Skip to main content

The new Curriculum and its impact on cybersecurity in Zimbabwe: Should we be worried?

There has been a great deal of uproar from many corners in our local society regarding the structure of the new Primary and Secondary school curriculum, but in this article I will not delve into my support for one side or the other as a whole. 

What I would like to focus on though, is the Computer Science subject (which I believe is very impressive to say the least) and how it ties into the bigger picture that is cyber security. This is with respect to the growth of what are known as threat actors in cyber security and the need for everyone to take their personal and organizational security seriously. By definition, a threat actor is basically any individual who may possibly cause harm to you or your organization, be it physically or in our case, digitally. 

You see, contrary to popular belief, or maybe I should refer to it as “media-based” belief, the people who can compromise your digital security, are not only just teenage hackers on the other side of the world who stay in their mother’s basements or a super-squad of state hackers from North Korea or some other country. The reality of the situation is that even that kid next door who has just started Form 1 at the local high school. Yes, that kid! 

The truth of the matter is, the world we live in today is completely different from that of a few years ago. Back then, an introductory course to computers in universities would have been made up of topics on what hardware devices are, what software is and the different types of applications one can use, but that is no longer the case today. Those topics are now taught in Primary school and secondary school which effectively means that what will pass for “basic computing skills” a few years from now (when the new curriculum has been running for some time) will be way more advanced relative to what is called basic today. This is because from Form 1 right up to Form 4, students will be taught about cyber security within the Computer Science subject, which will in turn equip them with a great deal of cyber security-related knowledge. 

While buffer overflows and operating system hardening may sound like very complex and foreign terms to many right now, these kids will not only know what those are, but relative to their level of curiosity and thirst for knowledge, they could actually end up being able to apply such concepts in real scenarios. 

I refer to their level of curiosity because as we all know, what you learn in class is just part of what you need, it’s your curiosity and thirst for knowledge that gets you where you need to be. In that light, considering how the digital divide is slowly narrowing, the growth of internet access locally and the rising mobile penetration rates in Zimbabwe, the resources these kids need to go an extra mile in knowing more about cyber security will be right at their fingertips. 

WhatsApp groups focused on cyber security, the hundreds of Youtube channels that teach you how to hack into a phone or computer, the availability of open source and easily accessible hacking tools such as the Kali Linux operating system; all these are different ways that everyone can use to learn how to hack at minimum cost. In my opinion, the one thing that has been holding back the flood of non-advanced hacking attempts locally is not the lack of motivation by potential hackers locally or globally, but the lack of knowledge as to how easy it is to be a script kiddie (i.e. an amateur hacker) without much of an in depth understanding of the targeted systems. 

Hopefully, this article will become more of a clarion call to all; corporates and individuals, to take cyber security seriously not because a whole new wave of change is coming but is here already. A friend of mine likes ending his security-related presentations with a statement that goes “it’s not a matter of IF you will get hacked, it’s a matter of WHEN you will get hacked”. That statement is as true as it gets and it is imperative that we all be prepared for that eventuality, for it truly is coming. The best we can do is be better prepared to respond and to try and be as protected as we can.

Comments

Popular posts from this blog

Password Cracking: RainbowCrack table generation, sorting and usage

I had to do this demo after one of my students asked for my assistance regarding how to use this tool. Usually, I just assign different tools to them individually depending on the aspect of penetration testing we are covering (session hijacking, vulnerability scanning, etc) and then tell them to submit a report and a video demo of how the tool is used. Anyway, after a brief one-to-one discussion I realized the student had actually done the research on how rainbow tables operate (above and beyond the material in the lecture slides) so I figured that if he was here asking for assistance, he genuinely needed it. The tool is available at the RainbowCrack site.  A detailed description of this nifty tool can also be found here . So, firstly I had to generate the rainbow tables. The command line syntax is: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index where: hash_algorithm  Rainbow table is hash algorithm sp...

Forensics: Extraction of email evidence using Wireshark and NetworkMiner

The video at the end of this post is a demo of a solution to a forensic challenge from this site .   The goal of the challenge is to extract necessary information for an investigation from a pcap file. the site, forensicscontest.com, has a number of similar challenges that you can try out as well. Obviously, there is more than one way to skin a pcap (the other methods can be found among the solutions/walkthroughs on the site itself) and in this case 2 tools were used: Wireshark NetworkMiner Just to cover a few "mysterious" sections of the video, there is a point where I sorted the packets in wireshark in alphabetical order then looked for the first SMTP packet. The reason is that since we are investigating email evidence, the common protocols we should search for include IMAP, SMTP etc. In this case, the criminal used SMTP. Next, there is a point where we highlight the stream index in the detailed section of the packet. This is because each stream refers ...

How I Recovered my Corrupted 2TB Hard Drive without having to copy everything to another Drive

So, a little back story. I have a 2 Terabyte external hard drive that's split into 3 partitions for backup; one for entertainment, one for work and one for personal projects. A friend of mine had a Lenovo laptop that was having challenges with installing WLAN drivers (you'd install the drivers and they'd keep giving an error that drivers aren't working. If you tried to uninstall them, they'd just reappear...but that's a whole different story). Anyway, my friend decided to roll-back from Windows 10 to Windows 8 and wanted to copy one of the test builds from my 2TB HDD so I lent it to him. Little did I know that that Lenovo laptop had other plans for me. Upon connecting the external hard drive to the Lenovo laptop, it immediately read it as a FAT32 formatted drive (it was actually NTFS formatted) and had 1.82 TB free space of the "actual" size 1.82 TB. Where panic would have ensued for many, I managed to keep in the growing irritation at such a thing ...