New Zealand Security Magazine - April-May 2024

Five years on from mosque attacks political leadership needed to raise awareness Big Start to 2024: Private Security Personnel Licensing Authority

•Low power consumption - low operating temperature

•One product suits floor and wall mounting

•Universal

•12

•Electroless nickel plated armature and electromagnet

•Stainless fastenings • Full local support and back up

10 YEAR GUARANTEE*

Designed, tested and produced in New Zealand to AS4178

A)Wall mounted,126mm extn. tube (overall 202mm)

B)Wall mounted, 156mm extn. tube (overall 232mm)

C)Wall mounted, 355mm extn. tube (overall 431mm)

FDH40S/R Surface and Recess mounting

This device enhances an outstanding range of unbreakable products which conveniently hold open fire doors. When a smoke/fire alarm is activated the magnet instantly releases the door to the closed position to prevent the spread of smoke and fire. These units feature a choice of 3 covers for optimum aesthetic appeal and durability. The installer can utilise one device for surface mounting or for recess mounting.

10 YEAR GUARANTEE*

PROVISION-ISR

STANDARD 10/100 Mbps

These PoE switches are the best choice for any standard installation. They are designed specifically for IP surveillance giving extra reliability and installation simplicity. With 4/8/16/24 port options, standard uplinks, and SFP ports (depending on model), they aid with finding a solution for any installation.

PROFESSIONAL 10/100/1000 MBPS

The 1000Mbps (gigabit) PoE switches are made for true professionals. The professional 16/24 Port switches, equipped with an LCD monitor, were designed to display all the following PoE system information on the front panel of the device:

•Single channel In/Out power (W)

• Overload protection (OLP)

• Short circuit protection (SCP)

• Low voltage / over voltage (alarm)

• PSE Failure (alarm)

IP POE SWITCHES

Provision-ISR

FROM THE EDITOR

NZ S M

New Zealand Security Magazine

Nick has written for NZSM since 2013. He writes on all things security, but is particularly fascinated with the fault lines between security and privacy, and between individual, enterprise and national security.

Prior to NZSM he clocked up over 20 years experience in various border security and military roles.

Disclaimer:

The information contained in this publication is given in good faith and has been derived from sources believed to be reliable and accurate. However, neither the publishers nor any person involved in the preparation of this publication accept any form of liability whatsoever for its contents including advertisements, editorials, opinions, advice or information or for any consequences from its use.

Copyright:

No article or part thereof may be reproduced without prior consent of the publisher.

Kia ora and welcome to the April-May 2024 issue of New Zealand Security Magazine! This issue is our annual government, transport, tourism, access management, and IT security themed issue, and this year we’re focusing on active shooter incidents, spectator security, and the protection of crowded places.

We remember the 51 souls whose lives were tragically cut short in Christchurch five years ago on 15 March 2019. Our memory of those who were lost serves to remind us of our responsibility to embrace our collective diversity, to reject ideologies of hate, to counter violent extremism, and to protect our communities.

Inside, Chair of the New Zealand Crowded Places Security Advisory Group Chris Kumeroa calls for more political leadership on raising awareness nationally on how to protect venues from attack and how to stay safe during an attack. We also explore key research from NZ and the US in relation to online extremist footprints, active shooter incidents, and spectator perceptions of threat, safety, and security at sporting events.

With the start in February of Foodstuffs North Island’s 25-store Live Facial Recognition trial, I explore the need for a bigger conversation – and leadership –around the deployment of this controversial tech.

In our wrap-up of the top security industry stories, TPT Group and FIRST Security both celebrate 25th birthdays, Watchu Security gets a new office, Armourguard returns to Rotorua, Dahua gets a new NZ Channel Director. Also in NZ news, Armourguard looks to purchase ACM New Zealand Limited, and ELE’s security business is snapped up by Red Badge Group.

There’s plenty more great reading inside this issue of NZSM, so I hope you enjoy. Also, if you haven’t already, consider subscribing to our regular eNewsletter THE BRIEF. It’s a great way to keep up to date with the latest. Details on the Defsec website.

As always, a big thanks to our wonderful advertisers Loktronic, The Third Degree, simPRO, Provision-ISR (SWL), HID, Hikvision, and Vivotek (Clear Digital). We’d also like to recognise our association and event partners for this issue, the New Zealand Security Association, ASIS International NZ Chapter, and the Defence Employer Support Council.

Best of luck to all the OSPAs finalists with the ASIS Certification Dinner and OSPAs gala dinner this coming Friday. Also, there’s recently been a call for nominations for this year’s Tohu Awards! Hosted by the Minister of Defence, these awards recognise organisations who employ Reservists, Cadet Force Officers and graduates of Limited Service Volunteer Programmes. They may be among your employees!

Stay safe!

Nicholas Dynon, Auckland

Upcoming Issue

June / July 2024: Wholesalers and Manufacturers, Perimeter Protection, Alarms, CCTV.

Contact Details:

Chief Editor, Nick Dynon

Phone: + 64 (0) 223 663 691

Email: nick@defsec.net.nz

Publisher, Craig Flint

Phone: + 64 (0)274 597 621

Email: craig@defsec.net.nz

Postal and delivery address:

27 West Crescent, Te Puru 3575, Thames, RD5, New Zealand

facebook.com/defsecmedia

twitter.com/DefsecNZ

linkedin.com/company/ defsec-media-limited

Digitised Background Checks

Foodstuffs trial of controversial Live Facial Recognition CCTV poses big questions

The Privacy Commissioner will be keeping a close eye on Foodstuffs North Island’s facial recognition camera trial, and with good reason, writes Chief Editor Nicholas Dynon. But is that anywhere near enough?

Nicholas Dynon is chief editor of NZSM, and a widely published commentator on New Zealand’s defence, national security and private security sectors.

The trial, which commenced on 08 February, was initiated after Privacy Commissioner Michael Webster asked Foodstuffs North Island to provide evidence that facial recognition technology (FRT) is a justified measure for reducing retail crime given its privacy impacts. Foodstuffs North Island will use the data from the 25-store trial to assess whether to roll-out the technology further.

According to a February media release by the Office of the Privacy Commissioner (OPC), “the use of biometric technologies (which FRT is) is something [the Privacy Commissioner] thinks all New Zealanders should care about because

it’s a significant step in this technology becoming more commonplace and it has privacy implications.”

Trialling Live Facial Recognition

What the Office of the Privacy Commissioner is referring to as Facial Recognition Technology (FRT) and Foodstuffs North Island is referring to as Facial Recognition (FR) is, in fact, Live Facial Recognition (LFR). LRF is a technology that uses analytics to compare a live camera video feed of faces against a predetermined watchlist of people to find a possible match.

In the case of the six-month trial, LFR is being assessed to ascertain its effectiveness in comparing the faces of people entering Foodstuffs North Island stores with a watchlist containing the facial images of

Persons of Interest (individuals who have previously engaged in or assisted “harmful behaviour” at a store).

“New Zealanders deserve to shop for their milk and bread without having their faces scanned unless it’s really justified,” said Webster. “We wouldn’t accept being fingerprinted and checked at the door before shopping for groceries – that sounds ludicrous – but FRT is a similar biometric process that is faster, machine-run, happens in a nanosecond, and creates a template to compare your face to, now and in the future.”

“We want people to be safe as they shop and work. But I have real questions about whether the technology will be effective in stopping violent behaviour or preventing harm. It’s also not an FRT-or-nothing situation”, he stated. “There are other options in place to deal with retail crime and therefore Foodstuffs North Island needs to find hard data that it works and is necessary.”

The Commissioner has raised the concern that “FRT isn’t a proven tool in efforts to reduce harmful behaviour in supermarkets, especially violent harmful behaviour.”

According to the OPC, global evaluations of even the most accurate FRT software show that false matches

are more likely to happen for people of colour, particularly women of colour.

“I am particularly worried about what this means for Māori, Pasifika, Indian, and Asian shoppers especially as the software is not trained on New Zealand’s population,” said the Commissioner. “I don’t want to see people incorrectly banned from their local supermarket and falsely accused.”

“Protecting privacy is key to ensuring human dignity, safety, and self-determination. It is a key part of what makes us a free and democratic society,” he said. “New technologies have the promise of huge benefits. My job is to ensure that we don’t accidentally give up our privacy rights along the way.”

UK Parliament questions legality of LFR

Our Privacy Commissioner has good reason to be concerned. A recent United Kingdom Parliament Justice and Home Affairs Committee investigation into the deployment by police forces of Live Facial Recognition (LFR) Technology has identified several issues .

In a 27 January letter to UK Home Secretary James Cleverly, the Committee’s Chair Baroness Hamwee

Committee wrote that the deployment of the technology lacks neither legal foundation, nor rigorous standards or systems of regulation, nor consistency in approaches to training in its use by police forces.

The Committee accepted that LFR may be a useful tool for police forces in apprehending criminals, but stated it is deeply concerned that its use is being expanded without proper scrutiny and accountability.

“To us it seems the fact that the technology is regarded as controversial means that continued public support cannot be taken for granted.”

In order to ensure public trust in the police’s operation of LFR and its support of the use of the technology, the Committee called for:

• A clear foundation in law for the use of LFR technology

• A legislative framework for the regulation of the deployment of LFR technology

• Clear structures and regulation in relation to the use of LFR as well as independent scrutiny

• Future-proofing of regulations to meet for rapid advancement in technology

• Consistency in training and in the use of LFR across England and Wales.

According to the Committee, the police should make it very apparent to the public when and where LFR technology is being deployed, and predeployment communication must be standardised through an enforceable national procedure.

“It is essential that the public trusts LFR and how it is used,” said Baroness Hamwee. “It is fundamental that the legal basis is clear. Current regulation is not sufficient. Oversight is inadequate.”

“Technology is developing so fast that regulation must be futureproofed,” she continued, noting that police may soon be able to link LFR cameras to trawl large populations, such as Greater London, and not just specific localities.

Notably, the Baroness also stressed that it was the position of the Committee that the Government must lead a wider public debate about the use of LFR technology, both as it is currently being used and as it develops. “To us it seems the fact that the technology is regarded as controversial means that continued public support cannot be taken for granted.”

“We are an outlier as a democratic state in the speed at which we are applying this technology,” she continued. “We question why there is such disparity between the approach in England and Wales and other democratic states in the regulation of LFR.”

In a report published in March 2022 titled Technology rules? The advent of new technologies in the justice system , the Committee characterised the UK as “a new Wild West, in which new technologies are developing at a pace that public awareness, government and legislation have not kept up with.”

In Aotearoa, the New Zealand Police possesses several facial recognition capabilities, which are listed on its Technology capabilities list , but has stated that it does not use LFR technology. The decision not to use LFR came in response to the recommendations of a November 2021 independent report into considerations for use of facial recognition.

“Police will not deploy any Live FRT and will engage in wider public

consultation before any possible change to this position is made,” stated the Response Plan stemming from the report’s recommendations. “Police will continue to monitor technology developments in this space, to help inform any decisions on future use.”

Public Acceptability: A sliding scale

That the UK Parliament’s Justice and Home Affairs Committee is raising fundamental concerns over the deployment of LFR by police should be a red flag that New Zealand’s legislators should be taking notice of.

International research into the public acceptability of facial recognition technologies, including a 2019 Ada Lovelace Institute study and a 2021 study published in the journal Public Understanding of Science, among others, find a clear distinction between the acceptability of police use of FRT and private company use of FRT.

In short, despite all the concerns raised about police operation of FRT, the public are significantly more trusting of police than it is of private companies (including

retailers) operating FRT. The 2021 study, for example, found that 42% of UK respondents were accepting of government use of FRT, yet only 20% were accepting of its use by private companies.

Importantly, police use comes with a perceived public benefit, such as the disrupting or terrorists or the tracking down of a murderer. “In cases without a clear public benefit,” states the Ada Lovelace Institute study, “people are less likely to feel comfortable with the use of facial recognition technology.”

The research also tells us that acceptability of FRT depends significantly on the type of deployment. The use of live facial recognition, for example, is significantly less acceptable than the use of non-live facial recognition (such as when it is used in post-incident investigation).

A 2023 study published in The Columbia Science & Technology Law Review found that people are most comfortable with the use of FRT by police for the investigation of serious crimes yet are resistant to it being used as a tool for minor offences.

New Zealand’s retailers also watching Foodstuffs North Island’s LFR trial will be closely watched by retailers across Aotearoa New Zealand, according to retailers’ association Retail NZ.

“Retail NZ members are facing increasing rates of crime, putting both their employees and the public at risk, as well as threatening the financial sustainability of retail businesses,”

Retail NZ Chief Executive Carolyn Young said. “The outcomes of this innovative trial will be of enormous interest to retailers across the motu.”

According to a Retail NZ Position Statement , retail crime is a significant issue in New Zealand, impacting more than 92% of retailers. In October 2023, Retail NZ released a Retail Crime Report that found the cost of retail crime to its members was well over $2.6 billion.

More and more, retailers are dealing with threatening, violent or simply unpleasant customers, who are trying to steal or damage their property, said Ms Young. Organised

crime groups stealing to order, drug addicts and youths looking for notoriety on social media are driving the spike in retail crime, she continued.

Retail NZ confirmed that it supports the introduction of new technologies to combat retail crime and that it is pleased Foodstuffs North Island is taking a lead.

Retail NZ also called on government to adequately resource police to deal with retail crime, and to unclog the court system so that offenders are dealt with promptly.

“Ultimately, retail crime results in higher costs and more security barriers for all customers and consumers. We look forward to learning from this trial to see if the technology is suitable to be rolled out across other retailers,” Ms Young said.

Trial or business case?

While the eventual results of the trial may provide Foodstuffs North Island with an internal business case either for or against its wider adoption of the technology, it will not provide a

meaningful gauge of public acceptance of the use of LFR… that’s beyond its scope.

That there has been a degree of transparency by Foodstuffs North Island around the trial is a good thing. That the Privacy Commissioner is keeping a close eye on the trial is a good thing. But even then there is every possibility that this trial leads to an outcome that has not benefitted from wider political and public debate on the question of whether LFR is an acceptable form of surveillance in New Zealand – and, if it is, by whom, in what circumstances, to what extent, and in accordance with which specific safeguards and regulations.

These are bigger questions and, frankly, they are more important questions than those the specific parameters of the Foodstuffs North Island trial seek to cover.

That retailers across the country are also keeping a close eye on the trial is understandable, but it also gives one pause to consider LFR’s potentially dystopian implications.

There are 25 North Island supermarkets involved in the current trial. If you ordinarily shop at one of these but do not wish for your facial image to be captured by the store’s LFR analytics and compared against images in its watchlist, you can opt to shop somewhere else. But ultimately, what if all supermarkets, all shopping malls, were to use LFR? Where would you shop? How would you shop?

It’s a version of the future in which ubiquitous retail LFR surveillance may well have a chilling effect on the contemporary public squares of our cities and suburbs – the retail spaces we shop in, recreate in, meet up for coffee in, wander around in blissful anonymity within.

And for what? Supermarket LFR does not treat the drivers of crime, and it is thus incapable of preventing crime. It can merely displace it. It will take it somewhere else… the supply chain, distribution centres, vans delivering online orders, other retailers, the streets, or the dairies for whom LFR isn’t a viable solution.

There seems little public benefit in that.

2024 Tohu Awards: Call for Nominations

Nominations are now open for the 2024 Tohu Awards, recognising employers and organisations around New Zealand who help support the New Zealand Defence Force (NZDF).

The annual Tohu Awards, hosted by the Minister of Defence and run by the Defence Employer Support Council (DESC), recognise those who employ Reservists, Cadet Force Officers and graduates of Limited Service Volunteer (LSV) Programmes.

This event, and the awards made, are an official acknowledgement of the service and ongoing commitment provided by organisations in communities around the country to support the NZDF.

With the support of independent organisations and employers, part-time service personnel can attend training exercises and serve on deployments, providing a boost in numbers alongside NZDF Regular Force personnel.

To that end, employers of Reservists and Cadet Force Officers are vital to supporting the NZDF’s readiness and effectiveness.

In return, employers often benefit from the additional training provided by the NZDF to their employees, including skills across leadership, teamwork, communication, discipline, planning, management and more.

Positive relationships between employers and part-time personnel in their civilian workplace often benefit both parties, with personnel being both engaged in their military roles and more likely to be motivated and committed to their employer.

This year, organisations can nominate themselves for an award category.

Nominations for all Employer Awards Categories close on 17 May 2024. A nomination form can be requested by emailing secretariat@ desc.govt.nz

The 2023 Employer Award Category winners were:

The Reserve Employer of the Year (Large Employer Category) was KPMG, which supports Reservists’ duties alongside their civilian career in KPMG NZ. The company enables cover of civilian engagements and considers emergency response leave for Reservists when they are required to respond to domestic emergency events at shortor even no - notice. Their HR policy includes 10 days of Reservist leave.

The Reserve Employer of the Year (Small Employer Category) was Reswax (Resin and Wax Holdings Ltd). The company’s employment contracts allow for flexible working arrangements enabling time to be spent on both Reserve and civilian tasks.

Contribution to the Limited Service Volunteer Programme award recipient was Taylor Preston. The company is an enduring supporter of the LSV programme, and its recruitment manager Barry Walsh is a long-time active benefactor. Taylor Preston has employed more than 30 graduates, and these graduates are given time off to talk to current trainees about their LSV experience and work journey.

The New Zealand Cadet Force Officer Employer of the Year was awarded to Toi Ohomai Te Pūkenga, Tauranga, and was nominated by Cadet Force Major Elisha Crawshaw. Toi Ohomai is a strong supporter of the New Zealand Cadet Forces (NZCF), notably to the Cadet Units in the Western Bay of Plenty. The organisation has HR policies in place that recognise the value of skills obtained through the NZCF training programme.

2024

CATEGORIES

Reservist of the Year

Reserve Employer of the Year (Small and Large Employer Categories)

New Zealand Cadet Force Officer

Employer of the Year

Limited Service Volunteers (LSV) Employer Recognition Award

Outstanding Contribution to the the Limited Service Volunteers (LSV) Programme

Nominations Open Tohu Awards

An event in support of part-time New Zealand Defence Force personnel and the organisations who support them.

EMPLOYERS OF NZDF PERSONNEL ARE INVITED TO SELF-NOMINATE

HOW?

REQUEST NOMINATION FORMS:

From secretariat@desc.govt.nz

SUBMIT NOMINATIONS:

To secretariat@desc.govt.nz

Reservist of the Year: 19 August 2024

All other Categories: 17 May 2024

CLOSING DATES: QUERIES?

Email secretariat@desc.govt.nz

FBI report on active shooter incidents: Open spaces favoured by attackers

A report from the FBI on active shooter incidents in the United States shows handguns and rifles as firearms of choice, and open spaces as the most commonly used location type, writes chief editor Nicholas Dynon.

Published in April 2023, the report Active Shooter Incidents in the United States 2022 provides an overview of active shooter incidents designed to assist law enforcement, other first responders, and the public to better understand the levels of threats associated with active shooter incidents in the US.

According to the report, the FBI defines an active shooter as “one or more individuals actively engaged in killing or attempting to kill people in a populated area.” The ‘active’ aspect of the definition implies “the ongoing nature of an incident and thus the potential for a response to affect the outcome.”

When evaluating shooting incidents to determine if they met the FBI’s active shooter definition, researchers considered for inclusion shootings:

• in public places

• occurring at more than one location

• where the shooter’s actions were not the result of another criminal act

• resulting in a mass killing

• indicating apparent spontaneity by the shooter

• where the shooter appeared to methodically search for potential victims

• that appeared focused on injury to people, not buildings or objects

It is important to note that the report does not encompass all gun-related incidents. A gun-related incident was excluded if research established it was the result of:

• Self-defence

• Gang violence

• Drug violence

• Contained residential or domestic disputes

• Controlled barricade/hostage situations

• Crossfire as a by-product of another ongoing criminal act

• An action that appeared not to have put other people in peril

This methodology was first articulated in A Study of Active Shooter Incidents in the United States Between 2000 and 2013 , and was applied to the 2022 incidents for consistency.

The FBI designated 50 shootings occuring on 2022 as active shooter incidents. Although incidents decreased by 18% from 2021 (61 incidents), the number of active shooter incidents increased by 66.7% compared to 2018 (30 incidents).

The 50 active shooter incidents in 2022 occurred in 25 states and the District of Columbia and represent seven location categories, including open spaces, commerce, residences, education, government, houses of worship, and a health care facility.

Incidents by month

May 2022 had the highest number of incidents (nine); January and September 2022 had the fewest number of incidents (one). When compared to 2021, May 2022 had the highest increase in incidents (from five to nine) and June 2022 had the greatest decrease in incidents (from 12 to six).

Incidents by day of the week

Over the past two years (2021–2022), active shooter incidents occurred on every day of the week. When compared to 2021, in 2022, Sunday had the highest increase in incidents (from six to 12) and Saturday had the greatest decrease in incidents (from 14 to six). Thirty-two active shooter incidents (64%) occurred between Monday and Friday.

Incidents by time of day

Twenty-seven active shooter incidents (54%) in 2022 occurred during the afternoon/evening hours (between 12:00pm and 11:59pm), and 46% (23 incidents) occurred during the morning hours (between 12:00am and 11:59am).

TOTAL BUSINESS SOFTWARE FOR THE TRADES.

Manage your business like you mean business with one software for job quoting, scheduling, inventory tracking, invoicing, workflow management and more. Plus, meet the hardest working support crew you’ll ever hire to help you build, repair and grow your business.

According to the data, active shooter incidents in 2021 were more likely to occur between 6:00am and 5:59pm (63.9%), compared to 2022, when 50% of incidents occurred during the same time period.

Incidents by state

The 50 active shooter incidents in occurred in 25 states and the District of Columbia.

• Six incidents occurred in Texas.

• Three incidents each occurred in Arizona, Florida, Michigan, and New York.

• Two incidents each occurred in Alabama, Arkansas, California, Colorado, Georgia, Maryland, Missouri, North Carolina, Oklahoma, Pennsylvania, and South Carolina.

• One incident each occurred in Illinois, Indiana, New Mexico, Ohio, Oregon, Tennessee, Virginia, West Virginia, Wisconsin, and Washington, D.C.

Casualty count

The 50 active shooter incidents resulted in 313 casualties (100 killed and 213 wounded, excluding the shooters). Thirteen of the 50 incidents met the criteria of the US federal definition of mass killing (three or more killings in a single incident).

In the incident with the highest number of casualties, seven were killed and 48 wounded. In nine incidents, there were zero casualties.

The casualty count for 2022 (313) was the highest for the past five years. There was a casualty count increase of 28.8% compared to 2021 (243), which was above the average for the years 2018–2021 (222.5). The number of people killed and wounded for the 2018–2022 period by year included:

• 2018: 86 killed, 139 wounded

• 2019: 102 killed, 156 wounded

• 2020: 38 killed, 126 wounded

• 2021: 103 killed, 140 wounded

• 2022: 100 killed, 213 wounded

simprogroup.com

In 2022, there was a 2.9% decline from 2021 in the number killed (100), but the number remains above average (82.25) for the years 2018–2021.

Despite this, there was a 52.1% increase in the number of wounded compared to 2021, the highest in five years. In 2022, the number of wounded (213) is above average (140.25) for the years 2018–2021.

Shooting locations

In A Study of Active Shooter Incidents in the United States

Between 2000 and 2013 , the FBI identified seven location categories where the public was most at risk. The FBI further breaks down individual categories, such as commerce open or closed to pedestrians, military or other government properties, and education by grade level.

The 50 active shooter incidents of 2022 occurred in seven location categories including open space, commerce, residence, education, government, house of worship, and health care. In 17 incidents (34%), the shooter fired weapons in multiple locations (open space and commerce).

23 of the 50 incidents occurred in open space locations, resulting in 29 people killed (including one law enforcement officer) and 76 people wounded (including six law enforcement officers).

In 48% of the incidents, the shooter had a known connection to the location and/or at least one victim, whereas in 52% of incidents, there was no known connection identified.

The shooters

Of the 50 shooters, 47 (94%) were male, one was female, one was nonbinary, and one was unidentified. Shooters were between the ages of 15 and 70 years old.

Across all incidents, 61 firearms were used by shooters, including 29 handguns, 26 rifles, three shotguns, and three unknown. Two of the incidents involved snipers. Four shooters wore body armour.

Study reveals the harmful impact of cyber-attacks on large Kiwi businesses

According to research commissioned by Kordia, operations were disrupted for a third of large businesses in New Zealand impacted by cyber-attacks.

Independent research released by Kordia in early March shows just how detrimental cyberattacks are on some of New Zealand’s largest businesses. Of the surveyed businesses that were hit by a cyber-attack in 2023, more than one in three (36%) said their business operations were disrupted, and 29% said personal data was stolen or accessed.

Key research findings:

• One in three (36%) businesses impacted by cyber-attacks or incidents say their business operations were disrupted

• 28% of businesses impacted by a cyber-attack or incident point to third-party suppliers as the cause

• 70% of business leaders say they would consider paying a ransom to a cybercriminal

• Cloud misconfigurations or software vulnerabilities were responsible for causing cyber incidents for almost two out of five (39%) businesses

• Around 46% of cyber incidents and attacks took longer than one month to resolve

• 29% of businesses suffering a cyber incident say personal data was stolen or accessed.

More than two-thirds (69%) of businesses claim they experienced an impact from a cyber incident, with

nearly half (46%) finding it took more than a month to resolve the incident, including 9% saying it took five months or more.

“Cybercriminals are financially motivated. What’s interesting in this survey is it highlights the beginning of a trend where hackers are targeting operational downtime over stealing or encrypting data as a means of extorting their victims,” said Alastair Miller, Principal Consultant at Aura Information Security, Kordia’s cyber security advisory and testing consultancy. “This is in line with what we’re seeing overseas, such as the recent DP World cyber-attack in Australia.

“It’s much harder for organisations to ignore an attack when they can’t function for a period of time. The motivation to pay a ransom is greatly increased when you can’t generate an operational income.

“Any cyber-attack disruptive enough to cause a business to completely go offline can cripple a business in days, but the reality is that a major incident can take months to resolve – with costs running into the hundreds of thousands. For large businesses and critical infrastructure providers, like the ones we surveyed, operational downtime impacts can have knock-on effects for whole supply chains and our economy.

“Despite this, New Zealand businesses still lag far behind when it comes to elevating cyber security to the highest levels of governance. Only

two thirds of businesses said that cyber security was a very important issue for their board, and this must change to see real progress in the overall resilience of our national industrial and business landscape,” continues Miller.

Human cost of cybercrime

According to the Kordia report, in 2023 global cyber threats impacted New Zealand citizens on a new, escalated scale. The hack on Australian financial services company Latitude saw personal data belonging to one million Kiwis (20% of the population) compromised in the largest privacy breach New Zealand has ever seen.

Miller says harm to privacy is one factor, but increasingly cyber incidents are causing immense harm to the employees of victim organisations as well.

“Around a quarter of respondents said recruiting skilled people to manage cyber security is a top challenge within their business,” said Miller. “The cyber security labour market is incredibly tight, both globally and here in New Zealand, so being able to hire and retain skilled people is crucial.

“Many businesses are asking themselves how they will keep up with the moving threat landscape with so few resources working on mitigating it.”

Miller points to a recent academic study, which found that cyber-attacks can cause high levels of psychological

harm — equal to conventional political violence and terrorism.

“With four in five NZ large businesses in our survey saying they faced a cyber incident in the past twelve months, these incidents will likely be taking a significant toll on the wellbeing of many of our cyber security leaders and their teams,” he said.

Changing threats

As cyber security evolves, so do the threats facing New Zealand businesses. Of the businesses surveyed that were subject to a cyber incident, 39% said the incident was due to cloud misconfiguration or software vulnerabilities. Distributed Denialof-Service (DDoS) attacks were the second most common at 35%.

“In 2023, cloud played the most significant role in cyber-attacks across the board, climbing 11 percentage points year-on-year in our survey,” said Miller

“In saying this, DDoS attacks continue to feature prominently globally, there has been an increase in activity stemming from geo-political events, including cyber warfare in Ukraine and Israel / Palestine. With a very low barrier to use, DDoS has also been observed as a tactic used in conjunction with other methods, leveraged by threat actors to mask other attacks occurring concurrently.

“Phishing continues to remain in focus, whilst supply chain attacks came

to the fore for New Zealanders, with third-party attacks featuring in more than a quarter (28%) of all incidents,” he added.

New year, new government, new cyber security legislation? With the new National Party-led government in place, questions are being asked by New Zealand businesses on how they will tackle the evolving cybersecurity threats.

Kordia’s survey results show that a third (33%) of Kiwi business leaders want the government to increase spending on national cyber security.

“Business leaders are eager to see more action to penalise organisations that fail to adequately protect data. New Zealand’s current privacy laws only punish failure to report a breach and that caps penalties at NZD$10,000, significantly more restricted and lower than legislation in other five eyes nations,” said Miller.

“Australia has made notable changes to cyber security governance, through a slew of legislative changes including harsher privacy law penalties of up to $50 million and mandatory reporting requirements for ransomware attacks. A notable number of respondents have indicated they would be supportive of similar initiatives in New Zealand.

“New Zealand often looks across the Tasman when it comes to policy, so it will be interesting to see whether similar legislation will eventuate here,” he added.

Treatment of hospital assault ‘epidemic’ ends prompting ‘reinfection’ concerns

Government’s $5.7 million summer boost to emergency department security comes to an end, prompting concerns from doctors and hospital workers that violence will return.

Announcing the ED security boost, Health Minister Shane Reti cited alarming increases in violent incidents in hospitals “In 2021, HNZ reported 1,179 assaults, rising to 3,459 in 2022,” he said. “In the first three months of 2023, 1,267 assaults were reported.”

“That’s why we’ve committed to these additional workers to help keep patients – and our hard-working doctors, nurses and other ED staff –safe during a particularly busy time,” he said on 22 December.

As part of the government’s 100day plan initiative, eight higher risk emergency departments in Auckland, Waikato, Wellington, Christchurch, and Dunedin each received an additional five security staff until the end of February.

A further 24 emergency departments near summer hotspots each received between two and five additional security staff to help manage pressures over the summer holiday peak.

According to a February 2023 report by APEX, the union for allied, scientific and technical employees in New Zealand, overseas data suggests health care workers make up 50% of the victims of workplace assault. It’s a problem, states APEX, “driven in part by societal changes, and in part by increasing pressure and short staffing, [which] is increasingly being labelled an “epidemic” in its own right.”

But it’s by no means a recent epidemic. According to the report, a 2011 study on workplace violence by Massey University of over 96 organisations representing over 76,000 employees found that “health was the industry with the highest rate of violence – reporting 55.3 cases of assault per 1000 employees, twice as bad as construction and nearly nine times worse than manufacturing.”

“This initiative addresses an immediate need,” Dr Reti said. “I’m also committed to working urgently on a longer-term plan to improve security across our hospitals.

According to One News, Australasian College for Emergency Medicine Aotearoa New Zealand chair Dr Kate Allan said she had heard “a range of feedback” on the initiative from emergency departments. Some reported that some security staff did not seem to be appropriately trained, integrated, or supported.

“Other doctors reported that their emergency departments did not receive any security, leaving staff feeling ‘unsafe and unsupported’,” she said. “Other colleagues reported that the presence of extra security reduced instances of verbal abuse, and ‘kept a lid’ on things after violent incidents.”

With reductions in incidents reported over the Summer, Allan said the feedback indicated the programme worked. She wants every emergency department in New Zealand to have carefully selected security staff who are culturally aware and skilled in deescalation techniques 24/7.

But the government’s $5.7 million in funding ended on 29 February, worrying doctors and hospital workers.

Te Whatu Ora says that between now and 01 July is reallocating money from other projects to fund security guards for hospitals while it reviews the programme, but it will mean fewer guards.

Five years on from mosque attacks political leadership needed

Government has remained reluctant to promote a public facing strategy that informs the public on how to protect venues from attack and stay safe during an attack, writes

Places Security Advisory Group.

The unthinkable happened on 15 March 2019. The survivors and their families, and the families of the 51 souls whose lives were tragically cut short that day, shoulder an unimaginable grief. The nation has grieved with them, and our memory of those who were lost serves to remind us of our responsibility to embrace our collective diversity and to reject ideologies of hate.

Terrorism and violent extremism remain persistent threats throughout the world, and places where people congregate, whether a place of worship, a shopping mall, a street parade, concert, or a train station at peak hour, are particularly vulnerable. These ‘crowded places’ are attractive venues for attackers whether they’re fuelled by extremist ideology or by something else, such as a grievance fixation, or drug or health issues.

Five years on from the Christchurch attacks, however, New Zealanders who frequent crowded places remain just as vulnerable, and our government remains reluctant to promote a public facing strategy that engages with and informs the public on how to identify a potential attack, protect venues from attack, and stay safe during an attack.

That’s not to say that the information isn’t there. As a result of the recommendations of the Royal Commission of Inquiry into

the terrorist attack on Christchurch masjidain, some excellent documents, such as Protecting our Crowded Places from Attack: New Zealand’s Strategy and Kia mataara ki ngā tohu - Know the signs: a guide for identifying signs of violent extremism have been produced. Unfortunately, they’re largely gathering dust on agency websites.

One might have assumed that five years since March 2019, the “escape, hide, tell” drill for attacks would have become as widely rehearsed across Aotearoa – or at least as widely known – as “drop, cover, hold” is for earthquakes. But it’s nowhere near it.

There’s been no high-profile launch, no Cabinet Minister front person, no media campaign, no noticeable public service advertising, no public discussion beyond invited expert and stakeholder groups. In short, no apparent political will to get New Zealanders talking about how to protect themselves against an attack.

Royal Commission of Inquiry

The situation is at odds with the findings of the Royal Commission of Inquiry (RCOI).

The RCOI Report found that had “there been a threat agnostic publicfacing counter-terrorism strategy that incorporated a “see something, say something” policy, there would have been an increased chance” of the Christchurch attacker’s preparations being noticed and reported.

It also found that if a public facing counter-terrorism strategy relating to risk mitigation measures and managing crowded places had been implemented before 15 March 2019, it “may well have reduced the loss of life resulting from the terrorist attack”.

Yet, it goes on to note that the extent of promotion of the government’s February 2020 Countering Terrorism and Violent Extremism Strategy Overview was its publication on the website of the Department of Prime Minister and Cabinet. Unsurprisingly, and as the report noted, it attracted little public attention.

The aforementioned crowded places strategy, noted the Report, was whispered into the public domain via a New Zealand Police media release and publication on government agency websites. By contrast, Australia’s crowded places strategy, released in 2017, hit the national media across the ditch after it received a Prime Ministerial launch.

Crowded Places Strategy still unknown

The crowded places strategy, which forms part of the Countering Terrorism and Violent Extremism Strategy, provides guidelines and tools to help owners and operators of crowded places reduce the chance of an attack occurring, and lessen its consequences, using methods that are proportionate to the potential threats they face.

To be fair, government ministers would have understandably been loath to promote the strategy when it was

published in September 2020. COVID lockdowns meant that previously crowded places were empty – and financially hurting, and there was a national election around the corner.

But it’s now 2024. Lockdowns are behind us, crowded places are crowded again, and we have a new government.

Yet despite some good yet thinly resourced outreach work by the New Zealand Police, the crowded places strategy remains largely unknown to the broader public.

The threat of armed terrorist, criminal, or fixated person attack hasn’t disappeared. Our society is increasingly challenged by tensions exacerbated by international conflicts, political polarisation, socioeconomic divides, mis/disinformation, and distrust in traditional political institutions. We’re no less likely to experience an attack now than we were in 2019.

To put it into numerical perspective, according to the 2023 National Security Public Survey, 68% of New Zealanders perceived that there is a real threat of “terrorist attack / violent extremism in NZ” in the next 12 months. Our national terrorism threat level is currently at ‘Low’, but that still means a “terrorist attack, or violent criminal behaviour, or violent protest activity is assessed as a realistic possibility.”

Time for political leadership

As Chair of the Crowded Places Security Advisory Group (CPSAG), a voluntary security industry body established on the suggestion of the

Police to identify how industry might contribute its expertise to support the crowded places strategy, I call on our national government to give the strategy the hard launch that New Zealanders need it to have.

Five years on from the Christchurch attack, two and a half years after the LynnMall attack , 16 months since it came to light that a radicalised teen had planned to carry out an attack on locations in Auckland, less than a year since a mass shooting at an Auckland CBD construction site resulted in three deaths and several wounded, and six years since police thwarted a heavily armed teen’s plan to shoot teachers and classmates at a South Island school, political leadership in socialising attack preparedness and response guidance is long overdue.

Let’s get a national conversation started on protecting our places of worship, our office buildings, our tourist attractions, our construction sites, our Sunday markets, our schools and universities, our bars and restaurants, and our shopping malls. Let’s start talking about “escape, hide, tell”.

The threat of armed attack is an uncomfortable topic on many levels, but that’s no reason to shy away from it. If 15 March 2019 has taught us anything it’s that the unthinkable can –and will – happen where and when we least expect it.

The greatest threat to our security, our safety, is thinking there is no threat at all.

Red Badge Group purchases ELE Security ending employment uncertainty for staff

Security division of the beleaguered ELE Group is purchased by security guard services provider Red Badge Group. New entity carries on the RISQ name.

Red Badge Group announced on 07 March its purchase of security guarding and risk management training provider ELE Security (previously Bespoke Security and RISQ NZ).

According to the announcement, ELE Security’s guarding operation will transition to Red Badge, ensuring ongoing employment for staff and continuity of security services for ELE Security customers.

ELE Security’s training division will comprise a newly established Red Badge Group entity RISQ Australasia Ltd, which will be independently operated and managed by Bruce Couper as General Manager.

Under Couper’s two-decade leadership, RISQ earned a reputation as a trusted provider of high-level personal safety and conflict management training, robbery safety skills and behavioural awareness training.

“ELE Security is renowned for delivering quality security services and by integrating their principles into our existing operation we will further strengthen Red Badge Group’s position as a market leader,” said Ben Wooding, CEO of Red Badge Group.

“This opportunity to bring together the proven brands of Red Badge Group and Bespoke Security… was an obvious choice,” stated Red Badge

Group Director Andy Gollings in a LinkedIn post. “This partnership is sure to provide opportunities for our customers and ourselves. Exciting times ahead!”

Guarding services now make up more than 80% of the Red Badge Group operation, which is looking to expand and deepen its service offerings into the healthcare and retail sectors.

“Through this transition period we will be totally focused on providing continuity for all ELE Security customers and staff while enhancing the focus on consistency, reliability and service excellence” said Wooding.

“We are thrilled to welcome ELE Security customers and staff to the Red Badge family”

ELE Security was previously part of ELE Group, the labour hire firm that went into receivership late last year. It was the last of the ELE Group companies to be placed into receivership.

“The transaction with Red Badge allows for the ongoing employment of staff, continuity of security services and risk management training offering for the existing ELE Security customer base,” said Deloitte receiver David Webb, as quoted in a One News report.

A LinkedIn post by RISQ Australasia stated that the team at RISQ are thrilled about the new ownership and new environment. “The feedback from customers has been fantastic and we know that their security and safety needs are greater than ever before.”

Armourguard Security to purchase ACM New Zealand Limited

Evergreen NZ Holdings’ Armourguard Security to merge the combined New Zealand Cash-in-Transit businesses into Armourguard Logistics Limited.

Evergreen announced on 28 March that it had reached a definitive agreement to purchase ACM New Zealand Limited (ACM) from Linfox Armaguard Proprietary Limited.

The transaction is subject to regulatory approvals, including by the New Zealand Commerce Commission (NZCC). Upon approval and completion, Armourguard Security and ACM shall merge their respective Cash-In-Transit (CIT) operations into Armourguard Logistics Limited, a newly formed wholly-owned subsidiary of Evergreen (Armourguard Logistics).

The proposal for merger authorisation to be submitted to the NZCC outlines a planned merger of Armourguard Security’ and ACM’s CIT assets, liabilities, employees and operations into Armourguard Logistics.

Armourguard Logistics will be led by Armourguard Security CEO Shane O’Halloran and remain locally managed, continuing Armourguard’s 85 years of New Zealand security and CIT experience.

“The proposed merger represents a positive development in the management of cash logistics and wholesale cash distribution in New Zealand, and seeks to provide the stability, resiliency and future of the cash economy in New Zealand,” stated Shane O’Halloran.

Cash usage in New Zealand has been in steady decline over the past two decades, which accelerated due to the impacts of the COVID-19 pandemic.

This has led to significant excess capacity within the New Zealand cash logistics services infrastructure, with Armourguard Security and ACM each struggling to support the rising costs of servicing the New Zealand cash economy.

Although the requirements of the New Zealand cash logistics market are not enough to sustain both major players, cash nevertheless remains a critical component of New Zealand’s society and economy.

Importantly, the Reserve Bank of New Zealand continues to support the use of cash as a form of payment accessible throughout New Zealand.

“The proposed merger shall give Armourguard Logistics the greatest opportunity, where possible, to support the ongoing employment and wellbeing of employees in the cash services sector, as well as meeting the needs of our customers and the community by building a more robust, sustainable and resilient nationwide cash logistics network in New Zealand,” said O’Halloran.

“It will also support the Reserve Bank of New Zealand’s continued focus on making cash a payment mechanism readily available to the public.”

In the announcement, Armourguard Security stated that it remains committed to providing its customers and partners with best-inclass service and its employees and communities with a healthy and safe working environment.

The New Zealand merger agreement comes several months after the Australian Competition & Consumer Commission (ACCC) authorised a merger in Australia between Linfox Armaguard Pty Ltd (Armaguard) and Prosegur Australia Holdings Pty Limited (Prosegur) on 13 June 2023.

The first stage of integration of Armaguard and Prosegur sites took place in October 2023, with completion of the integration earmarked for mid-2024. During the first few months of 2024, Armaguard has been involved in negotiations with banks around a rescue plan to bail out the cash distributor.

Christchurch attacks 5 years on: terrorist’s online history gives clues to preventing future atrocities

Any hope that the perpetrator of the Christchurch attacks was a one-off – and that it won’t happen again – is misguided, writes Dr

of the University of Auckland.

As our research has previously revealed , the man who attacked two mosques in Christchurch in 2019, killing 51 people, posted publicly online for five years before his terrorist atrocity.

Here we provide further information about Brenton Tarrant’s posting. This article has two main goals.

First, by placing his online posting against his other online and offline activities, we gain a far more complete picture of the path to his attack.

Second, we want to show how his online community played a role in his radicalisation. This is important, as the same can happen to others immersed in that community.

In combining his online and offline activity here we do not seek to attribute blame to those who might have been expected to detect this behaviour. It is exceptionally difficult to identify terrorists online.

And yet, history is full of difficult problems that have been overcome. We use the benefit of hindsight to provide greater understanding of Tarrant’s pathway than has previously been available.

The aim is to prevent similar attacks by better understanding how such people act and how they might be detected.

Words and deeds

In the timeline below, we focus on Tarrant’s activity in 2018, following his first visit to Dunedin’s Bruce Rifle Club on December 14 2017, until his final overseas trip in October. It is for this period that we have the most comprehensive online posting history.

In 2024, we have both the benefit of hindsight and the accumulation of information relating to the attack. However, this triangulation of online and offline activities

illustrates the ways those contemplating terrorist violence might act.

We can now see, for example, that Tarrant bought highpowered firearms on three occasions over a six-week period in March and April 2018. And he posted publicly twice on the online imageboard 4chan about his plans for racially motivated violence, and his veneration of a perpetrator of a similar attack.

Tarrant therefore not only “leaked” his plans for violence, he did so at the very moment he was buying weapons for it.

Over 20 days in July and August, Tarrant presented to hospital with gunshot wounds, and began selling weapons online under the username Mannerheim (the name of a Finnish nationalist leader revered for defeating the communists in the country’s civil war).

He also posted publicly about his anger at the presence of mosques in South Island cities (claiming one had replaced a church). He wrote “soon” when another poster suggested setting fire to these places of worship.

A month later he attempted to sell weapons on online marketplace TradeMe, using a prominent white nationalist slogan – “14 Words” – in his username. (Strangely, this clear red flag was mentioned only once in the royal commission report on the attacks)

TradeMe removed one of these advertisements for violating its terms of use. That caused Tarrant to move to another forum – NZ Hunting and Shooting Forums – to complain.

Extremist community

Our study has also revealed how important the 4chan community is to the radicalisation of individuals like Tarrant. In contrast to the fleeting human interaction he had

with others as he travelled the world, 4chan was Tarrant’s community.

4chan’s /pol/ (politically incorrect) board became his home. Here he interacted with others over long periods, imagining he was speaking to the same people over months and years, and assuming many of them had become his friends.

We have found that, while creating a sense of belonging and community, /pol/ also works to create extremists in both direct and indirect ways.

Its anonymous nature (users are assigned a unique ID number for each thread, rather than a username) has two effects. One is well known, the other identified in our study.

First, anonymity encourages behaviour that would be absent if the poster’s identity was known. Second, anonymity is frustrating for those who wish to “be someone”, who crave respect and notoriety.

We have documented the way Tarrant (and others) strive to gain status in a discussion, only to have to start again when they move to a new thread and are given a new ID. This lack of ongoing recognition is agonising for some individuals, who go to lengths to obtain respect.

Anonymity and peer respect

And just like a real-world fascist movement, /pol/ venerates violent action as necessary for the vitality and regeneration of the community.

When a terrorist attack, school shooting or other violent event occurs, users celebrate these events in socalled “happening” threads. These threads are longer, more emotional and excited than any other discussions. Participants often claim the individual at the centre of the event is “/ourguy/” (a reference to the /pol/ board).

The threads are also highly anticipatory: many users believe this event will finally push society into violent chaos and race war.

These dynamics are closely connected. For those who seek recognition and status on the bulletin board, such as Tarrant, the excited attention and adoration given to those who perpetrate high-profile violence is the clearest path to the peer respect that the anonymity of the board otherwise denies them.

As harrowing as this finding is, we contend that gaining respect from their online community is in itself a crucial motivation for some perpetrators of far-right terrorism.

The nature of this extreme but easily accessible corner of the internet means any hope Tarrant was a one-off – and that this won’t happen again – is misguided.

This article was originally published in The Conversation on 14 March 2024. The authors acknowledge the expert contribution of tactical and forensic linguist and independent researcher Julia Kupper. More information about our study will be released at heiaglobal.com . Our research was approved by the University of Auckland Human Participant Ethics Committee. A paper based on this study has been submitted for peer review and publication.

Five steps for New Zealand businesses to manage cyber incident response

There are five steps every organisation in New Zealand can follow to ensure they are ready to respond should they become the victim of a cyberattack,

With over 2000 incidents reported to CERT NZ each quarter, New Zealand is facing an increasing number of cybersecurity attacks. Every organisation, from the smallest business to the largest government department or organisation must now have a plan for how it will respond to a cybersecurity incident. In the last year, data breaches and other attacks have cost New Zealand around $20 million.

The degree of incident planning each organisation will require depends on the resources it has on hand, the

level of available technical expertise and the specific risks and threats it faces. Regardless of these constraints, there are five steps every organisation in New Zealand can follow to ensure they are ready to respond should they become the victim of a cyberattack.

1. Choose your incident response team

Incident response is a team sport. As you work your way through the incident planning process, consider who will be responsible for executing specific tasks. Assign one person to be the incident manager and look for people who will be able to work under pressure.

You need a combination of technical and business knowledge. For example, senior managers may be more valuable for managing relationships with key stakeholders such as external agencies, customers or suppliers. An accounts payable team member might be a great person to have as they understand their systems and processes. Remember to include crisis communications and external PR support in your incident response team along with legal counsel.

For each role in your plan, ensure there is a backup – criminals don’t care if your incident manager is on leave.

2. Assess your risks

Before you create an incident response plan you need to determine what incidents you might face. For example, if you only use cloud systems and don’t operate your own servers or data centre, then it’s unlikely you’ll need a response plan to deal with a Distributed Denial of Service (DDoS) attack. On the other hand, the likelihood of a ransomware attack is much higher.

List all the different cybersecurity incidents and rank according to severity and likelihood. For each type of incident, estimate how likely you

are to face that issue and how severe its impact might be.

Some typical types of incidents you might need to consider are DDoS, ransomware, rogue employee stealing data, email fraud or extortion where data is stolen and there’s a threat to publicly release it.

3. Plan for the high-risk incidents

For each of the highest risk incidents you’ll need a response and communications plan. That plan should include how you will minimise the impact, eradicate the threat, recover to a normal operating state, and document who is responsible for each stage in the response.

As well as the business and technical response, you will need a communications plan. This should include prepared templates for how you will communicate with customers, employees, suppliers and law enforcement. Depending on the incident, you may also be subject to mandatory reporting to the Privacy Commissioner or other agencies.

4. Test the incident response plan

The only way to know if your plans will work is to test them. Testing

accomplishes two major outcomes. It enables you to assess whether your plan is effective and enables your incident response team to practice and perfect their roles in a less pressured environment.

As you test the plan, take careful notes of what worked, where people found the plan interfered with effective response and how it can be improved.

You may find multiple tests, that focus on specific areas of the plan, are useful. You should schedule tests at least twice a year.

5. Update the plan regularly

Following each incident response test, review the plan and update it with what you learned. It’s important your incident response team conducts regular reassessments of the threats and risks your organisation faces. If you learn that email fraud or business email compromise attacks are an increasing risk, then your plan should be adjusted.

An incident response plan is not a static document that gathers dust in the hope that a cybersecurity incident never occurs. It is a living document that is regularly tested and reviewed to ensure it is ready should an attacker target your organisation.

Security integrator Nextro awarded Genetec New Zealand Partner of the Year

Nextro takes the top New Zealand award in Chiang Mai, Thailand at the Genetec Elevate 24 partner event for the Asia Pacific & Oceania regions.

Security integrator and managed network and security services provider Nextro has come away with the prestigious Partner of the Year New Zealand award in front of a packed partner event hosted by Genetec in Chiang Mai, Thailand.

The award recognises Nextro’s growth, capabilities, and customer wins for Genetec in the New Zealand market, where the company has deployed and integrated Genetec for unified video surveillance, access control, intrusion detection and license plate recognition systems, for leading enterprises and critical infrastructure operators across New Zealand.

According to the 18 March announcement, Nextro has recently deployed and integrated industrial IOT (IIOT) sensors across campuses with reporting and alerting directly into Genetec, and it is the leading provider of the Genetec Security Center SaaS cloud solution for physical security unification in the New Zealand market.

“Nextro has delivered complex unified security solutions for key Genetec customers in New Zealand, and we are delighted with the company’s performance over the year…”

“Over the last year, the Nextro team has delivered several market-leading security and operations technology projects for critical infrastructure

providers in New Zealand,” said Martyn Levy, Nextro’s Managing Director.

“We are thrilled with the Genetec Partner of the Year for New Zealand award and the recognition of our team’s and customers’ combined efforts to deliver unified security solutions to protect strategic assets. Our customers love what we do and there is nothing better than seeing the security, operations, and health and safety teams enjoy the benefits daily.”

Nextro’s managed network, cybersecurity, IIOT, and cloud experience and capabilities – coupled with Genetec’s video surveillance and access control solutions – deliver secure, unified operations technology and security solutions for its customers.

“Nextro has delivered complex unified security solutions for key

Genetec customers in New Zealand, and we are delighted with the company’s performance over the year,” said George Moawad, Genetec Country Manager of Australia and New Zealand. “We work very closely with the Nextro team and we look forward to an even bigger year ahead.”

The company had previously been recognised by Genetec, taking out its Rookie of the Year Award in 2022.

Founded in 2010, Nextro designs, installs, and manages telecommunications, network and security solutions for businesses throughout New Zealand. In midNovember 2023, the company announced it had attained Axis Communications Gold Solution Partner status.

Defending Democracy: Artificial Intelligence threatens the 2024 US elections

With the US presidential elections coming up, candidates will need to take serious steps to protect their campaigns and build trust with voters, according to research by Yubico and Defending Digital Campaigns.

This warning comes in the wake of the 12 March release of the report Impact of Cybersecurity and AI on the 2024 election season by hardware authentication security key provider Yubico and nonprofit Defending Digital Campaigns.

Conducted by OnePoll, the survey polled 2,000 registered voters in the United States to better understand how voters perceive cybersecurity ahead of the 2024 US elections, the impact of Artificial Intelligence (AI) and the concerns they have about the cybersecurity of political campaigns, regardless of party affiliations.

Concerns about AI

“Given the sudden advancement and uncertainty of AI technology, it’s not surprising that over 78 percent of respondents are concerned about AI-generated content being used to impersonate a political candidate or create inauthentic content, with Democrats at 79 percent and Republicans at 80 percent,” said David Treece, vice president of solutions architecture at Yubico.

“Perhaps even more telling is that they believe AI will have a negative effect on this year’s election outcomes (42 percent Democrats and 49 percent Republicans).”

In addition to the threat of AI and deep fakes spreading misinformation, 85 percent of respondents don’t have a high level of confidence that political campaigns effectively protect their personal information. If cybersecurity is not a top focus, campaigns run the risk of being breached, exposing personal data, experiencing a financial impact and more, all which could have a negative effect on the entirety of the campaign.

In fact, 42 percent of those who have donated to a campaign said their likelihood of donating again would change if the campaign was hacked and 30 percent report this would even

change the likelihood of a candidate receiving their vote.

“Campaigns are the heart of our democracy and every campaign must adopt basic cybersecurity protections. This year’s election is particularly risky for cyberattacks directed at candidates, staffers, and anyone associated with a campaign,” said Michael Kaiser, president and CEO of Defending Digital Campaigns.

“Having the right cybersecurity in place is not an option — it’s essential for anyone running a political operation. Otherwise, campaigns risk not only losing valuable data, but losing voters.”

Campaigns impacted by poor confidence

43 percent of respondents believe that AI-generated content will negatively affect the outcome of the 2024 elections. Perhaps self-fulfillingly, when an audio clip with an AI voice was played to respondents, 41 percent believed the AI voice was authentically human.

Already, 52 percent of respondents have received an email and/or text message appearing to be from a campaign that they suspected was actually a phishing attempt. “Because campaigns are built on trust, potential hacks like fraudulent emails or messages sent out impersonating them via their social media accounts, where they are directly interacting with their audience, could be detrimental to campaigns,” added Treece.

From a data security perspective, 85 percent of respondents don’t have a high level of confidence that political campaigns effectively protect the personal information they collect. Over a quarter of respondents (26 percent) indicated they have not completed a transaction making a campaign donation because of concerns about the security of the transaction or how their personal information would be handled.

Precautions needed to boost confidence

With election season underway, what can campaigns do to protect themselves and build trust with voters?

Even though cybersecurity attacks are becoming more sophisticated with tools like AI, there are simple ways to help mitigate these risks, including using strong, unique passwords and storing them in a password manager, along with enabling multi-factor authentication whenever possible.

Registered voters would like to see campaigns and candidates take precautions to prevent their websites from being hacked (42 percent) and use strong security measures like multi-factor authentication (MFA) on their accounts (41 percent). They also want campaigns and candidates to put policies in place and train staffers and key volunteers on cybersecurity and protecting personal information (38 percent).

“It’s imperative that candidates take proper steps to protect their campaigns and more importantly, to build trust with voters by adopting modern cybersecurity practices like phishingresistant authentication,” said Treece.

Assisting democratic institutions

Campaigns face two significant barriers

as they seek to better secure themselves from cyber threats: the high cost of quality cybersecurity products and the experience to organise an effective security strategy.

Defending Digital Campaigns helps campaigns quickly overcome both, removing cost and expertise as barriers to security and allowing campaign staff to focus on what they do best: campaigning. DDC is a nonprofit organisation providing access to low-to-no cost cybersecurity products, services and information.

DDC works with the world’s leading technology vendors to make their services available directly to campaigns in addition to providing education for campaign professionals. The non-profit was granted special permission by the US Federal Election Commission to operate under this model, providing all campaigns — regardless of party — with the support they need within the limits of campaign finance law.

Since 2020, Yubico has donated tens of thousands of security keys to DDC on behalf of its philanthropic initiative––Secure it Forward––in which it donates YubiKeys to journalists, human rights activists and organisations that work to preserve democratic integrity, further diversity in tech, and protect human rights.

NZSA CEO’s March newsletter

In this abridged March update, NZSA CEO Gary Morrison covers NZSA financials, member benefits, changes to minimum and median wages, PSPLA decisions, a strategic partnership with MBIE, and more.

Gary Morrison is CEO of the New Zealand Security Association (NZSA). A qualified accountant, Gary was GM of Armourguard Security for New Zealand and Fiji prior to establishing Icon Security Group.

Whilst we have been favoured by the weather gods over recent months, we only have to look back to events one year ago and the catastrophic flooding throughout the North Island and in particular, the East Coast and parts of Auckland.

Recent press coverage has highlighted how many of these communities are struggling with property owners displaced, uncertainty with regards to the buyout of condemned houses and formerly productive land still silt covered and unusable.

Unfortunately, the way that security providers stepped up and played a significant role in ensuring the safety of people and property impacted by the flooding went largely unnoticed and unreported at the time.

There are many stories of our members and their employees going well beyond their normal responsibilities and providing critical services that benefitted local communities, and whilst somewhat belated, it is important that we pass on our thanks and recognition to all who assisted at the time.

Financial Health Update

As we head into the new financial year, we are pleased to report that the NZSA is in a very sound financial position, even after incurring unbudgeted costs relative to the now repealed Fair Pay Agreement legislation.

Under the guidance of our board, the executive team have over recent years implemented a number of strategic measures that have ensured we are well placed financially and positioned us for

the future success and growth of our organisation.

We are also mindful that many businesses are under considerable cost pressures and that as a voluntary member organisation we need to provide ongoing value and benefit to our members.

Given our sound financial position and the challenging current trading conditions, we are pleased to advise that there will be no increase to our membership fees for the 2024/2025 financial year.

Member Benefit Programmes

The NZSA provides a wide range of benefit programmes for our members, details of which can be found later within this newsletter, and on our website.

We are thrilled to advice that we have added a further benefit programme to our offering, with our partnership with The Dog Safe Workplace Ltd launched this month.

Many roles within the security industry involve attending premises where dogs may be present and whilst most interactions are non-threatening, dog attacks are not uncommon, and staff should possess the skills and knowledge on how to accurately recognise and interpret dog signals. This knowledge empowers them to proactively mitigate risks and ensure their safety whilst encountering dogs as part of their job.

Update on death of security officer Ramandeep Singh

In our January newsletter we reported on the tragic death of security officer Ramandeep Singh. Ramandeep was a patrol officer for a contractor to

Armourguard and was fatally assaulted whilst conducting a check on a park in Massey.

Whilst the police investigation is ongoing, two offenders have been arrested and appeared in court and it seems likely that further arrests and charges are likely. We would like to thank those who have passed on their condolences and provided support via the Give -a-Little page established for the benefit of Ramandeep’s family.

Changes to Minimum Wage and Median Wage

It was recently announced that the Minimum Wage will increase to $23.15 per hour, effective 1 April 2024, an increase of 2% on the current rate of $22.70.

Immigration NZ has confirmed that from 28 February 2024, the new Median Wage will be set at $31.61. This is based on StatsNZ data and will be adopted into parts of immigration policy.

For some visa types, the new median wage will be used as the qualifying threshold and given the complexity of the work visa system we recommend that any members who are AEWV registered, or utilise sector agreements, should seek guidance from Immigration NZ.

We also note that the Living Wage remains at $26.00 per hour (effective from 1 September 2023).

PSPLA (Private Security Personnel Licensing Authority) Decisions

There is a commonly held perception that the licensing authority that oversees security workers is ineffective and has no teeth.

The reality however is that the PSPLA, under the stewardship of registrar Trish McConnell, has adopted an increasingly strong position in enforcing the Act and imposing appropriate penalties, including the cancellation of licenses and imposing financial fines.

Decisions by the PSPLA are also published on their website which has introduced a high level of transparency to the process and provides access to the media, public and stakeholders.

Recent examples that have been published in the press include a patched Head Hunters gang member being denied a certificate of approval for security work and a fine imposed on Rotorua based emergency housing figure Raymond (Tiny) Deane and his security business Tiger Security after being found guilty of misconduct.

Importance of purchasing technology via authorised NZ channels

It is important that installers are aware that if they directly source imported equipment, there is a strong likelihood that they will not receive support from authorised NZ channel suppliers. This could cause significant issues for both installers and end users, particularly in the longer term.

We recommend that installers talk to their local channel partners to clarify the availability of support and conduct appropriate due diligence if sourcing imported equipment.

Strategic Partnership – MBIE

We are pleased to have formalised a Strategic Partnership with MBIE that will allow us to provide timely and

relevant information on employment matters for our members, along with access to employer resources.

This relationship adds to our existing partnerships with ACC, MSD, Ringa Hora and Waihanga Ara Rau. We recommend that members should utilise available MBIE resources to ensure they are compliant with minimum employment standards in the workplace.

These include:

• A guide for employers

• Modules for employers and employees

• Employer self-assessment guide

• Employer self-assessment checklist

• Employer Stand down-list

Guiding principles for the ethical use of Automated Facial Recognition

Facial recognition technology has been with us for some time but has come into media and public focus recently with trials being conducted by Foodstuffs in a number of their stores.

We commend Foodstuffs for working with the Privacy Commissioner on the trial and it will certainly be interesting to see the outcomes.

The use of AFR (Automated Facial Recognition) technology does also present some challenges for the security industry. Most facets of the electronic security industry are compliance driven with well documented standards, guidelines and codes of practice however AFR is an emerging and rapidly developing technology with minimal supporting guidance on how it should be used ethically.

Our Australian counterpart, ASIAL, has recently circulated a draft document titled, “Guiding principles for the ethical use of Automated Facial Recognition for industry and stakeholder feedback”. The document is largely based on a 2021 guidance document released by the BSIA (British Security Industry Association).

The NZSA has taken the opportunity to update the draft document to reflect New Zealand legislation and sought feedback from a number of local industry providers and stakeholders. We hope to have the final version ready for release in the next few months.

New Auckland Rail Operations Centre opens

Official opening of Auckland Rail Operations Centre promises to deliver more resilient, reliable and predictable metropolitan rail services for Aucklanders.

14 March saw the official opening of the new Auckland Operations Centre by Transport Minister Simeon Brown. The facility will bring together KiwiRail, Auckland Transport, and Auckland One Rail to improve service reliability for Aucklanders.

Delivered by KiwiRail and a jointventure between Oyster Property Group and KKR, the Auckland Rail Operations Centre is envisaged to provide an outstanding facility to safeguard operations and meet the needs of its people, well into the future.

The building has been designed to achieve a high level of resilience, able to withstand extreme weather events, faults and problems while continuing to deliver service.

“We are proud to have played a role in the development of this critical asset, which will bring all rail industry partners under one roof to support the management of the growing rail network in Auckland,” stated Oyster Property Group.

“We welcome KiwiRail, Auckland Transport and Auckland One Rail to Central Park and look forward to supporting the Auckland Rail Operations Centre in providing such a vital service for our region.”

“The recent train disruptions in Auckland have highlighted how important it is KiwiRail and Auckland’s rail agencies work together to ensure that Auckland commuters are getting to where they need to be on time,” said Minister Brown.

“Today’s opening will benefit Auckland commuters by ensuring agencies work closer together to provide a faster and more joined-up response to problems arising on the network.

“By bringing these agencies together in one centre, I expect to see them working much more closely and collaboratively to provide reliable and predictable metro rail services for Aucklanders.

“While some of the issues are about coordination, others relate to the operating model for metropolitan rail. Because of this, the Government will also be reviewing the Metropolitan

Rail Operating Model (MROM) to improve metro rail services in Auckland and Wellington.

“The MROM hasn’t been updated in nearly 15 years, and metro rail has grown in scale and complexity over that time. Rail passengers are frankly fed up with the blame game of who is at fault, they just want a reliable service that turns up on time.

“Reviewing the MROM will allow us to develop a more sustainable funding model, including who pays for what, and ensure the services and infrastructure is more focused on delivering a reliable service for passengers.”

Private Security Personnel Licensing Authority enforcing the Act

Already in 2024 the PSPLA has been busy investigating alleged breaches of the Private Security Personnel and Private Investigators Act 2010 and imposing penalties where breaches are established.

“There is a commonly held perception that the licensing authority that oversees security workers is ineffective and has no teeth,” wrote New Zealand Security Association CEO Gary Morrison in his March 2024 newsletter.

“The reality however is that the PSPLA, under the stewardship of registrar Trish McConnell, has adopted an increasingly strong position in enforcing the Act and imposing appropriate penalties, including the cancellation of licenses and imposing financial fines.”

Decisions by the PSPLA, he noted, are also published on the PSPLA website, which has introduced a high level of transparency to the process, providing access to the media, public and stakeholders.

And a quick glance at the Authority’s website proves that he’s not wrong, with 22 of the Registrar’s 2024 decisions already available for viewing. The following is a small selection of recent PSPLA decisions:

[2024] PSPLA 018 (05 March)

In June 2023 the Registrar asked the Complaints, Investigation and Prosecution Unit (CIPU) to investigate a complaint relating to the alleged employment by Company A of individuals in restricted security roles without a COA.

The CIPU concluded that Company A employed several employees despite them not holding COAs, and allowed them to work as unlicenced security technicians or consultants. This contravened section 45 of the Act.

The CIPU also found that Company A did not have adequate internal systems and processes in place and that those involved in the management of the company did not have sufficient knowledge of their responsibilities as holders of a security licence.

Company A accepted the conclusions in the CIPU report and provided evidence of changes to internal processes and policies which they were implementing. The Registrar was satisfied that these changes addressed most of the concerns raised by the CIPU investigator, and the complaint was accordingly closed.

Company A was advised that any further breaches of the Act would likely result in disciplinary action being taken against them.

[2024] NZPSPLA 017 (04 March)

In a complaint against Mr PI and Company B, the Registrar considered whether the way Mr PI described himself to people was misleading or likely to mislead.

Mr PI provided a recording of two of his introductions to the investigator. In one he introduced himself “Private Investigator, I’m just licenced with the Ministry of Justice.” In another he says “My name is [name], I was just wondering if you could help me, um, I’m doing an inquiry and I’m a licenced investigator with the Ministry of Justice.”

Both ways of introducing himself gave the people he spoke to the wrong impression, stated the Registrar. “The second introduction outlined above would cause any reasonable person to think Mr PI was undertaking the investigation or working for the Ministry of Justice,” she explained.

“This is in fact what they thought. All the people Mr PI spoke to thought he worked for the Ministry of Justice, the Courts, or some government organisation.”

The Registrar also pointed out that the way Mr PI introduced himself was not only misleading but technically incorrect in that he is licenced with the Private Security Personnel Licensing Authority (PSPLA) rather than the Ministry of Justice. The PSPLA, she explained, is a licensing authority and disciplinary tribunal that is supported

and administered by – yet independent from – the Ministry of Justice.

In his defence, Mr PI provided links to ten private investigator’s websites which he said contain references to being licenced with the Ministry of Justice. He also argued that his security ID and licence are issued by the Ministry of Justice and have the Ministry of Justice coat of arms on it.

But the Registrar pointed out that including a reference to being licenced by the Ministry of Justice on a private investigation business’ website, while technically incorrect, is not as misleading as the way Mr PI introduced himself.

“It is clear from the rest of the websites that they are referring to privately owned and run security businesses. This was not the impression Mr PI gave the people he talked to.”

She also explained that the security ID is labelled “Private Security Personnel Licensing Authority” and makes no reference to the Ministry of Justice. The coat of arms used on the ID is the Crown Coat of Arms and is not used exclusively by the Ministry of Justice.

She added that Mr PI should just introduce himself as being a licenced private investigator and, If he is asked for confirmation, can provide a copy of his official security ID, or individual licence.

“As a private investigator Mr PI should have a better understanding of the Private Security Personnel and

Private Investigators Act, and the status of the PSPLA,” she concluded. “However, the ignorance appears to be reasonably widespread among some in the industry. Therefore, I do not consider introducing himself in this way meets the threshold required for unsatisfactory conduct.”

The Registrar directed Mr PI to ensure that in future he does not create the wrong impression when he introduces himself while undertaking investigations.

“If Mr PI wants to introduce himself as a private investigator he should just say, ”I am [name] PI, I am a licenced private investigator.” If he wants to provide more detail, then he can say, “I am a licenced investigator with [company name].”

[2024] NZPSPLA 016 (04 March)

In 2021 the Registrar asked the Complaints Investigation and Prosecution Unit (CIPU) to investigate whether Company C had breached the Act by employing security guards who did not hold a CoA and by failing to file an annual return.

Although the CIPU was unable to determine whether Company C was employing security guards who did not hold a COA, it found that it is possible they engaged an individual to work in security without the required certificate. The CIPU also established that Company C had changed its

name in November 2023 and that its sole company officer [Mr X] had also changed his name. The company had not filed an annual return since its licence was granted in 2020.

The CIPU investigator informed Mr X that he was required to advise the PSPLA of his company’s change of name and is required to file an annual return. The verbal advice was followed up by written advice on 8 February 2024. Despite this, no annual returns were filed and Mr X has not advised the PSPLA of his company’s change of name.

Section 43 of the Act requires licence holders to file an annual return at 12 monthly intervals advising any changes to the details included in the licensee’s application, a list of security workers employed or engaged by the company, and the prescribed fee. Section 43(6) states that if a licensee fails to file an annual return the licensee is automatically suspended.

The Registrar ordered that Company C’s company licence and Mr X’s CoA be suspended effective immediately, and that to have these suspension orders lifted Company C must file annual returns for 2021, 2022 and 2023.

[2024] NZPSPLA 009 (09 February)

The Police filed a complaint against Individual D alleging he is no longer suitable to be a certificate holder because he has been involved in a number of aggressive and mental health occurrences.

Police provided evidence of several incidents dating back to 2020 in which Individual D was “arrested, warned, or referred to Mental Health Services after being disorderly, aggressive, threatening, or irrational.”

The Registrar stated that the incidents to which police have been called became more frequent, with six since April 2023.

“[Individual D] did not attend the hearing or provide any written response to the police complaint,” she stated. “The behaviour [Individual D] has demonstrated is inconsistent with what is required of a private security worker.”

Based on the evidence provided, the Registrar concluded that Individual D is no longer suitable to be a responsible security employee, and directed that his CoA be cancelled with immediate effect.

“Until [Individual D] has learnt to control his anger and has been appropriately assessed and is complying with all prescribed treatment and medication, he is not suitable to be a private security worker.”

[2024] NZPSPLA 002 (10 January)

A complaint was filed against Individual B alleging that Individual B had stolen a laptop and mobile phone from a site where he was working as a static security guard. Individual B had not responded to the complaint and did not attend the hearing.

The complainant made several attempts to contact Individual B to resolve the matter with no success. A complaint was filed with police, who have also been unable to locate or speak with Individual B. He is currently wanted for questioning.

The Registrar stated that the information provided in support of the complaint proves that Individual B stole articles while working as a security guard from a site he was supposed to be guarding.

“I am satisfied that a reasonable person would consider such behaviour to be disgraceful and therefore it

amounts to misconduct as defined by s 4 of the PSPPI Act,” she stated.

“I am therefore satisfied that [Individual B] is no longer suitable to be a responsible security worker and that the appropriate outcome of the complaint is for [Individual B’s] certificate to be cancelled.”

Individual B was found guilty of misconduct, his CoA was cancelled with immediate effect, he was formally reprimanded and ordered to return his security ID to the Authority within seven days of receipt of the order. Failure to do so is an offence under the Act.

[2024] NZPSPLA 007 (07 February)

In October 2023 the Complaints Investigation and Prosecution Unit (CIPU) investigated a complaint that cleaners at a shopping mall were carrying out security work without CoAs.

The CIPU established that from 01 September the cleaning company had been contracted to provide both cleaning and security services for the shopping mall although it did not have a security licence, and some if its workers were carrying out security

work without a COA.

The Registrar stated that the CIPU had found that the cleaning company had breached s 23 of the Act by carrying on business as a property guard without a licence.

As the company held a security licence in the classes of property guard and monitoring officer, it was concluded that the appropriate outcome to the complaint was for educational information to be send to the company advising them of their responsibilities under the Act including the requirement for all their workers who undertake security work to hold a CoA.

“[The company] is however advised that if they work outside the conditions or their licence or continue to engage staff to work in security who do not have the appropriate COAs disciplinary action will be taken against them,” concluded the Registrar. “This could result in their licence being suspended or cancelled and a substantial fine being imposed.”

[2022] NZPSPLA 008 (08 February)

The Police applied to cancel Individual E’s CoA as he has been convicted

of assault, which is an offence of violence and therefore a disqualifying conviction under s 62(f)(vii) of the Act.

“[Individual E] neither attended the hearing nor applied for waiver of the grounds for Disqualification,” stated the Registrar. “Section 82 of the Act states that it is a mandatory ground for cancelling [Individual E’s] certificate if I am satisfied that grounds for disqualification apply to him, and because of this [Individual E] is not suitable to be a certificate holder.”

“[Individual E’s] conviction resulted from him beating up a person he did not know when he was drunk. He also has a conviction for driving with excess breath alcohol and has come to at least one other recent occasion after acting aggressively when drunk.”

“If Mr Fenton wants to work in security, he must address his issues with alcohol and learn to control his temper.”

The Registrar ordered [Individual E’s] CoA cancelled effective from the date of the Order, and that he must return his Security ID to the PSPLA within 7 days of receipt of the order.

2024 New Zealand Outstanding Security Performance Awards finalists announced

A panel of independent experts from across Aotearoa New Zealand’s security industry has concluded its judging and the finalists of the 3rd New Zealand SPAs have been revealed.

According to the UK-based OSPAs founder Professor Martin Gill, the 2024 New Zealand OSPAs has attracted a large number of quality submissions, with an expert judging panel having faced a challenging task to narrow down the entries.

The presentation of the 2024 OSPAs will take place at the Pakuranga Hunt, Ellerslie Event Centre, Ellerslie Racecourse in Auckland on Friday 5th April 2024 and will form part of the ASIS International New Zealand Chapter certification celebration.

The 2024 finalists are:

Outstanding Contract Security Manager/Director

Anna Barragan – Global Security Solutions

Dion Neill – The Neill Group & Prosec Solutions Limited

Beyers Rautenbach – FIRST Security

Isaac Taingahue – Optic Security Group

Outstanding Security Team

Facility Security Officer Team – Beca

PECCS Team – FIRST Security

Team Leaders and Supervisors – Monitor NZ

Outstanding Contract Security Company (Guarding)

FIRST Security

Global Security Solutions Limited

Red Badge Group

Outstanding Security Consultant

Lee Ashton – Optic Security Group

Beca Applied Technologies Security and Risk Team

Glenn Chapman – Global Security Solutions

Jazz Kaur – Global Security Solutions

Dion Neill – The Neill Group and Prosec Solutions Limited

Outstanding Security Installer/Integrator

Daniel Malan – Global Security Solutions

Retail Crime Prevention Programme Team – Optic

Rishu Sharma – Evotek Technologies

Outstanding New Security Product

Ajax MotionCam Outdoor (Photo on Demand) – Ajax Systems and Net Alarms Limited

Controller 7000 (C7000) – Gallagher Security

BarWatch and StoreWatch – Dion Neill & Prosec Solutions

Outstanding Security Officer

Shaun Laifone – Global Security Solutions

Lositoa Moala – FIRST Security

Jaron Samson – Red Badge Group

Manjinder Singh – Global Security Solutions

Outstanding Female Security Professional

Marie Ahokava – Global Security Solutions

Alexis Bannister – Maritime NZ

Racheal Bergersen – Red Badge Group

Jemima Briggs – FIRST Security

Darcel Rhind – Global Security Solutions

Vianna Sue – Optic Security Group

Marolyn Walker – Precision Live Security

Outstanding Young Security Professional

Pascale Howell – Gallagher

Siva Kalolo – FIRST Security

Pushpinder Singh – Global Security Solutions

Jack Stewart – Red Badge Group

Lifetime Achievement

To be announced on the day

Spectator Sports Safety and Security Survey 2023 Industry Research Report

The latest survey of US spectator’s perceptions of venue safety and security highlights a preference for visible security measures and an ignorance of active shooter response policies.

According to the authors of the Spectator Sports Safety and Security Survey 2023 report, sport safety and security has become an increasing priority over the past decade for spectators and venue directors as threats to spectators have proliferated.

Recent studies from the National Center for Sport Spectator Safety and Security (NCS4) have reported a marked increase in fan violence, alcohol- and drug-related incidents, terror threats, cybersecurity breaches, and other issues. At the same time, venue operators have looked to apply new technologies such as facial authentication, mobile ticketing, and touchless payment systems, to improve safety and guest experience.

Established in 2006, NCS4 at the University of Southern Mississippi (USM) is the United States’ only academic centre devoted to the study and practice of spectator sports safety and security.

The primary purpose of the Centre’s survey research is to gauge sport spectators’ perceptions of safety and security at live events, their awareness and support of policies and procedures, and their willingness to embrace new measures and technological solutions to enhance their safety and game-day experience.

The 47-question survey was developed with input from academics and practitioners, and with feedback solicited from NCS4 research affiliates, industry practitioners, and technology solution providers. An online data collection and analysis organisation distributed the survey in June 2023. 400 individuals 18 or older who attended a live professional or intercollegiate sporting event within the last year completed the survey.

Threats and technologies

Top-rated threat and safety concerns included theft, the use of weapons, unsafe parking, alcohol abuse, inadequate security personnel, inadequate security screening, and fan violence. Participants were least concerned with cyberattacks and natural disasters. Participants were least concerned with cyberattacks and natural disasters.

Approximately two-thirds of participants trust venues’ measures to protect them from active shooters, vehicle ramming incidents, and Personal Identifiable Information (PII) breaches.

69.3% consider safety and security measures when attending a sporting event, and 73% preferred visible security measures. Participants highly supported venue security staff presence, law enforcement presence, walk-through screening detection technologies, security wands, visible security cameras, and designated entry gates.

These were closely followed by Fan code of conduct, secure in-house WiFi networks, perimeter barriers, bag searches, and body cameras. 77.1% feel comfortable with security personnel wearing body cameras, and 70.6% indicated venue cleanliness and high sanitation standards made them feel safe. No-bag policies, social media monitoring, and robots employed in security roles were less preferred.

Fan behaviour and spectator experience

Parking, traffic, locating seats and restrooms, and security screening were highlighted as points of difficulty by event attendees. 31.6% indicated that security procedures entering the event negatively affected their experience.

Half of the participants (50.2%) preferred an entry screening method that requires people to pass through individually rather than one that allows many people to pass through at once (31%), while 18.8% had no preference. 52.3% indicated they would welcome facial authentication/ validation as part of the venue entry process.

Top-rated incidents witnessed or experienced by participants at a sporting event included alcohol abuse, fan violence inside and outside the venue, severe weather, and tailgating incidents. These were closely followed by unsafe parking, theft, crowd crush, and entry/exit panic. 28.7% of participants witnessed or experienced unequal/unfair enforcement actions by security staff.

66.8% had observed disruptive fan behaviour at a live event attended, with over half of them choosing not to report the incident. 23% stated they had been a victim of

disruptive fan behaviour, with the majority reporting it to the proper authority. Despite this, 74% responded that they feel safe with the ability to report an incident inside the venue.

The majority of participants noted that fan behaviour had not changed from three years previously, and that fan behaviour affected their decision to attend future live events.

Approximately 70% of respondents stated that they would be willing to pay a nominal security ticket fee, ranging from $0.50 - $5.00, to offset event safety and security costs.

Policies and procedures

When asked the extent of their familiarity and agreement with venue safety and security policies and procedures, participants were most familiar with the prohibited items policy, fan code of conduct, alcohol policy, emergency medical procedures, drug policy, and ejection policy.

Interestingly, the lowest familiarity and agreement ratings were reserved for the active shooter response and severe weather policy. The 18-24 age category was the least familiar or second least familiar with every policy and procedure.

Most participants knew of their event’s safety and security measures before attending and how to seek emergency help at a sporting event. Preferred safety and security communication methods before an event included website (53.8%), venue/event apps (39.8%), signage at the entry point (38.3%), and signage in the venue (33.8%).

Participants in all age ranges heavily relied on communications via website. The 45-54 age range was the only group that relied more on other communication platforms, such as entry (45%) and venue (42%) signage, compared to website (39%).

In conclusion, the report authors suggested that venue and event security management may consider the following recommendations:

• Encourage early entry to the event, monitor tailgating areas, and ensure staff are adequately trained on ticketing and screening procedures.

• Be mindful of access and functional needs (entry accessibility, access control, wayfinding, emergency response, and evacuation procedures) and train staff in relation to these.

• Visible security measures increase spectators’ sense of safety, reinforcing the value of law enforcement and security staff, entry screening technologies, CCTV, and security personnel body cameras. Provide a mechanism for spectators to report incidents inside the venue.

• Facility hygiene remains important to spectators. Custodial staff should maintain cleanliness and high sanitation standards throughout the event.

• Conduct an event-specific risk assessment to guide planning and preparedness efforts.

• Develop plans, policies, and procedures, and train staff (full-time, part-time, third party, and contractors), and exercise plans.

• Be aware of the policies spectators are least familiar with. Communicate safety and security messaging to spectators before, during, and post-event via website, venue apps, signage, and announcements. Consider spectator demographics for targeted communications.

• Address disruptive fan behaviour with a fan code of conduct and substantial violation penalties, train staff on pre-incident behaviours, crowd management, and de-escalation techniques. Encourage spectators to report such behaviour.

• Review traffic control procedures and ensure adequate lighting of parking lots and pathways. Increase signage, train staff on guest relations, and ensure consistent screening procedures to overcome points of difficulty for spectators.

• Consider utilising facial authentication/validation for spectator entry. A trial period may be helpful to educate spectators on purpose and benefits.

• Consider a nominal ticket security surcharge to fund security budgets.

Movers and Shakers: The latest security industry appointments and milestones

Two New Zealand security titans celebrate 25 years, Armourguard returns to Rotorua, new NZ Channel Director for Dahua, and Watchu opens in Hautapu and recognises mullet excellence.

TPT Group celebrates 25 years TPT Group (which includes security integrator Advanced Security) has celebrated 25 years in business. “In 2024 we will celebrate 25 years in business for TPT Group Holdings (NZ) Ltd,” posted CEO Mike Marr in LinkedIn.

“What a ride it has been, super proud of the our team, a team that have built the eight businesses we have in the group today - Advanced Security Group, IT Engine Limited, Cablenet Limited, ASG Technologies Limited, ASGSPL Limited, Everlert Limited,Technology Leasing (NZ) Limited, Promessa Property Group Limited. Also the other others that no longer form part of the group such as Total Doors & Gates, Asset Insight, and MJM Electrical.”

Advanced Group and TPT Group have also announced that they have again awarded a Marketing Scholarship in conjunction with Auckland University of Technology.

“Through this scholarship, we empower future generations to seek a career in our industry. Our marketing scholars receive funding as well as part-time employment in our Auckland Support Office,” they announced. 2023 recipient Nayara Rivero joins Brenna Yuksel (2021 recipient), and Yazmin Aung (2022 recipient).

Congratulations TPT Group on your 25th Birthday!

FIRST Security birthday recruits

Michael Brouwer has joined FIRST Security in the role of Branch Manager (BM) Rotorua, where he will be focusing on core Guarding and Field Services areas.

Michael brings a strong logistics, operational management and sales background to the position, with people management experience through his various roles, which include the Royal New Zealand Navy (RNZN) as a communications specialist.

Maitai Walters-Grace has also joined FIRST Security as Shift Manager, National Service Centre. He joins FIRST from Auckland Transport where he was an Enforcement and Compliance Officer across the bus, train and ferry networks.

Maitai has over five years of security experience, and fluent in Te Reo he is keen to help the rest of the FIRST whānau with their pronunciations and translations.

Another new FIRST recruit is Steven Gregan, who was appointed GM of Finance in Auckland. A Charted Accountant of New Zealand

and Australia, Steven holds a Bachelor of Management Studies from Waikato University.

Steven has extensive experience at the CFO Level, including at HP, Origin IT and The Instillery Group. He has been working for FIRST on an interim basis since November.

Yet another recent FIRST inductee is Greg Sinclair, who takes on the role of Client Services Manager based in Wellington.

Greg comes to FIRST with over 15 years’ experience in local Government, specifically council compliance. He also spent some time as a Senior Rescue Firefighter at Wellington International Airport and a Custody Officer with Wellington District Police.

FIRST Security has also recently celebrated its 25th birthday. Now the largest security company in NZ, FIRST employs nearly 2000 staff. Many happy returns!

Dahua welcomes James Roughan Dahua New Zealand has appointed James Roughan to the role of New Zealand Channel Director based in Auckland.

James joins the manufacturer having cut his teeth in several security roles, including with integrators Advanced Security, ARA Security, Optic Security Group, and Fortlock, and distributors Hills and Security Wholesale Limited (SWL).

Optic Security Group

Optic Security Group recently welcomed Guru Mahajan to its Auckland sales team in the role of Key Account Manager. With 15-plus years of experience in the security industry, Guru comes with a stellar track record

in managing key client relationships.

The trans-Tasman security integrator also welcomed Stephen Boyle to its Auckland team as Project Manager. Stephen will be working alongside Project Manager Ferdinand Foronda and managing projects for some of Optic’s key clients. Stephen brings a wealth of Project Management experience from the construction and information

technology sectors, as well as international financial and accounting experience over a career spanning almost two decades.

Also joining Optic is Trainee Locksmith Tyler Reeve, who joins Ben Pullin in the Optic Lock shop. And another new starter, Stephen Hamilton APP PSP has made the journey from the South Island to Optic’s Darwin office.

Armourguard reopens in Rotorua “We’re delighted to announce the return of our dedicated Rotorua branch after five years and we’re really enjoying working with the city’s local businesses and communities,” stated Armourguard in a recent announcement.

The new Armourguard Rotorua team members include Phil Brown, Adrian Warren and Cliff Deane.

Also noteworthy news for Armourguard were the recent actions

of Whanganui Security Officer, Mark Te Ohaere. While doing a routine security check at a local timber processing facility one evening, Mark discovered a fire.

“The processing plant had only been re-opened a few months after a previous fire destroyed a large part of it so Mark’s quick action saved the company from having a repeat of its previous disaster.”

New Hautapu office for Watchu Security

Watchu Security has officially moved into its new Hautapu office and workshop. “Our doors are open and we welcome you to come in and have a chat with our friendly team!” stated Watchu in its social media announcement/.

The new office is open from 8am5pm, Monday to Friday, at 31 Hautapu Road.

Also making Watchu’s social media news was Cameron White, the company’s youngest engineer. “An absolute superstar in the making, with a mullet that makes the rest of us insanely jealous. First sole charge project this week and he absolutely nailed it!!”

Congratulations to Watchu Security and to Cameron!

Privacy Commissioner: Cyber penalties need sharper teeth

The Privacy Commissioner, speaking at the 7th March National Cyber Security Summit in Wellington, has called for legislative change and greater penalties for data breaches.

This comes on the back of two major research studies that indicate widespread support, including from businesses, for higher penalties for breaches. “Most of the serious privacy breaches reported to my Office are happening in the digital world,” said Privacy Commissioner Michael Webster.

“I am concerned that businesses and other organisations rely on digital environments but aren’t well set up to run them safely,” he said. “The degree of privacy maturity and cyber security practice is not as developed as I would have expected, which says to me that people aren’t always motivated to comply with legislation that protects data, like the Privacy Act.

“The maximum fine I can issue to an organisation for not adhering to a compliance order is $10,000. Compare that to Australia where their maximum fine for serious interference with privacy is $50 million and you begin to see the issue,” says Mr Webster.

New Zealand business leaders agree. Kordia released its New Zealand Business Cyber Security Report 2023 in March, which showed that one in five businesses have no plan to deal with a cyber-attack. This was despite half (55%) of businesses surveyed with 100 or more employees suffering a cyber-attack or incident in the last year.

The Kordia survey showed that business leaders are generally in favour of more legislation. 58% say an increase in legislation and regulatory guidance will improve cyber security, while almost three quarters think New Zealand should introduce harsher penalties for businesses that fail to protect personal data.

In a separate survey of individuals, Talbot Mills Research asked about fines, with 60 percent of those surveyed saying the current level of fines in the NZ Privacy Act were not high enough.

“We live in dynamic times with significant technological advancements, yet we’re operating on

a Privacy Act that is based on policies agreed in 2013,” said Mr Webster.

“We need to ensure our Privacy Act keeps up with global privacy standards or risk that we may no longer be one of the safest places in the world to process personal information.

“That will have a real impact for businesses – not just the direct losses from a breach, but the loss of confidence of our trading partners who expect us to keep up on data protection,” he says.

The Commissioner recommends changes to the Privacy Act 2020, including a civil penalty regime for major non-compliance alongside new privacy rights for New Zealanders to better protect themselves.

He also recommends set of specific amendments to make the Privacy Act fit-for-purpose in the digital age, and stronger requirements for automated decision making and agencies demonstrating how they meet privacy requirements.

REACH NEW HEIGHTS in Professional Excellence

ASIS accredited certifications can help you reach your career goals.

Validates your ability to conduct security investigations through the effective use of surveillance, interviews, and interrogations. Designed for those with 5 years of related experience.

WH Y EARN THE PCI DESIGNATION?

• Provides independent confirmation of your specialized skills in security investigations

• Gain global recognition by your peers and industry

• Get a competitive edge in the marketplace

• Enhance your career and earnings potential

• Enjoy personal satisfaction and professional achievement

Be one of the many ASIS board certified practitioners who are leaders, mentors, and trusted strategic partners, serving both their organizations and the profession.

Visit www.asis.org.nz

“PCI is an important element in the ASIS C ertification programme, dovetailing into both CPP a nd PSP for a comprehensive understanding of broader security industry objectives. An effective and reliable investigation depends on objectivity, thoroughness, relevance, accuracy and timeliness. PCI helps identify critical investigative outcomes, including evidence collection, case management, and the process of offender detection, iden tification, interview and prosecution. Good physic al security designs, together with robust policies and procedures are key elements in a successful investigation. The PCI certification p rov ides an insight into how these pieces interrelate."

- D avi d H orsburgh, MSc CPP PSP PCI

WHY SHOULD AN EMPLOYER HIRE ASIS CERTIFIED PROFESSIONALS?

• Build a strong, dedicated team committed to high standards and continuing professional development

• Promote ongoing education of critical job knowledge and skills

• Feel confident that your staff are using best practices

• Recruit the most qualified professionals

• Reinforce or elevate your organization’s reputation and credibility

Increase the competency level of your staff by supporting your security professionals in their certification journey.