More than half of companies believe current data sets are already threatened by future advances in quantum computing, according to a new study by Deloitte.
In the survey of more than 400 cybersecurity professionals, 50.2% of respondents said their organization is at risk of “harvest now, decrypt later” attacks, in which cybercriminals extract encrypted data in anticipation of the time when quantum computers will are able to crack existing cryptographic algorithms.
This phenomenon is known as “Q Day” which experts believe will occur in the next 5-10 years. Without the development of quantum-proof encryption, this could potentially leave all digital information vulnerable to threat actors.
Speaking in the Q3 2022 issue of info security Magazine Joseph Carson, Chief Security Scientist and Consulting CISO at Delinea stated, “Quantum computing poses a serious risk to one of the most fundamental building blocks of the security industry, and that is encryption for everything in the digital world that we encrypt with Today’s private key will be decryptable with a quantum computer in the near future.”
Encouragingly, nearly half of respondents (45%) in the Deloitte survey expect their organization to complete assessments of potential post-quantum encryption vulnerabilities within the next 12 months, with a further 16.2% expecting this process to continue in the next two to five years.
However, many organizations seem to have a reactive attitude toward adopting new methods of cryptography. About a quarter (27.7%) believe that advances on their organization’s quantum computing security risk will most likely follow regulatory pressure to pass legislation or policies, or be mandated by leadership. Others admitted that it takes a cyber incident, such as B. the exfiltration of sensitive data to drive action in this area (11.7%) or the request of customers or shareholders (6.8%).
Colin Soutar, Ph.D., US Quantum Cyber Readiness Leader and Deloitte Risk & Financial Advisory Managing Director, Deloitte & Touche LLP, commented, “It is encouraging to see that so many of the quantum computing-aware organizations similarly sensitized to the security implications that the new technology brings with it. However, it’s important to note that “harvest now, decrypt later” attacks are something that all companies face in a post-quantum world – whether they’re considering leveraging quantum computing or not.
“As quantum awareness grows in boardrooms, C-suites, and security teams, we hope that corporate efforts to prepare for post-quantum cyber risk management will also increase.”
Work is currently underway to develop quantum-secure cryptography. The US Department of Commerce’s National Institute of Standards and Technology (NIST) is in the process of selecting the encryption algorithms to become part of its planned PQC (Post-Quantum Cryptographic) standard.
Additionally in the Q3 issue of info security Magazine, Benjamin David examined the world’s first commercial test of a quantum-proof subway network and what it means for cybersecurity.
During Infosecurity Magazine’s upcoming Online Summit – North America 2022, a panel will discuss how organizations can prepare for the post-quantum era.