Nearly half of Sask. school divisions vulnerable to cyberattack, auditor says

In her latest annual report, which was released Tuesday, Saskatchewan’s provincial auditor says she found 13 of Saskatchewan’s 27 school divisions were more vulnerable to cyberattack than they need be due to the use of outdated software.

Tara Clemett’s research shows that in August of 2021, 13 school divisions using the same financial IT software had not completely updated their systems with available security patches. Patches are often issued when particular vulnerabilities are identified by service providers.

“In this case there was 13 divisions using this system and they weren’t adequately patching the system as it should be,” Clemett said Tuesday.

“From a cybersecurity perspective you want to keep your systems patched so in the event that it can be that point of breach, or once someone is inside your network, you do not want people to be able to get into the systems and wreak more havoc.”

Story continues below advertisement

Read more: Canada ‘not ready’ for growing national security threats, former officials warn

Clemett is recommending the Ministry of Education “work with impacted school divisions to establish a process to monitor the key financial IT system and the IT service provider.”

Click to play video: 'Cyberattack shuts down Saskatchewan Polytechnic' Cyberattack shuts down Saskatchewan Polytechnic

Cyberattack shuts down Saskatchewan Polytechnic – Nov 3, 2020

In a supplied statement, a ministry spokesperson said “the Government of Saskatchewan takes the recommendations of the Provincial Auditor seriously and will continue efforts to improve processes to safeguard public resources.”

They added, though, that the ministry “expects school divisions will work with their IT providers to ensure divisions are receiving standard security reporting from their service provider on a timely basis.”

The specific divisions using outdated software by the auditor were not named.

Story continues below advertisement

Read more: Ontario election: journalists likely targets of disinformation smear campaigns

The recommendation comes with Regina Public Schools still in the midst of recovering from a May 22 cyberattack.

The board said on May 24 that it had taken its email systems offline, along with administration and learning management software, as it began investigating the breach.

While he provided few details, Regina Public Schools Communications Supervisor Terry Lazarou confirmed Wednesday that “some” of those systems are still offline.

Opposition Jobs & Economy Critic Aleana Young, meanwhile, criticized government action on cybersecurity when speaking to media about the auditor’s report Tuesday.

The province has had to deal with multiple high-profile security breaches in recent years, including at Saskatchewan Liquor and Gaming Authority in late 2021 and at eHealth Saskatchewan in 2019.

Click to play video: 'Stolen Sask. health care data could fetch big money on dark web, expert says' Stolen Sask. health care data could fetch big money on dark web, expert says

Stolen Sask. health care data could fetch big money on dark web, expert says – Jan 9, 2021

“In addition to the privacy concerns that we see, they’re also incredibly expensive for governments and for public dollars,” Young said.

Story continues below advertisement

“This is a serious concern. Saskatchewan is behind

the eight-ball. The focus hasn’t been where it needs to be whether it’s in education, the SLGA or the health region overall. It doesn’t seem to be something the government is addressing with any urgency.”

Read more: Saskatchewan Liquor and Gaming suppliers raise concerns regarding data hack

In response to a request for comment, Saskatchewan School Board Association President Shawn Davidson said “cybersecurity is an ongoing and evolving issue for many organizations including school divisions.”

“Partners in Saskatchewan’s education sector, including school boards, continue to work collaboratively on cybersecurity.”

Cybersecurity consultant and author Brennen Schmidt said the auditor’s findings that some divisions are more vulnerable than others could be used as motivation for the provincial government to start thinking about how to implement cybersecurity measures on a wide-scale basis.

“It’s going to become increasingly important to think about what kind of technologies are in use and how we can go about leveraging economies of scale so that there’s less bespoke solutions in place,” he said.

“That’s to say where each individual school division is purchasing on their own perhaps there’s a case to be made that procurement can happen in larger batches in which case they may be able to not only secure better pricing but they may be able to make the migration to more modernized applications that have more safeguards in place.”

Story continues below advertisement

Click to play video: 'Canadians rank 5th for experiencing misuse of personal data: report' Canadians rank 5th for experiencing misuse of personal data: report

Canadians rank 5th for experiencing misuse of personal data: report – May 28, 2022

© 2022 Global News, a division of Corus Entertainment Inc.

View original article here Source