Quantum computing has the ability to change the world, both for better and worse, and while it may be far off in the future, security teams need to start preparing for the new reality it will usher in.
For better: quantum computers promise to power advances in different fields that would have been unthinkable even a couple of years ago. From the creation of new pharmaceuticals to the simulation of election results, quantum computing offers real and tangible benefits. Already, we’re seeing companies like Google declare “quantum supremacy” in reducing computations from tens of thousands of years to seconds.
Yet as we enter what IBM has termed the Quantum Ready stage of our existence, we can’t afford to ignore the worse, particularly when it comes to quantum computing cybersecurity. Think of a computer that can brute force decrypt a complex high security algorithm, such as RSA, in mere seconds. Then, think of what a hacker could do with such a powerful tool. They could potentially use the power of quantum computing to easily hack into any enterprise network or decrypt sensitive messages with relative ease. It would be like giving them the greatest gift they could ask for.
Some may see this as alarmist. After all, sure, Google may have run some tests and gotten some great results. But, it’s not like quantum computing is ubiquitous. It’s still in the future. Nothing to worry about.
But that’s just not correct.
Quantum computing: the future threat that exists today
As the CTO of McAfee notes, “it is actually an issue for industry today because it is possible for malicious actors to siphon off and store encrypted data, and then decrypt it as quantum computing becomes practical.” In other words, hackers may very well already be hard at work collecting your organizational data. They’re just biding their time until they can use quantum computing to pick the locks.
While it may seem like quantum computing is still a far-flung concept, the reality is that some nation states are already doing it really well. In particular, China and Russia -- two countries that have already shown aggression against private enterprise in the U.S. -- are already well on their way to becoming quantum computing superpowers. Who’s to say they couldn’t simply provide their knowledge or facilities to certain hacker groups or bad actors intent on circumventing the cybersecurity of U.S. businesses?
Many of those businesses use established encryption methods like RSA and PKI (Public Key Encryption), but they’re not unassailable, even today. When quantum computing becomes mainstream, those widely-accepted cryptographic algorithms will be under serious threat. In the words of Alissa Knight, a cybersecurity analyst, “We need to move into a way to defend against quantum computing attacks.”
Preparing today for the worst tomorrow
The good news is that we’re not quite in the future just yet. Quantum computing is definitely coming, and in some respects it’s already here. But, it’s not everywhere -- so far. Which means that there’s still time for organizations to prepare today.
Normally, security teams are attempting to play catch-up to the latest cybersecurity threat. For instance, the Bluekeep vulnerability took many people by surprise, causing security managers to scramble to patch their systems.
The looming quantum computing threat is different. Businesses have been granted an unusual luxury because they know that quantum computing is real, that it is coming, and that it has the potential to be exploited. They can prepare for it today instead of running to protect themselves when it’s already too late.
Security performance management is a good starting point
Establishing a solid security posture today is critical to combating tomorrow’s quantum computing cybersecurity threat. One of the best ways to do that is through proactive, continuous security performance management (SPM). A comprehensive SPM program assesses an organization’s overall security posture and helps teams prioritize and target vulnerabilities, so they can get one step ahead of tomorrow’s threat actors. With security ratings, teams can measure and report on their scores over time, benchmark their performance against their industry peers, and forecast expected security performance over time.
By investing in SPM today, organizations will be ready for the threat posed by quantum computing, but they’ll also gain immediate benefits. Their organizations will be far more secure right now, which is critical in today’s rapidly changing cyberthreat landscape.
After all, there’s no time like the present.