Cyber Security in Nepal
Cyber Security in Nepal: Everything You Need to Know
As technology has revolutionized Nepal in the past few years, the associated crimes committed through the use of technology have also increased. No doubt online payment is fast and handy, but is it safe? Are we sure there is no one despite the bank and its customers that have access to the sensitive information? Are we sure the personal data we have been saving in the cloud is limited to us and no one else? Are we sure that two-factor authentication is the safest method to avoid a breach in social media? Hence, this article might be helpful to create awareness in you.
Importance of Cyber Security in Nepal
Online swindling, cyberbullying, impersonation or identity theft, data theft, Phishing, Banking frauds, Hacking, Online threats & intimidation, Various forms of Online Violence against Women, Revenge Porn, Copyrights issues, Denial-of-Service (DoS) attack, Child Online Protection, Lack of awareness, Lack of Standardization and proper policy are just a few ways among countless other methods that criminals use to commit cybercrimes.
To highlight the importance of cyber security, let us first understand the cases that fall under this type of crime:
Online swindling – A young woman fell victim while booking an airline ticket online. She was to receive Rs. 110,000 but ended up receiving only Rs. 15,000 with the help of the district court in 2013. NIC Asia’s SWIFT system was hacked by an unidentified hacker who transferred USD 4.4 million to six different countries. The bank however claims that USD 4 million was later recovered by them.
Cyberbullying – The first case of this kind was reported in 2014, at Kathmandu School of Law. One of the biggest cases of this kind was when the official website of the Department of Passport (Nepal) was hacked in 2017 by a group of Turkish hackers who threatened to leak all the confidential information of the government. A few months later, 58 government websites were hacked by a group named ‘Paradox Cyber Ghost’.
Information Gathering – An 18-year-old hacked government website in 2016 operating by the name of Anonymous #Opnep. In 2020, a hacker named Narapichas leaked more than 1,70,000 users’ data including customers’ emails, phone numbers, and addresses by hacking into Vianet Communication. Similarly, in the same year, a hacker named Mr. Mugger hacked FoodMandu and made public the name, email addresses, and phone numbers of 50,000 users.
Online Threats & Intimidation
A hacker group has threatened to hack all the systems of Kumari Bank. There was a threat received via an email from the Saudi group that threatened to hack all systems at the bank’s information technology branch. The bank had shut down all systems after receiving such a threatening email.
Similarly, in July 2021, fifteen banks in Nepal were threatened by an email sent by a group illustrating that the system has been compromised. The email created a great deal of fear in the banking sector, but later nothing happened.
Other common cybercrimes that were reported in Nepal were ATM attacks, ransomware, phishing attacks, harassment using social media details, privacy leaks, pornography, and broadcasting false information.
Scope of Cyber Security in Nepal
Many people have professionally been working in the cyber security sector and over time, we can see gradually the number is increasing. Many professional ethical hackers from Nepal have also managed to get their names in the international hall of fame.
Every sector/ business from small scale to large scale is vulnerable to cyber-attacks as they are digitized in one way or another. Both the public and private sectors are prone to cyber-attack as some may use online payment methods or wallets, while some may have their website and everyone uses the internet. The following are some sectors that are prone to these attacks:
1. Financial Sector: Financial institutions are one of the most vulnerable sectors to cybercrime due to the availability of financial and data assets. Nepal Rastra Bank, the central bank of Nepal, regulates the cyber security guidelines for these sectors and is better when compared to the other sectors. Most financial institutions invest in cyber security while the other financial institutions have typically low awareness and investment.
2. Airlines/Aviation Sector: This sector relies heavily on cutting-edge technologies and has a complex system and is vulnerable to cybercrimes almost as much as the financial sectors. They have sensitive information about their customers like their passport details, credit card details, and much more. Cybercriminals can easily exploit their database to get the personal details of people to commit crimes both nationally as well as internationally. Because these sectors also store credit card details of the passengers who prefer digital payment, their credit card details can also be accessed and their money can be stolen.
3. Health Sector: Health care sectors fall under the most targeted industries as they also have sensitive information about patients. Identity theft is one of the most popular crimes that are committed using the data from such institutes. The personal information of a patient is stored in the database of these types of organizations which is enough to open a bank account or take loans from the victim’s name. Also, digital payment is always a blessing as well as a curse. Health care institutes spend less on cyber security than the financial and aviation sector but they are not immune to cybercrimes.
4. Government Sector: Cyber Security in the government sector of Nepal is neglected and has been breached many times by both national as well as international attackers. They are highly vulnerable and easily hackable. Due to less investment and lack of awareness the sensitive data of the government along with the citizens are always compromised. Political instability and corruption can be some of the major reasons why government platforms are targeted the most.
Cyber Security in Nepal 2022
Nepal ranks 94th in the Global Cyber Security Index which uses five pillars for the ranking of security, namely, legal, organizational, capacity development, and cooperation. While Nepal stands in the 94th position, India has reached the top 10 in the Index with 97.5 points. Similarly, Bangladesh ranks 53rd with 81.27 points; Pakistan ranks 79th with 64.88 points; Bhutan ranks 134th with 18.34 percent, and Sri Lanka ranks 83rd with 58.65 points. United States tops the chart with 100 points followed by the UK and Saudi Arabia.
As Nepal’s working culture and information/data storage systems are based on a file/physical storage system, therefore, the country’s progress in enacting cyber laws has been relatively not that much strong. The nation does not employ quite as much technology as other advanced nations. Due to the use of obsolete IT systems, most organizations are vulnerable to cyber-attacks. In addition, there is no proper cyber law in Nepal. In case there is a cyber-crime committed by an individual, there is very little that the Nepal government can do in terms of enforcing the legal actions. Furthermore, Nepal faces a general lack of proper IT policy, IT knowledge, up-to-date on new technologies, and security awareness programs which have resulted in numerous instances of spamming, phishing, and password piracy concerns. It is also commonly observed that the decision of minimizing the risks of cyber security would incur an additional cost burden, which is the primary reason why most organizations have not made a particular effort to assure their cyber safety.
The statistics of the Nepal Police show that the number of cyberbullies had surged since 2014. Due to the loopholes in the cybersecurity system in Nepal, multiple cases of data breach as mentioned above have been reported for the last few years. The cases of cybercrimes are currently handled in Nepal under the Electronic Transaction Act 2008. Presently, a team named Computer Emergency Response Team (CERT) which was established under the Department of Information Technology deals with cybersecurity threats like hacking and phishing. The CERT team also coordinates and collaborates with security operations center teams to establish detection rules and coordinate responses.
In order to govern and address cyber security issues, the Ministry of Communication and Information Technology drafted a new policy named ‘National Cyber Security Policy 2021’. It included background information on the need for cybersecurity policy, the need for the new law, challenges, objective, strategy, work plan, and organizational structure. In addition, it also included the responsibility of the stakeholders and mentions the formation of the direction committee and coordination committee for inter-agency coordination and collaboration. Moreover, it has also incorporated the formation of the National Cyber Security Strategy Working Group, National Information Technology Emergency Response Team, and Female and Child Online Protection Working Group.
Being a developing country, Nepal must think of a better security system to be deployed with the implementation of an information system for effective and efficient utilization of the resources. The deployment of the e-government system and the back-end network infrastructure deployments are slowly progressing. From this point of view, keeping the information assets of the organization secure in today’s interconnected computing environment is a true challenge that becomes more challenging with each new IT-based product and each new global IT threat. Also, for the protection from cyber threats and cybercrimes, organizations must keep all systems up to date to minimize vulnerability and avoid side-loading applications to minimize the chances of zero-click attacks. Organizations should also develop a well-structured disaster recovery plan which will assist in avoiding massive data loss and downtime in case of a cyber-attack. They should use vulnerability management tools to automate threat detection and protect against potential threats. Many users never change their passwords or even if they do, they just make simple changes. This leaves such accounts vulnerable. Therefore, Using Multi-Factor Authentication (MFA) as a protection layer helps to decrease the chance of a data breach. Most importantly cybercrimes and attacks can be reduced if the user or the customer itself is too aware of these issues. Hence, awareness programs play a vital role in minimizing cybercrimes and threats.