Quantum computing may sound like futuristic arithmetic alchemy, but it’s really just a faster mathematical way for machines to perform tasks faster and with greater complexity.
There’s a lot to understand about quantum computing and the way it is changing the entire trajectory of cryptography, but let’s establish a baseline for the purpose of this conversation. To keep your data secure, you need to think about traditional versus quantum computing, evolving encryption methodology and the quantum cryptography trifecta.
RELATED: Why data protection and compliance is especially critical for financial services.
What Is Quantum Computing?
Traditional computing uses bits, which, according to the University of Maryland’s Division of Information Technology, “are like tiny light switches that can be either off (0) or on (1).” Quantum computers use qubits, which are subject to the laws of quantum physics in the subatomic world and “can be both 0 and 1 at the same time thanks to superposition (the ability for qubits to exist in multiple places at once). Superposition allows quantum computers to process lots of possibilities simultaneously. Additionally, qubits can be entangled, meaning the state of one qubit can depend on another, no matter how far apart they are.”
In short, financial services that still rely on traditional computing technology for cryptography will fail if they don’t quickly adopt a strong post-quantum cryptography methodology. This technology is immensely powerful, and it also poses significant security concerns because quantum computers are quickly outpacing their traditional counterparts in breaking encryption. Here’s how financial firms can chart a successful path toward post-quantum cryptography.
Click the banner below to read the 2024 CDW cybersecurity report.
Quantifying the Quantum Concern
Research firm Gartner recommends that companies start the transition to post-quantum cryptography as soon as possible, noting that “quantum computing will render traditional cryptography unsafe by 2029.” While this qualitative assessment is worrisome, it’s worth assessing the quantifiable impacts of this new computing approach.
In fact, Forbes notes, “Whatever you protect today with encryption technologies will likely be susceptible to attackers gaining unfettered access soon. With their immense computational power, quantum computers will soon easily break legacy cryptographic schemes, such as RSA and ECC (Elliptic Curve Cryptography). Traditional encryption relies on mathematical problems that are hard for classical computers to solve. In theory, even massive supercomputers would take trillions of years to compute the secret key protecting sensitive data with RSA or ECC, but with a quantum computer? This feat could take only 10 seconds.”
RSA encryption was developed in the late 1970s at the Massachusetts Institute of Technology and is still used today for things such as securing websites and email. This encryption was reliable because it was based on the notion that your encrypted app creates a private key with two or more large prime numbers, multiplied together, known only by your computer; incoming messages interact with your public key, and when the exchange is decrypted, your data is secure because only your computer knows the original numbers.
An AT&T Bell Labs researcher named Peter Shor built an algorithm in 1994 that illustrated how the whole encryption system could collapse with the introduction of quantum computing. It was a game changer.
Thanks to Shor’s algorithm, quantum computers can crack Advanced Encryption Standard encryption in just a few hours. Although most security tools aren’t yet able to detect quantum attacks, there’s some solace in knowing that building a quantum computer also takes time.
Click the banner to sign up for our newsletter and receive more business IT insights.
Protection, Resilience, Safety: The Quantum Cryptography Trifecta
To defend against quantum threats, financial IT leaders must prioritize protection, resilience and safety.
Protection is the first line of defense for financial services firms. Better encryption is your best chance of reducing the potential of a successful quantum attack. The National Institute of Standards and Technology (NIST) has released a principle set of post-quantum encryption standards designed to withstand cyberattacks from a quantum computer.
Resilience is the ability to respond effectively to quantum attacks by quickly identifying potential threats, minimizing possible damage and reducing the risk of further compromise. Educate your team, prepare for the future and “safeguard your confidential electronic information.”
Safety shifts the focus from immediate concern to long-term consistency. Instead of simply waiting for quantum threats to emerge, firms need a joint offensive and defensive approach to get ahead of possible problems with in-depth threat analysis. Implement a holistic, dynamic approach to protect your data.
Three Steps for Better Quantum Security
Financial firms can’t predict the timeline or impact of quantum attacks, but they can take these core steps to boost quantum security.
- Prioritize education and employee awareness. It’s not enough for firms to check current security and compliance boxes; they need to make their teams understand the evolution of quantum computing and cryptography. Make education a companywide effort.
- Define a compliance strategy and implement solutions. Make sure these standards align with regulatory compliance and data privacy. NIST standards are a good place to start, but it’s also worth working with experienced advisers and solution providers.
- Test, test, then test some more. The first test of your firm’s post-quantum cryptography practices should not be an attack. Run regular testing to pinpoint areas for improvement, reducing your future potential for failure.
Financial services firms with an eye on future success and safety are making post-quantum cryptography a top priority. They’re teaming up with experts to understand the risks, adopting new NIST standards and regularly testing their security systems to stay ready for the future.
This article is part of BizTech's EquITy blog series.
