Published on: September 21, 2024
It’s hard for everyday people like me and you to remain on top of new cybersecurity threats and complex concepts while trying to protect our data and digital rights without giving up the convenience of our favorite apps and technologies.
In this interview series by Safety Detectives, I speak with cybersecurity experts who share actionable tips, insider knowledge, and predictions for the future, helping you understand what’s really happening with your data and how you can protect your digital life more effectively—without losing your sanity.
Eugen Tudorache co-founded UPDIVISION with Andrei Iordache after working for several years as a software engineer. As the company’s CTO, he leads the engineering and architectural efforts. Under his technical leadership, UPDIVISION has grown to over 50 engineers and is serving clients across 12 countries and 10 industries.
We discussed one of the fastest growing threats in the software industry, Andrei’s tips for better protecting your data starting from now, and the double-faced role of AI in the future of security.
Is there a particular cyber threat or vulnerability that you think is underestimated by your industry? What makes it particularly dangerous and why is it overlooked?
One of the biggest threats people tend to overlook is supply chain attacks. This type of attack happens when malicious code sneaks into commonly used libraries or dependencies in the open-source ecosystem. Developers might unknowingly pull these compromised packages into their projects, and boom — the damage is done before anyone knows what hit them.
📊 Some alarming statistics highlight the prevalence and impact of supply chain attacks. Sources:
https://www.datatheorem.com/resources/reports/securing-the-software-supply-chain-by-enterprise-strategy-group-esg
https://www.statista.com/statistics/1367208/us-annual-number-of-entities-impacted-supply-chain-attacks/
https://www.s-rminform.com/hubfs/Cyber%20Security%20Insights%20Report%202022.pdf
Well, there are just so many dependencies in modern apps, it’s easy for developers to assume that popular libraries are safe. They tend to trust the community and the reputation of the package without doing a deep dive. Double checking won’t hurt anyone.
Other common issues include things like:
- MySQL Injection — where you can have access to the database using an unsecure input.
- Cross-Site Scripting (XSS) — loads a script which will be executed on the user page.
- Man-in-the-Middle — where someone intercepts your communication if you’re not using proper encryption.
- Weak server security practices — like leaving sensitive files out in the open or not using secure server settings.
Might sound like technical jargon, but these come down to basic security hygiene. When you skip them, you’re leaving the door wide open for attackers.
How do you help address these potential risks, and what proactive steps should consumers and organizations take to stay ahead of these threats?
We always push for vigilance and being proactive. For our clients, we stress the importance of keeping everything up to date — not just their own code but also all the third-party libraries they use.
We also recommend getting external security audits and doing some heavy testing on the codebase. Think of it like getting a second opinion from a specialist; another set of eyes might catch something you missed. And of course, working with reliable hosts and only using trusted sources for your code is key.
Staying in the loop with the latest news and trends in cybersecurity is crucial too. It’s a never-ending game, and you’ve got to stay ahead of it.
What are other crucial things people should STOP or START doing today to improve the safety of their data?
There are a few big things people should keep in mind:
- STOP sharing passwords or sensitive information via email or chat. Instead, use password managers to store and share passwords securely.
- STOP clicking on suspicious links or attachments, which can lead to phishing or malware attacks.
- START backing up your data regularly, or automate your backup process to ensure data is always recoverable.
- START encrypting sensitive data, so it remains secure even if it is accessed by unauthorized parties.
For businesses, regular security audits by an external team are a must. Also, adding extra security measures like SSH key knocking and blocking unused server ports is just good practice.
Where do you see the biggest challenges in the next few years, and how can companies and people in your industry prepare for them? What are you doing in this regard?
One of the big challenges on the horizon is the rise of AI tools that can find vulnerabilities. These tools can be a double-edged sword — they can help us find weak spots, but they can also be used by attackers to do the same.
As AI keeps evolving, so do the ways it can be used (or abused) in cybersecurity. This means constantly learning, adapting, and keeping up with all new developments. We’re always looking for ways to enhance our security measures and make sure we’re not caught off guard.
If there was one key takeaway you wish our readers could bring home from our conversation, what would it be?
Cybersecurity isn’t just about fancy tech — it’s about staying aware, being vigilant, and always adapting to new challenges. Make security a priority from day one, and work with people who know what they’re doing. That way, you’ll be building products that are not just innovative but also secure.
How can our readers connect with you?
Email: eugen@updivision.com
Website: https://updivision.com/
LinkedIn: https://www.linkedin.com/in/eugentudorache/