Facing The Quantum Challenge

Uploaded on 2024-04-29 in TECHNOLOGY--Developments, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Quantum Computing

The digital world we rely on stands at the precipice of a major challenge: quantum computers. These powerful machines, still young but rapidly maturing, have the potential to shatter the foundation of our encryption, jeopardising the security of online transactions, communications, and data.

Algorithms like RSA and ECC, currently safeguarding our digital landscape, will become vulnerable to quantum attacks at an alarming rate.

Experts worldwide acknowledge the urgency to prepare. Standard bodies, academics and industry players are working diligently to develop solutions, and the race is on to find and implement quantum resistant encryption methods.

PQC: The Quantum Shield

Post-quantum cryptography (PQC) acts as a beacon of hope, representing a paradigm shift in encryption. Leading the charge has been the United States National Institute of Standards and Technology (NIST), who are strongly advocating for the development and standardisation of PQC algorithms.

Unlike traditional methods, PQC leverages entirely different mathematical principles, making it resistant to the unique capabilities of quantum computers. Think of it as building a new and stronger fortress to protect our digital assets in the face of powerful new capabilities in computing.

Quantum Readiness Needs To Be A boardroom Discussion

The risk is real and requires action now - an example of a current risk is the 'harvest now and decrypt later’ problem. This approach involves adversaries collecting encrypted data today with the intent to decrypt it later using quantum computers.  Every enterprise has encrypted transactions, intellectual property and digitally signed contracts that will be at risk in the future.

Taking accountability for this risk is the responsibility of the C-suite and mitigating this risk sooner rather than later is best driven top-down.

Boardrooms need to recognise this reality and actively engage in these discussions around quantum readiness. Frankly, if a business is not already preparing for quantum, it’s likely that they could be too late already - this is the severity of the threat which many don’t realise. Proactive leadership is required to understand the broader implications of quantum computing and recognises the urgent need to invest in future-proof solutions like PQC.

Big Tech Is Taking A Step In The Right Direction

Recent news shows that Apple is paving the way for other businesses as they have upgraded iMessage to withstand decryption by quantum computers. This implementation of quantum-safe algorithms by a major player like Apple suggests that even industry giants are acknowledging the very real possibility of quantum hacking. 

This development could serve as a potential catalyst, encouraging other tech giants and companies to follow suit. As the industry grapples with the implications of quantum computing, Apple's initiative sets a strong precedent, paving the way for a collective effort towards securing the digital future.  

The Secret Weapon: Crypto-agility

The key to navigating this new landscape lies in crypto-agility, the ability to adapt encryption mechanisms to evolving threats. PQC is a crucial step for this, which requires taking inventory of your cryptographic assets and migrating all digital certificates to new PQC-enabled versions.
 
Although this may sound like a gruelling task, it doesn’t have to be. Think of it like swapping out the lock mechanism on a door, instead of replacing the entire door frame. There is also opportunity for phased rollout, where critical systems and data can be prioritised for PQC adoption first, followed by less sensitive areas. This means businesses can leverage their existing infrastructure while adopting new, secure algorithms. 

Building Secure Futures: A Proactive Approach 

As a society, we are more interconnected than ever with new IOT devices, services and applications constantly being built and developed. That’s why moving forward, creating new systems with quantum safe PKI and PQC in mind from the very beginning is vital. This proactive approach ensures long-term security against future quantum threats, especially for devices with extended lifespans.

The potential of quantum computing is undeniable, but so is the threat it poses to our digital security.

Businesses who collectively embrace PQC as imperative are the key to navigating the quantum era with confidence. By working together, it’ll be possible to unlock the benefits of this powerful technology while safeguarding our digital world for generations to come.

Jason Soroko is SVP of Product Management at Sectigo

Image: Shubham Dhage

You Might Also Read: 

CISA's Post-Quantum Cryptography Initiative:

DIRECTORY OF SUPPLIERS - Post-Quantum Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Creating Successful Cybersecurity Solutions
AWS & Google Agree To Drop Cloud Service Exit Fees »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

Eseye

Eseye

Eseye is a global specialist supplier of cellular internet connectivity for intelligent IoT (Internet of Things) devices.

ZenMate

ZenMate

ZenMate is a Virtual Private Network services provider offering secure encrypted access to the internet.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

NetSecurity

NetSecurity

NetSecurity is a Brazilian company specializing in Information Security. We provide Managed Security Services (MSS), network security solutions and other specialist services.

Panorays

Panorays

Panorays automates third-party security lifecycle management. It is a SaaS-based platform, with no installation needed.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Audea

Audea

Audea is a consultancy firm specialising in cybersecurity, risk and compliance. We provide professional services addressing all areas of Cybersecurity and GRC.

SharkStriker

SharkStriker

SharkStriker is a US based managed security services provider with SOCs and offices across the globe.

Yogosha

Yogosha

Yogosha is a crowdsourced cybersecurity platform enabling a win-win collaboration with the most talented hackers to detect and fix vulnerabilities on your most critical systems.

Cloudsec Asia

Cloudsec Asia

Cloudsec Asia is Thailand's top-ranked cybersecurity consultant company. We offers security services to ensure that all your IT assets are reliable, accessible, and secure.

Turk Telekom

Turk Telekom

Turk Telekom is the first integrated telecommunications operator in Turkey.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

Rootly

Rootly

Rootly is an incident management platform on Slack that helps automate manual admin work during incidents.

Threater

Threater

Threater (formerly ThreatBlockr / Bandura Cyber) is a cybersecurity platform that provides active network defense by automating the discovery, enforcement, and analysis of cyber threats at scale.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.