News

April 19, 2023

Quantum Threats Loom: How financial services can prepare for the next cybersecurity frontier

Quantum Threats Loom: How financial services can prepare for the next cybersecurity frontier

By Nneoma Iheonun

The rapid advancements in quantum computing have positioned it as a transformative force across industries, promising breakthroughs in fields such as pharmaceuticals, climate modeling, and artificial intelligence.

However, as quantum technology continues to mature, it also presents a formidable threat to cybersecurity, particularly for the financial services sector. For Nigeria, whose financial industry is pivotal to the country’s economic stability, understanding and preparing for these quantum threats is no longer optional; it is imperative.

The Promise and Peril of Quantum Computing

Quantum computing represents a paradigm shift from classical computing. Unlike traditional computers that use bits (0s and 1s) to process information, quantum computers use quantum bits, or qubits, which can exist in multiple states simultaneously due to the principles of superposition and entanglement. This enables quantum computers to perform complex calculations at speeds unimaginable with classical computers.

While this technology holds immense potential for solving problems that were previously deemed intractable, it also poses significant risks, particularly in the realm of cybersecurity. Most concerning for the financial sector is the potential for quantum computers to break widely used encryption algorithms such as RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography), which currently secure everything from online banking transactions to confidential customer data.

The Imminent Threat to Financial Institutions

Nigeria’s financial sector is no stranger to cyber threats. With an increasingly digitalized economy and a growing reliance on online banking and payment systems, the sector has been a prime target for cybercriminals. According to the Nigerian Interbank Settlement System (NIBSS), the country recorded over 67,000 fraud cases involving ₦7 billion ($17 million) in losses in 2021 alone. This number is only expected to grow with the increasing sophistication of cyberattacks. Quantum computing threatens to amplify these risks exponentially.

The primary concern is the potential for quantum computers to break encryption, the backbone of modern cybersecurity. Encryption algorithms that currently protect sensitive financial information could become obsolete almost overnight. A sufficiently advanced quantum computer could decrypt data encrypted with RSA or ECC in a matter of seconds, exposing sensitive information such as bank accounts, personal identification numbers, and transaction histories. The consequences for Nigerian financial institutions, and the economy at large, would be catastrophic, ranging from massive financial losses to a breakdown in public trust.

The Global Race for Quantum-Safe Cryptography

In response to these emerging threats, there is a global push to develop quantum-safe cryptography—encryption methods that can withstand attacks from quantum computers. The United States’ National Institute of Standards and Technology (NIST) has been at the forefront of efforts to standardize post-quantum cryptographic algorithms, with several new algorithms expected to be finalized by 2024. Financial institutions worldwide are encouraged to begin the transition to these quantum-resistant algorithms to protect their data from future quantum threats.

For Nigerian financial institutions, this is a call to action. Waiting for the quantum threat to materialize is not an option. Instead, proactive steps must be taken to integrate quantum-safe cryptographic solutions, upgrade legacy systems, and train cybersecurity professionals to address the unique challenges posed by quantum computing.

How Nigerian Financial Institutions Can Prepare

1. Adopt Quantum-Resistant Cryptography: Financial institutions in Nigeria must start exploring and adopting post-quantum cryptography (PQC). This involves transitioning from traditional cryptographic algorithms, such as RSA and ECC, to quantum-resistant algorithms designed to withstand the computational power of quantum computers. Banks and financial institutions should collaborate with cybersecurity firms, government bodies, and research institutions to stay informed about the latest developments in PQC and begin pilot testing quantum-safe algorithms.

2. Conduct a Quantum Readiness Assessment: A thorough assessment of an organization’s current cryptographic infrastructure is essential. This involves identifying all systems, processes, and data flows that rely on encryption and assessing their vulnerability to quantum attacks. Understanding the level of exposure is critical for developing a comprehensive quantum-readiness plan. A strategic roadmap should be established, outlining key steps, timelines, and resources required to transition to quantum-resistant systems.

3. Invest in Quantum Research and Development: Investment in quantum research and development should not be seen as an expense but rather as a strategic imperative. Financial institutions should allocate resources to R&D initiatives focusing on quantum-resistant technologies and protocols. Collaborating with local universities and research centers can foster innovation and provide a platform for developing homegrown solutions tailored to the unique needs of the Nigerian market.

4. Build Quantum Awareness and Capacity: Quantum computing is a complex field, and its implications for cybersecurity are profound. Financial institutions need to educate their staff and stakeholders about quantum threats and the importance of quantum-safe strategies. Training programs and workshops should be conducted to enhance the understanding of quantum risks and the necessary steps to mitigate them. Building a culture of awareness will ensure that everyone, from top executives to IT staff, is aligned on the urgency of addressing quantum threats.

5. Develop a Quantum Incident Response Plan: While prevention is critical, having a robust incident response plan in place is equally important. This plan should outline specific steps to be taken in the event of a quantum-related breach or vulnerability discovery. By planning for worst-case scenarios, financial institutions can minimize damage and ensure a swift recovery in case of a quantum-induced cyber incident.

6. Collaborate with Industry Peers and Regulators: Quantum cybersecurity is a challenge that cannot be tackled in isolation. Collaboration among industry peers, regulatory bodies, and cybersecurity experts is essential to develop best practices and share knowledge about emerging quantum threats and mitigation strategies. The Central Bank of Nigeria (CBN) and other regulatory authorities should play a key role in providing guidance, setting standards, and ensuring compliance within the financial sector.

The Future is Now

The quantum threat is not a distant, hypothetical scenario; it is a looming reality that demands immediate attention. Nigerian financial institutions must act now to safeguard their systems, data, and customer trust against the potential quantum onslaught. The path forward involves adopting quantum-resistant cryptography, conducting risk assessments, investing in research and development, and building a quantum-aware workforce. In the race for quantum preparedness, complacency is not an option. Nigerian financial institutions that embrace these proactive strategies will not only protect themselves against future quantum threats but also position themselves as leaders in the next frontier of cybersecurity. The time to act is now, for in the quantum age, being ahead of the curve is the only way to stay secure.

Nneoma Iheonun, a Cloud Security Engineer, is based in Houston, Texas.