Quantum Computing: What Financial Institutions Must Know Today About Tomorrow’s Security Threat

By Andrew Lord, Senior Manager of Optical Research at BT

Not so very long ago, talk about quantum computers in the financial sector seemed futuristic babble. Today, that reality is being taken much more seriously.  

While the use of quantum technology on a large scale is still a way off, adoption is growing across financial services and enterprises worldwide. According to a 2022 study commissioned by Zapata Computing, 69% of enterprise executives polled either have already adopted or plan to make use of quantum computing.

This technology will be especially important to the financial services sector – an industry that relies on heavy amounts of data to accurately calculate probabilities and provide targeted service to customers. Why? Because quantum computers are incredibly powerful, especially at certain tasks, including complex, multi-dimensional optimization. Tasks that once took hours will take only seconds.

In short, quantum computing will be exponentially more efficient than current methods, for some problems. A McKinsey & Company report on quantum computing’s future impact on financial services outlines multiple financial use cases in banking, capital markets, corporate finance, portfolio management, and encryption-related activities. It will be a game changer for the financial sector.

Cybersecurity risk on steroids

As is often the case, with new technologies comes new risks. Cybercriminals with access to quantum computing could potentially wreak havoc on a mass scale in a short period of time. The fear is that they too could use the same quantum computing technology and turn it against the industry to crack seemingly secure codes.

Whereas today’s computers would take billions of years to crack current NIST-approved Public Key Cryptography algorithms, a quantum computer that employs Shor’s algorithm will be able to decipher the private keys within hours. 

This coming reality is especially troubling for organizations such as banks, financial services firms, and other organizations with responsibility for protecting financial assets. When cybercriminals gain the ability to quickly decrypt current encryption systems, businesses and their customers could see billions of dollars simply vanish into thin air. 

Heading off threats with QKD

The good news is that the early quantum computers of today are not yet capable of breaking any commonly used encryption methods, so this rapid decoding threat is still in the future. But the future of tech moves fast, especially when the tech is benefiting from $billions of investment, which is why organizations need to be prepared today for what will come tomorrow.

Although it’s still early days, good progress is being made in developing new mathematical algorithms that will ultimately replace those which are vulnerable to quantum computers.

One area in which we’ve seen significant progress when it comes to protecting communications against quantum computing is quantum key distribution (QKD). This is a secure communication method to exchange keys between shared parties. 

QKD relies on the principles of Quantum Mechanics to establish shared encryption keys between two remote sites. Keys are delivered using the smallest possible packets of light (photons) and are impossible to tap into without violating quantum principles. This provides a further layer of security for personal and sensitive data over and above the standard methods used by banks and credit card companies.

The power of QKD is that the information exists in a quantum state. Any attempt to intercept the key being transferred will disturb the photons sending the keys and introduce errors to their encoding. This means that organizations can identify when a key has been intercepted by a cyber-criminal, and so the transaction can be terminated with a new key being sent automatically.

Trials of the world’s first commercial quantum-secured metro network are now taking place in London, where data is sent on a 10 gigabits per second fiber link. Because the QKD works on the same fiber as the data, it’s a less expensive, simpler way to create a quantum-secure network.

Prepare for the inevitable

The pace of progress in quantum computing is a double-edged sword: It presents great opportunities but also an increasing risk to standard encrypted key exchanges, authentication, and digital signatures. While the threat isn’t immediate, some experts estimate attacks are increasingly possible in the next five to 10 years.

Organizations also need to be aware that their current data is at future risk, too. Securing encrypted traffic needs to happen today because data that requires long-term security may be at risk of “store today, crack later” cyberattacks where bad actors collect key exchange and encrypted traffic now for future decoding when quantum computing is ready to be used in a malicious manner.

Smart financial institutions will not bury their heads in the sand when it comes to quantum computing. Organizations that want to maximize its benefits will need to be proactive about mitigating cybersecurity risks and the potential for industry chaos that results from the technology. Identifying and tracking the progress of QKD-based security solutions is a good first step. 

Andrew joined BT in 1985 after a BA in Physics from Oxford University. He has helped design a wide range of optical network systems and technologies, including long-haul subsea and terrestrial DWDM networks He currently leads BT’s optical core and access research, including optical access, high-speed transmission, and Quantum Communications. He was Technical Program Chair for OFC 2015 and General Chair for OFC 2017; he will be TPC Chair of ECOC 2023. He is Editor-in-Chief of the Journal of Optical Communications and Networking, is Visiting Professor at Essex University, Senior Member of the IEEE, and a BT Distinguished Engineer.

Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.