Natalia Miloslavskaya: Cyberattacks Are Becoming More Sophisticated
As digital networks grow increasingly complex and the global economy becomes ever more dependent on IT, cyberattacks are evolving in scale, sophistication, and impact. Information security is transforming into a core industry essential for governments, enterprises, and citizens alike. In this in-depth interview, Natalia Miloslavskaya, Professor at the Department of Information Security of Banking Systems at the National Research Nuclear University MEPhI, discusses the latest trends shaping cybersecurity in Russia and beyond.
AI vs. Human
- First and foremost, the growing use of artificial intelligence in cybersecurity solutions stands out. AI now serves as an analytical engine that processes data from network environments to identify security incidents. However, incidents vary from one organization to another, making it difficult to create a one-size-fits-all model. Each AI system must be trained on specific data unique to the organization it protects. Like any new technology, AI comes with both advantages and significant risks.
- There are around 14 known types of attacks targeting AI systems. For example, during the training phase, an attacker could manipulate the model so it fails to recognize malicious activity. If a threat actor gains access to training data, they can teach the system to classify their own behavior as normal.
- Exactly. About 80% of cybersecurity issues originate from insiders, while only 20% come from external hackers who manage to bypass security perimeters.
Data Lakes and Predictive Defense
- Yes, though this issue isn’t new. We first had big data, then fast data, and now — data lakes. These are not just raw inputs from external environments but also processed and intermediate data needed by other systems. The challenge lies in managing what to store, what to delete, and how to detect early-stage attack indicators hidden within enormous datasets. This is where large-scale analytics becomes essential.
- Absolutely. Reacting after an attack is already outdated. We must aim to stay ahead of the attacker — what we in Russia call ‘preventive security,’ and globally it’s known as ‘proactive defense.’ This shift requires powerful analytics and forward-looking tools.
Beyond Firewalls
- Not at all. The concept dates back to the 1990s. The first user-friendly version, Firewall-1, was developed by the Israeli company Check Point, which still holds a strong position in the Russian market. In 1997, Palo Alto Networks introduced the first next-generation firewall (NGFW). At MEPhI, we train students on this very technology. Even amid global tensions, Palo Alto continues to provide access to its virtual labs. Meanwhile, domestic companies like UserGate and Ideco have built their own NGFW products. UserGate, in particular, has developed a whole ecosystem of cybersecurity tools. Our department even runs a joint lab with them.
- Ideally, yes. Students should have a choice and learn to compare products. Our goal as educators is to present the full range of technologies so students can understand how each system functions. Familiarity with multiple platforms is critical for developing a true cybersecurity mindset.
The Evolution of Cyberattacks
- They’ve become far more sophisticated. Attacks once focused on simple password theft; now they exploit complex protocols and misconfigurations. Human error remains a major vulnerability — poor configuration creates opportunities for attackers. Most systems today are open, and every external-facing application or port can be exploited. The more complex the network, the more room there is for mistakes.
- Indeed. Fileless attacks leave no traces on disk and operate directly in memory, making them hard to detect. Attackers also use diversion tactics to mislead defenders. Frameworks like MITRE ATT&CK help organizations map attack stages and understand how adversaries operate. Social engineering remains another key vector — the human factor is still the weakest link.
Interview by Konstantin Frumkin, MEPhI Press Service.
