Table of Contents 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 IBC OBC

Hi-Tech Security Solutions | Volume 28 | Issue 3 2022

VOLUME 28 | ISSUE 3 2022 The authoritative resource for physical and converged security

www.securitysa.com Issue 3 2022 1 VOLUME 28 ISSUE 3 2022 8 12 14 18 22 The supervisor role in control rooms What just happened? Sector focus: Finance Cash handling services and solutions Disaster recovery & business continuity Dr Craig Donald says the control room supervisor role is not a simple task of making sure that all the staff are present and appear to be performing their duties. Securing financial organisations is more than simply keeping the safe locked and installing safety glass. Adriaan Bosch talks about how intelligence, preparation and ensuring the flow of accurate information helped PEP Stores recover quickly from attacks on 283 stores. Cash is always a target for criminals. Hi-Tech Security Solutions looks at some options for being able to deal in cash while also protecting it. Keeping the wheels turning no matter what happens is challenging, but who can afford to be unprepared in today’s volatile world? Editor’s note.............................................2 News............................................................4 Building management................... 21 Cybersecurity....................................... 24 Access control & identity management....................................... 27 Product news....................................... 31 Our cover: Focusing on you Forbatt SA understands the call for more and ever-improving choice in the industry. That is why it ensures its product range and staff are always up to date with the latest technology available on the market. Forbatt’s primary focus is on offering technologically advanced products to achieve optimal solutions for its clients. Please view the video on http://www.securitysa.com/16274r VOLUME 28 | ISSUE 3 2022 The authoritative resource for physical and converged security

2 Issue 3 2022 www.securitysa.com Andrew from the editor’s desk LETTERS TO THE EDITOR Letters to the Editor should be addressed to Andrew Seldon at [email protected]. Sending material to this publication will be considered automatic permission to use in full or in part in our Letters column. Be sure to include your name, e-mail address, city and postal code. We reserve the right to edit all letters. Disclaimer While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements, inserts and company contact details areprinted as provided by the advertiser. Technews Publishing(Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material. All rights reserved. No part of this publication may be reproduced, adapted, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of Technews Publishing (Pty) Ltd, Reg No. 2005/034598/07 Editor Andrew Seldon: [email protected] Contributors Dr Craig Donald Adriaan Bosch Liana Bosch Advertising sales Tracy Wolter: [email protected] Heidi Hargreaves: [email protected] Subscription Services For address changes, orders, renewal status or missing issues, e-mail: [email protected] Design and layout: Technews Production Department Published by Technews Publishing (Pty) Ltd 1st Floor, Stabilitas, 265 Kent Avenue, Randburg Box 385, Pinegowrie 2123 Tel: +27 11 543 5800 ISSN 1562-952X Subscribe online: www.technews.co.za HI-TECH SECURITY SOLUTIONS ISSUE 3 2022 After two years, the industry is eventually able to get back to a form of normality and Africa’s biggest security show is back. Understandably, some people are still nervous about meeting in person and going to exhibitions with hundreds of other people, but the overwhelming feeling among people I have spoken to is that it will be great to be able to get out there and meet people face to face again. This issue will be on the show at the Hi-Tech Security Solutions’ stand and we hope to meet as many people as possible during the event. An interesting turn of events, and I believe a positive one, is that Firexpo will be joining Securex as an event focused on the fire safety market. Personally, I think it’s about time the fire safety market got its own show and I hope it will be well supported as this is a critical aspect of the security industry as a whole. Of course, security is critical, especially in our part of the world, so it will be good to see what has changed and who is with which companies after such a lengthy period of Zooming and isolation in various forms. From what I can see, there will be a few new companies exhibiting as well as some old faces reappearing, so it is a case of something old and something new. The new old normal Of course, the Facilities Management Expo and A-OSH will be under the same roof. While these markets are not precisely aligned to the traditional security market, all four events fall under the umbrella of risk management and we are seeing more companies changing their structures to combine and streamline these areas of risk – none of which they can afford to ignore. It’s unfortunate that we are not also seeing a cybersecurity event. I guess the infotech crowd doesn’t want to associate with us plebs, but while information security is critical in its own right and gets all the attention, it is just as critical in conjunction with other areas or risk management. (There are some infotech companies at the show, but far less than there should be.) The fact is that an effective risk strategy for any organisation will include all the above disciplines, and while the skills in each may be specific, a converged approach is the only way to manage and mitigate risk effectively without leaving gaps for those with nefarious intent. Perhaps now is the time to resurrect that infamous word convergence. Be sure to stop by the Hi-Tech Security Solutions’ stand – Hall 2, B11.

4 Issue 3 2022 www.securitysa.com NEWS Africa Data Centres has strengthened the integrity of its day-to-day running by acquiring ISO certifications through the internationally recognised authority in ISO certification, the British Standards Institution South Africa (BSI). Through the BSI’s Integrated Management System (IMS), Africa Data Centres was able to implement the certifications seamlessly. By following the IMS route, more applicable certification was implemented while retaining the return on investment and enabled the company to remain up to date with its accreditation requirements. “When a company starts the journey to obtain ISO certification, it’s quite scattered and you realise how expensive the process is. By utilising BSI’s IMS approach, we were able to make a 35% saving on the entire process.” explains Hendrik Crous, the quality, accreditation and resilience manager at Africa Data Centres. “ISO standards are integrated, meaning that one builds upon the other. As Africa Data Centres we were able to integrate the certifications to a point that there’s a single body that can manage and control them which saves on resources and of course external and internal audits.” adds Crous. BSI – the preferred choice When Africa Data Centres sought out the authority to acquire certification, it made sense that BSI was chosen to accompany it on the journey to certification. Apart from their vast experience of helping businesses improve and maintain high standards for over 100 years, the seamless IMS approach as well as cost saving and global renown won Africa Data Centres over. Crous further adds that the foundation of all the ISO standards is the quality management standard ISO 9001. For data centres such as Africa Data Centres, they have legislative and regulatory requirements they need to comply with. BSI’s integrated route of certification allowed the company to then obtain the other relevant ISO certifications, namely, ISO/IEC 27001 which deals with information security management, which forms the core part of the business as they are entrusted with highly sensitive data from clients. The company also obtained ISO 14001 which pertains to environmental management and helps the company’s day-to-day operations be more sustainable. ISO 45001 ensures that the company is proactive in occupational health and safety, which demonstrates commitment to providing a safe, healthy and sustainable work environment. Working during a global pandemic means that many industries were disrupted, however ISO 22301 which deals with business continuity, ensured that all of Africa Data Centres contingency plans remained intact and the company was able to remain productive despite the drastic changes happening globally. Africa Data Centres offers scalable and secure co-location services to support data, applications and back end systems to meet all current and future business needs. It has locations across the continent’s major regional business and trade hubs. These locations are rapidly emerging as epicentres for public and private cloud hosting, attracting both multinationals and the largest African enterprises. “Put simply, excellence is in our DNA. From the top-class service from our team of experts to the secure and reliable data centres, we take pride in our business and want the best for our customers too. This perfectly resonates with our standards.” says Crous. ISO accreditation enhances business Obtaining the certification has opened gateways for new business opportunities for Africa Data Centres. These business opportunities have created savings in the aspects of collective implementations. Each ISO enhances, amongst other things, productivity, continual improvement, helps the business adopt a more proactive approach, increases sustainability, encourages innovation and ensures quality and service excellence is maintained. “Being certified has also helped us grow our sales pipeline, especially in the financial services industry and cloud sector, where certifications are a critical part of their data centre site selection criteria.” adds Crous. Like many organisations, Africa Data Centres has had to adapt to working under the constraints of a global pandemic which has brought with it the increase of remote work for many. This increased need has opened the door for Africa Data Centres as a carrier neutral co-location data centre along with its parent company, Cassava Technologies, which provides solutions such as fibre broadband networks, cloud and cybersecurity, digital platforms, renewable energy and fintech solutions. ISO certifications have ensured that, as a data centre, Africa Data Centres offers clients the assurance that the organisation offers a safe and dependable environment. For more information go to www.africadatacentres.com The team at Africa Data Centres accepts their BSI stamp of approval. Pictured from left to right are: Dawn Simpson, business process coordinator, Stefan Rademeyer, HSE Construction specialist, Henk Gerber, business process manager, Sewes Erasmus, QHSE executive, Dawn Abrahams, executive assistant, Robyn Eckert, governance and enterprise risk manager and Vusumuzi Dladla, health, safety and environment officer. Africa’s largest data centre obtains internationally accredited certifications

www.securitysa.com Issue 3 2022 5 NEWS Gallagher has announced it has achieved ISO 27001 accreditation; the leading international standard focused on information security. The ISO 27001 standard ensures organisations protect their information in a systematic and efficient way, through a robust and comprehensive Information Security Management System (ISMS). “Achieving this certification further demonstrates to our channel partners and customers around the world that we are committed to ensuring the delivery of robust and industry-leading security solutions which protect and safeguard the data of each and every one of them,” says Greg Barclay, chief operating officer at Gallagher. The certification verifies Gallagher’s outstanding safeguards in three critical areas, including confidentiality, integrity and authorised Gallagher announces ISO 27001 certification Entries for the South Africa Outstanding Security Performance Awards (OSPAs) are now open. The OSPAs are designed to be both independent and inclusive; providing an important opportunity to recognise and celebrate the work of those dedicated companies, individuals and teams who deliver outstanding security products and services. For 2022, the awards are being offered in the following categories: • Outstanding Contract Security Company (Guarding). • Outstanding Security Consultant. Entries open for 2022 OSPA Awards • Outstanding Security Installer/Integrator. • Outstanding New Security Product. • Outstanding Risk Management Solution. • Outstanding Security Equipment Manufacturer. The South Africa OSPAs are free to enter, you can enter as many categories that are applicable and entries close 22 August 2022. Submit your entries at https://za.theospas.com/enter/ availability of all key data and information. Achieving the standard is a detailed and comprehensive process that requires a dedicated approach to all aspects of an organisation’s processes in and around their ISMS. The ISO 27001 certification is the latest in a long list of key accreditations Gallagher has achieved in recent years. As Barclay goes on to note, “We are proud to deliver solutions that meet government and industry compliance standards and certifications around the world. This is an essential part of our customer offering and commitment to protect what matters most.” For more information contact Gallagher Security, +27 11 974 4740, [email protected], www.security.gallagher.com Greg Barclay.

6 Issue 3 2022 www.securitysa.com NEWS Integrated personal security that travels with you By Andrew Seldon. Individuals can take their security with them when travelling with the new Nomad all-in-one integrated security solution that keeps you and your belongings safe. Now that COVID restrictions are being lifted and travel is once again allowed, many people will be getting on the road for business or personal reasons. Security in Motion, a company based in the USA, recently unveiled Nomad, an integrated security system that goes wherever you go, offering LTE connectivity to your mobile device along with HD video, motion detection and other sensors that can be added as ‘pods’ that are monitored by the base. Other pods include vibration, smoke or light sensors. In fact, Gregg Bieser, inventor of Nomad says almost any type of IoT sensor can be made into a pod. All the pods attach securely to the base station when not in use, ensuring they don’t get lost, and are activated automatically when detached (this is the default which users can change). Other pods in the R&D phase include thermal video cameras, fire detection, liquid detection and more. The company is even experimenting with sending signals underwater so that those on a diving holiday can be warned of any suspicious motion while they are under water (this is not available but sounds like an amazing idea). The base system, which includes the HD camera with a motion sensor, connectivity, speaker (for audio and alarms) and LED light, allows setup via a touch sensitive pad or via the Nomad app and measures less than 15 centimetres in length. With three pods attached, the Nomad is about 22 cm long. The base communicates directly with your mobile device to alert you every time a sensor is triggered, and it communicates with the pods for alarm information via Bluetooth, as well as to check their functionality and battery status. The touchpad can be used to set up the Nomad, guided by voice prompts, while the app can also be used for the same thing. Alarms can be raised via the speaker and sent directly to the user’s smart phone. Once the user has downloaded the app to their smart phone, they will receive notifications when the Nomad is armed and connected as well as alarm activation alerts in real time. They can then decide to view a live or recorded video stream to determine what is going on and decide what action to take (an SD card on the base stores video locally and cloud options may also be used). A live video stream can also be viewed on the mobile device whenever the user chooses. Multiple mobiles can receive alarms and video, so it is not restricted to a single device. Nomad runs off battery power and the base station will provide about two days of functionality and can be recharged from virtually any cell phone charger with an USB-C connector. Each pod also includes its own battery, the duration of which is from one day upwards depending on the sensor being used. Naturally, the more alerts and signals detected the more the battery will be used. In South Africa and Africa, it will also make for a good home security system that

www.securitysa.com Issue 3 2022 7 NEWS does not rely on a stable power supply or expensive fibre connections to control rooms. Bieser mentions that a Bluetooth extender pod is another potential pod to extend users’ monitoring distance. Use cases for Nomad The Nomad was designed for travellers. Some uses include keeping a video-enabled eye on your hotel or BnB room, using a vibration sensor on the door or window while sleeping, or keeping the light sensor in a safe to warn you if someone opens the safe while you are away. If you’re worried about leaving a bag behind (or someone walking off with it) while at the airport, the system could warn you that it is out of range. The system can also be used to create a virtual perimeter around a camping site using motion detection pods, as well as fire detection to ensure the campfire behaves itself. Users can even leave the system in their cars and receive alerts if someone breaks in or bumps the car. In a professional environment, police or military teams can use the Nomad when entering an unknown building or environment, setting the base station up as a rear guard will alert the team if someone is trying to sneak up behind them. The experimental thermal camera can be used in open areas to similarly warn of motion without having to leave personnel behind to keep watch. (These are naturally meant for temporary use and not as a permanent fixture.) Go to market and launch The Nomad team is putting the finishing touches to the product at the moment and is looking at launching it later this year (although with the current supply chain fiasco this might change). There are various go-to-market options being considered since the device is so versatile. The Nomad itself can be sold as a unit without any connectivity options. In addition, the pods that come with the base unit can be included in the price or users can buy as many as needed for their requirements. An alternative would be to sell the units with a cellular data contract (in a similar way many cell phones are sold today), where the user gets the device and pays a monthly fee which can include cloud storage of video and data. Or the system could be sold as a unit with a monthly subscription fee for the connectivity and the cloud storage. Bieser says the company is open to options and willing to hear from companies that can add value to the device. Customisation potential As noted above, almost any sensor can be made into a pod and the company is open to suggestions for customisation requests, for example a Bluetooth sniffer for sensitive meetings, temperature change pod or even gunshot detection. There is also the potential for an extended battery for the base system, if required. The base is stable and therefore affords third parties a good foundation to create addons in terms of pods or associated services. Bieser notes that partnerships are welcome in bringing the system to the broadest market possible, whether these include technical ideas or connectivity and cloud services. For a full breakdown of Nomad and a video of the product in action go to www.getnomad.net, or contact [email protected]

8 Issue 3 2022 www.securitysa.com The supervisor role in control rooms By Dr Craig Donald. The control room supervisor role is not a simple task of making sure that all the staff are present and appear to be performing their duties. Does a CCTV control room supervisor need to have experience in CCTV to run a control room? It’s a question I come across on a regular basis and in many cases I see the consequences of someone in charge of the control roomwho has no experience in the area. Many people tend to fall back on their areas of competency if placed in a control room and are unaware or ignore the potential of the high-tech control room environment and systems they are going to be working with. Yet there is nothing stopping someone, whether they have security or police experience or none at all in security from performing well in supervising a control room. The critical issue is if they have the outlook and skills to quickly adjust to the environment, think tactically and get appropriate training to align themselves to the purpose of the control room. This may mean an initial catch-up mode though with thorough training. If people already have CCTV or security experience as well as these skills, then the chance of success is potentially even greater. But without a tactical perspective and awareness and understanding of the control room functions, the supervisor is unlikely to deliver on the responsibilities of communicating and driving the management strategies in the control room, including the CCTV viewing strategies and the risk management of the operations. The control room supervisor role is not a simple task of making sure that all the staff are present and appear to be performing their duties, although critical failures in control rooms are often due to supervisors not performing even this simple function. The recent example of the Parliament building’s fire could be one such example. Sometimes CCTV personnel are asked to account why they haven’t seen the occurrence of an incident on a camera. Usually this is due to the sheer number of cameras compared to a small number of viewing monitors and operators that restricts the scope of what people can cover. However, it can also be that supervisors simply are not guiding what should be looked at effectively and operators are not sure about what to view or are not paying attention. Engaged and active I’ve given the example in a previous article of observing a supervisor who was playing solitaire on her PC while being responsible for a team supposedly monitoring some major hotel and retail functions. In these situations, unfortunately, operators are going to follow the lead of the supervisor with an overall lack of focus on the job. Some control rooms need constant supervisor input and reviewing, particularly where these may involve tracking, response and other functions. However, even in a quiet CCTV control room, there are always things that should keep a supervisor active. The central role of the supervisor has always revolved around the act of supervising people and the working of the systems and environment. This includes leading, directing, motivating, organising and monitoring. Attendance registers, staffing, shift management, disciplining staff and dealing with personal issues are all part of the day-to-day organising responsibility of supervisors. The role is also important to facilitate subordinates’ knowledge of how to operate the systems, be aware of the site and control room environment, to know and follow policies and procedures, be able to demonstrate the required skills for operation and be motivated to produce results. However, leadership is immaterial if the people are being led in the wrong direction. It is the capacity to operationalise strategic or tactical implementation of leadership that is so critical to the supervisor role and the capacity to look for improvements in people, procedures and systems that deliver an ongoing solution. Continued on page 10

10 Issue 3 2022 www.securitysa.com Dr Craig Donald is a human factors specialist in security and CCTV. He is a director of Leaderware which provides instruments for the selection of CCTV operators, X-ray screeners and other security personnel in major operations around the world. He also runs CCTV Surveillance Skills and Body Language, and Advanced Surveillance Body Language courses for CCTV operators, supervisors and managers internationally, and consults on CCTV management. He can be contacted on +27 11 787 7811 or [email protected] Go beyond the basics In order to get the most out of a control room, supervisors need to go beyond the basic organising and monitoring functions. This includes the responsibilities highlighted below. • Optimise the CCTV viewing strategy based on risk factors, cameras and personnel availability at any one time. Cameras should all be used most effectively relative to the risk in the area under surveillance. This is something that can change on an ongoing basis, but there should always be a focus on looking at the most important things at the most important times. Doing occasional reviews of operator footage should be a standard part of supervisor activity to evaluate quality of surveillance. • Ensure CCTV system auditing and ongoing enhancement occurs, where the working status of cameras and equipment is known, addressed where there is a malfunction and limitations in camera views and recording are identified on the basis of ongoing improvement. Often this takes time listening to the concerns or observations of operators and turning this into system improvement. Ensuring that new technology introduced into the control room is integrated effectively and identifying problems is also a key part of this. • Ensure the relevance and implementation of standard procedures, identify areas that need to be updated and test that they cover relevant scenarios. This would mean auditing and reviewing work on an ongoing basis to check operators are following procedures and the procedures themselves are still relevant. • Build control room resilience by supervising and testing communication lines and the quality of interchanges to ensure clear quality of information is conveyed and responses can be arranged quickly and accurately. This includes providing an integrated and smooth function including the responses to emergencies under simulated conditions so that staff are aware of their functions, know how to respond and can maintain their calm under pressurised conditions when actual incidents or emergencies occur. • Provide for the development of staff by creating feedback and performance evaluation loops that led to continuous improvement and satisfaction. Feedback to operators is an important factor in motivation and success and supervisors are the ones who can take matters further, investigate outcomes of incident detection and provide feedback to operators. They need to be able to identify crime types and how to recognise them and ensure that everyone in the control room knows how to do this. Regular group debriefing sessions on incidents should be held to facilitate transfer of knowledge. In line with this, supervisors need to identify performance weaknesses or shortfalls and arrange through coaching, training, or rehearsals to see if they can bring performance in line with expectations. They need to ensure that performance management systems are used, are relevant and working and they are perceived as fair by their subordinates. • Provide for the ongoing enhancement of surveillance information and intelligence. The control room is a user and a generator of intelligence information that should be managed by the control room manager, but supervisors are responsible for translating this into operations. You need to question what kind of intelligence information has come out of your control room and how has the supervisor been contributing to this? Similarly, how has the viewing strategy been affected by the input of intelligence and has this even been considered in the way the control room personnel approach their monitoring functions? How has something like the occurrence book being used as source of information rather than a list of activities that have been performed and what kind of data gets recorded? What crime trends are being observed, how many people of interest identified, crime methods used and places where there is a higher chance of something happening? What value is the control room providing to security? • Ensure that control room practices and operator actions are done on the basis of legal and ethical requirements. If there are codes of practice established for the organisation, how are control room activities kept in line with these? Further, does the collection and handling of evidence meet the criteria for prosecution of cases where necessary? Supervisors need to fill in the gaps in coverage at times, target specific issues with their own surveillance and provide an investigative function within the control room. This may mean conducting additional surveillance, giving breaks to operators in peak times or when overloaded, or doing dedicated viewing on targets, as well as reviewing the operator reports for comprehensiveness and accuracy. Sitting down with operators and seeing how they are viewing the areas of their responsibility is a good way of testing skills, knowledge and surveillance approaches and helps operators develop as well as the supervisor’s situational awareness. There is a danger of looking at supervisors as a static function – someone who keeps thing in order, rather than one which ensures continuous improvement. For some supervisors, being promoted into such a position means they can take it easy and ‘supervise’ operators from the desk behind them. Their role should be one of continual improvement of the control room systems, procedures, staff, as well as the supervisor on a professional basis. This does require the supervisor to have the training and awareness of what should be done and looked for. Without this they cannot align staff and systems with a tactical purpose of the control room. Placing the wrong person in the control room, or someone who is not equipped with the right skill set is a good way of crippling your control room functions. Having the right kind of supervisors means the control room is continually moving forward with the activities and work by demonstrating effective service delivery and showing ongoing improvements. I’ve seen in a number of instances how good supervisors can make a huge impact on control rooms. They just need to be trained and empowered to do so and given support for this role. Continued from page 8 OPINION

12 Issue 3 2022 www.securitysa.com On the 9th of July 2021, South Africans woke up to images that resembled something out of the apocalypse, not real life. During the eight days of rioting and looting, 354 people lost their lives, an estimated R16 billion in damages were caused and 45 000 businesses were affected. As a company we were the hardest hit and the first to have a store burned out. At the end of the eight days, we had 283 stores looted and 39 completely destroyed, equating to almost 10% of our total trading space. By December, however, we had reopened 236 stores to serve our remarkable customers in time for Christmas and the ‘Back to School’ period. Not only did the efforts of our department help to enable the business to provide essential goods and services in record time to our customers, but also job security to over 4000 employees and profit growth to our shareholders. Acting early on information in the weeks leading up to July, we had prepared our logistic network for a situation taking place and our 20 distribution centres and hubs were left unscathed. Being forewarned prevented management from being overwhelmed by the events taking place on the ground and the team could focus on getting the business ready to reopen by securing materials to secure and rebuild our stores. Critical to our success was the ability to collect relevant data, analyse the data to create intelligence and communicate the intelligence in a way to stakeholders, for them to make decisions and take decisive actions. Information management for us, as it is for everyone, is the pivot of Crisis Management and Response. Information exchange management The single most important function of any crisis management operation and the single most common cause of failure, is the ability to manage the flow of information. Timely and actionable intelligence can quickly build a trust relationship between the Crisis Response Team and decision makers, but the opposite is also true. Delayed and inaccurate information quickly erodes the trust of stakeholders that can paralyse the crisis response effort. Anything that creates blockages, delays or confusion within this process is likely to have a major and significant impact on the final outcome. The problem in a crisis is not that there is not enough information, but that there is an overload of information, much of which will be contradictory and all of which needs to be assessed and judged as to its veracity, its relevance and its place in the overall picture. A crisis by its very definition will fall outside standard response and planned scenarios. Crisis Management Teams need to function under immense time pressure in an environment with constant threat escalation and quite often a lack of verified information. On top of that there is a constant need to transfer complex information under pressure between multiple stakeholders who need to make decisions, the lack of which could lead to catastrophic consequences. What just happened? By Adriaan Bosch, head of Loss Prevention, Corporate Security at PEP Stores and Liana Bosch, business operations change manager, Old Mutual Finance. Adriaan Bosch talks about how intelligence, preparation and ensuring the flow of accurate information helped PEP Stores recover quickly from attacks on 283 stores. “Being forewarned prevented management from being overwhelmed … and the team could focus on getting the business ready to reopen…” The best tools to use in a crisis situation are the systems that are already available and familiar to everyone in the process. For us as a team, free instant messaging apps were critical to the teams in collecting, verifying and distributing information. The information was then easily compiled in a dashboard in a spreadsheet for the team to use and stakeholders to have a live view of changing events. (A template of the dashboard can be found at https://www.securitysa.com/ex/ Crisis_Management_Dashboard.xlsx, or via the short link www.securitysa.com/*dashboard). Your dashboard ideally needs to consist of the following aspects 1. Fact pattern All information should be captured as and when it becomes available, to be verified by an eyewitness where possible. The minimum information of What, Where, When an event happened andWho reported is a good baseline of information.

OPINION 2. Decision making Crisis decision making is emergent not planned. Once the information has been verified and the real facts or problem is known, an effort can be made to anticipate consequences and solutions. Having a dynamic live dashboard enables a large number of people to come up with varied solutions looking at the same problem. Participants should also be encouraged to not only look at potential risk, but also any potential opportunities. A positive frame of mind goes a long way when days get long and situations darker. 3. Priorities Solutions then need to be prioritised and delegated to a responsible person who needs to take ownership of the problem. It also helps to have specific deadlines to work towards and keep track of tasks that have been delegated. 4. Implementation In the midst of the crisis the Crisis Response Team needs to be responsive and support operational teams on the ground, not direct them. As the crisis progresses and the overall picture becomes clearer, the Crisis Response Team can take a more active role in managing the sum of all the parts. Once priorities have been identified, the remedial actions can be categorised as: Immediate Actions; Delayed; Deferred; Omitted and Completed. Particularly in the beginning of the crisis, small victories should be celebrated. Being able to see even the small steps has a big impact on the morale of the Crisis Response Team and stakeholders alike. 5. De-escalation/re-escalation Ultimately the aim is not to manage the crisis, but manage the organisation through a crisis. As soon as the situation warrants it, the de-escalation of the response should start and be suitably managed. There is often a threat of re-escalation during the crisis and sufficient resources should be kept in place until the crisis has passed. Good record-keeping also adds great value in the after-action review. (What was done well, what could have been done better). Should there be a need to testify to a committee or a court, the information is precise and readily available to show the workings of the organisation during the crisis. Information is worthless if it doesn’t lead to actions “Real crisis management does not start when a crisis is discovered, but is an embodied value intrinsic to every aspect of an effective organisation’s operations. Risk attitude and culture will have the greatest impact on the ability of the organisation to identify potential crises at the earliest opportunity, to respond in a timely and appropriate manner and to embody the concepts of organisational resilience.” - Dr David Rubens, 2020, Institute of Strategic Risk Management. The real loss of the July unrest would be if we don’t take the opportunity to learn from the event and improve our preparation and response. In a world of uncertainty, we can be certain of one thing, that there is a crisis over the horizon waiting for us. Take action now. Build mutually beneficial relationships, get consensus on working methods, but above all, ensure that you have a strategy and a structure in place to manage the exchange of information. Adriaan Bosch is a member of ASIS SA. For more information on ASIS, go to www.asissa.co.za Adriaan Bosch. Liana Bosch.

14 Issue 3 2022 www.securitysa.com When it comes to adopting a Zero Trust approach, many organisations in the financial services sector already have most of the constituent parts required. In fact, we estimate organisations already have between 60-80% of the security building blocks that banking and financial services organisations need to adopt a Zero Trust approach. But moving from existing approaches to a new security model is a challenge. What needs to come next is a change of stance and a unification process to protect their business as they evolve. In our white paper ‘Why you need to turbo-charge your Zero Trust journey’ (www.securitysa.com/*bt1), we identify eight guiding principles for Zero Trust in banking and financial services. 1. Identify your goal and pull it through your planning Form your security strategy around the fundamental assumption that you will always be operating a dynamic network in a hostile environment. Centre your thinking around how you can best use automated processes to create security rules that change dynamically in response to context. But remember that automating a broken process is a swift route to failure; make sure you’re training your AI to make correct decisions about risk so it can automate the appropriate response. 2. Assess existing capability before investing in more Don’t rush to spend money on ‘Zero Trust’ point products because you may be duplicating capability or investing in areas that aren’t a priority for your organisation. Instead, optimise the value you already have in your security estate by establishing what latent capabilities you possess. For example, layer 1, 2 and 3 segmentations along with very narrow access lists could be a fruitful first step on your Zero Trust journey. 3. Focus on removing peer-to-peer protocols Segmentation is your key defence in a Zero Trust environment, but you won’t be able to segment your network if you’re running peer-topeer protocols. A vital part of any attacker’s kill chain is the ability to pivot from one host to another, but if you limit their ability to move easily, then you neutralise entire classes of attack. Think about how 5G architectures cut out peer-to-peer connections, forcing every call to go through a central gateway – this model should be your aim. 4. Control access to core assets Leverage your security investments to secure your cloud and data centre servers, using Zero Trust segmentation to coordinate traffic authorisations across your estate. This needs to be universal so it’s as watertight as possible and servers only accept traffic sent by authorised users. Consider investing in red teaming ethical hacking exercises to check the security of your key assets. 5. Incorporate user identification Limit your exposure to risks by only opening ports in your environment when they’re needed. Make user identity the first key to access your systems and make sure permissions are revoked as soon as the user logs out. Zero Trust in financial services By Hila Meller, BT vice president, Security, Americas, EMEA and APAC. Eight guiding principles for Zero Trust in banking and financial services today. Hila Meller. 6. Build in security-by-design to your projects Investigate how containerisation can be a springboard for your security DevOps, providing a pre-certified and pre-configured software ‘container’ that you can build on to create automation and machine-to-machine application service models. Containerisation is an ideal opportunity to leave waterfall cycles of patching behind, instead offering security that flexes with context. 7. Segment, segment, segment Introduce micro-segmentation to segregate – and protect – your network at a granular workload level. This will give you the realtime visibility you need, as you monitor application behaviour and connections to understand what is talking to what and to identify risks. It will also give you the level of control you need to improve your breach containment, preventing lateral movement and reducing the blast radius of any attack. 8. Activate your human firewall Remember the user in all this and make it easy to do the right thing and hard to do the wrong thing. Educating and motivating your workforce to follow protocols and stay vigilant against potential attacks is just as important as any other aspect of your Zero Trust security journey. When you’re operating in an environment that’s constantly shifting in ways that open up new vulnerabilities, adopting a Zero Trust approach is essential. Getting it right is about extracting and extending value from your existing investments rather than jumping straight into new ones. Once you’ve identified latent capabilities that you can leverage immediately, employing these eight principles will alleviate the challenges of moving to a new security model. SECTOR FOCUS: FINANCE

16 Issue 1 2022 www.securitysa.com SECTOR FOCUS: FINANCE Fire safety in financial organisations By Dominic Jeff, technical writer, vertical application management at Securiton. Fire risks are highest where finance can least afford it. As every executive in the financial industry is well aware, data and digital communications are a crucial area of security concern. But while considerable efforts go into protecting banks’ and insurers’ digital infrastructure from malicious actors such as hackers, how many executives have considered the risk of fire to their digital fortresses? The security threats faced by financial institutions can generally be divided into physical and digital, with banks and other companies investing continuously to keep their security measures up to date in both arenas. However, from a fire safety point of view it is the interface of these two worlds that provides the point of greatest danger and no amount of steel or clever software can help. Indeed, both have the potential to make matters worse. This is because reliable fire detection for ICT electrical cabinets is difficult in the best of circumstances and the challenges become even greater as computing power increases and locations become more remote or hard to access. The data that drives modern finance is physically stored and processed by banks of servers networking equipment and storage arrays staked together in cabinets where they give off a significant amount of heat as a side effect to their furious electronic activity. They are, effectively, a giant fire hazard that requires continuous cooling and monitoring. On the one hand, even the smoke from a smouldering electrical element within a data cabinet can damage many other delicate computer components. On the other hand, uncontrolled, wide-ranging shutdowns can itself have a serious effect on such crucial financial infrastructure. Planners therefore need to find a way of offering both very early and very reliable fire detection. Whereas once financial institutions simply outsourced their ICT needs to general cloud providers, the current landscape is more complicated because many companies have increased their in-house data processing to offer a hybrid data model, relying on edge elements to their data architecture which can be more closely protected from external risks. Wherever the data cabinets are hosted, risk management for any financial institution must consider their physical safety. Cabinet protection challenges Reliably protecting data cabinets from fire presents considerable challenges: the cooling systems that are used to prevent equipment from overheating are usually based on high airflow. Typically, server or storage racks will be positioned to have hot aisles and cold aisles, with cool air circulated from the cool side, through the electrical cabinets and extracted out of the hot side. This system of equipment cabinet row containment creates a unique high and turbulent airflow environment that not only poses significant challenges to the early detection of diluted smoke, but also impairs timely human intervention and the actuation of a pre-action sprinkler system, water mist or clean agent gaseous release. Current practices permit most computer rooms to use 24°C supply in the cold aisle. This leads to the increase of operating ambient temperature in the hot aisle to the point where it can exceed approved levels for some fire detection and suppression equipment. These unique HVAC characteristics present challenges to how fire detection is interfaced with suppression release, in particular with interlocked or double-interlock sprinklers, water mist and clean agent gaseous suppression systems. Additionally, the normal practice of conducting a general power-down (e.g., HVAC shut-down before the release of gaseous suppression) upon an initial fire alarm will lead to other side effects. In one documented case, a computer room with 250 ICT cabinets at 6 kW/cabinet went from 22°C to 32°C within 75 s when the cooling was lost. The only protection against a potential data catastrophe is therefore Very Early Warning Fire Detection (VEWFD). This is an accepted international practice which combines highly sensitive detection equipment with a staged alarm and response system. Naturally, prescriptive building and fire codes for property protection and life safety exist in every country and must be met. But they do not go far enough and critically for sensitive financial data banks, they do not offer any guarantees to a company’s ability to remain in business. We must look to Performance-Based Design (PBD) methodologies to safeguard business continuity through risk and situational assessment. This will combine early yet reliable smoke detection to enable suppression system interaction and integrated site incident and emergency response. Fit-for-purpose fire detection When combining the prescriptive and PBD approaches to design a fit-for-purpose fire detection system for a datacom facility, it is important to select advanced detection products. Aspirating smoke detectors such as Securiton’s SecuriSmoke ASD allow for flexible design with quantifiable and reliable detection performance. With aspirating smoke detectors, sampling holes can be positioned at many points in the airflow through data cabinets. Combined with the high sensitivity available through the large detection chambers of such devices, this ensures even the slightest smouldering in electrical contacts will quickly be picked up. These devices can then offer multiple layers of pre-alarm and alarm, ensuring that a timely and measured response can be launched. Such a staged response is the best way for organisations to protect their most critical business infrastructure: the earlier that an incident can be checked, the greater the chance of avoiding a false alarm. But at the same time, intervening to stop a fire at the early smouldering stage is far less destructive, while also keeping damage from the actual fire to a minimum. For more information contact Securiton, +41 58 910 50 50, [email protected], www.securiton.com Dominic Jeff.

Smart. Safe. Secure. Improve Your Solutions With Seagate Video-Optimised Hard Drives Join our Surveillance Installer Track Specifically curated for professionals buying Seagate Video & Video Analytics solutions directly from our distributors. Enjoy direct access to the value-adding services you need to drive business with your customers. seagate.com/partners Designed for Video Analytics NVR AI Appliances UP TO 550 TB/YEAR WORKLOAD RATING 5 YEAR LIMITED WARRANTY UP TO CAPACITY SUPPORTS UP TO 32 AI STREAMS ZERO DROPPED FRAMES UP TO 64 CAMERAS 20TB 9Built for AI-enabled video analytics. 9Class-Leading Reliability and Dependability 9ImagePerfect™ AI firmware 9SkyHawk Health Management 93-year included Rescue Services

18 Issue 3 2022 www.securitysa.com The recent increase in retail bombing, grinding and impact attacks on cash acceptance devices (CAD) in the retail sector has prompted a relook at the technology required to protect both staff and assets. Gawie Du Preez, executive: Fidelity CashMaster at Fidelity Services Group, says Fidelity CashMaster is one of the larger players when it comes to cash storage devices and cash management solutions with over 5000 devices installed countrywide. Fidelity CashMaster solutions offer businesses a customised end-to-end cash management solution. The company provides a range of products from small under counter cash devices through to large scale devices for small, medium and large businesses. “We also offer financial management software and productivity enhancing processes and procedures to improve business throughput,” says Du Preez. Together with Fidelity’s integrated cash-in-transit services it provides customers with a full turnkey solution allowing them to manage their cash from their property to the bank and back again. Du Preez says that unfortunately, bombings are a reality that every device manufacturer needs to contend with, particularly with the lack of control over access to explosives. The high number of CIT incidents remains a concern. In 2021, CIT attacks increased by 8% year-on-year and in 2022, most of the reported CIT incidents (66 as of 12 April), were cross-pavement robberies, New innovations in bomb protection and cash storage Fidelity CashMaster offers businesses a customised end-to-end cash management solution. followed by attacks on armoured vehicles. This trend affects all canister safe manufacturers equally, he says. Syndicates have become increasingly sophisticated requiring ongoing updates in technology innovation. “Fortunately, additional measures have been introduced, such as ensuring all safes have concrete inside and are steel-plated which have served as a deterrent to criminals. As an added layer of protection, bag security features have been introduced which completely disable access to the money in the device and this has deterred criminals looking for quick gains. The problem, however, remains that even if the money is destroyed, the damage to the client’s premises can be extensive resulting in loss of business.” Du Preez says over the last 12 months Fidelity has introduced a number of new advancements. The first is the Gatekeeper, which is the first product of its type specifically designed for the petroleum and fast-food industries that offer 24/7 trading. It includes a secondary door with a time-delay lock which can be fitted to any CAMEO Cash Acceptance Device. “It not only protects the note acceptor openings from tampering by explosives during high-risk hours – traditionally between 20:00 and 06:00 – but can also be deactivated during secure business hours. Clearly this protects both the asset and prevents damage to property and staff.” The second innovation is a bomb-resistant safe which is able to stay intact even after an explosion. “It releases the explosive force,” explains Du Preez, “but keeps the safe structure intact and keeps the money safe.” Recently, Fidelity introduced the CashMaster Cube. “This is ideal for deployment in any logistics or delivery vehicle as well as offering a secure cash solution for the smaller retailer as a manual drop safe,” says Du Preez. This unique product offers SARB and SABS approved new generation liquid dye stain, the most successful deterrent to any criminal attack in the market. Du Preez says it sends a message to criminals that there is no point trying to steal cash protected by dye staining systems because they will be unable to use the cash afterwards. The small footprint is designed to fit into most delivery vehicles and is ideal for retail, financial, hotel and logistical environments. “We understand that exposure to violent armed robbery increases proportionately to the amount of cash either in tills or back offices and appreciate that some sectors are more vulnerable than others. As the syndicates evolve, so too is there a necessity for our research and development teams to work on new solutions that will revolutionise our fight against crime/bombings/grindings and we are delighted to have two new offerings,” concludes Du Preez. For more information contact Fidelity Services Group, [email protected], www.fidelity-services.com

RkJQdWJsaXNoZXIy MjEzMjU=