Some of the major cyber incidents that have occurred in Nepal in recent years include:
- Two years ago, NIC Asia bank suffered a hack attack in which the attackers used the SWIFT interbank messaging service to issue fraudulent money transfers. It added that attackers sent $4.4million worth of fraudulent money transfers from bank accounts into accounts held in six other countries.
- Five Chinese nationals that were arrested by Nepal Police in 2019 were for fraud of ATM. The Chinese were picked up for using cloned debit cards to breach several banks' processing system and withdrawing nearly $25000 from 68 ATMs. Police seized Rs12.60 million and around $10,000 and 132 forged VISA debit cards.
- In 2021, hackers lured diplomats and officials of the government with phishing emails from the email account of the Minister for Foreign Affairs Pradeep Kumar Gyawali.
It has exposed how lack of proper cybersecurity measures and awareness exists in different sectors and stakeholders in Nepal.
The challenges faced by ethical hackers in Nepal include:
- A lack of adequate training and education opportunities for ethical hacking. There are only a few institutions that offer ethical hacking courses or certifications in Nepal, such as Broadway Infosys, Laba Nepal, Vairav Technology, and Cryptogen. Additionally, ethical hacking is not a part of any curriculum or syllabus in course at schools or colleges.
- Lack of recognition, appreciation and acceptance for the profession as ethical hackers. Society and its authorities often stigmatize and discriminate ethical hackers because they are mistaken for criminals and hackers. Like the Ethical hackers, the working condition of the latter is very risky, posing both legal and ethical dilemmas, since they have to get the permission of the owners or managers of the systems or networks they are testing.
- A lack of collaboration and coordination between the ethical hackers and all the other cybersecurity stakeholders. So, ethical hackers are usually among themselves or in small groups, even if they don’t share their knowledge and skills with others. No such formal or informal platform or community exists for ethical hackers with other cybersecurity professionals, like information security experts, system administrators, auditors, law enforcement agencies, etc.
Ethical Hacking Opportunities in Nepal
The opportunities for Nepal to increase its cybersecurity posture using ethical hacking are in number despite the challenges. Ethical hacking can help Nepal to:
1. They can help identify and fix vulnerabilities and security gaps in systems, networks, applications and data before they’re exploited by malicious hackers.
2. Stop or mitigate cyberattacks that will cost organizations or individuals financially, damage reputation, create operational disruption, and lead to legal consequences.
3. Key to increase the awareness of information security and culture of information security among various sectors and stakeholders in Nepal.
4. It will create employment opportunities for young and talented IT professionals who are interested and have a heart in ethical hacking.
5. Helping develop cybersecurity research and innovation in Nepal.
Some of the signs that indicate the potential of ethical hacking in Nepal include:
It is because of the increasing demand for the ethical services of hacking from various sectors like banking, e commerce, education, government, health care, telecommunications etc.
Also, the increasing no. of ethical hackers with national or international recognition such as Bishal Shrestha; Ethiopia’s 18 year old national or international recognition ethical hacker who reported vulnerabilities in Google, Facebook, Microsoft etc.
Above mentioned things related to ethical hacking competitions and events in Nepal which provide a platform to attract and engage ethical hackers through various things such as as Capture the Flag (CTF) contests,Bug Bounty Programs, Ethical Hacking Communities and so forth.
Ethics of Hacking – A way forward in Nepal
Ethical hacking offers a promising career path with promising rewards eventually. To some degree, you need skills, certifications and experience. To become an ethical hacker in Nepal, one needs to:
• Basics of programming, networking, operating systems and tools and techniques of ethical hacking including reconnaissance, scanning, enumeration, vulnerability analysis, system hacking, Malware analysis, social engineering, session hijacking, defense evasion, web application hacking, wireless network hacking, mobile, and IoT hacking, cloud computing hacking and cryptography.
• Get certified in ethical hacking; Certified Ethical Hacker (CEH) ,GIAC Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP) , Certified Penetration Testing Engineer (CPTE), etc.
Participating in platforms online where you get to gain practical experience with ethical hacking projects by means of virtual labs or cyber ranges where you can attack real world scenarios and challenges like Cybrary, Hack The Box, TryHackMe, Offensive Security, etc.
• Follow blogs, podcasts, or newsletters and other forums which keep you updated with the latest trend and development in ethical hacking and cybersecurity.
Moreover, to promote and support ethical hacking in Nepal, the following actions are recommended:
- In Nepal an updated comprehensive and generic cyber security policy and law be enacted by the government and enforced should specify and set ethical parameters and norms for cyber hacking and prevent and investigate cyber crime accordingly.
- To this end, government should have and provide the capacity to setup and empower a single dedicated authority or agency involving and overseeing the cybersecurity activities and initiatives instigated in Nepal.
- Nepal government should invest and provide incentives for building up security infrastructure and security innovation, e.g., broadband internet access, data centers, cloud services, cyber ranges, research labs.
- Collaboration and cooperation with other countries and international organizations of terrorism on the issue of an cybersecurity, that is, to share information, the best practices,standards, frameworks, etc.
- It is important the education sector in including ethical hacking and cybersecurity courses or modules studying in the school or college or give the training and certification opportunity to the teachers and students.
In other words, the private sector should adopt and be implementing best practices and standards for cybersecurity management and governance like risk assessment, security audit, incident response, business continuity, etc.
- That the private sector hires and retains qualified and certified ethical hackers to examine and secure its systems or networks and to reward the contributions and the achievements.
- It should also raise awareness about benefit of ethical hacking and cybersecurity, risks and threat of cyber attacks and cybercrime for the public and for doing that it will educate the people about it.
- We believe that Nepal’s civil society should be a positive, supportive environment for ethical hackers and help them succeed by reading their effort and achievements, guiding and mentoring them, and building platforms and communities of hackers so they can network and collaborate.
Cybersecurity in Nepal without the involvement of ethical hacking is incomplete and the latter is essential to its protection from cyber threats. Another lucrative and anything career is Ethical hacking.