The financial sector faces escalating cyber threats amplified by artificial intelligence (AI) and the advent of quantum computing. AI is being weaponized for sophisticated attacks like deepfakes and AI-driven malware, while quantum computing threatens to render current encryption methods obsolete. This report analyzes these threats, relevant frameworks, and possible countermeasures like quantum cryptography. AI enhances social engineering and phishing attacks via personalized content, lowers entry barriers for cybercriminals, and introduces risks like data poisoning and adversarial AI. Quantum computing, particularly Shor's algorithm, poses a fundamental threat to current encryption standards (RSA and ECC), with estimates suggesting cryptographically relevant quantum computers could emerge within the next 5-30 years. The "harvest now, decrypt later" scenario highlights the urgency of transitioning to quantum-resistant cryptography. This is key. Existing legal frameworks are evolving to address AI in cybercrime, but quantum threats require new initiatives. International cooperation and harmonized regulations are crucial. Quantum Key Distribution (QKD) offers theoretical security but faces practical limitations. Post-quantum cryptography (PQC) is a promising alternative, with ongoing standardization efforts. Recommendations for international regulators include fostering collaboration and information sharing, establishing global standards, supporting research and development in quantum security, harmonizing legal frameworks, promoting cryptographic agility, and raising awareness and education. The financial industry must adopt a proactive and adaptive approach to cybersecurity, investing in research, developing migration plans for quantum-resistant cryptography, and embracing a multi-faceted, collaborative strategy to build a resilient, quantum-safe, and AI-resilient financial ecosystem
翻译:金融行业正面临由人工智能(AI)和量子计算兴起而加剧的升级网络威胁。AI正被武器化用于深度伪造和AI驱动恶意软件等复杂攻击,而量子计算则可能使当前加密方法失效。本报告分析了这些威胁、相关框架以及量子密码学等可能的应对措施。AI通过个性化内容增强了社会工程和钓鱼攻击,降低了网络犯罪门槛,并引入了数据投毒和对抗性AI等风险。量子计算,尤其是Shor算法,对当前加密标准(RSA和ECC)构成了根本性威胁,预估具有密码学意义的量子计算机可能在5-30年内出现。"先窃取,后解密"场景凸显了向抗量子密码学过渡的紧迫性。现有法律框架正在演进以应对网络犯罪中的AI,但量子威胁需要新的举措。国际合作与协调监管至关重要。量子密钥分发(QKD)提供了理论安全性但面临实际限制。后量子密码学(PQC)是一种有前景的替代方案,标准化工作正在进行中。对国际监管机构的建议包括促进合作与信息共享、建立全球标准、支持量子安全研发、协调法律框架、推广密码敏捷性以及提高认知和教育。金融行业必须采取主动且适应性的网络安全方法,投资研究、制定抗量子密码学的迁移计划,并采用多层面协作策略,以构建具有韧性、量子安全和AI弹性的金融生态系统。