Italian teenager Sara Passarini has lived in Australia for half of her life, but it could be 2062 before she finds out if she will be accepted as a permanent resident here.

By that time, Ms Passarini, 18, will be in her 60s. Her mother, Helen Johnson, who is also waiting on the outcome of the pair's visa application, will be more than 100 years old.

When Ms Johnson applied for a remaining relative visa for her and her daughter in 2012, the processing time was about 10 years.

Since then, the waiting time has ballooned out to five times as long.

The Department of Home Affairs has confirmed to nine.com.au the current processing time for remaining relative visas is about 50 years.

Fleeing a volatile and dangerous family situation, Ms Passarini and her mother moved from Milan to Perth when she was nine-years-old.

"It happened very suddenly. My mum told me we were going about an hour before we left for the airport and I had to leave everything I had known behind," Ms Passarini told nine.com.au.

The pair joined Ms Johnson's mother and three siblings, as well as seven nieces and nephews.

Once in Australia, Ms Johnson enrolled to study and swapped from a visitor to a student visa, with the intention of qualifying for a permanent skilled visa once her studies were complete.

However, Ms Johnson's deteriorating mental health meant she had to stop studying.

"This meant my mum had to apply for a different visa, and the only one left we were eligible for was the remaining relative visa," Ms Passarini said.

The pair has lived in Australia on bridging visas ever since.

Ms Passarini finished high school last year and now hopes to go to university, but to do so would cost her about $90,000 in international student fees. (Supplied: Sara Passarini)

Despite not being a permanent resident, Ms Passarini, who finished Year 12 last year at High School, said she adapted to life in Perth quickly and soon came to call Australia home.

"Australia is definitely my home. I speak English now better than I speak Italian," she said.

"I've done the majority of my schooling here. I've got all of my friends here. I don't see myself living anywhere else."

Applicants for the remaining relative visa are eligible for Medicare and can in some cases work, however usually with strict limitations.

The family had endured severe financial hardship over the years because of their visa status, Ms Passarini said.

Ms Passarini is classed as an international student and the family needed to pay high fees for her to attend her public primary school and high school.

"We've had a lot of financial struggles. It was about $63,000 for me to get through school here. My family in Italy helped because I had to finish high school, I had to get that qualification," she said.

Ms Passarini is now working two casual jobs as a delivery driver, but said she desperately hoped to go to university next year.

However, as an international student, the fees for a degree would cost about $90,000.

"I want to go to university and have a career. But I will have to pay triple the amount of university fees as my friends, and I'll have to pay it upfront because I'm not entitled to a HECS loan," she said.

Ms Passarini said she felt trapped by her visa situation.

"I feel like I'm being pushed into a mould that isn't who I am, all because of decisions adults made for me when I was a kid," she said.

"But I don't hold any grudges I just want to be able to study and be free to make a future for myself."

Ms Passarini has started a petition appealing for her to be granted permanent residency. (Supplied: Sara Passarini)

Ms Passarini has started an online petition calling on Home Affairs to grant her permanent residency.

"To have to wait for 50 years is just not fair. They may as well not offer the visa at all, it just gives people false hope. I think something definitely needs to change, not just for me but for others in my situation," she said.

A spokesperson for the Department of Home Affairs declined to comment on Ms Passarini's case, saying: "The Department does not comment on individual cases."

Why is the wait for a remaining relative visa so long?

The remaining relative visa belongs to the "other family visa" category, along with the aged dependent relative visas, which also have a 50-year waiting period.

Under the Department of Home Affairs' migration planning levels for the 2019-2020 financial year, other family visas were capped at 500 places, down from 900 the year before.

The low numbers of visas granted in the category look unlikely to change for the current financial year.

While last weeks's budget announced a large increase in the number of partner visas accommodated in this year's migration planning levels, once they are taken out of the equation, the number of visas in the family stream appear to have decreased.

The Department of Home Affairs declined to answer nine.com.au's questions about how many people are currently waiting for a remaining relative visa application to be processed.

However, a spokesperson for the department said: "The number of applications received each year for Remaining Relative visas outstrip the number of places available for each migration program year."

Sanjay Deshwal has been a migration agent based in Sydney since 1996.

Mr Deshwal said in the past 25 years he had seen the waiting times increase exponentially for remaining relative visas.

"I have a case where we put in a remaining relative visa application in 2012. At that time it was showing eight to 10 years wait before the visa would be granted," he said.

The case involved a Sri Lankan woman whose mother, brother and sister were all Australian citizens, he said.

"She was left in Sri Lanka with one 25-year-old son. Unfortunately, her son died in a car accident last year. She is the only one there and now it is showing up to 50 years wait," Mr Deshwal said.

"So it is very cruel. It's cruel for people to wait for so long."

Mr Deshwal said he had noticed that over the years the number of visas allocated to the other family visa category under the government's planning levels had reduced while some categories, which charged higher application fees, had grown.

For example, the number of places for the contributory parent visa, which comes with a $50,000 application fee, had increased, he said.

"The government seems to be focussed on getting money. On one side, we cannot blame the government because the economic situation is so hard, and a large number of people want to come, but definitely it puts a lot of pressure on people waiting for years and years."

Researchers warn of a seven-fold rise in ransomware attacks compared with last year alone - and attackers are continually evolving their tactics.

Why ransomware has become the biggest cyber threat to your network in 2020

Watch Now

There's been a huge increase in the number of ransomware attacks over the course of 2020, with a seven-fold rise in campaigns compared with just last year alone, according to newly released data from cybersecurity researchers.

Ransomware attacks have been on the rise and getting more dangerous in recent years, with cyber criminals aiming to encrypt as much of a corporate network as possible in order to extort a bitcoin ransom in return for restoring it. A single attack can result in cyber criminals making hundreds of thousands or even millions of dollars.

It's something that cyber criminals have been capitalising on despite the changing working circumstances with more people working remotely during 2020, with Bitdefender's Mid-Year Threat Landscape Report 2020 claiming a 715% year-on-year increase in detected – and blocked – ransomware attacks.

Not only has the number of ransomware attacks increased, but ransomware has continued evolving, with some of the most popular forms of ransomware last year having disappeared while new forms of ransomware have emerged. In some cases, these are even more disruptive and damaging.

"Looking into the evolution of last year's ransomware families and how they've changed this year, most of them have actually gone down in numbers. This year's popular ransomware families are not last year's popular ransomware families," Liviu Arsene, global cybersecurity researcher at Bitdefender told ZDNet.

For example, one of the most prolific ransomware threats during 2019 was GandCrab – until its operators shut up shop during the middle of the year, claiming to have made a fortune from campaigns.

Since then, new families of ransomware have emerged, including Sodinokibi – also known as REvil – which while not a massively prolific campaign, is a highly targeted operation that has made large amounts of money from disruptive, often high-profile ransomware attacks.

In many cases, hackers are following through with threats to leak data they've stolen in the run-up to deploying the ransomware attack if the victim doesn't pay – something that might strike fear into future victims and encourage them to give into the extortion demands more quickly.

"If they do that just once, they set an example for everyone else who becomes infected, because those who don't pay end up with data leaked and a GDPR fine. Everybody else who gets infected afterwards is going to see the attackers are serious," Arsene explained.

While ransomware from specialist cyber-criminal gangs such as Sodinokibi and DoppelPaymer grab the headlines, ransomware-as-a-service has continued to be an issue for organisations around the world, with ransomware families like Zepto and Cryptolocker causing problems.

While these forms of ransomware might not be as advanced as the most high-profile versions, their availability 'as-a-service' allows even low-level attackers to deploy attacks in an effort to illicitly make money, often from smaller and medium-sized businesses that feel they have no other option but to pay.

Ransomware remains a major cyber threat to organisations and businesses of all kind, but there are relatively simple steps that can be taken to avoid falling victim to a ransomware attack.

Ensuring that security patches are applied as soon as possible helps prevent hackers from exploiting known vulnerabilities to gain a foothold inside the network in the first place, while organisations should also apply multi-factor authentication across the ecosystem because that can prevent hackers moving across the network by gaining additional controls.

Organisations should also regularly backup their systems, as well as testing those backups on a regular basis as past of a recovery plan, so if the worst happens and ransomware does infiltrate the network, there's a known method of restoring it without the need to pay cyber criminals.

From senior buy-in to layered security and onto cross-business education, here's how CIOs can create an information security strategy that helps to keep hackers out and data safe.

CIOs are under more pressure than ever before when it comes to cybersecurity concerns, especially now that many or even all of the staff in their organisation are working from home, perhaps using unfamiliar software and hardware as they try to do their jobs on lockdown. 

The array of devices and applications that they have to take responsibility for has been rapidly expanded by the coronavirus crisis, and criminals have been keen to exploit any organisations thrown off-balance by the rapidly changing circumstances, which means taking a fresh look at what IT security really means. Tech analyst HFS Research recently reported that 56% of enterprises expect to increase their security spending in response to COVID-19. 

"The threat landscape changes on a daily basis," says Simon Liste, chief information technology officer at the Pension Protection Fund (PPF). "We've had to shift our approach so that we recognise that information security is not about 'if' you get hit but 'when' you get hit. Understanding that shift in terms of technology, culture and leadership has been hard – and not just for the PPF, but for a lot of organisations."

Liste says he's fortunate to have a strong technical background and, from his previous roles as a technical engineer and analyst, believes he's developed a good understanding of cybersecurity concerns. Here's four areas he believes IT leaders should focus on to create an effective security strategy.

1. Get buy-in from the senior leadership team

Liste says it's crucial the board understands the importance of cybersecurity. "At board level it's on the agenda at all times, especially in the position we find ourselves in right now with COVID-19," he says.

Set up by the Pensions Act 2004, the PPF protects millions of UK people who belong to defined benefit pension schemes. If their employers go bust, and their pension schemes cannot afford to pay what they've promised, the PPF pays compensation for their lost pensions.

"We have a responsibility to our internal colleagues and our external members to make sure that the data we've got is secure," he says. "Because of the role we fulfil as an organisation, we need to protect the intellectual property that we have."

Since joining the PPF in February 2018, Liste has worked with the board to help develop their awareness of cybersecurity threats. The effort has paid off.  

"They really get the critical role of information security to our organisation," he says. "And they're continually evolving their understanding, so they know that security isn't just about dealing with external threats."

2. Focus on continually honing your processes

When he became CIO at the PPF, Liste brought the management of cybersecurity back in-house after it had previously been outsourced to an external provider. He was keen to take back control of IT management decisions and he's developed an information security and privacy department.

"We don't just do a standard annual check of our systems; instead, we're constantly evaluating our estates," he says. "Cybersecurity is about trying to keep on the front foot all the time, but it's also about understanding you can't find a silver bullet that sorts everything. That just doesn't happen, so you need an ethos of constantly checking and challenging."

As part of his internal management of cyber-defence systems, Liste has established an information security committee, which helps to coordinate IT security initiatives at the executive level and ensures the value of – and risk to – data is established and recognised.

The organisation adheres to industry best practices, including ISO 27001, which is the international information security standard. The PPF is also looking at the Cyber Essentials Plus information assurance scheme operated by the National Cyber Security Centre.

"What's important is the mechanism around applying the right processes," says Liste. "You need to think about a range of key questions: how can you identify, how can you monitor, how can you manage, how can you recover, and how can you be proactive?"

3. Layer your security partners – and test them, too

Liste says insourcing IT has allowed his team to disaggregate the support model and spread provision across a series of suppliers, which helps to reduce the level of potential risk.

"Don't put all your eggs into one basket," he says. "There's often a debate around cost-appropriate security solutions, but I don't think you can sacrifice costs when it comes to security. It's not a financial decision – it's more around identifying what's absolutely fundamentally critical in terms of the data you need to protect."

Liste says the PPF uses cloud-based, perimeter gateway services and also more traditional enterprise firewalls. He advises other CIOs to try and spread risk at the hardware level and use different providers for different areas of IT infrastructure, such as servers and desktop PCs. He says the PPF's main security partner is a "top-five global specialist".

"A good security partner has intelligence – they can interrogate what's happening on your network, and what traffic's going in and out, but they also know what's going on outside your corporate environment in a place like the dark web," he says.

Liste is impressed with the level of expertise he receives, but he advises other CIOs to take nothing for granted. He refers to his main partner as his "blue team", but he also employs a "red team" of ethical hackers to regularly test the approach his main security partner is taking.

"That's to see if they can break the services and the recommendations that have been made," he says. "We're just trying to layer the way we're protecting people and data, and the interaction between people and data as well."

4. Engage with the rest of the business

Liste has gone to great lengths to strengthen security awareness at the board level and to build security capability within the IT department. Yet he says it's crucial to recognise good security is a whole-organisation effort. When it comes to creating education programmes, he says CIOs should be prepared to lean on the expertise of other functional heads.

"A good collaboration with your learning and development team, your communications team and your training team is absolutely critical," he says. "You need to work with these experts to make sure you're constantly updating and engaging with people and educating them around the evolution of the cybersecurity risk."

Liste says structured internal education and awareness programmes are the best way to teach staff across the organisation about potential risks. But he also says that training development shouldn't stop at the enterprise firewall, particularly as most staff are currently working at home due to social distancing.

"We don't limit our approach to corporate education," says Liste. "We also talk about awareness at home, which is obviously crucial right now, and we talk about the risk of phishing and being aware of the text messages that tempt you to click on links. We say that the secure practices our people apply at work should be carrying on 24/7."

South Africa’s list of high-risk countries, where tourists remain banned from entering the country, has been criticised for being arbitrary and potentially damaging to the local tourism sector.

The list of 60 countries includes the likes of the United States and the United Kingdom, which are sources of some of the biggest tourism spend in the country – while all of Africa is free to travel across borders.

According to the Bureau for Economic Research (BER), rough estimates from Stats SA show that about 16% of total overnight visitors come from countries currently rated as high-risk.

The US and UK represent about 8% of all overnight tourists. While this is relatively low, visitors from these countries tend to spend more than tourists per visitor from Africa, the group said.

By contrast, around 73% of overnight tourists in 2019 were from fellow Southern African Development Community (SADC) countries, the group noted.

South Africa’s so-called ‘red list’ applies only to leisure and tourism travel, with business travellers with scarce/critical skills, diplomats, repatriated persons, investors and people participating in professional sporting or cultural events from the high-risk countries allowed to enter the country.

However, it has been argued that the list is generally arbitrary given the fact that South Africa itself is also still largely on the high-risk country list for many countries – including those listed in the high-risk group – which would have deterred travel in any case.

South Africa’s red list

Of the 60 high-risk countries listed by South Africa, only 18 actually allow South Africans to visit them for leisure purposes.

For some counties, travel is possible, but not directly – such as Malta or Montenegro, which would require a citizen from a ‘red list’ country (such as South Africa) to spend 14 or 15 days in a ‘green list’ country before entering.

As with South Africa’s opening of borders, countries that do allow travel for leisure and tourism purposes do not do so unconditionally, and will require travellers to either submit recent negative Covid-19 tests, or be subject to a mandatory quarantine period.

Bookings.com has running updates of country policies regarding international travel – with very few allowing entry for South Africans. Most travel restrictions relate to tourism and leisure travel only, with exceptions for repatriation, returning citizens, students and medical emergencies.

In Iran, travel is permitted, but no tourist visas will be issued. This is a similar situation in the US (and related territories such as Puerto Rico) where there is no explicit banning of South Africans from travel – but the country and local offices are not currently issuing visas for leisure travel.

Almost all territories caution travellers to keep their movements to essential travel only.

Note: As travel restrictions are changing on an ongoing basis, the below is as reported at 4 October 2020, with the latest available information from each respective country. Many countries have indicated reviews to lists in the coming weeks.

There are many regions – which South Africa has classified as low or medium risk – that are still restricting travel from South Africa.

This includes countries like Canada, Japan and most of Europe, which uses a centralised database to categorise high-risk countries. The definition of high risk can differ from territory to territory, but countries like Russia classify it as a 14-day cumulative Covid-19 infection rate higher than 25 people per 100,000 people.

According to the EU database, South Africa is still high risk, with a running 14-day cumulative infection rate of over 34 per 100,000 population. While this is still relatively high, it is down significantly from the 290 per 100,000 population recorded during the peak of infection in July.

But this still means that South Africans looking to travel abroad for leisure and tourism purposes will be banned from entering countries like France, Italy, Switzerland and most of the EU members that use the same database.

Some EU countries have gradually opened their borders for non-essential travel since July – however, this has only been for visitors from the EU/EEA and the UK, with few exceptions. Most advisories recommend contacting local embassies, where applicable, to confirm the status of any travel restrictions in place.

Confusion and complexity

According to the BER, while South Africa’s careful approach to reopening its borders is understandable, the complexities of the exceptions are not helpful in aiding the recovery of the battered tourism sector.

“Indeed, airline Emirates cancelled all planned flights to SA on Saturday with reports claiming this was due to uncertainty about whether airline crew would have to adhere to the same regulations as tourists, and thus provide a recent negative Covid-19 test.

“Reports on Monday suggest that the matter has been resolved and that the airline will resume flights to SA,” it said.

Industry voices, meanwhile, have warned that, although welcome, the new policies have opened the door to a lot more complexity in travelling abroad.

“Complexity, complexity and more complexity,” said Andrew Stark, Flight Centre Travel Group managing director for the Middle East and Africa. “The ever-changing travel regulations and requirements from the different destinations across the world make for a travel landscape that will be difficult to navigate.

“For now, it is clear that business travellers have more freedom than they had in the last six months, while leisure travellers are somewhat more restricted.”

Stark cautioned that while the reopening of the borders is a vital, positive step in the right direction and will allow South Africans to reconnect with their loved ones, the return to travel is not going to be immediate and holidaymakers should not throw all caution to the wind.

“There still remains a grey area surrounding outbound travel for South Africans to high-risk countries that would permit them entry.”

“We’d advise South Africans to book their non-essential leisure travel now for next year. For this year, consider keeping it close to home with regional travel on the African continent and to the Indian Ocean Islands,” he said

The Minister of Home Affairs, Dr Aaron Motsoaledi, convened an inclusive meeting involving senior immigration officials and ports of entry managers to address the challenges arising from the implementation of Regulations pertaining to travel into the Republic, including opening the tourism industry and promoting trade in order to stimulate economic recovery.
The Minister of Tourism, Ms Mmamoloko Kubayi-Ngubane, was consulted prior and during the meeting and fully endorses its outcome.
The visa free status of citizens of some countries and territories was temporarily suspended at the start of the lockdown period. In line with the commitment of Government to take urgent steps to address the economic and tourism stagnation brought about by the outbreak of Covid-19, the visa free status of citizens from the following countries and territories has been reinstated:
• South Korea;
• Spain;
• Italy;
• Germany;
• Hong Kong;
• Singapore;
• USA;
• UK;
• France;
• Portugal; and
• Iran.
However, the visa free status does not alter the current Covid-19 Regulations.
The Minister has instructed officials to communicate this decision to the aviation industry, embassies and other stakeholders as a matter of urgency.
The port managers have been instructed to adhere to the SADC protocol and guidelines regulating the movement of essential goods under Covid-19 Regulations. The guidelines regulating truck drivers travelling across the border will continue to apply as has been the case for the past seven months.
In view of the confusion regarding the 72 hours negative test requirement, The Department reiterated that business persons providing services across the borders of SADC are allowed multiple entry subject to the following:
• Producing a certificate of negative Covid-19 test result not older than 72 hours from the time of departure. This certificate is valid for 14 days.
Minister Motsoaledi is fully aware of the issue of airline and maritime crews and he has been informed that the Minister of Transport is resolving the matter and a statement to that effect will hopefully be issued by the Minister of Transport today.
Immigration officers will be required to assess the movement and place of origin of the traveller and not the country of origin of the airline concerned.
Transit travellers through South Africa by air will be allowed to connect to their destinations, subject to them complying with applicable health protocols but need not produce the 72 hours negative certificate.
www.samigration.com