Kathmandu, September 8

Experts have said that domestic firms should make ample investment in the information and technology (IT) security in a bid to cope with possible security risks, including malware threats.

Speaking at an interaction programme on ‘Cyber Security and Rise of ATM Attacks in Nepal’, organised by Information Security Response Team Nepal and the Centre for Cyber Security Research and Innovation, experts said that the recent heist in the banking sector committed by Chinese hackers was a result of low priority that Nepali firms, including banks give to IT and security issues.

“Security management among a majority of domestic firms is weak as the management gives low priority to upgrade and strengthen the company’s IT department and those working in the department. In fact, firms take security issues too lightly and are unwilling to inject necessary investment in the sector,” said Bidesh Rai, an expert on cyber security, adding that firms neglecting security issues are prone to malware attacks.

Similarly, Rai also said that officials working in the IT departments of different firms have also not been able to properly convince the management on risk factors while adopting any new technology and the need to focus on security issues.

Along with strengthening the IT department, firms should also give reasonable salary to its IT staffs in a bid to encourage them.

On the occasion, Ram Krishna Pariyar, Asia representative of Internet Corporation for Assigned Names and Numbers, said though Nepal has enough IT manpower, they are compelled to work abroad as domestic firms do not prioritise them. “Firms in Nepal link IT and security with money and prefer investing as less as possible in the IT sector. This is where the security threat starts for a firm,” said Pariyar. Similarly, he also said that firms should strictly implement security guidelines they adopt to cope with cyber threats.

Meanwhile, other participants at the event urged Nepal Rastra Bank and government to bring in stricter provisions regarding cyber security and make firms mandatorily adopt them.