Updated on: September 17, 2024
Whatever you know about protecting your online privacy, cybercriminals probably know that too and are already finding new ways to breach your defenses and steal your sensitive data.
It’s hard for everyday people like me and you to always be on top of threats, vulnerabilities, emerging trends, and overly complex cybersecurity concepts without going nuts. Not to mention the hidden truths no one talks about…
In this new interview series by Safety Detectives, I am talking to cybersecurity experts and business leaders who share untold truths and actionable insights from their experiences that will help you be more aware and more effective in protecting your sensitive data while keeping your sanity.
My guest today is Arvind Sarin, CEO & Chairman, Copper Digital, a prominent digital transformation firm based in Texas. With over 13 years of experience in the digital landscape, Sarin has helped develop over 1,100 digital solutions and guided more than 650 enterprises through their digital transformation journeys. Under his guidance, the firm has collaborated with notable global companies such as Cisco, Coca-Cola, and Verizon.
What are the most overlooked cyber threats affecting end users in your industry? What makes threats particularly concerning?
I believe that the most overlooked cyber threats are those that exploit the vulnerabilities inherent in our interconnected world. In the industries we serve, especially manufacturing and supply chain, the threat landscape is shifting from traditional data breaches to more sophisticated attacks targeting operational technologies (OT) and IoT devices.
IoT and OT systems often run on outdated software with minimal security oversight, making them easy prey for cybercriminals. What’s particularly concerning is the lack of awareness and preparedness among end users—many still see cybersecurity as an IT issue, not realizing that a single breach can disrupt an entire supply chain, halt production, or even compromise safety.
Some notable examples of data breaches that have disrupted entire supply chains:
- Maersk, one of the world’s largest shipping companies, was the victim of ransomware that disrupted shipping and logistics, leading to an estimated loss of $300 million.
- In 2020, Honda was forced to shut down its production because of a cyberattack.
- The SolarWinds cyberattack in 2020 compromised the company’s Orion software and allowed attackers to infiltrate the networks of thousands of organizations, including U.S. government agencies.
The real danger lies in underestimating these risks, assuming that “it won’t happen to us,” when, in reality, it’s not a matter of if, but when. This complacency is a threat in itself, and it’s time we start treating cybersecurity as a business-critical priority, not just a technical one.
What are the best ways to prevent and react to these threats?
To tackle these threats effectively, we need a radical shift in approach. Prevention starts with treating cybersecurity as a fundamental aspect of every business decision, not just a checkbox. Invest in modern, integrated security solutions encompassing IT and OT environments and ensure regular, rigorous updates and patches.
But beyond prevention, we must prioritize real-time threat detection and response capabilities—waiting until after an attack is too late. Implement robust incident response plans and conduct regular drills to ensure your team is prepared for a breach. The harsh reality is that many companies are woefully unprepared, and it’s time to face this head-on rather than continue to operate under the illusion that existing measures are sufficient.
What are some things that people should STOP doing today because it’s damaging the safety of their data, and they don’t realize it?
Leaders must stop relying on legacy systems and ignoring regular updates or patches. It’s like leaving your front door wide open and expecting no one to notice.
Another critical misstep is the failure to implement proper network segmentation; too many businesses treat their OT and IT environments as a single, homogeneous network, making it easy for attackers to move laterally once they’ve breached one part.
Network segmentation is a process to split a large network into smaller, isolated segments. This way, if a cybercriminal gains access to one segment, he won’t be able to access the rest of the network, so the company will be able to contain the threat and respond to the incident more quickly.
Equally harmful is the tendency to neglect employee training on cyber hygiene; human error remains a leading cause of breaches. Ignoring these issues isn’t just naive; it’s a recipe for disaster in an environment where the threats are constantly evolving.
What are some things that people should START doing today that they’re currently not doing to protect their information?
- Begin by implementing robust multi-factor authentication (MFA) across all systems, as it adds an essential layer of security against unauthorized access.
- Organizations should also adopt a zero-trust approach, where no user or device is assumed to be secure, regardless of their location.
- Regularly updating and patching software to close vulnerabilities is crucial.
- Investing in advanced threat detection and response systems can also provide early warnings and proactive defenses against sophisticated cyber-attacks.
What common cybersecurity beliefs and practices do you passionately disagree with? Why?
One common belief I completely disagree with is the idea that small and medium-sized businesses are too insignificant to be targeted by cybercriminals. In reality, SMBs are prime targets because they often lack robust security measures, making them low-hanging fruit for attackers. A 2023 IBM report reveals that 43% of cyberattacks target small businesses, and 60% of those hit go under within six months.
Equally misguided is the belief that merely investing in the latest technology will solve all security problems. Despite the industry’s obsession with flashy new tools, human error remains the cause of 95% of breaches according to the same IBM report. Advanced tech can’t fix the basics (remember the door metaphor I used before?)
What emerging technologies, trends, and new threats do you believe will have a great impact in the next 5-10 years? How do you plan to adapt to these changes?
In the next 5-10 years, the biggest game-changers will be AI-powered attacks, deepfakes, and the rise of quantum computing. AI isn’t just enhancing our capabilities; it’s being weaponized to create hyper-realistic deepfakes that can undermine trust and spread misinformation at unprecedented scales. Quantum computing, while promising to revolutionize industries, will also render current encryption methods obsolete, exposing sensitive data to new levels of risk.
What’s more controversial is how many people are underestimating these threats, thinking of them as futuristic rather than imminent. At Copper Digital, we’re proactively investing in quantum-resistant encryption and AI-driven threat detection to stay ahead of these evolving risks. Ignoring these developments isn’t an option; it’s a ticking time bomb for those unprepared for the seismic shifts coming our way.
How can our readers follow your work?
LinkedIn:
- https://www.linkedin.com/in/arvindsarin/
- https://www.linkedin.com/company/copperdigitalinc
X: https://twitter.com/copperdigital_
Website: https://copperdigital.com/