9. Emerging quantum threats to encryption
Quantum computers are advancing toward solving complex mathematical problems that underlie today’s public-key cryptography. Once operational, they could render current encryption obsolete, exposing sensitive financial data to breaches.
“Quantum computers present a threat to RSA or elliptic curve-based public key encryption systems that financial sector organizations rely on to protect sensitive data,” says Dr. Marc Manzano, general manager for cybersecurity at AI and quantum technologies specialist SandboxAQ. “To mitigate this risk, financial institutions need to establish comprehensive programs to modernize cryptography management.”
Fortunately, the threat has been long-anticipated and development of cryptographic algorithms secure against cryptanalytic attacks by a quantum computer has been in the works for years.
The US National Institute of Standards and Technology (NIST) released its first set of quantum-resistant algorithms in August 2024. Early adoption of these technologies aligns institutions with global best practices and regulatory expectations.
The G7 Cyber Expert Group (CEG) — chaired by the US Department of the Treasury and the Bank of England — is advising financial authorities and institutions to take proactive measures against quantum risks.
Organizations should plan for a phased migration of their IT infrastructure to quantum-resistant encryption, ensuring continued data security in a post-quantum era.
10. Emerging AI-assisted attacks
AI speeds up credential stuffing and brute-force attacks, allowing cybercriminals to test passwords at a rate no human could match. Gen AI tools can also be abused to create much more convincing phishing scams.
“The misuse of AI has stepped up phishing efforts,” according to Megha Kumar, chief product officer at global cyber consultancy CyXcel. “Forget those obvious, typo-filled scam emails. Now, cybercriminals can send highly tailored, professional-looking messages that are much more likely to trick people.”
“While commercial generative AI tools, such as ChatGPT, have attempted to build guardrails to prevent bad actors from using the technology for malicious purposes, adversarial tools such as WormGPT have emerged to fill the gap for attackers,” adds Keiron Holyome, VP of UKI and emerging markets at BlackBerry Cyber.
Research has shown gen AI can be abused to create fraudulent voice imprints capable of circumventing biometric identification tools used by banks.
That’s just the start of it.
Criminals might use AI to comb through huge data sets quickly, identifying valuable targets for data theft, among other malicious applications.
“Malware empowered by AI can learn typical user or network behaviors, enabling attacks or data exfiltration that evades detection by better mimicking normal activity,” Holyome says. “AI-powered reconnaissance tools may facilitate autonomous scanning of networks for vulnerabilities, choosing the most effective exploit automatically.”
11. Tougher regulatory regimes
Not a cyber threat per se, but banks, insurance, and investment firms in particular are subject to an increasingly wide range of regulations and compliance requirements, with new cybersecurity strictures upcoming.
“Failing to implement appropriate cybersecurity measures may expose [finance sector organizations] to reputational as well as enforcement risks, including severe fines under the GDPR,” warns Sarah Pearce, partner at law firm Hunton Andrews Kurth. “We are seeing an increased focus on operational resilience with upcoming legal frameworks on cybersecurity evolving and becoming more prescriptive.”
DORA (Digital Operational Resilience Act) regulations are set to take effect across the EU in January 2025, bringing with them a requirement for banks to establish comprehensive risk management frameworks.
“Within the next year, banks will, for example, be required to comply with considerable cybersecurity obligations under DORA,” according to Pearce. “Obligations will vary depending on the specific type of products and services they offer.”
