Share

Is it time for companies to quantum-proof their data?

Quantum computers aren’t here, but their threat is
Is it time for companies to quantum-proof their data?
There's a cyberattack every 11 seconds, and the average financial impact of the attack for an affected organization is upwards of $10 million

Companies such as Google and IBM have been working on quantum computers (QCs) for well over a decade. They assert QCs will be an order of magnitude faster when pitted against traditional computers. And, according to experts, one aspect of computing they’ll have a profound impact on is cybersecurity.

While breakthroughs about QCs hit newswires occasionally, they still remain firmly in the domain of research. In fact, Google and XPRIZE have just announced a $5-million-dollar competition to help find a real-world use of the technology.

But if QCs aren’t here yet, why should businesses invest in defending against them?

David McNeely, CTO at Delinea, which provides privileged access management (PAM) solutions, believes while the immediate risk appears low, it’s about time companies start assessing their options.

Read | Investopia 2023: A look at quantum computing and AI

For one, he says, quantum computing is advancing rapidly. “According to some theories, it is growing much faster than traditional computing, which follows Moore’s Law,” says McNeely. “If we take into account the increased financial investments made into quantum technology, the prospect of an exponentially faster, usable quantum computer by 2030 becomes more of a possible reality.”

Quantum apocalypse

Commenting on what’s at stake, McNeely says “encryption secures our online interactions, but the rise of (QCs) poses a significant threat as these powerful machines have the potential to break current encryption algorithms.” 

Greg Welch, CEO, CyberProtonics, which develops quantum-proof cybersecurity solutions, agrees. “It’s not a question of if Q-day is coming, it’s a matter of when.” Q-Day is the hypothetical day when QCs will be able to crack our public encryption systems.

According to Welch, Q-day threats aren’t just for corporate networks. He argues that with the prevalence of remote work, the new edge of the corporate network is the remote office. 

Read: UAE identifies 10 future trends for the next decade

“Any internet-connected device at home can be impacted by Q-day attacks, from streaming services to connected IoT devices and your home WiFi connected devices,” says Welch. “Organizations encrypting all their data at the source of creation can help those [remote] users secure their entire connected home.”

Attacking the future

From a security perspective, McNeely says it is always a good idea to stay one step ahead of cyber criminals. 

He agrees that while QCs can’t yet break current encryption, it’s reasonable to assume that hackers with resources, such as nation-state actors, are already thinking about how they will exploit this new technology. 

He backs his argument pointing to a 2022 Deloitte poll, which highlighted the risk of criminals adopting the “hack/harvest now, decrypt later (HNDL)” technique. HNDL involves hackers stealing the encrypted data now, and then waiting until they can run it through a QC when available.

David Boast, general manager, MENA at Endava — which among other things helps businesses secure their software — agrees with this view. He says HNDL attacks warrant that organizations take a critical look at their present-day infrastructures and security measures.

Read | Investopia 2023: Quantum computing investment is the new economy next 2 years

Welch quantifies the threat pointing to estimates that note that there’s a cyberattack every 11 seconds. He says the average financial impact of an attack for an affected organization is expected to be upwards of $10 million, adding up to a staggering $10.5 trillion. 

“Organizations should therefore invest now to protect against breaches and recognize encryption as just a part of a multi-layered security environment that must account for people, processes, and technologies,” suggests Boast.

Deploying quantum security

In that aspect, McNeely shares that the industry already has the technology to secure data with new types of encryption. He says the US National Institute of Standards and Technology (NIST) is currently working on standardizing post-quantum cryptography algorithms. 

In fact, he says there are several promising candidates. He particularly points to IBM’s CRYSTALS-Kyber algorithm, which is based on a mathematical problem that is much harder for QCs to solve. This makes it more resistant to both conventional and quantum attacks.

As per Boast, the fear of quantum threats will breathe life into a healthy market of quantum protection solutions. However, he believes, the actual appetite, pace and need for adoption of quantum-resistant security depends on several factors.

“The challenge here will be to identify the right point at which to invest,” says Boast. “As with any rapidly maturing technology, the cost to adoption can be expected to rapidly decrease, thus almost burdening first movers.” 

Read: A ‘quantum supremacy’ breakthrough could transform our world

Furthermore, he says organizations will have a tough time developing the skills necessary to deliver and maintain impactful deployments. Given the severity of the threat, however, he expects providers of critical services, such as BFSI, government entities, and such, to be “forced into action”.

Vitaliy Trifonov, head of services group at cybersecurity company Group-IB, suggests organizations transition to quantum-secure cryptography gradually. He says they either deploy parallel quantum solutions, do a phased migration, or a complete overhaul. 

Regardless of the approach, he insists, it’s time for organizations to take action. “Waiting for quantum-resilient cryptographic standards and regulations may leave organizations vulnerable,” says Trifonov. “Embracing the quantum era now is essential to safeguard sensitive data and reap its benefits confidently.”

For more stories on tech, click here.

The stories on our website are intended for informational purposes only. Those with finance, investment, tax or legal content are not to be taken as financial advice or recommendation. Refer to our full disclaimer policy here.