spinofflive
Image: Getty Images/Tina Tiller
Image: Getty Images/Tina Tiller

OPINIONSocietyJuly 6, 2021

The hospitality industry needs much more than a reset

Contributing writer
Image: Getty Images/Tina Tiller
Image: Getty Images/Tina Tiller

A group of eateries says there aren’t enough workers to fill barista, kitchen, server and management roles, and is asking the government to step in. But it’s hardly surprising people aren’t enticed by the industry, writes Charlotte Muru-Lanning.

Today, at 11.30am and 7pm, cafes and restaurants across the country will turn off their lights and music and stop service for a few minutes. It’s part of a countrywide campaign called “The Reset”, headed by the Restaurant Association, to highlight staffing problems in the sector. The effort will run alongside petitions, social-media campaigns and further “lights out” strikes by eateries. Some, are even shutting the doors for two weeks – citing a lack of staff.

The association, alongside participating businesses, is raising awareness for what it describes as a “staffing crisis” and “critical skills shortage” in the local hospitality industry. Their solution: bring in more workers from overseas. 

Because these workers fill a gap in staffing they say can’t be found locally, they’re asking for an extension of the visas for all employer-assisted work visa holders; border exemptions for critical hospitality workers; and an extension to the hours those on student visas are allowed to work. They also oppose a planned increase from $25.50 to $27-an-hour wage thresholds for essential skills visas. 

I don’t doubt that businesses are struggling to fill positions. Hospitality isn’t the only sector that has seen labour shortages recently – exemptions have already been made for agricultural and dairy workers. Plenty of other industries are calling out for the same. 

Here’s the thing, though: the hospitality model we have in New Zealand is broken, and the solution isn’t to keep patching this up with cheap labour.  

Throughout the pandemic, the poor treatment of hospitality workers has been highlighted in stories across the globe. Hospitality workers have left the industry in droves in multiple countries. In the UK, which is suffering a massive unemployment crisis, it’s been reported that one in 10 hospitality workers have left the industry. Canadian bars and restaurants are struggling to fill positions. In some countries, like the US, it’s been suggested that the shortage is exacerbated by those in that industry dying of Covid-19 at a much higher rate than the general population. 

The issues that restaurants face go far beyond the current pandemic. I’ve worked in restaurants and cafes on and off since I was 13 – half my life. Working weekends at school, fitting in shifts around university classes and assignments, and at certain points, full time. 

I know how little reward there is for those skilled baristas, cooks, dishwashers, waitstaff and more that keep the industry humming.

There are of course local businesses that do look after their employees, but this isn’t the norm. The industry is rife with issues like understaffing, unpredictable shift times, unstable hours, low wages, bullying, harassment and a whole host of other miserable and dull measures designed to squeeze every last bit of value out of workers. 

Reflecting on this, it’s little wonder people aren’t completely jazzed about getting into the industry. 

I wish it had been a viable career option, though, because although hard, the job itself was rewarding and something that I can confidently say I’m really good at.

There’s nothing like the calm camaraderie after a good shift when you’re working in hospo. A good shift is elusive. It’s one that could have very easily turned into a bad shift, but didn’t. It’s where you’re run off your feet, but everything and everyone miraculously manages to hold together. Every customer leaves happy, and hopefully unaware of how frantic things were behind the scenes. It’s that buzz, and the lessons learnt along the way that keep you coming back.

In this episode of Dietary Requirements, Chand Sahrawat, who runs three of Auckland’s top restaurants, discusses the skill shortage faced by the hospitality industry.

Follow on Apple Podcasts, Spotify or your favourite podcast provider.

Throughout my time working front-of-house, I became more and more disenchanted with the industry. The conditions only got worse. It was an all-encompassing job that left me exhausted at the end of a shift. Staff were rostered at bare-minimum levels, there was less time to train newbies, break times were shortened, staff meal options restricted, responsibilities and tasks piled on heavier. Yet my real wages essentially stayed the same. 

Because of my own experience of the industry, these days, eating out is somewhat complicated. I love restaurants, cafes and bars – in fact, dining out is a big part of my life and work – but I’m also far too aware of the exploitation that goes on behind the scenes. 

Lately, there’s been a light shed on the exploitative nature of the industry. We’ve heard of cafe owners bullying staff, not passing on the wage subsidy and taking advantage of migrant workers whose visas and daily costs are dependent on those jobs. 

As someone who writes about food, it’s an uncomfortable thing to navigate. Because I care so much about food, I want the hospitality industry to succeed. But for an industry I love, I believe treating its workers properly, immigrant or not, is the only way it can survive. In fact, it’s the only way it should survive. 

I can’t help but wonder why our enjoyment of food isn’t more connected with the working conditions of those who produce it.

We’ve watched as this pandemic has illuminated how dangerous it is to have people working in these conditions – poorly paid and poorly protected. It’s bad for workers. It’s bad for all of us. 

Knowing this, I really do wonder how we can continue to taste, enjoy and talk about food in the same way as we did before. Can the food we’re eating really be as delicious if the nameless person who made it for us can barely afford their rent? Surely the people that take our order, plate our food and deliver it to us should have a larger bearing on how we value it. If I know that a business treats its workers poorly, I don’t eat there. It spoils the food. 

Passively avoiding eateries that we assume are unethical isn’t going to solve these problems, though. In practice, real change means overhauling the way we’re currently doing things. 

This campaign seems to have co-opted the tactics of contemporary activism; petitions, strikes and graphic, shareable Instagram posts. But this isn’t progressive. They’ve submitted a proposal against extending the sick leave to 10 days. They’ve spoken out against the rise in minimum wage. Both were cited as their members’ biggest concerns. 

Frankly, if this is what you’re worried about, I don’t want whatever you’re serving me.

The industry needs to look beyond a quick fix and imagine ways to be a sustainable, viable and enticing career option for workers. There has been a long-term lack of investment in the hospitality workforce. It is that shortsightedness that is at least in part to blame for this mess. 

The industry needs a major overhaul. 

Why don’t we look into some of the other reasons the hospitality industry is running on such tight margins? Such as increasingly expensive commercial lease costs? Or why our current minimum wage isn’t enough to cover living costs in most parts of the country? Do we perhaps have too many cafes, restaurants and bars?

More Reading

In a practical sense, I’m left here wondering. Who will be turning the lights off in these restaurants today? Who will deal with the awkwardness, and the customers who feel they’ve been disrupted? In most of these restaurants, the staff will literally be running a strike for their bosses. That is weird.

The conversations happening around food at the moment are a good thing. These conversations mean we care. I only hope that this situation provides the industry an opportunity to address real change, but so far, the only solutions on the table seem to entrench an unsustainable and, as far as I’m concerned, intolerable system.

We can do better than that.

Keep going!
IT security scientists being trained in ransomware at the Athene cyber security centre in Germany (Photo: Frank Rumpenhorst/picture alliance via Getty Images)
IT security scientists being trained in ransomware at the Athene cyber security centre in Germany (Photo: Frank Rumpenhorst/picture alliance via Getty Images)

SocietyJuly 6, 2021

What should New Zealand be doing to fight ransomware cyber-attacks?

Guest writer
IT security scientists being trained in ransomware at the Athene cyber security centre in Germany (Photo: Frank Rumpenhorst/picture alliance via Getty Images)
IT security scientists being trained in ransomware at the Athene cyber security centre in Germany (Photo: Frank Rumpenhorst/picture alliance via Getty Images)

As the impact of another ransomware attack is felt in New Zealand, Hadeel Salman explains how hackers are upping their game – and explores what could be done to dissuade them. 

When we think about hostage situations, holding someone captive against their will is usually what comes to mind. The hostage will be released only once the perpetrators’ demands are met. Ransomware cyber-attacks work the same way – a criminal organisation holds your data hostage until you pay to gain access to your files. Ransom hackers employ similar tactics, like ransom notes and countdown clocks, to coerce you into making payments out of fear.

That is exactly what happened when Waikato DHB was hit by a ransomware attack last month. The attackers took control of the district health board’s files and network systems, demanding payment for their release. The attack impacted health services, stalled cancer treatments and halted elective surgeries. 

As these attacks become more frequent, it’s worth asking who is responsible, what motivates them, and what can be done about it?

Who is targeted?

Typically, ransomware hackers used to target individuals and demand small payments of roughly $100 to $200. In recent years, however, hackers have realised it is much more lucrative to hold businesses and public services hostage. Indeed, many companies, while reluctant, often pay millions of dollars to regain access to their systems. In the United States, Colonial Pipeline paid 75 bitcoin, equivalent to US$4.4 million, to ransomware hackers. 

To pay or not to pay?

The major argument against paying is clear: when companies pay ransoms, it encourages more ransomware attacks. The hope is that denying their demands will remove all incentives for ransomware attacks, thereby eliminating the practice. But for that policy to work, it would require the collective approval and coordination of all organisations. If even a few companies are willing to pay, the incentive remains. Of course, this would be difficult to enforce, even if we made it illegal to do so. 

It is often assumed that paying the ransom is much cheaper than rebuilding the company’s systems and data from scratch. When the city of Baltimore refused to pay the US$75,000 ransom, it spent US$18 million rebuilding its systems and services. However, these companies are dealing with criminals. Even if payments are made, there is no guarantee their files will be retrieved. Even when companies recover encrypted data, they still need to upgrade, overhaul or rebuild their systems and networks. Not paying ransoms may have greater short-term costs, but will have greater long-term benefits, as the incentive to launch ransomware attacks will decline. 

There are also other, more compelling, reasons to refuse to pay hackers. Ransomware attackers have both financial and political motives. The former is obvious enough; the latter is important to understand. 

The recent Colonial Pipeline attack allegedly emanated from Russia, carried out by a criminal group known as DarkSide. While the Russian government was not involved in the attack, the Kremlin has not condemned it. As ransomware expert Allan Liska noted, the hackers “are not operating at the behest of Russia, but they’re operating with the tacit acknowledgements of Russia”. 

The Kremlin has long provided safe haven to cyber criminals living within its borders, under the condition of two simple and unspoken rules. Firstly, the hackers must not target the motherland – and this rule is hard-wired into the code. The ransomware code that targeted Colonial Pipeline was programmed to search the language setting of each computer and if the computer’s default language was set to Russian, the code would move right along. Secondly, the hackers must not target those states that are friendly to Russia. The code must only target enterprises of Russian adversaries, such as the United States.

US president Joe Biden and Russian president Vladimir Putin at the US-Russia summit held in Geneva on June 16, during which Biden warned that the US would retaliate against Russian cyber-attacks (Photo: Peter Klaunzer – Pool/Keystone via Getty Images)

What makes payment even more troubling is that we can never be certain of the attacker’s identity. It could be an individual, an organised criminal group, a terrorist organisation or a sanctioned state. For example, the 2017 WannaCry ransomware attack, which hit businesses and hospitals, was allegedly orchestrated by the North Korean government. It affected between 230,000 and 300,000 computers in more than 150 countries and had a costly consequence of US$4 billion across the world. 

When we are paying these ransoms, we are either funding a criminal gang, or worse, terrorist organisations or sanctioned states. Paying any kind of money that supports a criminal group, terrorist organisation or a sanctioned state violates our international and domestic obligations. The Terrorism Suppression Act 2002 expressly prohibits the financing of terrorism either wilfully, without lawful justification or reasonable excuse. Yet paying these ransoms is completely legal. The New Zealand government urges organisations and institutions not to pay these ransoms, but justice minister Kris Faafoi said he would not consider making these payments illegal. In fact, ransom payments may even be tax deductible or covered by insurance, making payment a much more appealing solution.

Where to next?  

As I write this, another cyber-attack has come to light, one similar to the Waikato DHB ransomware attack but much larger in scale. 

This was a supply-chain attack with ransomware motives. The ransomware hackers embedded a malicious code into a trusted piece of software, in this case, the Kaseya IT management software. Once the code was planted and the software successfully compromised, the hackers were able to infiltrate the networks of companies, institutions and organisations that relied on that software.

The Kaseya supply-chain attack has hit more than 200 organisations worldwide and implicated New Zealand schools, including St Peter’s School in Cambridge. In the wake of the attacks, Swedish grocery chain Coop has been forced to close down 500 of its stores for the second day in a row.

The hackers were clever to target the Miami-based software company on Friday, ahead of the 4th of July weekend. This is a common tactic employed by cyberhackers in order to evade detection by staff celebrating the long weekend. Kaseya staff were slow to respond to the attacks and many customers only became aware of them on Monday. 

At this stage, it’s too early to attribute the attack to Russia, but cybersecurity firm Huntress Lab suggests it has come from a Russian-based criminal group, REvil. The only evidence pointing to Russia is the language used by the criminal group to communicate with each other, and further evidence will be required to support the allegations made by US authorities.

Cyber experts have warned against paying the ransom, claiming that any kind of payment will further incentivise hackers into using any personal information obtained by the hack to blackmail victims into making additional payments.  Experts also note that it will take months before the full extent of the damage can be accurately assessed. The secret nature of cyber operations means the effects of the attack may only be detected long after the initial attack.

As ransomware attacks continue to threaten our economy, and indeed our way of life, the government needs to take a hard look at how it plans to address this threat. The government has to review the legality of ransom payments to ensure that New Zealand dollars are not funding criminal activities.

Ideally, the government should make any kind of payment illegal, but even in doing so, may not prevent companies from paying the ransom in secret. Making the ransom payments illegal will only prevent companies from reporting these attacks in order to avoid the negative publicity as well as the financial implications of not paying up.

In the meantime, our best defence against ransomware attacks is cyber hygiene. We need to invest in cybersecurity – measures such as regularly backing up our data, turning on multi-factor authentication and updating our software serve to strengthen our systems against cyberattacks.

Society