SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Quantum computing will pose risks to enterprise encryption
Thu, 24th Oct 2019
FYI, this story is more than a year old

The internet of things is becoming a backbone for technology worldwide, and quantum computing is developing right alongside it. While quantum computing can bring the potential for development, there are also plenty of risks.

According to a DigiCert survey of 400 enterprise organisations across Japan, Germany and the United States, 55% believe that quantum computing and post Quantum Crypto  is a ‘somewhat to extremely large' security threat at the present time, with 71% it will only become more of a threat in the future.

Organisations believe that IT teams should be aware of quantum computing. According to the survey, 83% of respondents believe that IT must learn about quantum-safe security practices.

However, quantum computing presents significant security challenges.

These include: High costs to battle and mitigate quantum threats; Data stolen today is safe if encrypted, but quantum attacks will make this data vulnerable in the future; and encryption on devices and applications embedded in products will be susceptible.

Additionally, cost; lack of staff knowledge; and a concern that TLS vendors won't have upgraded certificates in time were all cited as concerns.

To deal with those challenges, 95% of surveyed respondents say they are discussing at least one tactic to prepare for quantum computing.

As organisations prepare for quantum computing, 56% of respondents are establishing a PQC budget. Respondents are also beginning to understanding their current level of risk, building knowledge about PQC and developing TLS best practices.

“It is encouraging to see that so many companies understand the risk and challenges that quantum computing poses to enterprise encryption,” says DigiCert industry and standards technical strategist, Tim Hollebeek.

“With the excitement and potential of quantum technologies to impact our world, it's clear that security professionals are at least somewhat aware of the threats that quantum computers pose to encryption and security in the future. With so many engaged, but lacking good information about what to do and how to prepare, now is the time for companies to invest in strategies and solutions that will help them get ahead of the game and not get caught with their data exposed when the threats emerge."

The survey suggests three best practices for companies ready to start planning their strategies for securing their organizations for the quantum future:

1. Know your risk and establish a quantum crypto maturity model.

2. Understand the importance of crypto-agility in your organization and establish it as a core practice.

3. Work with leading vendors to establish digital certificate best practices and ensure they are tracking PQC industry progress to help you stay ahead of the curve, including with their products and solutions. Change rarely happens quickly, so it's better not to wait, but to address your crypto-agility now.