Quantum computing has potential to generate significant new risks for financial services companies by making their computer systems more vulnerable to hacking attacks, according to a newly published white paper, Post-Quantum Security Considerations for the Financial Industry, by the Depository Trust & Clearing Corp (DTCC).
The market infrastructure provider notes that experts estimate that quantum-based computers will one day have the power to break the industry’s existing cryptography codes in seconds.
The White Paper aims to bring these risks into focus, while identifying initial steps organisations can take to protect themselves in the future.
To this end, the group makes a series of recommendations that firms may follow to address these securities threats.
The first step would be to evaluate and highlight potential vulnerabilities in existing systems as well as reinforce cryptography practices by centralising management of keys and certificates.
Firms are also advised to enforce best-practice standards relating to encryption mechanisms.
This should involve working with the regulatory community to advance, and encourage adoption of, best practice standards, including National Institute of Standards and Technology’s (NIST) focus on post-quantum cryptography (PQC) standards.
DTCC also believes firms should develop a playbook that maps out the steps required to replace an encryption platform and ensure this can be delivered promptly in advance of any concrete rise in the threat to its systems.
Firms must also focus on organisational management change and build a strong risk culture within their organisations.
In addition, DTCC emphasises the importance of collaboration across the industry to advance this critical dialogue and to prepare for the emergence of PQC standards.
“We recognise that a quantum technology threat is coming,” said DTCC managing director and chief information security officer Ajoy Kumar. “With some experts estimating that the industry’s protected data could become vulnerable over the next decade, the time to act is now.”
He adds, “DTCC is taking timely steps to protect our data. Collaboration and preparation are key to ensure that security, privacy and the integrity of the financial industry are well preserved.”
