Facing The Quantum Challenge

Uploaded on 2024-04-29 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Quantum Computing

The digital world we rely on stands at the precipice of a major challenge: quantum computers. These powerful machines, still young but rapidly maturing, have the potential to shatter the foundation of our encryption, jeopardising the security of online transactions, communications, and data.

Algorithms like RSA and ECC, currently safeguarding our digital landscape, will become vulnerable to quantum attacks at an alarming rate.

Experts worldwide acknowledge the urgency to prepare. Standard bodies, academics and industry players are working diligently to develop solutions, and the race is on to find and implement quantum resistant encryption methods.

PQC: The Quantum Shield

Post-quantum cryptography (PQC) acts as a beacon of hope, representing a paradigm shift in encryption. Leading the charge has been the United States National Institute of Standards and Technology (NIST), who are strongly advocating for the development and standardisation of PQC algorithms.

Unlike traditional methods, PQC leverages entirely different mathematical principles, making it resistant to the unique capabilities of quantum computers. Think of it as building a new and stronger fortress to protect our digital assets in the face of powerful new capabilities in computing.

Quantum Readiness Needs To Be A boardroom Discussion

The risk is real and requires action now - an example of a current risk is the 'harvest now and decrypt later’ problem. This approach involves adversaries collecting encrypted data today with the intent to decrypt it later using quantum computers.  Every enterprise has encrypted transactions, intellectual property and digitally signed contracts that will be at risk in the future.

Taking accountability for this risk is the responsibility of the C-suite and mitigating this risk sooner rather than later is best driven top-down.

Boardrooms need to recognise this reality and actively engage in these discussions around quantum readiness. Frankly, if a business is not already preparing for quantum, it’s likely that they could be too late already - this is the severity of the threat which many don’t realise. Proactive leadership is required to understand the broader implications of quantum computing and recognises the urgent need to invest in future-proof solutions like PQC.

Big Tech Is Taking A Step In The Right Direction

Recent news shows that Apple is paving the way for other businesses as they have upgraded iMessage to withstand decryption by quantum computers. This implementation of quantum-safe algorithms by a major player like Apple suggests that even industry giants are acknowledging the very real possibility of quantum hacking. 

This development could serve as a potential catalyst, encouraging other tech giants and companies to follow suit. As the industry grapples with the implications of quantum computing, Apple's initiative sets a strong precedent, paving the way for a collective effort towards securing the digital future.  

The Secret Weapon: Crypto-agility

The key to navigating this new landscape lies in crypto-agility, the ability to adapt encryption mechanisms to evolving threats. PQC is a crucial step for this, which requires taking inventory of your cryptographic assets and migrating all digital certificates to new PQC-enabled versions.
 
Although this may sound like a gruelling task, it doesn’t have to be. Think of it like swapping out the lock mechanism on a door, instead of replacing the entire door frame. There is also opportunity for phased rollout, where critical systems and data can be prioritised for PQC adoption first, followed by less sensitive areas. This means businesses can leverage their existing infrastructure while adopting new, secure algorithms. 

Building Secure Futures: A Proactive Approach 

As a society, we are more interconnected than ever with new IOT devices, services and applications constantly being built and developed. That’s why moving forward, creating new systems with quantum safe PKI and PQC in mind from the very beginning is vital. This proactive approach ensures long-term security against future quantum threats, especially for devices with extended lifespans.

The potential of quantum computing is undeniable, but so is the threat it poses to our digital security.

Businesses who collectively embrace PQC as imperative are the key to navigating the quantum era with confidence. By working together, it’ll be possible to unlock the benefits of this powerful technology while safeguarding our digital world for generations to come.

Jason Soroko is SVP of Product Management at Sectigo

Image: Shubham Dhage

You Might Also Read: 

CISA's Post-Quantum Cryptography Initiative:

DIRECTORY OF SUPPLIERS - Post-Quantum Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Creating Successful Cybersecurity Solutions
AWS & Google Agree To Drop Cloud Service Exit Fees »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

RunSafe Security

RunSafe Security

RunSafe Security is the pioneer of a patented cyberhardening transformation process designed to disrupt attackers and protect vulnerable embedded systems and devices.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

Volexity

Volexity

Volexity is a leading provider of threat intelligence and incident suppression services and solutions.

CyberArts

CyberArts

CyberArts is founded on the belief that every single organization deserves and requires the creme de la creme when there is a need for Cyber services.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

CoverWallet

CoverWallet

CoverWallet combines deep analytics, thoughtful design and state of the art technology to help small businesses with all their insurance needs including Cyber Liability.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

Accenture

Accenture

Accenture is a leading global professional services company providing a range of strategy, consulting, digital, technology & operations services and solutions including cybersecurity.

EdgeWatch

EdgeWatch

EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet.

Solcon Capital

Solcon Capital

Solcon Capital is a forward-looking, technology-focused investment firm that is committed to identifying and investing in the most promising areas of innovation and development in the tech industry.

Axians

Axians

Axians supports its customers in their digital transformation journey. We offer ICT solutions and services in areas including Enterprise Networks and Cybersecurity.

Google Safety Engineering Center (GSEC)

Google Safety Engineering Center (GSEC)

GSEC Málaga is an international cybersecurity hub where Google experts work to understand the cyber threat landscape and to create tools that keep users around the world safer online.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.

Vantyr

Vantyr

Vantyr's core mission is to safeguard the business-led adoption of SaaS applications by automating the lifecycle management and security of non-human identities.