Charting the Course of Cyber Resilience in the NFT Marketplace
Arunkumar Krishna
Chief Information Security Officer,
NetObjex
I n the ever-evolving landscape of the NFT Marketplace and Web3 Wallet, cybersecurity stands as an essential pillar in safeguarding the integrity of digital assets and securing sensitive information. Among the esteemed professionals dedicated to fortifying this digital realm, Arunkumar Krishna, Chief Information Security Officer at NetObjex, stands out with his profound expertise and unwavering commitment. Arunkumar’s journey into the realm of cybersecurity began unexpectedly, sparked by a seemingly unrelated task early in his career – delving into the intricacies of a Security Information and Event Management (SIEM) tool. Initially captivated by its complexities and the profound insights it offered, Arunkumar gradually uncovered its broader implications within the realm of cybersecurity. This accidental encounter acted as a catalyst, propelling him to invest his time and efforts in this dynamic field. Armed with the knowledge and skills acquired along his journey, Arunkumar’s career soared from that of a Security Engineer to his current esteemed position as the Chief Information Security Officer. In this pivotal role, he shoulders the responsibility of spearheading NetObjex’s cybersecurity strategy and initiatives within the crypto space. Collaborating closely with cross-functional teams, Arunkumar ensures the security of the company’s products and services, shielding them from potential threats. Moreover, he is dedicated to fostering a culture of awareness and preparedness by educating and training employees on the best practices for data protection in the fast-paced and ever-changing world of h. TradeFlock interviewed Arunkumar to discuss his roles and responsibilities and his personal life.
From security engineer to Chief Information Security Officer, please brief us about your professional journey and what drove you to choose a career in cybersecurity.?
My journey in cybersecurity began as a security engineer, which exposed me to the technical depth of the field. I was actively involved in system installations, monitoring, troubleshooting, and maintenance. This role allowed me to develop skills in analysing and solving complex cybersecurity problems. As I progressed in my career, I took on more challenging positions that expanded my focus beyond technical issues. I embraced strategy, governance, and leadership, taking ownership of projects, proactively identifying threats, and ensuring robust security measures were in place.
My passion for lifelong learning has been a driving force. In the ever-evolving cybersecurity industry, where threats mutate every day, continuous learning is not a luxury but a necessity. I obtained numerous certifications, attended seminars and training sessions, and kept up with the latest trends through daily research. In fact, this played a pivotal role in my transition to being the Chief Information Security Officer, which is a significant milestone. It is a role where I have the privilege and responsibility to shape the cybersecurity direction for the organisation.
My daily routine now involves ensuring a secure information environment while aligning security initiatives with the organisation’s overall objectives.
How do you ensure user information's privacy and confidentiality while using your platforms?
To protect user information, I use various strategies, such as data encryption, stringent access controls, strong authentication measures, and transparent privacy policies. Recognising that security is an ongoing process, I conduct regular security audits and assessments to identify and mitigate potential risks.
What’s your typical routine when you are outside the office?
I value personal time and enjoy spending it with my supportive wife and child. Swimming is my favourite hobby outside of work, as it helps me relax and stay physically fit. Continuous learning is a priority for me, both in cybersecurity and in staying updated with technology trends. I actively engage in networking, industry events, and knowledge sharing within the cybersecurity community. Giving back to the community through mentoring and speaking engagements is also important to me.
What are the key security risks and threats specific to the NFT industry, and how do you address them?
The NFT industry is not without its security risks and threats, and it’s important to address them effectively. Some of the key concerns in this regard are as follows:
Unauthorised access and theft of NFTs are significant risks. To combat this, I implement stringent access controls, employ multi-factor authentication, and employ encryption measures to safeguard NFTs from unauthorised access. Additionally, regular vulnerability assessments and penetration testing are conducted to identify and rectify any potential vulnerabilities.
Smart contract vulnerabilities pose another challenge within the NFT ecosystem. Given their crucial role, it is essential to address vulnerabilities in smart contract code. I ensure rigorous code review processes, adhere to secure development practices, and engage in third-party audits to identify and resolve any vulnerabilities present in smart contracts.
Phishing and social engineering attacks are also prevalent risks that can target NFT owners and investors. To mitigate these threats, I emphasise user education and awareness. Conducting regular training sessions, implementing simulated phishing campaigns, and communicating security best practises enable users to recognise and avoid such risks.
Market manipulation and fraudulent activities can undermine the integrity of the NFT market. To combat this, I collaborate closely with regulatory bodies and industry partners to establish best practices and guidelines that promote transparency. Implementing robust monitoring and detection systems enables the identification of suspicious activities, allowing for appropriate actions to be taken.
Please tell us about the compliance challenges specific to NFT, Metaverse, Blockchain, and Web3 you came across and what strategies you implemented to overcome them.
In the rapidly evolving domains of NFT, Metaverse, Blockchain, and Web3, compliance challenges pose significant obstacles. To overcome these challenges, I employ a strategic approach. Firstly, I prioritise staying up-todate with current regulations, recognising that the compliance landscape can be uncertain. This involves continuously monitoring existing regulations while also anticipating potential future changes. Additionally, I actively collaborate with the legal and compliance teams to ensure a comprehensive understanding of compliance requirements.
Within these domains, specific areas of focus include data protection and privacy regulations such as GDPR and CCPA, as well as Anti-money laundering (AML) and Know Your Customer (KYC) standards, counter-terrorism financing (CTF), and intellectual property rights. It is essential to embed these regulatory requirements into the design and operation of our platforms, ensuring compliance at every level.