The State of Ethical Hacking in Nepal



In this context, it is an ethical field of cybersecurity where they test the security of systems, networks, applications, and data, by simulating those of malicous hackers. Organisations, while having ethical hackers or white hat hackers or penetration tester on their payroll, hire ethical hackers to identify and fix vulnerability, prevent cyber attacks and strengthen information security.
This field of ethical hacking is becoming popular and forthcoming in Nepal which has also been experiencing challenges, as well as opportunities in this digital era. In this blog post, we are going to see the current market, the trend and prospect of ethical hacking in Nepal.

Ethical Hacking Challenges in Nepal.

Nepal is a developing country and has low digital literacy and awareness amongst general public and government. The country however becomes vulnerable to many cyber threats such phishing, malware, ransomware, denial of service attacks, data breach, identity theft, fraud and espionage.

Of the population, Nepal Telecommunications Authority (NTA) reports there are 38.62 million internet users as of June 2021, representing about 130 per cent of total population. The internet services are still of poor quality and unreliability, especially in rural areas. Also, the legal and regulatory scaffolding concerning cybersecurity is primitive and outmoded; a law or agency meant to curb the scourge of cybercrime especially does not exist.

Some of the major cyber incidents that have occurred in Nepal in recent years include:

  •  Two years ago, NIC Asia bank suffered a hack attack in which the attackers used the SWIFT interbank messaging service to issue fraudulent money transfers. It added that attackers sent $4.4million worth of fraudulent money transfers from bank accounts into accounts held in six other countries.

  •  Five Chinese nationals that were arrested by Nepal Police in 2019 were for fraud of ATM. The Chinese were picked up for using cloned debit cards to breach several banks' processing system and withdrawing nearly $25000 from 68 ATMs. Police seized Rs12.60 million and around $10,000 and 132 forged VISA debit cards.

  •  In 2021, hackers lured diplomats and officials of the government with phishing emails from the email account of the Minister for Foreign Affairs Pradeep Kumar Gyawali.


It has exposed how lack of proper cybersecurity measures and awareness exists in different sectors and stakeholders in Nepal.  


The challenges faced by ethical hackers in Nepal include:


  •  A lack of adequate training and education opportunities for ethical hacking. There   are only a few institutions that offer ethical hacking courses or certifications in Nepal, such as Broadway Infosys, Laba Nepal, Vairav Technology, and Cryptogen. Additionally, ethical hacking is not a part of any curriculum or syllabus in course at schools or colleges.


  • Lack of recognition, appreciation and acceptance for the profession as ethical hackers. Society and its authorities often stigmatize and discriminate ethical hackers because they are mistaken for criminals and hackers. Like the Ethical hackers, the working condition of the latter is very risky, posing both legal and ethical dilemmas, since they have to get the permission of the owners or managers of the systems or networks they are testing.


  •  A lack of collaboration and coordination between the ethical hackers and all the other cybersecurity stakeholders. So, ethical hackers are usually among themselves or in small groups, even if they don’t share their knowledge and skills with others. No such formal or informal platform or community exists for ethical hackers with other cybersecurity professionals, like information security experts, system administrators, auditors, law enforcement agencies, etc.


Ethical Hacking Opportunities in Nepal


The opportunities for Nepal to increase its cybersecurity posture using ethical hacking are in number despite the challenges. Ethical hacking can help Nepal to:

1. They can help identify and fix vulnerabilities and security gaps in systems, networks, applications and data before they’re exploited by malicious hackers.

2. Stop or mitigate cyberattacks that will cost organizations or individuals financially, damage reputation, create operational disruption, and lead to legal consequences.

 3. Key to increase the awareness of information security and culture of information security among various sectors and stakeholders in Nepal.

4. It will create employment opportunities for young and talented IT professionals who are interested and have a heart in ethical hacking.

5. Helping develop cybersecurity research and innovation in Nepal.


Some of the signs that indicate the potential of ethical hacking in Nepal include:

It is because of the increasing demand for the ethical services of hacking from various sectors like banking, e commerce, education, government, health care, telecommunications etc.

Also, the increasing no. of ethical hackers with national or international recognition such as Bishal Shrestha; Ethiopia’s 18 year old national or international recognition ethical hacker who reported vulnerabilities in Google, Facebook, Microsoft etc.

Above mentioned things related to ethical hacking competitions and events in Nepal which provide a platform to attract and engage ethical hackers through various things such as as Capture the Flag (CTF) contests,Bug Bounty Programs, Ethical Hacking Communities and so forth.


Ethics of Hacking – A way forward in Nepal


Ethical hacking offers a promising career path with promising rewards eventually. To some degree, you need skills, certifications and experience. To become an ethical hacker in Nepal, one needs to:

• Basics of programming, networking, operating systems and tools and techniques of ethical hacking including reconnaissance, scanning, enumeration, vulnerability analysis, system hacking, Malware analysis, social engineering, session hijacking, defense evasion, web application hacking, wireless network hacking, mobile, and IoT hacking, cloud computing hacking and cryptography.

• Get certified in ethical hacking; Certified Ethical Hacker (CEH) ,GIAC Penetration Tester (GPEN), Offensive Security Certified Professional (OSCP) , Certified Penetration Testing Engineer (CPTE), etc.

Participating in platforms online where you get to gain practical experience with ethical hacking projects by means of virtual labs or cyber ranges where you can attack real world scenarios and challenges like Cybrary, Hack The Box, TryHackMe, Offensive Security, etc.

• Follow blogs, podcasts, or newsletters and other forums which keep you updated with the latest trend and development in ethical hacking and cybersecurity.


Moreover, to promote and support ethical hacking in Nepal, the following actions are recommended:

  •  In Nepal an updated comprehensive and generic cyber security policy and law be enacted by the government and enforced should specify and set ethical parameters and norms for cyber hacking and prevent and investigate cyber crime accordingly.


  • To this end, government should have and provide the capacity to setup and empower a single dedicated authority or agency involving and overseeing the cybersecurity activities and initiatives instigated in Nepal.


  • Nepal government should invest and provide incentives for building up security infrastructure and security innovation, e.g., broadband internet access, data centers, cloud services, cyber ranges, research labs.


  •  Collaboration and cooperation with other countries and international organizations of terrorism on the issue of an cybersecurity, that is, to share information, the best practices,standards, frameworks, etc.


  •  It is important the education sector in including ethical hacking and cybersecurity courses or modules studying in the school or college or give the training and certification opportunity to the teachers and students.


 In other words, the private sector should adopt and be implementing best practices and standards for cybersecurity management and governance like risk assessment, security audit, incident response, business continuity, etc.


  •  That the private sector hires and retains qualified and certified ethical hackers to examine and secure its systems or networks and to reward the contributions and the achievements.


  • It should also raise awareness about benefit of ethical hacking and cybersecurity, risks and threat of cyber attacks and cybercrime for the public and for doing that it will educate the people about it.


  •  We believe that Nepal’s civil society should be a positive, supportive environment for ethical hackers and help them succeed by reading their effort and achievements, guiding and mentoring them, and building platforms and communities of hackers so they can network and collaborate.


Cybersecurity in Nepal without the involvement of ethical hacking is incomplete and the latter is essential to its protection from cyber threats. Another lucrative and anything career is Ethical hacking.

Previous Post Next Post