Nepal’s Cyber security Scene

With each passing day we find more and more of our daily lives digitized, the threads of the physical world and the cyber world becoming increasingly interlinked.

The vastness of the internet allows for an unprecedented platform for information and communication. Almost everyone has a phone and data connection that allows them to access and manage multiple aspects of their life with ease. More and more businesses are using the internet to communicate with their consumers thanks to the convenience of online transactions. This increase in the flow of data online brings up the question of cyber security and the privacy of one’s personal information.

All the information we give out while making online payments, setting up accounts etc. is stored in various servers. These servers are prime targets for cyberattacks that can result in this confidential information being stolen, misused or leaked.

Nepal has been especially vulnerable to such cyberattacks in the past. In June of 2017 the official website of the Department of Passports was hacked by Turkish hackers who threated the government with leaking the government’s data.

Later that year, according to, the SWIFT inter-banking server of NIC Asia Bank was hacked, leading to the transfer of $4.4 million to six foreign countries. Although $3.9 million were recovered, the rest of the funds were lost.

A few years later in 2020, Foodmandu was hacked and the confidential information like phone numbers, names and emails of their 50,000 users was leaked. Not long after, Vianet Communications were targeted and 1,60,000 users had their personal information exposed online.

With the constantly evolving nature of cyberattacks, it is necessary to have a dynamic cybersecurity system in place. Setting up e-governance policies and adequate laws with the help of IT experts to protect from these threats is imperative as most laws attempting to deal with these circumstances are either completely outdated or nonexistent altogether.

Nepal, though still low-ranking in the Global Cyber Security Index, is making moves to improve its position. The Department of Information Technology in Nepal has formed the Computer Emergency Response Team (CERT) officially responsible for handling cybersecurity, identifying IT infrastructure and tools, and addressing legal mandates.

CERT proposes to provide 24×7 services which include responding to incidents and publishing security alerts, conducting forensic investigations of cyber incidents, performing security audits and coordinating with global and local cybercrime agencies. However, since it is impossible to have one single solution for cybersecurity with the ever-changing computing environment, multi-layer security strategies are needed, with CERT being one of the layers.

Even regular people are victims to phishing activities, having their data stolen via spam messages and malicious links forwarded to each other unknowingly. Hence it is important, in this rabidly digitized world, for us to be informed consumers.

There are some basic measures we can take as netizens to be safer. It is recommended by who report that 80% data breaches are caused by compromised passwords, a secure password should be longer than 8 characters and must contain at least one number, one lowercase letter, one uppercase letter and four symbols. The longer and more complicated the password, the better!

Keeping our operating systems up to date is one of the easiest ways to stay safer, after all, software updates take just the push of button, or are sometimes even automatic. Most software and operating systems have a level of built-in protection against attacks that are regularly updated with each system update.

This is by now common knowledge, but never open unknown links, even if they are sent by friends or family. Clicking may lead to data loss, information theft, and your device being infected with a virus.

Before downloading any app, it is important to go through the terms and conditions even if it seems tedious. With the plethora of apps in app stores that are rarely regulated, it is possible that some may have you actually consenting to your information being misused when you click that little “I agree to the terms and conditions” box.

However, despite the setbacks, there is a promising growth in the cybersecurity field with many new organizations like Eminence Ways, Vairav Tech, CryptoGen Nepal and Cynical Technology to name a few. There are increasing numbers of IT and computer related courses in colleges across the country. Bug Bounty programs which reward users for finding bugs in the listed companies now becoming available have a two-way advantage of strengthening security and increasing interest in the field.

Nepal still has ways to go when it comes to cybersecurity. Data protection regulations and cyberlaws need to be updated and implemented. Until then it is up to us to be the informed and aware netizens of Nepal.

Share :