By Nickey Mannya, Director for Cyber Security and Next Generation Solutions at Westcon-Comstor Southern Africa
South Africa’s schools and universities have quietly become critical pieces of national digital infrastructure, yet they remain among the easiest targets.
It often starts with something small: a student connects their laptop to campus Wi-Fi and clicks on what looks like a routine admin request. A staff member falls for a well-crafted phishing email. A cloud storage bucket is left misconfigured, exposing sensitive research data. Sometimes, the breach isn’t even technical it’s a syndicate impersonating authority figures to trick students or educators into opening the door.
From where we sit in the channel, we see these incidents unfold repeatedly. And while every breach looks different, the root causes are often the same: open environments, fragmented governance, and misaligned stakeholders.
The Open Door Problem
Unlike corporate networks, education environments are open by design. They’re built to enable collaboration and mobility, not to enforce tight control. Students bring multiple unmanaged devices, faculties run their own systems, and policies vary widely across departments. This openness fuels learning and innovation but it also widens the attack surface.
The result is a layered, inconsistent infrastructure: legacy platforms mix with cloud services, access control is uneven, and network segmentation is often limited. IT teams end up defending a decentralised ecosystem, not a single secure perimeter.
Attackers understand this landscape well. They move through the spaces between how universities operate and how their security is structured. Fragmented governance creates “security islands” that central teams can’t see. Flat network architectures and uneven identity controls make lateral movement easy once they’re inside often through a single compromised device.
Additionally, the stakeholders responsible for securing education don’t always align. Universities prioritise openness and autonomy. Vendors bring powerful technologies often designed for centralised corporate environments. The channel understands both worlds but is not always strategically integrated. Too often, each group operates in its own lane, leaving critical gaps between policy, technology, and execution.
The CSIR’s National Cybersecurity Survey reinforces this reality: weak identity management and skills shortages remain persistent vulnerabilities. But the deeper issue is how attackers exploit the spaces between people, systems, and responsibilities. Closing those spaces requires coordination and strategy not just tools.
Closing the Gaps
Universities are now integral to the country’s critical digital infrastructure, and we cannot continue to apply corporate security thinking in academic environments and expect it to be effective. Closing these gaps means more than investing in new technology, it requires alignment between universities, vendors, and the channel.
For university leadership, cybersecurity must move from the sidelines into institutional strategy and governance. Faculties can’t operate as isolated digital islands forever. Clear baselines, federated governance, and a shared view of risk are essential. For vendors, it’s time to adapt solutions to real education dynamics. One-size-fits-all won’t work. Products must support decentralised environments, not fight them.
And for the channel, this is where we can truly make a difference. We understand both worlds , namely vendor capabilities and the messy, real-world networks of education. We can translate technology into strategies that fit the environment, not the other way around. That means structured risk assessments across different faculties, realistic simulations that reflect how people actually use systems, and integrated architectures that give visibility without shutting the doors that education depends on.
This is where distributors like Westcon-Comstor play a crucial role, which is connecting IT channel partners with leading cybersecurity vendors and enabling them to give institutions the tools, solutions, and expertise they need to build layered defences and test their readiness proactively. This is how a shared playbook takes shape, not by retrofitting corporate models, but by designing security for the realities of education.
Cybersecurity, ignore it at your own peril
Education networks carry research, intellectual capital, and the personal data of millions. Protecting them means protecting trust, knowledge, and national capability.
The open-door nature of education isn’t going away. What must change is how we organise to defend them. Universities, vendors, and the channel each bring something essential. Only together can we close the spaces attackers exploit and build the resilience these institutions deserve. The decision isn’t for later, it’s for now.