What is information security from the point of view of science? What technical solutions are being developed to protect your data? Are artificial intelligence new risks for information security or additional protection opportunities? This was stated in an interview with Natalia Miloslavskaya, Professor of the Department of Information Security of Banking Systems at the National Research Nuclear University MEPhI, Doctor of Technical Sciences. The interview was originally published on the Scientific Russia portal.

Natalia Georgievna Miloslavskaya. Photo: Elena Librik / Scientific Russia
― Over the past few years, reports of successful cyber attacks on various digital systems have become more frequent: information, banking, and energy facilities. Is this growth related to an increase in the number of cyber attacks themselves due to political and armed conflicts, or have technologies appeared that make it possible to penetrate systems more effectively?
― Of course, the geopolitical situation plays a very important role here. As soon as hot spots appear on the planet, massive attacks begin. This is how the concept of "hacktivism" appeared — hacking in order to draw public attention to a problem. At first, hacktivism had a purely social connotation without monetary interest: no one demanded a ransom for information that was published in support of a particular issue. Now the hacktivists have decided to monetize their activities, and unfortunately, this trend is actively growing. This is one of the new trends characteristic of our time.
The increase in the number of attacks is very significant, as noted by a wide variety of analytical and consulting companies that conduct independent research in different parts of the world. At the same time, experts record the complication of the attacks themselves. They estimate the average detection time of an attacker on the network at 45 days.
Вesides the geopolitical situation, there are other factors. According to some companies, about three quarters of all attacks are cybercrimes committed for financial gain and ransom for restoring access to data. At the same time, data is not only stolen, but also encrypted, endangering the infrastructure of companies. It usually takes two to three months from the initial penetration to the complete destruction of the IT infrastructure, and even very reputable organizations related to critical information infrastructure are at risk. There are also long-term attacks that last up to three years: a "hired Cossack" gets a job at a company, behaves like an ordinary employee, but at the same time copies and sells information to the side. But there are other numbers. In 2025, it took only 27 seconds to hack, which was carried out by the AI automaton of the PUNK SPIDER group. In general, the number of attacks using AI in 2025 increased by 89% in a year. The average breakout time (from the initial penetration into the network to the start of data theft) has been reduced to 29 minutes.
82% of attacks are now virus-free (malware-free). Hackers just log in with stolen credentials. About a fifth of the attacks are cyber espionage. The competition between countries for new technologies and knowledge has always been and remains. Therefore, I would not say that exclusively political problems prevail here. Just as crimes used to be the main background, so they remain.
― To what extent have cyber attacks and hacks become more successful?
— This is more difficult to assess. If the door to the apartment has opened, a person has entered, is standing on the mat and is not doing anything wrong, then we will not immediately call him a criminal. Similarly, they can log in to the system, look at it, perhaps collect some information, but not use it in any way yet. Moreover, information collection is not always associated with hacking. There is a branch of OSINT (Open Source Intelligence) — open source search and collection of publicly available information.
It can be noted that the targets of attacks are constantly changing. If in January 2026 these were IT companies, the public sector, industry and science, then later retail, individuals, and medicine were attacked. As you can see, financial institutions have long since left the top positions. Attackers are interested in any type of data: from traditional (office, commercial, technical) to personal, account information, mail messages, configuration data, event logs. Attackers use information obtained as a result of previous cyber attacks and publicly available to organize new attacks. This includes the search for vulnerable resources, primary access to infrastructure, theft and publication of data. And, of course, the cybercrime market is becoming more organized, with access to services and tools that can be used even by inexperienced attackers.
At the same time, there are also cyberfaces — from fake news about hacks to fictitious data leaks, which creates an atmosphere of panic and distrust.
― So information security today is not just about online security?
― Of course. We often hear the term "cybersecurity," and it no longer hurts our ears. But for people who have been working in this field for a long time, the concept of information security is much broader than just computer security. The International Organization for Standardization (ISO) issued a standard on cybersecurity in 2012. There was a diagram showing the relationship: information security included cybersecurity as a subset. And in 2023, this standard was revised and the term "information security" disappeared from it altogether, leaving only "cybersecurity". But no one has canceled the "paper" security either: there may be many interesting documents on your desk that are accessible to random people. If the documents were not destroyed properly (for example, they were not used with a shredder), they may end up in a trash can, where they will be found and used for a subsequent attack. There is also a trash can on the computer. There are a huge number of different vulnerabilities in any information system. If they are not noticed and eliminated in time, the attackers will gain an advantage.
We must not forget that people are often the weak link in the security system. Social engineering, phishing, and other manipulation methods can be used to circumvent security measures.
Today, the speed of responding to attacks is more important than ever: if your security system reacts for more than a couple of minutes, you have already lost. The human analyst can no longer keep up with the machine. The future is seen for autonomous protection.
― I have come across the opinion that intruders, people attacking on this front, are always ahead and constantly finding new penetration mechanisms. And those who oppose them remain in the position of catching up, developing protection against hacking methods that have already been used. Is it so?
― This situation is likely to persist forever. Organized crime has extraordinary minds that lead the process. Criminals are developing hacking methods and tools that we don't know about yet and only see their individual traces. Unfortunately, they have huge resources in their hands that allow them to finance new developments and hire people to create tools, unlike defenders, who are limited by budget and response time.
Attackers have the opportunity to choose the moment and method of attack. They can experiment with different approaches and find vulnerabilities, while defenders are forced to defend themselves against all possible threats.
Until now, many organizations still do not realize the extent of the threats and do not take sufficient measures to protect their systems. This may be due to a lack of employee training and a lack of a safety culture. Without constant monitoring of information security systems, it is difficult to detect attacks at an early stage.
At the same time, there are a huge number of entry points into the system, and we cannot assume in which direction they will focus their efforts. It has to be distributed around the entire perimeter, and as a result, a situation develops in which it breaks where it is thin.
― What is information security in general and cybersecurity in particular from the point of view of science? Is it math?
― Information security has a very clear definition: in short, it is the state of security of a certain information asset. From a scientific point of view, this is not pure physics or mathematics, but a complex task. Information theory, computer science, network technologies and, of course, physics are involved, because we are talking, among other things, about the electromagnetic field of radiation. You can shoot the radiation from a kilometer away from the room where the computer is working, and you can perfectly see and understand what is happening on the screen. This includes cryptography, which involves converting data into an encrypted form. This area is developing very rapidly: previously, quantum cryptography was considered an excellent method of protection, but attackers have already mastered it, so now we are talking about post-quantum cryptography.
Information security requires knowledge of a wide variety of disciplines, and not only technical ones. This also includes interaction with people, ethics, psychology, and knowledge of legislation, which is not always perfect. It should be understood that the vulnerabilities of a system are its specific properties that can be used for a variety of purposes, both peaceful and non-peaceful. And it's not just errors in the code. This also includes incorrect configuration and configuration of systems, human errors, and much more.
― In other speeches, you said that 80% of successful attacks are provoked by humans, and only 20% is a victory over the system itself.…
― That's right. The initial stage of most modern attacks is the sending of phishing emails. If a person is caught by this deception and follows the link, then he provides the information himself. The same goes for phone fraud. All this is an area of information security interest, and a specialist working in this area should have extensive encyclopedic knowledge.
― Given this versatility, is it possible to formulate a key scientific task that should be solved in the field of information security?
― If we generalize, then the essence of information security is to preserve information resources that are critically important for the state, organization or a particular person. But there is no single way to solve this problem.
Today, it is important to create threat models that allow us to understand exactly what needs to be countered. But, unfortunately, all the talk about creating proactive or, in other words, proactive protection has not yet led to any ready-made solutions ― the attackers are still ahead.
Nevertheless, we should at least try to predict the problems that may arise in the system and learn to identify anomalies. To do this, you need to know your system very well, understand how it functions normally, and evaluate any deviation from this normal operation as an attempt to infiltrate. Creating more efficient algorithms to detect unusual behavior in systems in order to identify potential threats before they cause damage is still considered an urgent task. Automatic adaptation to new threats and cyber attacks in real time, ensuring the security of Internet of Things devices, which often have limited resources and may be vulnerable to attacks, a deeper understanding of social engineering methods and the development of effective countermeasures, finding a balance between a high level of security and user convenience are just some of the tasks that require mandatory solutions.
― Artificial intelligence systems have been actively developing in recent years. How do information security experts evaluate them?: are these new risks or, conversely, opportunities to protect systems?
― It is necessary to consider not just AI, but AI implemented in the relevant systems. Russia has created a GOST for regulating the operation of such systems in the critical information infrastructure of the Russian Federation, which also addresses possible vulnerabilities. Risks include, for example, the possibility of retraining the model, substitution of data on the basis of which the model learns, inversion of the model for its thorough study. There is also the possibility of circumventing system security measures and vulnerabilities in the hardware on which these systems run. There is a lot of talk today about the hallucinations of AI systems. I will cite the opinion of experts: they note that in the first half of 2025, attacks using AI increased by more than 50% compared to 2024.
At the same time, AI is a dual—use tool that can help those who protect systems. Having learned from huge amounts of information, AI is able to understand what an event can lead to, predict risks and respond faster to incidents. It can manage access, combat fraud, detect phishing, and test programs. It is even possible to create cyber polygons for training information security specialists: such training systems will allow employees of security departments to quickly develop skills to repel attacks that are relevant at the moment.
Another direction is the training of a system capable of correlating different events related to penetration. We have already said that attacks are becoming more difficult today: if earlier hacking was carried out in a single chain of events, now the attacker goes through many stages to achieve his goal. At the same time, individual events may look like completely harmless, but eventually lead to penetration. A trained AI is able to evaluate disparate events as a whole and identify an attack. So AI systems can do both harm and good, the only question is how to use them.
― Are there any trends in cybersecurity other than AI, and how competitive are domestic technologies?
― Yes, new tools are being regularly developed, and Russian products are being actively created as part of import substitution. I try to participate in all network security conferences and see how the booths are expanding and the number of new solutions is growing. Some products have one strong side, others have another, but the products turn out to be very decent. And most importantly, we can trust them. There are no hidden bookmarks in them, unlike the foreign technology that we have in our pockets and on our tables.
One of the trending trends in cybersecurity technologies is new generation firewalls. We call them "multifunctional network-level firewalls". A firewall is a large filter that processes incoming and outgoing traffic and evaluates what is allowed and what is prohibited. However, it all depends on how the administrator sets up this filter. Previously, only addresses were analyzed, but now there are tools for in—depth study of the data field - the part where the document itself or its fragment of interest to the attacker is contained. And modern solutions do not just consider information packages, but evaluate them in context, that is, they take into account what is happening in the environment at the moment. At one point in time, an incoming packet may be quite harmless, but if something else is unfolding around, for example, the administrator's computer is disabled, the situation looks alarming - and this traffic will no longer be missed. This is exactly what next-generation firewalls are aimed at, which should work in conjunction with protecting endpoints on the network.
Another major area that is still imperfect is the creation of a centralized security umbrella over the network. This is a difficult task, and its solution lies more in the plane of a hardware solution than a software one, because hardware is always more reliable ― unlike a program, it is more difficult to replace it. But creating such a system will require changing hardware platforms. So far, only some protective measures have been combined in this direction. For example, there are systems that can collect information from different sources and, realizing that individual events are the development of the same attack, give a signal to launch security measures. It is not possible to automate this work completely yet, we are at the beginning of the journey, but development continues. The term "orchestration" has even appeared ― the automated management of various processes related to information security.
It can be added that now ensuring security is not about how the user logs into the network and individual resources, but about how the system continues to monitor him throughout the work.
In general, the development of information security tools is an interesting process. I have been keeping a chronology for a long time, which reflects the evolution of such methods since the 1970s, when the first biometric identification tools, antiviruses, and passwords appeared. The turns of this evolution are clearly visible, and it is clear that the next turn will lead us to something completely new. But for what, we don't know yet. For example, customers are now again relying more on a separate server for remote connection and a separate proxy server, rather than built into the firewall.
― You stood at the origins of the national school of network security. How did it develop? After all, this is a relatively young field, and textbooks appeared not so long ago…
― I joined this school not from the very beginning, but a little later. My primary education is applied mathematics, and therefore I have a good understanding of how operating systems and programs work. I was studying cybernetics, which was then called bourgeois pseudoscience. But I have been working in the field of information security for more than 30 years. All the people who started developing the field of information security in the USSR are self―taught. No one told us anything, there were no textbooks, information was collected bit by bit from various sources. Interestingly, there are a lot of military―related terms in the field of information security: "demilitarized zone", "layered protection", "kill chain" - a chain of events according to which an attack develops. This is due to the fact that there are many people from law enforcement agencies in the profession, they retired at a fairly young age, and they wanted to put their knowledge somewhere. Many have taken up information security in civilian life.
In 1995, the world's only faculty of Information Security was established at MEPhI. I know this for sure, because for 12 years I was the deputy chairman of the information Security training working group of the International Federation for Information Processing (IFIP). This was taught in many countries, but in separate departments and within the framework of separate disciplines. We have opened a full-fledged faculty consisting of five departments. In 1997, MEPhI was recognized as the leading educational and scientific center for information security in the higher school system of the Russian Federation among 29 universities in Russia, where various aspects of information security were taught. In 1998 The Department of Information Security of banking systems was formed, where I still work. We have developed our own master's degree program called "Ensuring Cybersecurity and cyber resilience of facilities", which logically replaced the older program "Ensuring Information Security and Business Continuity", which we currently teach masters in.
― What does the situation with information security education look like today?
― Unfortunately, the teaching staff is getting older, and there are always not enough young people. This is a common problem, not only in our direction. Mostly there are enthusiasts of their business who are ready to share knowledge at any time, spend a weekend on it ... Most of them believe that a career is more important: it's one thing to study and earn money in some bank, and it's quite another to share this knowledge.
I believe that the task of higher education is to create a solid skeleton of fundamental knowledge, which can be used to build up anything you want, depending on which specialization is in demand today. Our task today is to provide the student with a platform on the basis of which he can continue to develop independently. At the same time, we cannot stop in the field of information security and network technologies: we cannot tell you what will happen in a month, and I will have to study new approaches. Self-development is an element that any information security specialist should rely on, no one will be able to tell you everything that they will have to face in the very near future.
― Given this constant variability, the steady growth of technology and new approaches to system penetration, can a person today in any way minimize the risks of information leakage and, ideally, ensure complete network security?
― It will not be possible to ensure complete security. An ideal system hardly exists. Another thing is that everyone has acceptable and unacceptable risks: for someone, the loss of 5 thousand rubles will be critical, and someone will not notice the loss of 15 thousand rubles. And these risks can be managed to some extent.
And first of all, elementary vigilance is important here. In no case should you immediately respond to incoming demands, requests and calls, you need to think about the situation and understand what is happening. Unfortunately, the older generation is characterized by excessive gullibility, as it was brought up in the Soviet years. Any action, even a message on the social network "Hooray, I'm going on vacation tomorrow" can encourage intruders to take action. As I have already said, most of the successful attacks in the information field are provoked by the human factor.
Natalia Georgievna Miloslavskaya is a professor at the Department of Information Security of Banking Systems at the Institute of Intelligent Cybernetic Systems at the National Research Nuclear University MEPhI, Doctor of Technical Sciences. Doctor of Philosophy (PhD) from the University of Plymouth (UK). She graduated from the Department of Cybernetics at MEPhI with a red diploma in 1985. She defended her doctoral thesis on "Building network security management centers in information and telecommunication networks" in 2021.
The interview was conducted with the support of the Ministry of Science and Higher Education of the Russian Federation.
Author ― Alexander Burmistrov





