Kathmandu: Globally, with a 42 percent increase in cyber attacks this year, Nepalese financial sector could not remain untouched. The incident of unauthorized access to virtual data or intellectual property through the internet is understood as a cyber attack.
Incidents of unauthorized persons stealing, destroying, deleting or completely taking possession of confidential information have been happening time and time again in BFIs and Insurance Industry.
Especially, most of the people working in the insurance industry do not have even the most basic knowledge about cyber security and extreme exposure to risk. According to the companies that have been providing services in the field of cyber security, most of the personnel of both life and non-life insurance companies are easily victims of cyber attacks due to lack of general information about spam mail and phishing.
For such reason, in the last financial year, spam mail and phishing activities were going on throughout the year in most of the insurance companies. By sending an email to the email address of the insurance company, the hacker tricked the employees and unauthorized gained access to the data in the information technology through the code sent through the email.
Last month Mahalakshmi Life Insurance’s central server was targeted by ransomware. Although the problem was solved after great efforts of information technology experts, the situation of security challenges is almost the same in all insurance companies.
In the Information Technology Guidance of Insurance Companies 2076, there is a provision that every year the insurance company should conduct an independent examination of information technology (information technology audit). But the insurance companies have been doing IT Audits in a hurry only at the last minute, keeping this matter as a low priority. Even though the deficiencies pointed out in the previous audit were repeated in the new audit report too, the regulatory authority, Insurance Board has not shown interest in holding the insurance company’s leadership accountable for it.
The equipment and firewalls used in the information technology system of some insurers are out of date. Most insurers do not use licensed version of operating software in any branch or sub-branch except their central office.
IT audit reports have also mentioned the issue of not taking sufficient security precautions while maintaining or selling or destroying old equipment related to information technology. When selling old CPUs, hard disks were sold along with them.