Data is igniting a global, technological revolution. Increased collection, use, storage, and transfer of data has shifted the paradigm of innovation – and created a global security problem. Fortune
500 companies with large quantities of data, cities with vulnerable infrastructure, and every institution in-between must manage that risk, without encumbering progress or technological advancement. To do so, they turn to Aravind Swaminathan. Aravind is ranked by Chambers USA
in the categories of both Privacy and Data Security: Litigation (Band 2) and Privacy and Data Security: Incident Responses, as well as Chambers Global,
which described him as "formidable in assisting clients with both the noncontentious and litigious elements of cyber-attacks and security breaches, including resulting class actions." Clients endorse Aravind, telling Chambers
, that he is "very substantively knowledgeable" and has "knowledge gained from prosecuting hackers, meaning he fundamentally understands what they do."
As a strategic cybersecurity advisor, Aravind partners with clients to proactively plan for a crisis and develop strategies to improve resiliency, respond efficiently and effectively, protect their business and brand, and defend them in the onslaught of litigation and enforcement actions that follow. He guides organizations from large public company financial institutions to start-up technology companies to critical infrastructure providers through incidents, and develops business and brand-centric strategies to mitigate and manage risk. He has directed more than 200 cybersecurity incident and data breach investigations, including enterprise-wide network intrusions to cyberattacks with national security implications.
With extensive trial, litigation and appellate experience, he defends his clients in cyber, privacy, and payments-related class actions and other civil litigation (particularly Computer Fraud and Abuse Act matters), and when these issues lead to regulatory investigations by the Securities and Exchange Commission (SEC), the Department of Justice (DOJ), the Federal Trade Commission (FTC), and State Attorneys General.
Aravind’s background as an assistant United States attorney and Computer Hacking and Intellectual Property Section attorney gives him first-hand understanding of federal agencies that allows him to swiftly navigate the system, partner with investigators and find creative solutions for his clients. As a federal cybercrime prosecutor, Aravind investigated and prosecuted a broad array of cybercrime cases, including hacking, phishing, trade secrets theft, click fraud, cyber threats, and identity theft. Aravind also led the cybercrime outreach program, where he worked with members of the Department of Justice, state and federal regulators, law enforcement and other organizations on cybersecurity and related privacy issues. During his time as federal prosecutor in the Complex Crimes Unit, he also investigated and prosecuted a wide array of white-collar crimes, including investment schemes, corporate fraud and embezzlement, securities fraud, tax evasion and the nation’s largest bank failure.
On February 3, 2015, the U.S. Securities and Exchange Commission released a Risk Alert addressing cybersecurity issues at brokerage and advisory firms, along with suggestions to investors on ways they can protect themselves and their online accounts. FINRA issued a similar, more extensive “Report on Cybersecurity Practices” on the same day.
The National Exam Program Risk Alert, “Cybersecurity Examination Sweep Summary” summarizes cybersecurity practices and policies of 57 registered broker-dealers, and 49 registered investment advisers based on examinations conducted by the SEC’s Office of Compliance Inspections and Examinations (“OCIE”). These findings should be reviewed by CISOs and CIOs who have responsibility for cybersecurity protection because they highlight best practices and areas ripe for improvement. It is reasonable to assume that both the SEC and FINRA will expect firms to review the findings and tailor their own internal assessments and practices to improve their cybersecurity posture, accordingly. They also underscore that the simplest cyber-related scams (phishing, fraudulent e-mail scams, etc.) are still remarkably successful.