Sars lambasted for cybersecurity risk
DURBAN - THE South African Revenue Service (Sars) continues to use outdated, insecure technology on its e-filing system despite being advised of the online security risk, cybersecurity experts warned yesterday.
Cybersecurity and small business expert and chief executive of Osidon and Cybadev, Hennie Ferreira, said Sars had announced on social media recently that it was experiencing problems with Adobe Flash Player.
Ferreira said Sars should have been aware that Adobe would block Flash Player on January 12, as the firm had announced it more than three years ago and again in December 2020.
According to Adobe’s website, the reason Flash Player is no longer supported is because it is outdated and no longer considered secure.
Ferreira said he had warned Sars on January 12 of the problem and it had indicated “work-arounds”, but yesterday the problem had persisted.
“In the age of Covid-19, social distancing and remote working, tax practitioners, business owners and members of the public are unable to visit Sars offices and rely heavily on virtual systems to get things done.
“It is unacceptable that we use outdated and insecure technology to run our country’s tax system,” Ferreira said.
Derrick Chikanga, IT services analyst at Africa Analysis, said: “Cybercriminals are always active and as sophisticated as the developers themselves. They are always looking for loopholes and entry ways.
“Sars is supposed to be one of the more secure institutions,” he said.
Durban IT cybersecurity expert Ben Skevington said most websites had stopped using the software.
“The fact that Adobe Flash is still used by Sars is not only a travesty but it is an embarrassment to the government as a whole.”
Sars said it was aware of the ongoing issues experienced due to the discontinuation of the Flash Player component by Adobe, as well as some recent internet browser updates.
It said it anticipated this scenario and the issue was communicated to various stakeholders, including practitioners at the end of last year.
It said these had negatively affected a limited set of Adobe forms that were currently available on eFiling, however it said provisional taxpayers who are required to file returns, could use eFiling and the Sars MobiApp, which uses HTML5, to file on or before the deadline on January 29.
“Sars is busy replacing forms using Adobe Flash with the latest HTML5 technology and has made significant strides.”
It said some forms which remain on Adobe Flash post December 2020 included: Registration (excluding Registration for Individuals), Transfer Duty, Dividends Tax, Submission of Financial 3rd Party Data, Excise Duties and Levies.
It said it was committed to migrating these forms to HTML5 in 2021and in the interim urged taxpayers to follow the guidelines provided and use the Microsoft Edge browser to complete and submit these forms online.
Regarding cybersecurity risks, it said all technology solutions posed cybersecurity risks.
“What is key, is that all users of technology ensure that they subscribe to and implement the latest security measures. From a Sars system perspective every endeavour is made to ensure the highest levels of security which mitigate known risks.”