Overview of Cyber Security
The term ‘Cyber Security’ is becoming more common these days. Cyberspace is becoming an ever-increasing part of our daily lives. With the growing demand for digital services, many businesses are adopting technology in every way possible. But, as we’ve all heard, “great opportunities come with great risk.” There are still some risks and threats associated with adapting to cyberspace.
According to Merriam-Webster:
“Cyber security is the measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.”
The Internet today is teeming with information and confidential data. Businesses rely on the internet as their primary platform for sales and transactions with their thousands of online customers. All of this information is stored somewhere on a server, which is a popular target for cybercriminals.
Cyber Threats in Nepal
Another popular term that frequently making headlines in the news is ‘cyber threats.’ It is a malicious act to gain unauthorized access to a computer system or network resulting in data corruption, data breaches, or the theft of confidential information.
According to IT Governance, 1,120 breaches and cyberattacks, totaling 20,120,074,547 leaked records were recorded in 2020.
The history of Nepal in terms of cyber threats is not good as well.
Looking back on June 27, 2017, a group of Turkish hackers hacked the official website of the Department of Passport and threatened the government with public disclosure of government data if the hackers’ demand was not met (myRepublica).
In the same year in October, attackers hacked the SWIFT server of NIC Asia Bank initiating the transfer of $4.4 million from Kathmandu to other foreign countries including China, Japan, the US, the UK, and Singapore. The bank was reported to have recovered $3.9 million, even though $580,000 had already been released to overseas bank account holders (Bank Info Security).
On March 7, 2020, Foodmandu, an e-commerce company encountered a data breach where hackers revealed the dump data of their 50K users, including names, emails, and phone numbers (myRepublica). After a month of the Foodmandu incident, Vianet Communication experienced a similar incident in which more than 160,000 user details, including their name, address, email, and phone numbers were leaked on the internet (The Kathmandu Post).
When the entire world is fighting against the global pandemic, hackers are taking advantage of the situation, turning COVID-19 into a general bait for cyber attacks. Google reported that their system detected more than 18 million malware and phishing Gmail messages per day related to COVID-19.
Similarly, social media spam has become a major threat to Nepalese citizens. Phishing activities in social media have recently increased. People not being aware, are sharing malicious links to their friends and family via private messages or groups.
Basic Cyber Security Measures
Here are some basic precautions that we as a netizen should practice to protect ourself from cyber attacks:
- Use Strong Password
Most of our data is password-protected. However, today’s hackers are more sophisticated, using advanced tools and techniques to crack passwords. So, having a strong password can significantly help to secure your data online. According to the National Institute of Standard and Technology’s Password Guidelines, your password must be more than 8 characters consisting of a mixture of at least one lowercase letter, one uppercase letter, one number, and four symbols. Longer passwords are more likely to be secure, according to NIST guidelines.
- Use Two-Factor authentication
Two-factor authentication 2FA is another layer of security for authentication. When an attacker cracks your password, they must go through an additional layer of security for authentication, making it difficult for them to access the data.
- Keep Your Software up to date
Regularly updating the software on our system is one of the simplest ways to protect ourselves from cyber threats. Many built-in functions in our operating systems aid in the prevention of attacks. However, as the attackers studied that architecture and functions, they were able to attack the system. As a result, our operating system providers provide regular OS updates to avoid such cyber attacks.
- Think Before you click
Netizens should be aware of phishing and spam. Avoid opening emails from unknown people. Malicious links can come from friends who have been infected too. Clicking those links may result in disclosing sensitive information, or installing software that infects the entire system with a virus.
Five things you can do right now to stay safer online by Google.
According to Global Cybersecurity Index (GCI) 2017, Nepal is classified in the initiating stage where Nepal is still ranked poorly in all five core areas of cyber security including legal measure, technical measure, organizational measure, capacity building, and cooperation.
Although some progress has been made in developing a legal framework for dealing with data and cybersecurity, Nepal still has several lessons to learn from past incidents.
To strengthen Nepal’s cyber security, general data protection regulations, developing data protection as a work culture, investment in cyber security, and proactive monitoring of fraud detection should be established. Also, general awareness for internet users is a must to avoid spam and phishing.
But if we see the positive aspect, Nepal has now various emerging organizations that have been working actively in the field of cyber security. They are providing security services throughout Nepal. Eminence Ways, Vairav Tech, CryptoGen Nepal, ThreatNix, One Cover Pvt Ltd, Cynical Technology, and Reanda Biz Serve are among the organizations actively working in the field of cyber security in Nepal.
Yogesh Ojha, a Cyber Security Analyst, has been chosen to be the first Nepali to present his project rEngine at the world’s top security conferences, BlackHat USA and Defcon (Easy Tips Tutorial).
Similarly, Bug bounty is creating a new environment for cyber security today. Finding and reporting bugs via bug bounty programs, as well as receiving rewards and recognition, has inspired many Nepalese. Recently, Cynical Technology has launched bugv.io, a bug bounty platform in which you will be rewarded if you can find bugs in the listed company.
As a result, we can see that cyber security in Nepal is improving over time. Many colleges and universities offer cyber security programs, and some organizations train professional cyber security experts. The domain’s scope and opportunities are expanding as well. With this, we can all hope to see Nepal make further progress in the field of cyber security.