
EVOLVING THREAT LANDSCAPE + Quantum Computing Ervin Daniels todayJanuary 15, 2025 79 1
Navigating the Quantum World
Staying ahead of emerging cybersecurity challenges is essential to protecting your organization’s data and maintaining trust. One of the most significant threats on the horizon is the rise of quantum computing. While quantum technology promises advancements in fields like healthcare and logistics, it also threatens to break the encryption that secures much of today’s digital world. This article explores what CISOs need to know about quantum threats, why it matters now, and how to prepare your organization.
Cryptography is foundational to nearly every aspect of our digital world, securing the systems and data we rely on daily. From safeguarding communications to protecting critical infrastructure, cryptography ensures the integrity, confidentiality, and authenticity of digital interactions. However, as quantum computing advances, the cryptographic safeguards underpinning these domains face unprecedented risks.
Examples of Cryptography in Action:
The above examples of cryptography keep us safe today. Today’s traditional encryption methods, such as RSA, ECC (Elliptic Curve Cryptography), and DSA (Digital Signature Algorithm), rely on mathematical problems nearly impossible for classical computers to solve in a reasonable timeframe. Quantum computers, however, can solve these problems exponentially faster using algorithms like Shor’s, putting today’s encryption at risk.
A particularly urgent concern is the “harvest now, decrypt later” threat. What does this mean in practical terms? A malicious actor has multiple paths to taking advantage of unprepared organizations.
Even before quantum computers are generally available, cybercriminals are finding ways to break into companies’ systems, stealing (or “harvesting”) large amounts of encrypted data and saving it for later. Once quantum computers are fully developed, cybercriminals can use them to crack the stolen encryption and access stolen data. This is called a “Harvest now, decrypt later” attack. This risk should be a big concern if you’re a company handling sensitive information, like sensitive customer data, financial data, and healthcare records, that must stay safe for 5-7 years.
When quantum computers become powerful enough (called “cryptographically relevant”), unprepared companies could face even more significant problems, such as:
Organizations that don’t prepare for these risks could face future security and trust issues.
As the cybersecurity landscape evolves, organizations must prioritize crypto-agility—the ability to swiftly replace or update cryptographic algorithms, encryption keys, and protocols without disrupting operations or requiring extensive system overhauls. Achieving crypto-agility ensures that systems remain secure against emerging threats, including those posed by quantum computing. The path to crypto-agility requires a strategic, phased approach to ensure minimal disruption while addressing vulnerabilities and future-proofing your organization’s security.
Here are three strategic phases:
Phase 1: Understanding and Discovery
Begin by assessing your organization’s current cryptographic environment. Identify outdated encryption methods, such as those used in legacy systems or payment processes, and map out dependencies within applications, networks, and storage systems. This discovery phase helps pinpoint areas of risk and provides a clear starting point for transformation.
Phase 2: Strategy Development
Once you understand the scope of your cryptographic usage, prioritize critical areas that pose the greatest risk or have the highest business impact. Develop a phased transformation plan guided by governance frameworks, ensuring alignment with organizational objectives. This phase sets a clear roadmap for addressing vulnerabilities while maintaining operational efficiency.
Phase 3: Remediation and Agility
The final phase focuses on replacing outdated cryptographic algorithms with newly approved quantum-resistant algorithms to secure systems against future quantum-enabled attacks. In 2024, the National Institute of Standards and Technology (NIST) finalized its first set of post-quantum cryptographic standards, selecting algorithms designed to withstand quantum threats. These include:
Additionally, IBM’s FN-DSA (FALCON) has been selected for future standardization. By adopting these algorithms, organizations can secure critical systems while staying aligned with global standards.
Crypto-agility ensures that organizations can remain secure in the face of ever-changing threats. This means creating processes and deploying technologies that enable rapid adaptation. It reduces the risk of data breaches caused by outdated encryption and positions organizations to adopt new cryptographic standards without significant disruptions. By taking a phased approach, businesses can address vulnerabilities systematically while preparing for future advancements in cybersecurity. This approach empowers organizations to safeguard sensitive data and maintain trust in an increasingly uncertain digital landscape.
The quantum threat is already here with the “harvest now, decrypt later” approach. Immediate action is needed. Focus on gaining visibility, prioritizing vulnerabilities, and managing your organization’s security posture. Ensure compliance with emerging quantum-safe standards to maintain trust and regulatory alignment. Partner with trusted leaders like IBM to adopt a proactive and comprehensive quantum-safe strategy.
Quantum computing presents both challenges and opportunities, but the key to success lies in preparation. By addressing today’s threats, CISOs can build resilient organizations ready to navigate the quantum future.
Cybersecurity Architect with over 25 years of Technology and Security leadership and hands-on experience across various industries (retail, public, financial services, and technology).
Written by: Ervin Daniels
Cybersecurity Architect with over 25 years of Technology and Security leadership and hands-on experience across various industries (retail, public, financial services, and technology).
EVOLVING THREAT LANDSCAPE Ervin Daniels
©2020 Ervin Daniels. Designed By Tru Brand Media Disclaimer: Opinions expressed are solely my own and do not express the views or opinions of IBM.
Post comments (0)