量子ベースのサイバー脅威を阻止する新標準規格

One emerging theme from the Celent Technology Trends Previsory, Corporate Banking, 2024 Edition related to cybersecurity – specifically the role of quantum computing.

At first glance, quantum computing may appear to be disconnected from the realm of corporate banking. However, the escalating threat of fraud and cyberattacks, coupled with the pursuit of quantum algorithms by malicious actors to compromise existing security and encryption protocols necessitates a proactive stance from banks.

Traditional encryption methods, which hinge on the computational difficulty of factoring large numbers or solving discrete algorithms, are vulnerable to the superior processing capabilities of quantum computers. These advanced machines can execute such operations exponentially faster than their classical counterparts, posing a substantial risk to current encryption standards.

Naturally, banks are high-risk targets for sophisticated hackers. It is for good reason that not only do banks employ high levels of access security at the perimeter of banking applications, but also the financial messaging networks between institutions, such as Swift.

In response, the development of quantum-resistant algorithms and cryptographic techniques is underway, aimed at fortifying defenses against quantum-enabled threats. Notably, industry leaders such as Mastercard have collaborated with IBM to delve into cybersecurity and fraud detection within payment networks, while banks such as JPMorgan and Goldman Sachs have joined the IBM Quantum Network.

The Financial Times[1] reports that The National Institute for Standards and Technology (NIST), which is a part of the US Department of Commerce, will soon publish three approved security algorithms that can be used by companies in all industries to mitigate risks from the threat of quantum hacking. A fourth standard remains under development.

Although the threat of existential quantum-based cyberattacks may still lie somewhere in the future, data theft is very much a current day threat. Hackers can adopt a “harvest now, decrypt later” (HNDL) approach to cybercrime. Even if data was encrypted before being stolen, malicious actors can hold the data until it can be decrypted.

In future, a robust quantum cybersecurity strategy would reshape the security framework for banking services. Hopefully the industry (banks and the financial messaging networks) will coalesce around these new NIST standards to proactively implement quantum cyber defenses. I can foresee this being a new bar for accessing financial messaging networks. Perhaps that will be the forcing function for industry adoption.

What of the impact on the clients of corporate banks? Even today, corporate clients tend to push back against more restrictive security requirements from their banking partners. Multi-factor authentication is now becoming more pervasive yet banks also try to remove as much friction from the experience as they safely can.

Banks have an opportunity to lead the discussion about effective cybersecurity technology and best practices. Although the tangible impact of quantum computing on corporate banking remains in its nascent stages, corporate banking product managers and their technology partners should embark on a journey of awareness and understanding of this complex computing paradigm. Understanding its potential implications is crucial for safeguarding the interests of their corporate clients in the evolving digital landscape. Yes, it is early days, but this is an area to lean into.

[1]US nears milestone in race to prevent quantum hacking, Financial Times, August 5, 2024 (requires subscription)