As the use of software increases, ensuring code security becomes more important than ever.
While incorporating security into software development is a necessary process, it is often skipped by developers, one reason behind it being the lack of awareness about the dangers of potential threats. According to our guest today, security should be the foundation of any company – whether it is achieved through organization-wide tools like VPN or secure code development solutions.
To talk about the security risks companies face these days and how to navigate them, we invited Ashok Chandrasekaran, the Head of Cybersecurity at HashTag Technologies.
What has your journey been like? How did the idea of HashTag come about?
HashTag was founded in 2013 when I was formerly working for Nokia Siemens Networks (now Nokia) as an R&D engineer. During my time there I got attracted to the software development work profile and felt that a full-time job was in a way restricting my capabilities. I started HashTag initially as only a web development company and it slowly started evolving into more advanced practices. Today we handle security for a lot of enterprise companies.
Can you introduce us to what you do? What are the main challenges you help navigate?
I supervise the overall operations of the company, as well as oversee the entire security vertical. I help companies set up a strong security framework, right from code security to data security. I also assist companies to scan their existing systems and find out potential vulnerabilities and threats.
Why do you think certain companies are unaware of the risks their software is exposed to?
They will find out about the risk only when they get exploited by a security loophole. Risks are usually acknowledged only when the damage happens. Even for me, due to a simple hack made on my external hard disk back in 2012, I lost almost 5 years’ worth of personal and official data. It was an eye-opener for me to have utmost caution over security. Companies should get software security right into their DNA.
What are the most common vulnerabilities nowadays, that if overlooked, can lead to serious problems for a business?
With the amount of data inflow today, vulnerabilities have also grown exponentially. Data at rest is subject to attacks like malware, and ransomware, leading to data compromise.
Data in motion is subject to network hacks and can result in sensitive information like credit card data getting stolen. This also exposes one to financial risks. If internal documents get leaked, it could even result in the entire business getting shut down.
Do you think the recent global events altered the way people approach cybersecurity?
Yes, every day we see security attacks being reported. Even tech giants like Linkedin or Facebook report data compromise. Every company should have a security-focused approach that constantly monitors the world of cybersecurity and strengthens its security policies on a regular basis.
What would you consider the most serious security issues surrounding mobile apps today?
For me, a major threat is when people download apps from third-party sites (just to save a few bucks). Most of these “nulled” apps, as they call them, will have third-party injected code segments that compromise user security. Users should make it a practice to download apps only from the official app stores.
What are some of the best practices organizations should follow when developing software or an app?
Security is a never-ending affair. But here are a few pointers that might help:
- Code security is of utmost importance. Products like Micro Focus Fortify are available when the code is scanned regularly to make sure the code doesn't have any open vulnerabilities.
- Peer review is always useful. Junior programmers should always learn secure coding practices from senior programmers.
- Apps should be tested for run-time behavior. Open ports should be scanned. Dynamic Application Security Testing (DAST) should always be done before a major or minor release.
- Open source components should always be patched regularly to include security updates. There are numerous resources to get regular security notifications.
As the world gets more connected, what safety tools do you think everyone should have in place to keep their devices safe?
I personally use the below suite:
- Dashlane. It generates and stores all my internet passwords.
- Windows Defender. It keeps my PC safe from viruses and malware.
- Software updates. To make sure all the devices always run the latest versions.
- Password security. Always use secure passwords, and try not to reuse passwords across websites. Also, try changing passwords regularly.
What does the future hold for HashTag?
With the world becoming more and more connected, I think the role of tech companies to make the connected world more secure is a key. HashTag is very excited for the future and is all geared up to make the world a more secure place.