The rapid advancement of quantum computing technology in recent years has opened up new possibilities for cyber criminals. With the potential to crack heavily encrypted data in the future, these criminals are adopting the strategy of ‘steal now, crack later’. As the industry expects commercial quantum computing offerings to become mainstream by 2030, businesses must start preparing for the potential risks associated with this technology.
The Rise of Quantum Computing and the Security Implications Quantum computing has shown significant progress over the past decade and is predicted to mature further in the coming years. However, this technological development has also captured the interest of cyber criminals who see an opportunity in retaining encrypted data for future decryption. While the exact timeline for powerful quantum computers capable of breaking encryption is uncertain, experts suggest that it could happen within the next decade.
The Potential Threat to Data Security The widely-used RSA algorithm, which has served as a foundation for security measures for the past 30 years, is vulnerable to quantum computing attacks. Gartner reports indicate that conventional asymmetric cryptography could become unsafe by 2029, requiring larger key sizes in just a few years. However, it is unlikely that cyber criminals will routinely crack encrypted files due to the limited access to large-scale data centers and the high cost of quantum computing power. The primary targets for quantum-powered attacks are expected to be nation-state actors or state-sponsored groups seeking highly sensitive information with potential national security implications.
Security Risks Beyond ‘Steal Now, Crack Later’ The risks posed by quantum computing extend beyond the theft and decryption of encrypted data. The encryption used for secure communications, digital signatures, and even blockchain technology can also be compromised. Blockchain companies like Bitcoin and Ethereum are already working on developing quantum-safe protocols to address this concern.
Preparing for Quantum-Powered Attacks Preparation for the potential threats associated with quantum computing begins with a clear understanding of an organization’s risk level and the sensitivity and long-term value of its data. The responsibility for this preparation lies with the CISO or CIO within the organization. Steps may include extending key lengths for data with longer lifespans and implementing quantum-safe encryption for sensitive information.
Building Post-Quantum Readiness Every organization must ensure readiness for a post-quantum world. This involves developing a strategy to manage cryptographic assets such as certificates, keys, secrets, and crypto libraries. The transition to post-quantum encryption is complex and requires careful planning, as the algorithms involved have different properties from the ones currently in use. Each organization will have unique steps to take to prepare for the quantum era, but early action is crucial to avoid disruption and costly implementations.