When it comes to cybersecurity, you can never let down your guard. You’re always awaiting the next threat. It’s like playing a never-ending game of Whack-a-mole. No sooner do you clobber one threat, up pops another. Quantum computing does pose a threat – but not just yet, says Rob Jenks, Senior Vice President, Corporate Strategy, at the cyber firm Tanium.
If you’ve ever played Whack-a-mole, there’s one thing you’ll know for sure. It can be hugely frustrating and unyielding — until your money runs out. In the world of cybersecurity, battling threats is much the same. It’s relentless. There is no time out. No rest. No breaks. What’s more, for those of us dedicated to blunting these attacks, we’re not just focused on the current wave of them. We’re also looking ahead to the next big thing — to what the next generation of cyber criminals may have up their sleeve.
One such emerging technology is quantum computing, which has the potential to solve complex problems much faster than traditional computers.
What is quantum computing
It’s based on the principles of quantum mechanics and the creation of quantum bits or “qubits” that can exist in multiple states simultaneously. While traditional computers process information using bits that are either 0 or 1, quantum computers process information using qubits that can be both 0 and 1 at the same time.
This means that quantum computers can process many calculations simultaneously, leading to a significant increase in processing speed and the ability to handle large amounts of data more efficiently. In practical terms, that enhanced computer processing could be used to streamline complex supply chain logistics. It could also be used in the financial industry to number crunch eye-watering amounts of data. Or it could be employed to help the pharmaceutical industry speed up the development of new drugs.
But this computing power could also be used to crack many of the encryption schemes that we currently use to protect sensitive data. And it’s that potential threat that is a concern to cyber security professionals.
We should acknowledge that many encryption schemes are based on mathematical problems that are difficult to solve, even for traditional computers. However, quantum computers have the potential to solve these problems much faster. And if that were to happen, it would render many of these encryption schemes obsolete.
And it is this potential to crack existing encryption techniques that not only endangers the digital economy but the safety and security of governments and countries too. It is in light of this potential threat that security experts are leaning towards a new approach using quantum-resistant algorithms.
Although these algorithms already exist, we can’t be sure if they work since there isn’t yet a quantum computer large enough to validate them. But it’s only a matter of time.
Don’t worry — yet
The good news is that while this cybersecurity threat is real, it is unlikely to happen any time soon. Experts reckon it’s still a decade or so from reality.
What’s more, Western governments and companies are already working together to prepare themselves for a time when quantum computing starts to present challenges.
In the US, for example, President Biden has already signed into law the Quantum Computing Cybersecurity Preparedness Act, which encourages federal agencies to adopt technology that is protected from decryption by quantum computing. And where the US leads, others will follow. So, while there is no imminent danger of a cyber-attack powered by quantum computing any time soon, we still need to be vigilant.
What actions should we take?
For those who want to be ready for what’s coming around the corner, the key to addressing this new threat is preparation and planning. And that includes maintaining existing high levels of cyber hygiene.
That means carrying out a complete inventory of existing cryptographic assets and certificates to ensure they’re all up to date. Not only does this mean that your data and IT estate are protected today, but it also means you’ll be ready for the wholesale migration to using quantum-resistant algorithms when the time is right.
Of course, there’s nothing stopping organisations from focusing on the threats posed by quantum computing today. But since this threat is still some way off, it may simply be an unnecessary waste of time, effort, and resources. Instead, it would be far more productive to invest this energy in robust cyber hygiene methods to tackle today’s threats — however mundane that may seem.
That means protecting data and assets with the most up-to-date cryptographic methods available. It means ensuring employees are properly trained to suss out phishing emails. It means reinforcing cyber security protocols across the board to ensure optimal readiness. In other words, while it’s important to consider the threats of tomorrow, we should not do so at the expense of overlooking the threats.
There seems little doubt that in a decade or so from now, quantum computing will likely pose a threat to existing technology. We still have ample time to prepare. For now, the advice for organisations is simple. Concentrate on establishing strong cyber-hygiene policies to meet today’s security threats. But don’t ignore the threats that are over the horizon.
