Перевод
Язык оригинала
16.06.2025
Cybersecurity in the era of the big Data economy
Rapid technological development and advent made available a breakthrough since nuclear weapons invention. Humanity entered in digital era after post-nuclear age. Digitalization is ubiquitous phenomenon. Homodigitus i.e. human being that is 24/7 attached to his/her smartphone or gadget such as smartwatch or else. He/ she keeps all his/her data in this small technology as giant corporations, govern mental institutes, etc. Banks, big companies and citizens became a desirable target for malicious actors. A critical data to include bank account login and passwords, social ID, biometrics and other private information is their ultimate goal to reach. Now these issues became a problem of a national security. The damage that can be done in cyberspace by state actors and non-state actors in some cases may have a devastating effect. Cybersecurity have become a very important in this regard. In the research conducted by European Repository of Cyber Incidents in 2024 amongst EU and Non-EU members as shown below significant position holds Ransomware. Ransomware attacks continued to be a significant threat in 2024, with the LockBit group leading in the number of incidents. Despite international efforts to dismantle their infrastructure early in the year, LockBit was responsible for 10% of the tracked cyber activities. Next what’s been highlighted is Sector-Specific Threats. The health sector within the EU's critical infrastructure was the most frequently targeted. Organizations in this sector, which handle sensitive data and have low disruption tolerance, faced numerous ransomware attacks and data theft extortion attempts. Unfortunately, the report underscores the persistent and evolv ing nature of cyber threats within the European Union, emphasizing the need for continuous vigilance and adaptive cybersecurity strategies. The nature of cyber crimes is fairly uncommon for most people’s perception. The general problem is that it’s not obvious if a crime took place. In some cases, it takes a while to detect an attack or malware breach into the system. One of the infamous cyberrobbery was conducted by the group of hackers called “Carbanak” between 2013-2018. The esti mated damage could be “up to one billion American dollars was stolen in about two years fr om financial institutions worldwide”, the report of KasperskyLab states.
Fraudsters stole money in following way:
1. When the time came to cash in on their activities, the fraudsters used online banking or international e-payment systems to transfer money from the banks’ accounts to their own. In the second case the stolen money was deposited with banks in China or America. The experts do not rule out the possibility that other banks in other countries were used as receivers.
2. In other cases, cybercriminals penetrated right into the very heart of the accounting systems, inflating account balances before pocketing the extra funds via a fraudulent transaction. For example: if an account has 1,000 dollars, the criminals change its value so it has 10,000 dollars and then transfer 9,000 to themselves. The account holder doesn’t suspect a prob lem because the original 1,000 dollars are still there.
3. In addition, the cyberthieves seized control of banks’ ATMs and ordered them to dispense cash at a pre-determined time. When the payment was due, one of the gang’s henchmen was waiting beside the machine to col lect the ‘voluntary’ payment.
How did a theft stay hidden? First, attackers used social engineering and mal ware2 to gain access to bank networks. Second, they manipulated internal banking systems, altering balances and making fraudulent transfers. Third, the criminals covered their tracks by mimicking legitimate transactions. Another serious incident happened in 2017. This time criminals targeted Equi fax. One of the largest credit reporting agencies, suffered a data breach exposing 147 million people's personal and financial data. “Founded in the 19th century as a retail credit company, Equifax had over the years morphed into one of the largest repositories of Americans' most sensitive financial data, which the company sliced and diced and sold to banks and hedge funds. In short, the viability of Equifax and the security of its data were one and the same”. According to Blumberg Busi ness investigation the breach occurred due to an unpatched software vulnerability in a web application. Attackers had access to the system for 76 days before being detected. Space of cyber operations is huge. According to Solar, in the previous year there were monitoring Solar JSOC detected more than 31 thousand cyberattacks in Russian Federation. The attacks were mostly directed on the critical government sector. The damage suffered by Russians from telephone fraud in 2024 amounted to at least 295 billion rubles, said Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank (MOEX: SBER). He announced these data at a meeting of the Council for the Development of the digital economy and the Council for the development of the financial market at the Federation Council. The document prepared by the Information Security Department of the Bank of Russia contains a detailed analysis of cyberattacks on the financial sector in 2024. The main topics include new attack methods, threat vectors, post-incident analysis, international cooperation, and recommendations for 2025 [7]. Here is tablet that shows types of cyberattacks. If we look at the following statistics, the amount of money which is stolen annual looks appalling. Statistics has been taken from statista.com Now there is a question whether there are any solutions to this issue? The is positive. We can look, for example how the USA addresses this problem. The U.S. National Cybersecurity Strategy outlines the federal government’s approach to securing cyberspace, protecting national interests, and countering cyber threats.
The most recent version, released in March 2023 under the Biden administration, emphasizes a shift toward a more aggressive and collaborative cybersecurity pos ture. After analyzing this official document, it becomes apparent that there are 5 key elements of U.S. strategy which are as follows: first is to defend critical infra structure by strengthening public-private partnerships to enhance cybersecurity resilience; establish minimum security standards for critical sectors (energy, trans portation, healthcare, etc.); expand the role of the Cybersecurity and Infrastructure Security Agency (CISA) in coordinating national efforts. Second is to disrupt and dismantle threat actors – use offensive cyber operations to target cybercriminals and nation-state adversaries; enhance cooperation between law enforcement, intelligence agencies, and international allies; increase the use of sanctions and legal actions against cybercriminal groups and state-sponsored hackers. Third is to promote security by design which includes to push software and hardware companies to adopt secure development practices; encourage liability for software vendors that release insecure products; advocate for secure cloud computing and zero-trust architectures. Fourth is to invest in a resilient future i.e. expand funding for cybersecurity research and workforce development; develop new technologies like quantum-resistant encryption and AI-driven security; support cybersecu rity education and training programs. Fifths is to forge international partnerships through strengthening cooperation with NATO, the EU, and other allies to combat cyber threats; promote global norms for responsible state behavior in cyberspace; help allies and developing nations build cybersecurity capacity.
As for the Russian Federation, the official document “Russian Federation Cybersecurity Strategic Concept” (draft) outlines the concept for develop ing Russia’s National Cybersecurity Strategy, emphasizing the need for a structured, systematic approach to cybersecurity threats at both the national and international levels. Below is a detailed analysis of its key elements. In brief it states that the rapid development of Information and Communication Technologies (ICTs) is seen as both an opportunity and a threat. Key cyber risks identified include: threats to individual rights, government institutions, and businesses through cyber espi onage, hacking, and data breaches. Cyberattacks by criminals and cyberterrorists targeting protected information systems. Use of cyberweapons in cyber warfare and hybrid military conflicts. In brief the proposed Russian Cybersecurity Strategy follows a state-centric approach with emphasis on national sovereignty, infrastructure protection, and controlled international engagement. The strategy prioritizes cyber defense, regu latory control, and domestic technology development, while recognizing the need for international cooperation in cybercrime enforcement. Russia’s approach is more robust as we can see To summarize my essay, in my humble opinion in such volatile time to secur ing economic and financial infrastructure from cyberattacks requires a multi- layered approach that involves both state-led initiatives and private-sector best practices. State Approach (Government-Level Measures) should look like in Rus sian Cybersecurity Strategic Concept. Regarding private or business sector some serious measures might be adopted such as: Adopt zero-trust architecture to lim it unauthorized access. Implement multi-factor authentication (MFA) and encryp tion for financial transactions. Continuous Monitoring & Threat Detection deploy AI-driven security analytics to detect anomalies in financial systems. Use Security Operations Centers (SOC) to monitor transactions in real-time. Employee train ing & awareness, for instance, conduct regular cybersecurity awareness training to prevent phishing and social engineering attacks. Also establish clear incident response protocols for staff. Third-party risk management which would mean to ensure vendors and partners comply with cybersecurity best practices, and con duct periodic security audits of third-party services. Both governments and private financial entities must work together to build a resilient cybersecurity ecosystem. The state provides regulatory oversight, intel ligence sharing, and law enforcement, while financial institutions must focus on technology, training, and proactive threat mitigation. Only a coordinated approach can ensure the long-term security of economic and financial infrastructure.
Fraudsters stole money in following way:
1. When the time came to cash in on their activities, the fraudsters used online banking or international e-payment systems to transfer money from the banks’ accounts to their own. In the second case the stolen money was deposited with banks in China or America. The experts do not rule out the possibility that other banks in other countries were used as receivers.
2. In other cases, cybercriminals penetrated right into the very heart of the accounting systems, inflating account balances before pocketing the extra funds via a fraudulent transaction. For example: if an account has 1,000 dollars, the criminals change its value so it has 10,000 dollars and then transfer 9,000 to themselves. The account holder doesn’t suspect a prob lem because the original 1,000 dollars are still there.
3. In addition, the cyberthieves seized control of banks’ ATMs and ordered them to dispense cash at a pre-determined time. When the payment was due, one of the gang’s henchmen was waiting beside the machine to col lect the ‘voluntary’ payment.
How did a theft stay hidden? First, attackers used social engineering and mal ware2 to gain access to bank networks. Second, they manipulated internal banking systems, altering balances and making fraudulent transfers. Third, the criminals covered their tracks by mimicking legitimate transactions. Another serious incident happened in 2017. This time criminals targeted Equi fax. One of the largest credit reporting agencies, suffered a data breach exposing 147 million people's personal and financial data. “Founded in the 19th century as a retail credit company, Equifax had over the years morphed into one of the largest repositories of Americans' most sensitive financial data, which the company sliced and diced and sold to banks and hedge funds. In short, the viability of Equifax and the security of its data were one and the same”. According to Blumberg Busi ness investigation the breach occurred due to an unpatched software vulnerability in a web application. Attackers had access to the system for 76 days before being detected. Space of cyber operations is huge. According to Solar, in the previous year there were monitoring Solar JSOC detected more than 31 thousand cyberattacks in Russian Federation. The attacks were mostly directed on the critical government sector. The damage suffered by Russians from telephone fraud in 2024 amounted to at least 295 billion rubles, said Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank (MOEX: SBER). He announced these data at a meeting of the Council for the Development of the digital economy and the Council for the development of the financial market at the Federation Council. The document prepared by the Information Security Department of the Bank of Russia contains a detailed analysis of cyberattacks on the financial sector in 2024. The main topics include new attack methods, threat vectors, post-incident analysis, international cooperation, and recommendations for 2025 [7]. Here is tablet that shows types of cyberattacks. If we look at the following statistics, the amount of money which is stolen annual looks appalling. Statistics has been taken from statista.com Now there is a question whether there are any solutions to this issue? The is positive. We can look, for example how the USA addresses this problem. The U.S. National Cybersecurity Strategy outlines the federal government’s approach to securing cyberspace, protecting national interests, and countering cyber threats.
The most recent version, released in March 2023 under the Biden administration, emphasizes a shift toward a more aggressive and collaborative cybersecurity pos ture. After analyzing this official document, it becomes apparent that there are 5 key elements of U.S. strategy which are as follows: first is to defend critical infra structure by strengthening public-private partnerships to enhance cybersecurity resilience; establish minimum security standards for critical sectors (energy, trans portation, healthcare, etc.); expand the role of the Cybersecurity and Infrastructure Security Agency (CISA) in coordinating national efforts. Second is to disrupt and dismantle threat actors – use offensive cyber operations to target cybercriminals and nation-state adversaries; enhance cooperation between law enforcement, intelligence agencies, and international allies; increase the use of sanctions and legal actions against cybercriminal groups and state-sponsored hackers. Third is to promote security by design which includes to push software and hardware companies to adopt secure development practices; encourage liability for software vendors that release insecure products; advocate for secure cloud computing and zero-trust architectures. Fourth is to invest in a resilient future i.e. expand funding for cybersecurity research and workforce development; develop new technologies like quantum-resistant encryption and AI-driven security; support cybersecu rity education and training programs. Fifths is to forge international partnerships through strengthening cooperation with NATO, the EU, and other allies to combat cyber threats; promote global norms for responsible state behavior in cyberspace; help allies and developing nations build cybersecurity capacity.
As for the Russian Federation, the official document “Russian Federation Cybersecurity Strategic Concept” (draft) outlines the concept for develop ing Russia’s National Cybersecurity Strategy, emphasizing the need for a structured, systematic approach to cybersecurity threats at both the national and international levels. Below is a detailed analysis of its key elements. In brief it states that the rapid development of Information and Communication Technologies (ICTs) is seen as both an opportunity and a threat. Key cyber risks identified include: threats to individual rights, government institutions, and businesses through cyber espi onage, hacking, and data breaches. Cyberattacks by criminals and cyberterrorists targeting protected information systems. Use of cyberweapons in cyber warfare and hybrid military conflicts. In brief the proposed Russian Cybersecurity Strategy follows a state-centric approach with emphasis on national sovereignty, infrastructure protection, and controlled international engagement. The strategy prioritizes cyber defense, regu latory control, and domestic technology development, while recognizing the need for international cooperation in cybercrime enforcement. Russia’s approach is more robust as we can see To summarize my essay, in my humble opinion in such volatile time to secur ing economic and financial infrastructure from cyberattacks requires a multi- layered approach that involves both state-led initiatives and private-sector best practices. State Approach (Government-Level Measures) should look like in Rus sian Cybersecurity Strategic Concept. Regarding private or business sector some serious measures might be adopted such as: Adopt zero-trust architecture to lim it unauthorized access. Implement multi-factor authentication (MFA) and encryp tion for financial transactions. Continuous Monitoring & Threat Detection deploy AI-driven security analytics to detect anomalies in financial systems. Use Security Operations Centers (SOC) to monitor transactions in real-time. Employee train ing & awareness, for instance, conduct regular cybersecurity awareness training to prevent phishing and social engineering attacks. Also establish clear incident response protocols for staff. Third-party risk management which would mean to ensure vendors and partners comply with cybersecurity best practices, and con duct periodic security audits of third-party services. Both governments and private financial entities must work together to build a resilient cybersecurity ecosystem. The state provides regulatory oversight, intel ligence sharing, and law enforcement, while financial institutions must focus on technology, training, and proactive threat mitigation. Only a coordinated approach can ensure the long-term security of economic and financial infrastructure.
Rapid technological development and advent made available a breakthrough since nuclear weapons invention. Humanity entered in digital era after post-nuclear age. Digitalization is ubiquitous phenomenon. Homodigitus i.e. human being that is 24/7 attached to his/her smartphone or gadget such as smartwatch or else. He/ she keeps all his/her data in this small technology as giant corporations, govern mental institutes, etc. Banks, big companies and citizens became a desirable target for malicious actors. A critical data to include bank account login and passwords, social ID, biometrics and other private information is their ultimate goal to reach. Now these issues became a problem of a national security. The damage that can be done in cyberspace by state actors and non-state actors in some cases may have a devastating effect. Cybersecurity have become a very important in this regard. In the research conducted by European Repository of Cyber Incidents in 2024 amongst EU and Non-EU members as shown below significant position holds Ransomware. Ransomware attacks continued to be a significant threat in 2024, with the LockBit group leading in the number of incidents. Despite international efforts to dismantle their infrastructure early in the year, LockBit was responsible for 10% of the tracked cyber activities. Next what’s been highlighted is Sector-Specific Threats. The health sector within the EU's critical infrastructure was the most frequently targeted. Organizations in this sector, which handle sensitive data and have low disruption tolerance, faced numerous ransomware attacks and data theft extortion attempts. Unfortunately, the report underscores the persistent and evolv ing nature of cyber threats within the European Union, emphasizing the need for continuous vigilance and adaptive cybersecurity strategies. The nature of cyber crimes is fairly uncommon for most people’s perception. The general problem is that it’s not obvious if a crime took place. In some cases, it takes a while to detect an attack or malware breach into the system. One of the infamous cyberrobbery was conducted by the group of hackers called “Carbanak” between 2013-2018. The esti mated damage could be “up to one billion American dollars was stolen in about two years fr om financial institutions worldwide”, the report of KasperskyLab states.
Fraudsters stole money in following way:
1. When the time came to cash in on their activities, the fraudsters used online banking or international e-payment systems to transfer money from the banks’ accounts to their own. In the second case the stolen money was deposited with banks in China or America. The experts do not rule out the possibility that other banks in other countries were used as receivers.
2. In other cases, cybercriminals penetrated right into the very heart of the accounting systems, inflating account balances before pocketing the extra funds via a fraudulent transaction. For example: if an account has 1,000 dollars, the criminals change its value so it has 10,000 dollars and then transfer 9,000 to themselves. The account holder doesn’t suspect a prob lem because the original 1,000 dollars are still there.
3. In addition, the cyberthieves seized control of banks’ ATMs and ordered them to dispense cash at a pre-determined time. When the payment was due, one of the gang’s henchmen was waiting beside the machine to col lect the ‘voluntary’ payment.
How did a theft stay hidden? First, attackers used social engineering and mal ware2 to gain access to bank networks. Second, they manipulated internal banking systems, altering balances and making fraudulent transfers. Third, the criminals covered their tracks by mimicking legitimate transactions. Another serious incident happened in 2017. This time criminals targeted Equi fax. One of the largest credit reporting agencies, suffered a data breach exposing 147 million people's personal and financial data. “Founded in the 19th century as a retail credit company, Equifax had over the years morphed into one of the largest repositories of Americans' most sensitive financial data, which the company sliced and diced and sold to banks and hedge funds. In short, the viability of Equifax and the security of its data were one and the same”. According to Blumberg Busi ness investigation the breach occurred due to an unpatched software vulnerability in a web application. Attackers had access to the system for 76 days before being detected. Space of cyber operations is huge. According to Solar, in the previous year there were monitoring Solar JSOC detected more than 31 thousand cyberattacks in Russian Federation. The attacks were mostly directed on the critical government sector. The damage suffered by Russians from telephone fraud in 2024 amounted to at least 295 billion rubles, said Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank (MOEX: SBER). He announced these data at a meeting of the Council for the Development of the digital economy and the Council for the development of the financial market at the Federation Council. The document prepared by the Information Security Department of the Bank of Russia contains a detailed analysis of cyberattacks on the financial sector in 2024. The main topics include new attack methods, threat vectors, post-incident analysis, international cooperation, and recommendations for 2025 [7]. Here is tablet that shows types of cyberattacks. If we look at the following statistics, the amount of money which is stolen annual looks appalling. Statistics has been taken from statista.com Now there is a question whether there are any solutions to this issue? The is positive. We can look, for example how the USA addresses this problem. The U.S. National Cybersecurity Strategy outlines the federal government’s approach to securing cyberspace, protecting national interests, and countering cyber threats.
The most recent version, released in March 2023 under the Biden administration, emphasizes a shift toward a more aggressive and collaborative cybersecurity pos ture. After analyzing this official document, it becomes apparent that there are 5 key elements of U.S. strategy which are as follows: first is to defend critical infra structure by strengthening public-private partnerships to enhance cybersecurity resilience; establish minimum security standards for critical sectors (energy, trans portation, healthcare, etc.); expand the role of the Cybersecurity and Infrastructure Security Agency (CISA) in coordinating national efforts. Second is to disrupt and dismantle threat actors – use offensive cyber operations to target cybercriminals and nation-state adversaries; enhance cooperation between law enforcement, intelligence agencies, and international allies; increase the use of sanctions and legal actions against cybercriminal groups and state-sponsored hackers. Third is to promote security by design which includes to push software and hardware companies to adopt secure development practices; encourage liability for software vendors that release insecure products; advocate for secure cloud computing and zero-trust architectures. Fourth is to invest in a resilient future i.e. expand funding for cybersecurity research and workforce development; develop new technologies like quantum-resistant encryption and AI-driven security; support cybersecu rity education and training programs. Fifths is to forge international partnerships through strengthening cooperation with NATO, the EU, and other allies to combat cyber threats; promote global norms for responsible state behavior in cyberspace; help allies and developing nations build cybersecurity capacity.
As for the Russian Federation, the official document “Russian Federation Cybersecurity Strategic Concept” (draft) outlines the concept for develop ing Russia’s National Cybersecurity Strategy, emphasizing the need for a structured, systematic approach to cybersecurity threats at both the national and international levels. Below is a detailed analysis of its key elements. In brief it states that the rapid development of Information and Communication Technologies (ICTs) is seen as both an opportunity and a threat. Key cyber risks identified include: threats to individual rights, government institutions, and businesses through cyber espi onage, hacking, and data breaches. Cyberattacks by criminals and cyberterrorists targeting protected information systems. Use of cyberweapons in cyber warfare and hybrid military conflicts. In brief the proposed Russian Cybersecurity Strategy follows a state-centric approach with emphasis on national sovereignty, infrastructure protection, and controlled international engagement. The strategy prioritizes cyber defense, regu latory control, and domestic technology development, while recognizing the need for international cooperation in cybercrime enforcement. Russia’s approach is more robust as we can see To summarize my essay, in my humble opinion in such volatile time to secur ing economic and financial infrastructure from cyberattacks requires a multi- layered approach that involves both state-led initiatives and private-sector best practices. State Approach (Government-Level Measures) should look like in Rus sian Cybersecurity Strategic Concept. Regarding private or business sector some serious measures might be adopted such as: Adopt zero-trust architecture to lim it unauthorized access. Implement multi-factor authentication (MFA) and encryp tion for financial transactions. Continuous Monitoring & Threat Detection deploy AI-driven security analytics to detect anomalies in financial systems. Use Security Operations Centers (SOC) to monitor transactions in real-time. Employee train ing & awareness, for instance, conduct regular cybersecurity awareness training to prevent phishing and social engineering attacks. Also establish clear incident response protocols for staff. Third-party risk management which would mean to ensure vendors and partners comply with cybersecurity best practices, and con duct periodic security audits of third-party services. Both governments and private financial entities must work together to build a resilient cybersecurity ecosystem. The state provides regulatory oversight, intel ligence sharing, and law enforcement, while financial institutions must focus on technology, training, and proactive threat mitigation. Only a coordinated approach can ensure the long-term security of economic and financial infrastructure.
Читать весь текст
Социальные сети Instagram и Facebook запрещены в РФ. Решением суда от 21.03.2022 компания Meta признана экстремистской организацией на территории Российской Федерации.