‘Developers are also at risk’: how cybersecurity become the leading IT trend
IT specialists speak about the threats that have loomed over us in recent years
Most experts in the Russian IT sector highlight several areas in which the market is actively developing and receiving focused attention. One of these directions is AI technologies. Universities are shifting future specialists to training with conscious use of artificial intelligence, and Russian companies are increasingly turning to AI in development. Real cybersecurity remains a pressing issue. On the sidelines of the international forum Kazan Digital Week — 2025, IT market specialists told Realnoe Vremya about who needs cybersecurity solutions and how hackers can affect the lives of ordinary citizens.
Cybersecurity is becoming a national-scale problem
At present, cyberattacks are moving beyond a narrowly specialised agenda and are becoming a subject of discussion across the country, which specialists cannot fail to notice. Incidents involving hackers, previously known only within professional circles, now directly affect citizens’ lives. Aidar Guzairov, CEO of Innostage, notes that the country is experiencing a moment when the consequences of cyberattacks are becoming obvious to everyone.
Specialists should truly be ashamed of such cases, Guzairov believes. Investigations increasingly show that attackers manage to penetrate deeply into the infrastructure of large companies long before a breach is detected. Hackers can remain undetected for an entire year, while retaining the ability to launch an attack at any moment and completely disable the organisation. The situation is further exacerbated by the fact that such incidents occur even in companies that spend large sums and engage industry leaders.
Companies need to measure their own security levels
Over the past year, the situation with the implementation of artificial intelligence in Russian companies has changed significantly. While previously the use of AI in software development, including code review and new code creation, was sporadic, today it has become widespread. However, the broad application of such technologies has created a whole new set of risks. Foremost among these are information security threats and the risk of data leaks. According to Anton Ivanov, Technical Director of Kaspersky Lab, the problem is also that many companies, including Russian ones, use foreign cloud services.
According to Guzairov, a trend is now emerging in the country among companies to realistically assess the security of their information systems:
“Currently, there is a clear trend that companies truly need to measure their own security. Not just carry out routine regulatory work, but invite professionals, ‘white’ hackers, who, by interacting with the infrastructure, replicate what the ‘black’ hackers do… These [cyber tests] are somewhat like a vaccination.”
Developers are also at risk
Cybercriminals are expanding the range of their attacks, putting not only end users but also developers themselves at risk. Alexey Smirnov, CEO and founder of CodeScoring, highlights several key scenarios in which programmers can inadvertently cause serious data leaks.
The security problem is exacerbated by the fact that modern developers, while skilled in programming and writing quality code, often lack sufficient knowledge in information protection. As a result, unintentionally created vulnerabilities become loopholes for hackers.
“In childhood, everyone was taught to program and, at best, taught to write at least somewhat quality code, but writing secure code was taught in very few places. People inadvertently or out of ignorance introduce vulnerabilities into the code,” the expert explained.
In the field of information security, there is no universal solution capable of providing complete protection against all possible threats, Alexey Smirnov believes. Despite the constant pursuit of some ideal tool, a kind of “magic pill,” developers must use a comprehensive approach.
Secure development is based on three key components. The first is static analysis, which checks the source code in its textual form. This method allows hundreds of potential vulnerabilities to be identified at the stage of writing the program code. The second component is compositional analysis, which focuses on the use of third-party components, especially in the context of open source. When integrating a single library, a developer may not notice that dozens of others are automatically connected to the project, potentially containing serious vulnerabilities. The third important component is dynamic analysis, aimed at testing the already compiled application.
“Secure development tools cannot exist in isolation from reality. They need to be integrated into the development environment. All programmers are used to this: you write the code, push it to the repository, the process runs, and the application either crashes or continues. When we talk about adding some security control to these steps, there must be a close connection with the code editor,” explained Alexey Smirnov.
What should ordinary Internet users do?
In today’s digital world, individual users need reliable protection for their online lives, experts say. Basic security measures, such as antivirus protection for mobile devices, are no longer sufficient to ensure full protection. Anton Ivanov reminds that data leaks occur daily from various online platforms where users are registered. At the same time, many people do not even suspect that their account details—logins, passwords, and email addresses—can fall into the hands of attackers.
“Users have a large number of passwords and various secrets stored on their phones. They need a secure place to keep them. Unfortunately, most users store them in notebooks or notes. There is a need for a digital protection ecosystem for ordinary individual users. Today, users also need a course in digital hygiene,” the Technical Director of Kaspersky Lab notes.
National security is strengthened by domestic IT developments
At present, Russia is experiencing a period of significant change in the field of information security. On one hand, the geopolitical situation and international conflicts have led to a substantial decline in trust in foreign solutions. On the other hand, the country is at a stage of active development of its own technological solutions. Aidar Guzairov explains that previously reliable foreign security systems can now pose a potential threat. The main problem lies in the lack of transparency regarding who controls these systems and how they may be used.
“From this perspective, we have something we do not trust because we do not know whose hands it is in. On the other hand, we are in the phase of developing our own product line. A significant technological leap has already been made. The fact that such a technological internal revolution will take place, with a transition to national products, will enhance national security… Our regulators began ‘tightening the screws’ long before 2022. In this sense, we are fortunate because, unlike the IT segment, the infrastructure segment already had strong domestic software solutions, well-known and widely used, many of which are represented in Kazan,” he stated.