Skip to main content

The new Curriculum and its impact on cybersecurity in Zimbabwe: Should we be worried?

There has been a great deal of uproar from many corners in our local society regarding the structure of the new Primary and Secondary school curriculum, but in this article I will not delve into my support for one side or the other as a whole. 

What I would like to focus on though, is the Computer Science subject (which I believe is very impressive to say the least) and how it ties into the bigger picture that is cyber security. This is with respect to the growth of what are known as threat actors in cyber security and the need for everyone to take their personal and organizational security seriously. By definition, a threat actor is basically any individual who may possibly cause harm to you or your organization, be it physically or in our case, digitally. 

You see, contrary to popular belief, or maybe I should refer to it as “media-based” belief, the people who can compromise your digital security, are not only just teenage hackers on the other side of the world who stay in their mother’s basements or a super-squad of state hackers from North Korea or some other country. The reality of the situation is that even that kid next door who has just started Form 1 at the local high school. Yes, that kid! 

The truth of the matter is, the world we live in today is completely different from that of a few years ago. Back then, an introductory course to computers in universities would have been made up of topics on what hardware devices are, what software is and the different types of applications one can use, but that is no longer the case today. Those topics are now taught in Primary school and secondary school which effectively means that what will pass for “basic computing skills” a few years from now (when the new curriculum has been running for some time) will be way more advanced relative to what is called basic today. This is because from Form 1 right up to Form 4, students will be taught about cyber security within the Computer Science subject, which will in turn equip them with a great deal of cyber security-related knowledge. 

While buffer overflows and operating system hardening may sound like very complex and foreign terms to many right now, these kids will not only know what those are, but relative to their level of curiosity and thirst for knowledge, they could actually end up being able to apply such concepts in real scenarios. 

I refer to their level of curiosity because as we all know, what you learn in class is just part of what you need, it’s your curiosity and thirst for knowledge that gets you where you need to be. In that light, considering how the digital divide is slowly narrowing, the growth of internet access locally and the rising mobile penetration rates in Zimbabwe, the resources these kids need to go an extra mile in knowing more about cyber security will be right at their fingertips. 

WhatsApp groups focused on cyber security, the hundreds of Youtube channels that teach you how to hack into a phone or computer, the availability of open source and easily accessible hacking tools such as the Kali Linux operating system; all these are different ways that everyone can use to learn how to hack at minimum cost. In my opinion, the one thing that has been holding back the flood of non-advanced hacking attempts locally is not the lack of motivation by potential hackers locally or globally, but the lack of knowledge as to how easy it is to be a script kiddie (i.e. an amateur hacker) without much of an in depth understanding of the targeted systems. 

Hopefully, this article will become more of a clarion call to all; corporates and individuals, to take cyber security seriously not because a whole new wave of change is coming but is here already. A friend of mine likes ending his security-related presentations with a statement that goes “it’s not a matter of IF you will get hacked, it’s a matter of WHEN you will get hacked”. That statement is as true as it gets and it is imperative that we all be prepared for that eventuality, for it truly is coming. The best we can do is be better prepared to respond and to try and be as protected as we can.

Comments

Post a Comment

Popular posts from this blog

Password Cracking: RainbowCrack table generation, sorting and usage

I had to do this demo after one of my students asked for my assistance regarding how to use this tool. Usually, I just assign different tools to them individually depending on the aspect of penetration testing we are covering (session hijacking, vulnerability scanning, etc) and then tell them to submit a report and a video demo of how the tool is used. Anyway, after a brief one-to-one discussion I realized the student had actually done the research on how rainbow tables operate (above and beyond the material in the lecture slides) so I figured that if he was here asking for assistance, he genuinely needed it. The tool is available at the RainbowCrack site.  A detailed description of this nifty tool can also be found here . So, firstly I had to generate the rainbow tables. The command line syntax is: rtgen hash_algorithm charset plaintext_len_min plaintext_len_max table_index chain_len chain_num part_index where: hash_algorithm  Rainbow table is hash algorithm specific. R
Post a Comment
Read more

Malware Analysis: A Python Malware on campus 1

So a few weeks back after a class I'd taken with them,  a number of my students told me of a particular malware that was affecting students' computers, in particular, computers running Windows OS. According to them, if you tried to open a folder that was residing on the USB stick with the malware, the malware would delete some of your files and convert folders into executable files. Granted, the likelihood of a random folder miraculously transforming into a single executable file was kinda "out there" but I figured I'd check it out and use that as a teaching moment for those interested in venturing into malware analysis. So I tasked them to bring me a sample of the malware so I could take a look at it and maybe figure it out. I advised one of them to download DumpIt  and then extract the memory dump from an infected computer using a clean flash disk and then bring it to me. How do you do this exactly? here's how: Download DumpIt . It's a portable
Post a Comment
Read more

How I Recovered my Corrupted 2TB Hard Drive without having to copy everything to another Drive

So, a little back story. I have a 2 Terabyte external hard drive that's split into 3 partitions for backup; one for entertainment, one for work and one for personal projects. A friend of mine had a Lenovo laptop that was having challenges with installing WLAN drivers (you'd install the drivers and they'd keep giving an error that drivers aren't working. If you tried to uninstall them, they'd just reappear...but that's a whole different story). Anyway, my friend decided to roll-back from Windows 10 to Windows 8 and wanted to copy one of the test builds from my 2TB HDD so I lent it to him. Little did I know that that Lenovo laptop had other plans for me. Upon connecting the external hard drive to the Lenovo laptop, it immediately read it as a FAT32 formatted drive (it was actually NTFS formatted) and had 1.82 TB free space of the "actual" size 1.82 TB. Where panic would have ensued for many, I managed to keep in the growing irritation at such a thing
1 comment
Read more