- The Department of Basic Education is insisting on using old hardware that is unsecured by the latest updates, a report says.
- Administrative software SA-SAMS cannot run on new systems like Windows 10 and 11.
- This leaves the software and the ICT systems of the department extremely vulnerable to cyberattacks which are becoming more common.
A fresh report details how the Department of Basic Education (DBE) uses IT systems to store and share important administrative data of learners, parents and employees so old that it does not work on computers running Windows 10 and 11 making it extremely vulnerable to cyberattacks.
According to Rapport, SA-SAMS, the Basic Education administrative software, can only run, and is running on, versions of Windows that are no longer receiving security updates from Microsoft.
Microsoft’s security teams are constantly updating Windows security in order to stay ahead of criminals, who are likewise constantly improving their methods to breach into systems. Without these important updates hackers can easily break into PCs and the older their operating systems, the easier the hack will be.
If SA-SAMS is not even able to run on Windows 10, which was released in 2015, then it is a miracle the DBE’s system has yet to be attacked and breached. Microsoft did offer an extended security update for Windows 7 – still one of the most used operating systems out there – in January last year but not for Windows 8.
One of the more concerning points of the report is that the department does not use any type of cloud storage to transfer important data from parents, learners and teachers to the DBE, and instead schools still have to bring data from hundreds of thousands of people on USB drives.
Sometimes schools will have to drive the computers (in cars) they run SA-SAMS to department offices to transmit the data.
Ailing ICT infrastructure and arcane methods of data transfers are likely costing the department millions of Rands in lost time, IT support, maintenance and likely even petrol. Not to mention a single well-placed hack could see troves of private information like addresses, ID numbers and possibly even banking details leaked.
The schools themselves are often using other third-party software and only turn to SA-SAMS when they want to transmit data to the department, which likely also bumps up costs. A school principal in KwaZulu-Natal told the publication that they only use SA-SAMS because that is the software Basic Education is insisting is used.
Schools also struggle when the department pushes updates for SA-SAMS with one Gauteng school administrator saying “We always hope and pray they don’t make any changes.”
The South African government is well aware of the dangers of cyberattacks. It has suffered attacks in the past that have driven up costs in the millions. In 2021, a ransomware attack on Transnet’s systems paralysed the country’s ports for over a week.
In 2024, another ransomware attack brought low the public hospital National Health Laboratory Service (NHLS), forcing technicians to deliver laboratory results via telephone, resulting in huge delays and rendering laboratory ICT systems inaccessible to staff.
The latest attack saw the ICT systems of the South African Weather Services (SAWS) also downed by ransomware last week. In an environment where ransomware attacks are consistently bringing down entities of the South African government, Basic Education’s reliance on old and unsecured Windows PCs allows a huge window of risk that could see other government departments affected with a well-placed breach.
[Image – Photo by William Warby on Unsplash]
