Translation
Original language
16.06.2025
Cybersecurity of the Big Data Economy
When speaking about cybersecurity in the era of the big data economy, we first must talk about the security of the big data economy itself in terms of cyber threats. In the era of the data economy, with the development of digital systems as well as state and regional digital services, we not only face the problem of collecting, processing, and storing big data, but also ensuring its comprehensive security. As the number of cyberthreats to state and private services increases, the integrity, confidentiality, and availability of big data are a key factor in their successful operation and the stability of society.
BRICS+ countries are nations with a growing economy and scientific potential whose development largely depends on advancements in the techno logical platform and the digitalization of industries. The digital transformation of state and municipal administration, the economy, and the social sector is not only impossible without uninterrupted Internet access, the training of skilled professionals for the IT industry, digital public administration, and the develop ment of domestic digital platforms, software, promising inventions, and artificial intelligence, but also without ensuring cybersecurity, which is at the forefront of this area in the national project ‘Data Economy and Digital Transformation of the State’.
The growing number of cyberthreats against digital infrastructure is turning into a challenge for all countries today. According to a Bank of Russia report on dif ferent types of computer attacks in the financial sector, the FinCERT automated incident processing system recorded more than 750 attacks on the financial sector in Russia alone in 2024. What is critically important is that these attacks were car ried out from almost all regions of the world, which clearly shows how difficult it is to combat such attacks from just a single state. The hackers actively exploited the infra structure of contractors, software vulnerabilities, and social engineering. Statistics show that they are increasingly using complex chains of actions and gaining access to sensitive data through ancillary, less secure systems. We can expect attacks on digital infrastructure to continue to grow, primarily using ancillary systems, the vul nerabilities of diverse stacks of software components, and social engineering. Data is the main asset of the new digital economy. However, intruders are gaining access to millions of data records as a result of cyberattacks. On average, during a single incident in 2024, more than 2.5 million records were leaked world wide (more than 2.3 million in Russia). Human error has fallen by the wayside: 99% of leaks are intentional. Over the past year, the percentage of leaks in industry and trade, sports organizations, media, and NGOs has only grown. In the future, we can assume that hackers will increasingly show interest in private data sets, the gen eralization (enrichment) of data, its combination with OSINT technologies, and using data to put pressure on companies through possible fines, reputational risks, fraud, and other illegal activities, including planning terrorist attacks. We can draw the following conclusions: the transition to a data economy must ensure the security of its main resource – the actual big data circulating in digi tal systems. Given the modern cyberthreat landscape, this is a complex task that requires various countries to consolidate their efforts both to protect assets as well as to investigate incidents and prosecute hackers. It must be effectively resolved so as not to jeopardize the confidentiality, reliability, availability, and integrity of big data of the digital economy. We will examine the role of data in the modern digital services that underlie the new technological paradigm. The big data economy requires us to view infor mation in at least two ways: taking decisions based on data and using data as an independent value (resource). Decision-making is what increases the intrinsic value of data. It results in new forms of relations within the knowledge society, such as data exchange or data outsourcing, as well as the creation and use of joint prod ucts based on data (e.g., artificial intelligence systems). These are essentially new forms of big data management in response to technological needs. However, the actual technologies – new non-relational DBMS for big data, distributed informa tion management systems, and artificial intelligence systems – have vulnerabilities and security imperfections that can result in such massive leaks. We will outline the following problems with ensuring the cybersecurity of the big data economy with respect to its main resource: a growing attack surface (including cross-border), the vulnerability of technologies, and the heterogeneity of infrastructure. As the need for data exchange and outsourcing increases, more and more people are gaining access to confidential information. This creates legal problems both in terms of obtaining consent for processing from the data owners and harmonizing legislation, as well as cybersecurity problems. The probability of data leaks in this case increases many times over, since data is becoming available to a wide range of people and starting to appear in different types of infrastructure built on the basis of various software and hardware. The next problem is the vulnerability of technologies. On the one hand, having heterogenous infrastructure increases the likelihood of open vulnerabilities. On the other hand, modern data-driven solutions and artificial intelligence systems are also susceptible to major cyberattacks that not only aim to extract their private architecture, but also the data used to create them. Even when technologies spe cifically designed to maintain privacy (such as federated learning) are used in the joint creation of AI models, such attacks remain relevant. The third problem that arises from the new paradigm of using information in the big data economy is the heterogeneity of infrastructure itself. Even within a sin gle, fairly large company in the banking or industrial sector, data has a complex life cycle, is processed in various systems, and circulates between them as they imple ment various business processes. As a rule, such systems trust each other, and a hacker can gain access to all private data by accessing one of them. This is one of the reasons why hackers are increasingly using ancillary systems and infrastructure to gain access to data. This means we must take a comprehensive approach to big data security within any kind of heterogeneous infrastructure and not only protect individual components, but data management systems as a whole at the techno logical and not just the legal level. As such, ensuring the protection and control of data usage in heterogeneous infrastructure is crucial to the cybersecurity of the entire data economy. Different degrees of data granulation, the lack of a single processing tool, and the hetero geneity of data sources, consumers, and information at the semantic level are what distinguish big data management systems for large-scale objects (including government services and cross-border systems) from traditional database management systems (including private clouds). These factors make it impossible to apply conventional means and methods of protection, such as end-to-end encryption and well-known methods of access control and audit, at the level of the big data management system as a whole. To ensure the comprehensive security of big data management systems, we need a common, consistent approach to its protection that can overcome the contradictions between heterogeneous components with different data granulation. Another challenge in building secure big data management systems is the need to support existing specialized tools for structuring and transforming information, accepted business practices, data outsourcing, and the joint use of data.
Technology should be based on a new consistent approach to ensuring the security of the data management system that incorporates the principles of com pleteness, unity, and consistency of data and process representation, as well as the principle of minimizing trust. What makes this approach unique is the consistency both at the level of mathematical models of heterogeneous components of the data architecture as well as between information processing levels. This consistent approach allows for access control, monitoring, and auditing throughout the entire life cycle of data and also minimizes threats and ensures secure information processing in the most productive mode. Developing solutions based on the paradigm of a consistent approach to protecting big data when conducting joint research, including as part of scientific and technical cooperation between BRICS+ countries, will enhance the confidentiality, availability, and integrity of the data economy’s main resource in the face of cyber threats. Reducing the number of data leaks, in turn, will help to avoid unforeseen expenses and significant reputational costs, simplify the international exchange of data in order to create technological products, boost the sustainability of the commercial and public sectors of the data economy, and ensure that citizens have greater trust in new technologies.
BRICS+ countries are nations with a growing economy and scientific potential whose development largely depends on advancements in the techno logical platform and the digitalization of industries. The digital transformation of state and municipal administration, the economy, and the social sector is not only impossible without uninterrupted Internet access, the training of skilled professionals for the IT industry, digital public administration, and the develop ment of domestic digital platforms, software, promising inventions, and artificial intelligence, but also without ensuring cybersecurity, which is at the forefront of this area in the national project ‘Data Economy and Digital Transformation of the State’.
The growing number of cyberthreats against digital infrastructure is turning into a challenge for all countries today. According to a Bank of Russia report on dif ferent types of computer attacks in the financial sector, the FinCERT automated incident processing system recorded more than 750 attacks on the financial sector in Russia alone in 2024. What is critically important is that these attacks were car ried out from almost all regions of the world, which clearly shows how difficult it is to combat such attacks from just a single state. The hackers actively exploited the infra structure of contractors, software vulnerabilities, and social engineering. Statistics show that they are increasingly using complex chains of actions and gaining access to sensitive data through ancillary, less secure systems. We can expect attacks on digital infrastructure to continue to grow, primarily using ancillary systems, the vul nerabilities of diverse stacks of software components, and social engineering. Data is the main asset of the new digital economy. However, intruders are gaining access to millions of data records as a result of cyberattacks. On average, during a single incident in 2024, more than 2.5 million records were leaked world wide (more than 2.3 million in Russia). Human error has fallen by the wayside: 99% of leaks are intentional. Over the past year, the percentage of leaks in industry and trade, sports organizations, media, and NGOs has only grown. In the future, we can assume that hackers will increasingly show interest in private data sets, the gen eralization (enrichment) of data, its combination with OSINT technologies, and using data to put pressure on companies through possible fines, reputational risks, fraud, and other illegal activities, including planning terrorist attacks. We can draw the following conclusions: the transition to a data economy must ensure the security of its main resource – the actual big data circulating in digi tal systems. Given the modern cyberthreat landscape, this is a complex task that requires various countries to consolidate their efforts both to protect assets as well as to investigate incidents and prosecute hackers. It must be effectively resolved so as not to jeopardize the confidentiality, reliability, availability, and integrity of big data of the digital economy. We will examine the role of data in the modern digital services that underlie the new technological paradigm. The big data economy requires us to view infor mation in at least two ways: taking decisions based on data and using data as an independent value (resource). Decision-making is what increases the intrinsic value of data. It results in new forms of relations within the knowledge society, such as data exchange or data outsourcing, as well as the creation and use of joint prod ucts based on data (e.g., artificial intelligence systems). These are essentially new forms of big data management in response to technological needs. However, the actual technologies – new non-relational DBMS for big data, distributed informa tion management systems, and artificial intelligence systems – have vulnerabilities and security imperfections that can result in such massive leaks. We will outline the following problems with ensuring the cybersecurity of the big data economy with respect to its main resource: a growing attack surface (including cross-border), the vulnerability of technologies, and the heterogeneity of infrastructure. As the need for data exchange and outsourcing increases, more and more people are gaining access to confidential information. This creates legal problems both in terms of obtaining consent for processing from the data owners and harmonizing legislation, as well as cybersecurity problems. The probability of data leaks in this case increases many times over, since data is becoming available to a wide range of people and starting to appear in different types of infrastructure built on the basis of various software and hardware. The next problem is the vulnerability of technologies. On the one hand, having heterogenous infrastructure increases the likelihood of open vulnerabilities. On the other hand, modern data-driven solutions and artificial intelligence systems are also susceptible to major cyberattacks that not only aim to extract their private architecture, but also the data used to create them. Even when technologies spe cifically designed to maintain privacy (such as federated learning) are used in the joint creation of AI models, such attacks remain relevant. The third problem that arises from the new paradigm of using information in the big data economy is the heterogeneity of infrastructure itself. Even within a sin gle, fairly large company in the banking or industrial sector, data has a complex life cycle, is processed in various systems, and circulates between them as they imple ment various business processes. As a rule, such systems trust each other, and a hacker can gain access to all private data by accessing one of them. This is one of the reasons why hackers are increasingly using ancillary systems and infrastructure to gain access to data. This means we must take a comprehensive approach to big data security within any kind of heterogeneous infrastructure and not only protect individual components, but data management systems as a whole at the techno logical and not just the legal level. As such, ensuring the protection and control of data usage in heterogeneous infrastructure is crucial to the cybersecurity of the entire data economy. Different degrees of data granulation, the lack of a single processing tool, and the hetero geneity of data sources, consumers, and information at the semantic level are what distinguish big data management systems for large-scale objects (including government services and cross-border systems) from traditional database management systems (including private clouds). These factors make it impossible to apply conventional means and methods of protection, such as end-to-end encryption and well-known methods of access control and audit, at the level of the big data management system as a whole. To ensure the comprehensive security of big data management systems, we need a common, consistent approach to its protection that can overcome the contradictions between heterogeneous components with different data granulation. Another challenge in building secure big data management systems is the need to support existing specialized tools for structuring and transforming information, accepted business practices, data outsourcing, and the joint use of data.
Technology should be based on a new consistent approach to ensuring the security of the data management system that incorporates the principles of com pleteness, unity, and consistency of data and process representation, as well as the principle of minimizing trust. What makes this approach unique is the consistency both at the level of mathematical models of heterogeneous components of the data architecture as well as between information processing levels. This consistent approach allows for access control, monitoring, and auditing throughout the entire life cycle of data and also minimizes threats and ensures secure information processing in the most productive mode. Developing solutions based on the paradigm of a consistent approach to protecting big data when conducting joint research, including as part of scientific and technical cooperation between BRICS+ countries, will enhance the confidentiality, availability, and integrity of the data economy’s main resource in the face of cyber threats. Reducing the number of data leaks, in turn, will help to avoid unforeseen expenses and significant reputational costs, simplify the international exchange of data in order to create technological products, boost the sustainability of the commercial and public sectors of the data economy, and ensure that citizens have greater trust in new technologies.
Read full text
