As cybercrimes continue to plague the nation, Eminence Ways provides customers with dependable IT security.
Recent heists on Nepali banking systems, cases of ransomware, compromised email systems, and several other reported cybercrime incidents have brought into question the security systems of banks, healthcare, government, and corporate institutions in the country. Each organisation today is moving ahead with technology as its core enabler and, to complement that, its security must be a priority.
There is a trend of conducting IT audit and penetration testing. However, it should not be limited to satisfying regulators or to meet compliance. And advocating the same since 2013, Eminence Ways is a dedicated cybersecurity company that has been continuously providing national as well as international organisations with dependable IT security solutions to secure their IT infrastructure.
One of the major services of Eminence Ways includes IT security assessment or vulnerability assessment and penetration testing (VA/PT) solutions. The company’s Managing Director Narayan Koirala says it is one of the most important phases of IT risk assessment. It includes web application penetration testing, network/systems penetration testing, and mobile application penetration testing for a full system assessment. Koirala, one of the pioneers in the field of cybersecurity in Nepal, believes that if flaws are recognised earlier, any company can combat cybercrimes and protect their systems.
Another core service of the company is Information Systems (IS) Audit, which examines the information access and management controls within an IT infrastructure. Koirala says the company analyses internal controls along with improving internal processes and performances of any organisation through the implementation of IT policies and procedures. At the end of the process, they report the various gaps identified in comparison to various IS Audit standards for organisations to work on for a better, secure system.
Besides these two core areas, they also work on digital forensics, which deals with the investigation of cyber and computer crimes. And they even provide cyber hygiene training to organisations, whereby they inform users about safe and secured online activities.
Eminence Ways’ clientele includes banks, financial institutions, government organisations, software companies, corporate houses, and media houses from around the globe, with a majority of its customers situated in Nepal. Eminence Ways has served over 70 organisations in Nepal and more than 40 organisations abroad so far.
“Earlier, most organisations used to undergo Information Systems (IS) Audit/ VAPT majorly for compliance purpose, but today, clients have become self-aware about the probable vulnerabilities and threats. Organisations understand that IS Audit and VAPT are more for them rather than regulators or certifications,” says Koirala.
Eminence Ways highly values confidentiality when it comes to their clients. It signs contracts along with NDAs at multiple levels, ensuring trust and comfort while working with their clients at every step.
Eminence Ways provides its clients with detailed reports regarding the flaws or vulnerabilities in IT systems that are under test scope, steps of reproduction, severity, probability of occurrence, etc. “We are like doctors to them. We only conduct tests, find out problems and then suggest the cure. However, we do suggest them the best approach that should be taken to fix each detected vulnerability in their IT System,” he says, adding, “Customers further resolve vulnerabilities by studying our recommendations and conducting discussions with vendors of software application or network systems. We follow-up with our clients regularly to find out if they have solved the flaws or not. And also inform them of any new kind of threat in cyberspace.”
Besides this, Eminence Ways has also started working with educational institutions taking into consideration that most teens and youth are unaware and even ignorant of the possible perils of cybercrimes.
He shared an incident of a school in Godawari where they presented an awareness campaign on cybersecurity. The team discovered that a girl was blackmailed and became a victim of sexual abuse. She was depressed and was on the verge of committing suicide. Upon learning of this, the team tracked the culprit with the help of Nepal Police and helped the girl.
“Being aware of cybercrimes and cybersecurity is not only important for big organisations, but also individuals. So, the youth needs to know how to use their social site securely. Hence, we are now working to aware students in private as well as government schools,” says Koirala.
Scenarios, Then and Now
A few years ago, Nepali people and organisations had to seek help from international companies for cybersecurity. However, today, the trust level towards a home-based cybersecurity company has increased. People have started trusting Nepali companies, shares Koirala.
When the company first started, people were not aware of cybersecurity. “Though there was no market then, in the back of our minds, we were prepared for the future prospect on high demand for cybersecurity services. We were prepared that it would take a lot of time, and we need to have a lot of patience without losing our core goal to provide high-end cybersecurity solutions,” explains Koirala. People today have become more aware in comparison to before – Eminence Ways are routinely approached by new clients on their own volition.
What began with a team of two, has grown into a team comprising over 30 experts in the field of network, web, mobile application security, malware analysis and digital forensics. The initial days experienced the lack of skilled manpower; however, their continuous efforts to motivate students on the career path of cybersecurity along with practical and real-world interactions and workshops have increased youth involvement in the defensive side of the cyberspace.
Koirala says that today no one is untouched by technology, and so IT security is crucial in every private as well as government organisations. “So, our clients can be anyone, including organisations from Defense, BFI, Healthcare, IT, Education, Media, Government. We have a large base of recursive clients with high referral rates, even clients from abroad approach us to get their system tested,” he says.
Koirala considers that the government should introduce a separate policy forstartups. “We still do not have a banking policy for business. We have to mortgage land or some property to issue a loan. There is still no culture of funding into a business”, he notes. Nevertheless, he adds that private equity firm such as Anterprerana, One to Watch, etc. do support startups.
He further says that not every startup entrepreneur is from a business background.
There are various things, such as legal terms, finance, etc. that they do not know.
So the government should provide training such as generic policy training.
Similarly, he also says that Nepal’s government has not been able to give exposure to Nepali IT industry.