portfolios. My interest has always been in governance and leadership prior to coming back to PSiRA. When I was with PSiRA years ago, I told the previous CEO that I would one day come back as a CEO and of course, he thought there was something wrong with me. Then in 2010, I came back to PSiRA as the CEO, and this was a dream come true.
YOU HAVE BEEN WITH PSiRA FOR MORE THAN 10 YEARS. WHAT ARE SOME OF THE MAJOR CHANGES YOU HAVE SEEN IN THIS DECADE?
When I joined PSiRA, the Authority was going through challenging times, especially from a finance perspective. We however had an excellent accounting authority led by the late Mr Thula Bopela as a chairperson who trusted and believed in the new Executive team to turnaround the organisation.
The first five years of term of office focussed on turning the organisation around to ensure efficient and effective business processes, establishing improvement to the organisational structure by introducing the Business Information Technology (BIT), Research Development as critical tool to inform policy position, Office of the Corporate Secretary to strengthen governance and Forensic Unit to address corruption and develop an ethical corporate culture within PSiRA.
Amongst others, we revised our approach to regulation to focus on compliance and enforcement underpinned by strong capacity building and advocacy campaigns. In addition, we developed the PSiRA brand to be associated with efficiency and introduced certificates with unique security features to curb fraud and corruption within the industry. A decision to extend my term of office has offered an exciting period to lead the organisation and direct the steps to visualise organisational goals. As the Regulator, we have embraced the digital transformation and the disruption that comes with innovation.
For example, in 2018, we launched the PSiRA APP, deployed the geomapping software and currently we are implementing digital transformation strategy that will result in better service delivery, online certification, online accreditation, online registration, and most importantly, allowing our stakeholders to do what they do best instead of coming to queue for services at our offices.
In 2013/14 financial year, PSiRA changed its certificate to the current certificate with security features designed with the assistance of Government Printing Works. The purpose of securing our certificates was to curb identity theft and improve industry compliance.
Another milestone to be noted is the two research topics conducted by the Research and Development unit around 2015/16:
A. Improving the use of firearms and;
B. Enhancing the training standards in the private security industry.
AMONGST OTHER HIGHLIGHTS ACHIEVED IN THE PAST 10 YEARS ARE:
• Strengthening of corporate governance.
• Professionalisation of the private security industry in South Africa.
• Financial stability through new revenue streams such as the renewal project.
• Increased number of operations and inspections which resulted in severe punitive consequences against non-compliance.
• Improvement in various industry sectors and knowledge areas through research and development.
• Introspection in industry transformation challenges.
• Establishment of industry sector advisory committees.
• Great strides were made to improve Stakeholder Engagements.
IS PRIVATE SECURITY A GROWTH INDUSTRY IN SOUTH AFRICA?
The Security industry is growing at a rapid pace and this growth is characterised by new technology and innovation with the use of security gadgets, artificial intelligence, and strides in embracing 4IR that must be regulated adequately.
Over the last eight years there has been a 14% increase in the number of registered Security Officers and 33% of the number of registered active security businesses.
HOW CLOSELY DOES THE PRIVATE SECURITY INDUSTRY WORK WITH PUBLIC SECTOR SECURITY SERVICES?
The private security industry works very closely with public sector security, where joint initiatives are held to combat crime. Due to the high number of security personnel in the industry, the public sector is assisted tremendously during operation and opening of cases as and when security businesses are involved in the crime scene and incidents. In addition, the public sector employs inhouse security officers who are also subjected to the regulations by PSiRA.
HOW HAS COVID IMPACTED ON HOW THE REGULATORY AUTHORITY CARRIES OUT ITS RESPONSIBILITIES?
The Covid-19 pandemic has hit us the same way as any other organisation. From an internal business continuity perspective, PSiRA had a business continuity strategy that was immediately activated. Our ICT services had been improved two years earlier to allow collaboration using Microsoft Teams and Skype for Business. From the business side, PSiRA as a regulator is a self-funded organisation and if the security industry experiences an economic downturn, this will affect our ability to render services. However, we were able to carry out several inspections, especially in the first quarter of the 2020/2021 financial year, together with the assistance of our stakeholders, the SOUTH AFRICAN POLICE SERVICE
(SAPS).
WHAT HAVE BEEN SOME OF YOUR MAJOR MILESTONES?
• Turnaround strategy in 2010 which has assisted in saving the organisation and maintained liquidity. • Introduce new PSiRA certificate with encrypted security features and expiry date in 2013.
• Opening of the new offices in the
Free State in 2017.
• PSiRA becomes a member of an international body, IASIR in 2018 and the launch of the PSiRA APP.
• Achievement of the first clean audit by the Auditor General
South Africa in 2019 to date.
WHAT HAVE BEEN YOUR MAJOR HURDLES AND HOW DID YOU OVERCOME THEM?
The Unsustainable Funding Model
The Authority is self-funded mainly through prescribed fees in respect of applications for registration and annual amounts payable to it by members of the industry. Over the years, this funding model became defunct. In addition, fines are imposed on businesses found guilty of improper conduct, and interest from investments. The Authority has engaged the National Treasury regarding the sustainable funding model with a view to introducing the Private Security Industry Levies Act, 2002, which is still underway.
We were able to sustain our operations by continuously innovating, implementing robust turnaround strategies from fiscal
discipline to heightened industry compliance campaigns to revenue collection.
Deployment of undocumented foreign nationals
We have been trying to address these challenges by intensifying compliance and the renewal project aimed at curbing identity theft and improving industry compliance. These include the non-registration of personnel and businesses, poor training, inadequate vetting, and background checks, issuing firearms to persons who are not competent to use them, and the failure to pursue criminal or disciplinary action against security personnel breaking the law.
Inaccurate Declaration by security companies
Some security service providers deliberately choose to evade the statutory requirements by under declaring their personnel. Through the enforcement approach, we induce punishment for improper conduct by imposing sanctions against noncompliance. Continuous operational efficiencies made it difficult for the industry to sustain inaccurate disclosures of their staff.
Transformation of the private security industry.
In 2016/17 The Authority appointed a panel of experts to probe matters affecting the industry’s transformation holistically and eventually came up with a transformation concept document after consultation with key industry alliance partners.
However, due to financial constraints experienced by the Authority, the discussion document remains to be taken through the next consultative process. The Authority is still hopeful and continues to try and secure funding for the project from other stakeholders.
HOW IS THE NEW DIGITAL ONLINE PLATFORM GOING TO CHANGE THE SECURITY INDUSTRY?
The digital online system currently being developed will ensure effective and efficient customer service and improve regulation of the private security industry. For example, security officers and businesses will no longer need to book to come to our offices to renew their certificates.
As a result, they will be able to renew online, thereby saving on travelling costs and time. Over 60 percent of our members are millennials. The new online system is a game changer for this cohort of the industry.
Most of the services that are delivered in a face-to-face fashion will be phased out to the digital platform. n
CONTACT DETAILS:
Address: 420 Witch-Hazel Avenue, Eco Glades 2 Office Park Highveld Ext 70 Centurion, 0158 Email: info@psira.co.za Phone: 086 133 3850 Office Hours: 07:30 - 16:00 Monday to Friday. Closed on weekends and public holiday
