The pace and prospect of fraud in the world of finance has never been greater than today, and that pace will only get stronger in the days ahead. To combat this threat, almost every way things are done now to secure data and operate efficiently will need to be re- evaluated and/or redesigned. Fortunately, new technologies are now here that provide controls to mitigate risk and detect fraud.
With the recent announcement by Google of their Willow quantum computing platform, a 30- year-old technology venture has seen its egg crack open. For anyone who may not be aware of how big this news is, it can be compared to the pursuit of cold fusion energy, which has not yet been cracked.
What is quantum computing? In the simplest of terms, it is getting computers to perform millions upon millions of computations quickly with little or no error. Error correcting “qubits” (otherwise known as “logical qubits”) can simultaneously represent a zero and a one in the computer language of binary, where previously a single “bit” could only represent one or the other. Applications that have been considered for use of quantum computing include new drug discovery, artificial intelligence gains, finance and banking, climate change modeling, manufacturer efficiencies, traffic planning, and more.
Google’s Willow platform can perform one million computations with only one error.
They are working on what they call a logical “gate,” which will allow for full applications to be developed using Willow. They expect to have three fully error-correcting applications and one million qubits soon, with a long-term goal of having ten or more applications.
So, how fast are these computer platforms? A computation that would take today’s traditional “supercomputers” 10 septillion years—that is 1025, which is older than the universe—to complete can be done in just five minutes using quantum computing.
As with any new technology, there are risks to consider and plan for. With computations happening so quickly compared to non-quantum computers, one large risk is the death of—and yes, I said “the death of”—encryption. Considering the speed of computations, current encryption will become obsolete, as quantum computing applications are designed to quickly crack any encryption currently being utilized. As we look at other technologies, such as cryptocurrency and blockchains, the security of these technologies is designed around the idea that computers are not fast enough to reverse engineer the chains. Again, with quantum computing, these technologies will need to be rethought and/or redesigned. As you look through current technologies, numerous solutions that we have now operate under the premise that computers just aren’t “good enough” yet to do something malicious to this technology.
What does all this mean? Take it from someone who has been a technology guru since he was five years old— technology changes have been occurring faster and faster. Within the last decade, it seems that once a newer technology’s “tip of the iceberg” is discovered, the full implementation of that technology takes less time to become a reality. Keeping this in mind, the length of time for the world to start seeing more and more applications of quantum computing is expected to be very short. We are instructing our clients to begin thinking about how to react to this technology and start putting controls in place now, rather than waiting until the risks become a reality.
Using the encryption example from above, if encryption can no longer be relied upon, industries need to consider controls such as multifactor authentication rather than just traditional encryption and hashing algorithms to secure their data when in transit.
Further, encryption at rest will need to be reviewed, and a new solution for securing data will need to be implemented. Perhaps the solution to the quantum computing risk of being able to crack encryption is to have a quantum computing application that creates encryption that is difficult even for another quantum computer to crack? This has already been thought of and has been coined with the term “quantum-resistant cryptography.” Technologies that use artificial intelligence (antivirus and firewall technologies, for example), which can “learn” what is normal for your specific environment and then quickly block or investigate things that do not appear to be normal, may be a potential solution for some of these risks as well.
The encryption example shows a potential problem (or benefit if quantum computing can improve encryption) from an IT perspective, but let’s also consider the potential non-IT opportunities that can arise. In the banking industry, sales or “cold calls” for potential mortgage shoppers is an area in which we can likely see designed application use. Combined with artificial intelligence, quantum computing can likely make every sales call much more valuable and less of a “probe” to determine whether the client might be shopping around for a mortgage. Quantum computing is likely going to be able to provide a much more accurate list of potential customers than what the banks are currently getting and make the process of sales calling much more efficient.
Imagine the efficiencies gained when your mortgage sales staff are talking to people every day that are already shopping for a loan, instead of having over half of their calls ending abruptly because the current algorithm that told them that this potential customer might rate shopping was inaccurate/not yielding effective results/etc. Of course, this kind of data collection may raise questions in the area of privacy policies and customer disclosures as well because quantum computing and artificial intelligence will be acquiring knowledge from various places where it may not technically be public. Similarly, quantum computing is likely going to make processes such as daily balancing and reconciliations much easier, faster, and more efficient. The applications of making menial tasks quicker, easier, and more efficient can potentially reach every area of an organization. The remaining question will likely lead to determining how staff members can be utilized in other areas since the organization/bank will be saving hours of time each day through these efficiencies
In short, nearly all current methods for securing data and ensuring operational efficiency will require assessment and potential redesign. With these major risks expected soon, now is the time to be taking a look at controls to mitigate risk and detect fraud.
About the Author:
Jeremy S. Burris, CISA, CISSP, MCP, L|PT, CPTS, C|EH, ECSA, SECURITY+, Principal, Information Technology, Chief Technology Officer, S.R. Snodgrass, P.C.
With over 20 years of information systems audit and controls involvement, Jeremy’s focus is all aspects of Information Technology, including Cybersecurity and network Attack and Penetration testing. He brings a security- first mindset to every IT engagement, with deep experience in audits, penetration testing, and strategic IT planning. He holds multiple certifications, including Certified Ethical Hacker and Licensed Penetration Tester.
Jeremy’s technical experience includes proficiency in Microsoft Windows server and desktop environments; various versions of Linux, Kirchman Bankway Financial application; network security; and data analysis. Please feel free to reach out to Jeremy at jburris@srsnodgrass.com.
