Photo courtesy: Eminence Ways
With the advancement in technology, the components that make up the IT world is also increasing. In the wake of the highly-connected Internet of Things (IoT) and the rise in the usage of cloud, we are facing a rise in cyber-attacks; and not many people know how to tackle these threats. Dedicated to providing solution in cyber-attacks and maintaining cyber security, Eminence Ways Pvt Ltd, IT security company in Nepal has successfully managed to make a mark in the market.
Established in 2013, the company has been providing various information security solutions. With the tagline ‘Dedicated to Information Security’, they serve to help detect, respond and mitigate vulnerability in cyber-security before it causes harmful impact. With a team of passionate and dedicated IT security professionals, the company specialises in web security, network/ server security and overall audit of information system of an organisation.
Some of the IT security problems that various companies are facing in Nepal are website defacements – attack on a website that changes the visual appearance; full server compromise – system hack, ransomware, ATM frauds; e-banking frauds, leakage of critical data et cetera. Narayan Koirala, Managing Director of Eminence Ways, says that this scenario is just the beginning and there are high chances of top end security breaches to hamper companies financially and harm their goodwill.
According to Koirala, Nepali sites have been facing frequent attacks and defacements by various hacker groups and the majority of sites that are facing this problem belong to financial organisations, government bodies and other software companies.
The most common weaknesses that Nepali software applications face are Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Server Side Request Forgery (SSRF), Structured Query Language injection (SQLi) et cetera, which are caused by corrupted data to and from the application. In the networking system the bug appears due to the un-patched OS and firmware. However, other problems might also occur due to poor configuration of devices as well as the use of default credentials in the critical system.
One of the main reasons for this worsening situation of IT security is the existing cyber law in Nepal. He says, “It is not adequate to protect organisations and companies or to help them during cyber incidents. The law lacks clear segregation as per various critical sectors.” He believes that the government should enforce strict policies to regulatory bodies that should be monitoring the cyber scenario and help companies and organisations to get more secure with time.”
According to Koirala, the company is currently providing four types of services that include Managed Security – security monitoring and vulnerability management; Security Assessment Service – vulnerability assessment and penetration testing (VAPT); Incident Response and Security Consulting – information system audit and security system architecture; and IT/IS Policy.
While tackling such cyber security problems, the company tests the client’s infrastructure against known vulnerabilities and other known zero-day vulnerabilities. By emulating real time attacks against the client’s infrastructure and server, they identify their security posture and recommend fixations in the application or architecture level (design) to enhance the security. Koirala said, “In order to reduce attack in the network we constantly update our tech infrastructure.” According to him, they help their clients to find vulnerabilities in the tech infrastructure through various security tests for applications, websites software and many more. “Not just fixing the current problems, the company also provides methods to fix shortcomings that their clients are burdened with,” Koirala added.
“We are currently providing security service to a limited sector – government organisations, banking andfinancial sectors. In the coming years we are planning to expand our services to other social bodies and upgrade our infrastructure as well.” The company also provides 24-hours service to its clients that require constant monitoring services. “Conducting instant responses to various security incidents and attacks on technical infrastructure, we strive to come up with effective solution in tackling cyber-attacks,” Koirala concluded.
Providing continuous service to financial institutions, government organisations and software companies, Eminence Ways has successfully managed to etch its name in the IT security scene in Nepal. They are on their way to becoming a one-of-a-kind IT solution company dedicated to information security.
The post Vulnerable cyber security appeared first on The Himalayan Times.