PYMNTS-MonitorEdge-May-2024

Making Sense of Quantum Data Defense in the Payments Space

Cyberthreats: Why Proactive Security Is Inevitable for Businesses

For firms in security-critical areas like financial services and payments, it’s time to pay attention to cybersecurity. A data breach in these industries doesn’t just mean a lost paycheck; it could trigger a financial disaster on a global, digitally interconnected scale.

And with the news this week, per a filing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), that the February ransomware attack on Change Healthcare resulted in the theft of personal data from approximately 100 million individuals, standing up safe cyber strategies, investing in infrastructure, and — most importantly — being proactive about the growing threat is top of mind for businesses.

Even the biggest enterprises are putting their money where their mouth is when it comes to cybersecurity.

Per a Thursday (Oct. 24) report, Microsoft CEO Satya Nadella asked for, and received, a reduction in the cash portion of his pay after the U.S. government lambasted Microsoft for its “inadequate” cybersecurity strategies in the face of several high-profile breaches.

But even for firms that recognize the rising digital threat, the road to ironclad cybersecurity is anything but smooth. Transitioning to cutting-edge protocols isn’t just about upgrading a firewall — it’s a full-scale overhaul of existing systems, requiring investments in new tech, training for teams and a deep dive into best practices. For firms juggling tight budgets, the challenge is figuring out how to prioritize these upgrades before it’s too late.

And if today’s threats weren’t enough, with quantum computing lurking around the corner, firms need to watch out for tomorrow’s threats, too.

Read more: CFOs Suit Up for Cyberwar as Risk Management Evolves

The Threat of a Cyber Attack Plagues All Companies

Firms that want to stay ahead must act fast. Bank of America stressed earlier this month that, “If cybercrime damage were a state, it would be the world’s third-largest economy.” The global bank noted that the cost and prevalence of cyberattacks is growing alongside the increases in digitization and artificial intelligence (AI).

Still, security is far from a one-size-fits-all exercise and depends largely on how solutions are implemented.

“Boards have an increased responsibility for providing effective oversight of cybersecurity and technology risks,” Alicja Cade, director of financial services in the Office of the CISO at Google Cloud, told PYMNTS, saying this is especially true in financial services, where the regulatory environment is becoming more stringent.

Cade said she believes cybersecurity must be “baked into the DNA” of the business. It cannot be siloed within the IT department but must be integrated into every part of the organization, from business processes to leadership decision-making.

Payment firms manage sensitive financial data and execute millions of transactions daily. A breach in these systems could have devastating ripple effects — not only for individual companies but for entire economies. The global interconnectedness of payment networks and the scale at which they operate mean that vulnerabilities in these systems could be exploited rapidly and at massive scale.

“Fraud is growing as fast, or faster, than the pace that the overall B2B market is growing, so we have to fight hard to implement tools and stay ahead of it,” Eric Frankovic, general manager of business payments at WEX, told PYMNTS.

Read more: NIST’s Post-Quantum Cybersecurity Standards Ready for Enterprise Use

Getting Ready for the Q-Day Conundrum

As of now, quantum computers capable of cracking current encryption protocols are still in the developmental stage. But experts warn that these machines could become commercially viable within the next decade. Given the time and resources needed to overhaul cybersecurity systems, firms cannot afford to wait until quantum computers are already in the hands of malicious actors.

With the news Thursday (Oct. 24) that the Pentagon’s chief information officer is focused on migrating the defense department’s systems to quantum-secure networks, the question for execs across the financial services and payments space is, should they be doing the same?

As PYMNTS Intelligence has found, a central challenge the financial services and banking industry now faces is the need both to leverage new technologies and to master the art of securing them.

Michael Jabbara, global head of fraud services at Visa, told PYMNTS last March that scammers have started to steal and hold onto encrypted data in preparation for quantum computing tools to enter the market and allow them to decrypt the information. This kind of threat is known as harvest now, decrypt later (HNDL).

Ensuring the upcoming quantum “leap” doesn’t leapfrog their own defenses is increasingly possible thanks to advances in technology and quantum cyber defense protocols from National Institute of Standards and Technology (NIST).

PYMNTS-MonitorEdge-May-2024