In her latest annual report, which was released Tuesday, Saskatchewan’s provincial auditor says she found 13 of Saskatchewan’s 27 school divisions were more vulnerable to cyberattack than they need be due to the use of outdated software.
Tara Clemett’s research shows that in August of 2021, 13 school divisions using the same financial IT software had not completely updated their systems with available security patches. Patches are often issued when particular vulnerabilities are identified by service providers.
“In this case there was 13 divisions using this system and they weren’t adequately patching the system as it should be,” Clemett said Tuesday.
“From a cybersecurity perspective you want to keep your systems patched so in the event that it can be that point of breach, or once someone is inside your network, you do not want people to be able to get into the systems and wreak more havoc.”
Clemett is recommending the Ministry of Education “work with impacted school divisions to establish a process to monitor the key financial IT system and the IT service provider.”
In a supplied statement, a ministry spokesperson said “the Government of Saskatchewan takes the recommendations of the Provincial Auditor seriously and will continue efforts to improve processes to safeguard public resources.”
They added, though, that the ministry “expects school divisions will work with their IT providers to ensure divisions are receiving standard security reporting from their service provider on a timely basis.”
The specific divisions using outdated software by the auditor were not named.
The recommendation comes with Regina Public Schools still in the midst of recovering from a May 22 cyberattack.
The board said on May 24 that it had taken its email systems offline, along with administration and learning management software, as it began investigating the breach.
While he provided few details, Regina Public Schools Communications Supervisor Terry Lazarou confirmed Wednesday that “some” of those systems are still offline.
Opposition Jobs & Economy Critic Aleana Young, meanwhile, criticized government action on cybersecurity when speaking to media about the auditor’s report Tuesday.
The province has had to deal with multiple high-profile security breaches in recent years, including at Saskatchewan Liquor and Gaming Authority in late 2021 and at eHealth Saskatchewan in 2019.
“In addition to the privacy concerns that we see, they’re also incredibly expensive for governments and for public dollars,” Young said.
“This is a serious concern. Saskatchewan is behind
the eight-ball. The focus hasn’t been where it needs to be whether it’s in education, the SLGA or the health region overall. It doesn’t seem to be something the government is addressing with any urgency.”
- What is a halal mortgage? How interest-free home financing works in Canada
- Capital gains changes are ‘really fair,’ Freeland says, as doctors cry foul
- Budget 2024 failed to spark ‘political reboot’ for Liberals, polling suggests
- Peel police chief met Sri Lankan officer a court says ‘participated’ in torture
In response to a request for comment, Saskatchewan School Board Association President Shawn Davidson said “cybersecurity is an ongoing and evolving issue for many organizations including school divisions.”
“Partners in Saskatchewan’s education sector, including school boards, continue to work collaboratively on cybersecurity.”
Cybersecurity consultant and author Brennen Schmidt said the auditor’s findings that some divisions are more vulnerable than others could be used as motivation for the provincial government to start thinking about how to implement cybersecurity measures on a wide-scale basis.
“It’s going to become increasingly important to think about what kind of technologies are in use and how we can go about leveraging economies of scale so that there’s less bespoke solutions in place,” he said.
“That’s to say where each individual school division is purchasing on their own perhaps there’s a case to be made that procurement can happen in larger batches in which case they may be able to not only secure better pricing but they may be able to make the migration to more modernized applications that have more safeguards in place.”
Comments