Organizations should make these 3 changes now to protect against the quantum computing threat

Quantum computing will enable great innovations in the future, but it will be accompanied by risks. Accelerated developments within the field of quantum computing are expected to disrupt many industries. The continuous developments in the quantum computing industry, however, are shortening the time within which quantum computers could break some encryption systems. The potential of quantum computers to break the security of common activities in our daily lives could have severe consequences. The quantum threat will increase data breaches of sensitive health and financial personal data, challenge the integrity of digital documents and break certain cryptocurrency encryption.

Although there is a wide range of opinions on when quantum computers might be powerful and stable enough to affect our current encryption systems, it is important to note the issue is not necessarily when the quantum threat materialises, but what the relative risk is over time. Furthermore, with the risk of 'harvest now, decrypt later' attacks, where attackers collect confidential encrypted data to store until they can decrypt it using quantum computers, it is critical to act now.

Any organization possessing information that will be valuable five to 15 years from now should carefully evaluate the consequences of its data exposure in future contexts.

The time window to act is narrowing. Organizations should begin acknowledging the significant risks quantum computers pose. To help kickstart a quantum-secure transition, the World Economic Forum has published a white paper, in collaboration with Deloitte, Transitioning to a Secure Quantum Economy. This provides organizations with guidance on how they can start preparing today.

Although the timeline around the maturity of quantum computers is unclear, the quantum threat should be considered by all key decision-makers. Organizations can start preparing for quantum cryptography threats by doing the following:

There is a large gap between technologists, cybersecurity experts and executive decision-makers. These key organizational stakeholders must come together to create a coherent story that shows the possible organizational impacts of the quantum threat. By educating senior leaders on the systemic impact, while creating urgency and buy-in to act on the quantum threat, the threat will be demystified and the gap between different functions can be closed. This will allow organizations to address the threat from a holistic point of view, including viewpoints from all stakeholders.

This awareness can take the form of workshops and educational training for senior leaders and quantum cyber readiness can be embedded into existing organizational cybersecurity threat assessments.

Many businesses indicate that they are waiting for ‘the right moment’ to kickstart the transition to secure their systems against the quantum threat. It is important to consider how much time it may take your organization to transition to quantum-safe encryption capabilities and to create initial transition plans and roadmaps that include various strategies, such as crypto-agility.

Crypto-agility is a method of switching between cryptographic algorithms seamlessly within a system, without disruption to other parts of the enterprise. With crypto-agile systems, organizations can rapidly switch to a different cryptographic algorithm, if the algorithm in place becomes vulnerable.

Organizations can also assess other technologies used to strengthen cryptography, such as Post-Quantum Cryptography. Or they can consider using technologies based on the characteristics of quantum mechanics, such as Quantum Key Distribution and Quantum Random Number Generation.

When considering kickstarting the transition to protect organizations from the quantum threat, organizations might hesitate to adopt solutions that have not been standardised yet and wonder what impact this might have on their ecosystems. This might be hard to commit to, especially with current labour shortages and the already long list of threats cyber leaders need to give attention to.

Luckily, there is a tangible action that can be taken now, this can be found in embracing hybrid solutions. Organizations can integrate both classical and quantum-ready solutions in a hybrid mode. The benefit of this is having the security of classical solutions layered with novel post-quantum technologies. This means organizations are protected against the quantum threat, whilst not completely depending on new algorithms that have not yet been standardised.

Starting to prepare on time is a great way to achieve protection against the quantum threat. This can be achieved through strategising with technologists, senior leaders and cybersecurity experts supported by the right classical and post-quantum technologies. Starting these discussions now might have a significant impact on how businesses will experience the transition toward the quantum era.

More guidance can be found in the Forum’s white paper on Transitioning to a Secure Quantum Economy. This includes insights on the quantum threat; an overview of various available technologies used to mitigate the quantum threat; guidance on what organizations can do to execute their transition, including perspectives on various drivers to kickstart a transition; and a quantum risk management framework.