9. Emerging quantum threats in encryption
Quantum computers are advancing to solve the complex mathematical problems that underpin today’s public key cryptography. Once active, they can render current encryption obsolete, exposing sensitive financial data to a breach.
“Quantum computers pose a threat to RSA or elliptic curve-based key encryption systems that financial institutions rely on to protect sensitive data,” said Dr. Marc Manzano, general manager of cybersecurity at AI and quantum technologies specialist SandboxAQ. “To reduce this risk, financial institutions need to establish comprehensive programs to improve the management of cryptography.”
Fortunately, the threat has been anticipated for a long time and the development of cryptographic algorithms that are protected against cryptanalytic attacks by quantum computers has been in progress for years.
The US National Institute of Standards and Technology (NIST) has released its first set of quantum-resistant algorithms in August 2024. Early adoption of this technology aligns with the world’s best institutions and practices and regulatory expectations.
The G7 Cyber Expert Group (CEG) – led by the US Treasury and the Bank of England – advises financial authorities and institutions to take measures to deal with quantum risks.
Organizations should plan for a phased migration of their IT infrastructure to quantum-resistant encryption, ensuring continued data security in the post-quantum era.
10. Emerging AI-assisted attacks
AI accelerates evidence-based concentration and brute-force attacks, allowing hackers to crack passwords at a level no one else can match. Gen AI tools can also be misused to create highly convincing phishing scams.
“The misuse of AI has increased phishing attempts,” according to Megha Kumar, chief product officer at global cyber consultancy CyXcel. “Forget those plain, scam emails. Now, cybercriminals can send well-crafted, professional-looking messages that are likely to fool people.”
“While commercially available AI tools, such as ChatGPT, have attempted to build walls to protect bad actors from using the technology for malicious purposes, countermeasure tools such as WormGPT have emerged to close the gap for attackers,” added Keiron Holyome, VP of UKI. and emerging markets in BlackBerry Cyber.
Research has shown that gen AI can be abused to create fake voiceprints that can bypass the biometric identification tools used by banks.
That’s just the beginning of it.
Criminals may use AI to quickly comb through large data sets, identify key targets for data theft, among other malicious applications.
“AI-enabled malware can learn typical user or network behavior, allowing attacks or data exfiltration to evade detection by better mimicking normal activity,” Holyome said. “AI-powered inspection tools can facilitate independent scanning of networks for vulnerabilities, automatically selecting effective exploits.”
11. Strict control rules
It’s not a cyber threat per se, but banks, insurance, and investment firms in particular are subject to various increasing regulations and compliance requirements, with new cyber security goals coming up.
“Failure to use proper cybersecurity measures can be revealing [finance sector organizations] reputational and enforcement risks, including heavy fines under the GDPR,” warns Sarah Pearce, partner at law firm Hunton Andrews Kurth. “We’re seeing an increased focus on strengthening enforcement through the upcoming legal frameworks around the evolution of cybersecurity and it’s becoming increasingly clear.”
The DORA (Digital Operational Resilience Act) regulations will apply across the EU in January 2025, bringing with it the requirement for banks to establish comprehensive risk management frameworks.
“Over the next year, banks, for example, will be required to comply with greater cybersecurity obligations under DORA,” according to Pearce. “Obligations will vary depending on the specific type of products and services they offer.”
Source link