Beyond the Blackout: Deepak Daswani on Cyberattacks and how to stay safe
Deepak Daswani has seen the internet from both sides — as a cybersecurity expert and ethical hacker, he knows exactly how digital systems get broken into, and more importantly, how to keep them safe. In this conversation, he breaks down what cyberattacks really are (and aren’t), why infrastructure like power grids aren’t as untouchable as we think, and how everyday people can be smarter about online security — no tech degree required.
Hi Deepak, thank you for joining us and for being part of this 7th edition of Talent-R Tech Talks. You’ve worked on the front lines of cybersecurity, and we’re excited to hear your perspective. To start simple, what exactly is a cyberattack, and how is it different from something like a technical failure or a power outage?
“Thank you for inviting me, I can start by saying that a cyberattack is a deliberate action by an individual or group aiming to breach, disrupt, or manipulate digital systems, often for malicious purposes. Unlike technical failures or power outages, which are typically accidental or due to system malfunctions, cyberattacks are intentional and can be orchestrated remotely, making them harder to predict and prevent.”
“National power grids are increasingly integrated with digital control systems, making them susceptible to cyber threats”
How vulnerable is something like a national power grid to a cyberattack? Is that a real threat, or just something out ot a movie?
“It’s a very real threat. National power grids are increasingly integrated with digital control systems, making them susceptible to cyber threats. There have been documented cases globally where cyberattacks have targeted critical infrastructure, so the importance of robust cybersecurity measures becomes paramount.”
There was a big blackout in Spain this April, and a lot of people thought it was a cyberattack. If it had been, how different would the outcome have looked?
“If the blackout had been the result of a cyberattack, we might have seen more targeted disruptions, such as specific regions or infrastructures being affected. Additionally, there could have been accompanying data breaches or ransom demands. The response would have involved cybersecurity teams alongside traditional utility repair crews, and the restoration process might have been more prolonged and complex.”
What’s one of the biggest myths you hear when people talk about hacking or cybersecurity?
“One of the most common myths — especially among people outside the cybersecurity world — is that if some kid hacks something or shows technical skills, they immediately get hired by Google, Microsoft, or some big tech company and their life is set. It makes sense for a nice movie script, but in real life, things don’t work that way. Building a career in cybersecurity requires constant learning, responsibility, and ethics. Talent is important, but so are effort, reputation, and doing things the right way.”
When something goes wrong — like a system crashing or data going offline — how can people tell if it’s just bad tech vs something more serious like a breach?
“Identifying the difference between technical glitches and cyber breaches requires monitoring and analysis. Unusual patterns, unauthorized access attempts, or data exfiltration indicators can suggest a breach. Implementing intrusion detection systems and maintaining logs can aid in identifying and responding to such incidents promptly.”
Have you seen where an attack on infrastructure caused big issues? What happened, and what can we learn from it?
“Yes, the 2015 cyberattack on Ukraine’s power grid is a notable example. Cybercriminals gained access to control systems, leading to widespread outages. This incident highlighted the vulnerabilities in critical infrastructure and underscored the need for improved cybersecurity protocols, employee training, and system redundancies.”
From your experience, how well is Spain (or Europe in general) set up to defend against major cyber threats?
“Spain and parts of Europe have made significant progress in strengthening their cybersecurity defenses. For example, INCIBE, where I worked for two years as a Security Evangelist, plays a crucial role in raising awareness and supporting both citizens and businesses in cybersecurity matters. Additionally, organizations like CCN-CERT contribute to protecting critical national infrastructure and coordinating responses to cyber incidents at a governmental level. However, the cyber threat landscape evolves rapidly, so continuous investment in technology, talent, and collaboration between the public and private sectors is essential to stay ahead.”
How important is public awareness in cybersecurity? Should regular people care about this stuff, or is it more of a “tech people” problem?
“Public awareness is definitely crucial, and I believe that nowadays much of that work has been done. People are more conscious of cybersecurity risks thanks to constant news about incidents every week – so much so that when the blackout happened, many thought it was a cyberattack and nothing surprises us anymore. Additionally, many people experience these threats firsthand in their daily lives: identity theft on social media through phishing, fraud, scams, and many other issues. So, while cybersecurity remains important for everyone, I think society is now more aware than ever.”
Everything’s online now, from banking to public services. Is there a way to stay safe without giving up all the convenience?
“Yes, it’s definitely possible to live at areliable level of security without giving up convenience. Keeping software updated is key because it helps address technical vulnerabilities that attackers could exploit. Along with other basic measures – like using strong, unique passwords, enabling two-factor authentication, and being cautious with suspicious links or emails — these steps help you maintain a trustworthy level of security in your online activities. The goal is to balance convenience with good security habits so you can enjoy the benefits of the digital world safely.”
If someone’s not a tech expert but wants to be smarter about security, where should they even start?
“There are plenty of resources available today online — forums, professional blogs, and content from institutions like INCIBE — that bring cybersecurity closer to people who aren’t so technical. And, since I’m taking the opportunity here to mention it, I wrote a book called “La Amenaza Hacker (The Hacker Threat)“, published by Planeta in 2018. It’s aimed at non-technical readers and introduces concepts like vulnerabilities, exploits, hacktivism, zero days, and the dark web, all from a perspective informed by real experience in the field.
So, my advice is to start by exploring trustworthy educational content and gradually building up your knowledge — cybersecurity is more accessible than people think.”
