Half of IT pros believe quantum computing could put their data at risk
A new study from Deloitte shows 50.2 percent of professionals at organizations considering quantum computing benefits believe that their organizations are at risk from 'harvest now, decrypt later' (HNDL) cybersecurity attacks.
In HNDL attacks, threat actors harvest data from unsuspecting organizations, anticipating that data can be decrypted later when quantum computing gets sufficiently mature to render some existing cryptographic algorithms obsolete.
"It's encouraging to see that so many of the organizations with quantum computing awareness are similarly aware of the security implications that the emerging technology presents. But, it's important to note that 'harvest now, decrypt later' attacks are something all organizations -- whether or not they’re considering leveraging quantum computing -- stand to face in a post-quantum world," says Colin Soutar, Ph.D., US quantum cyber readiness leader and Deloitte Risk & Financial Advisory managing director at Deloitte & Touche LLP. "As quantum awareness grows within boardrooms, C-suites and security teams, we're hopeful that organizations' efforts to prepare for post-quantum cyber risk management will grow as well."
Almost half of respondents (45 percent) say their organizations expect to complete work on quantum risk assessment within the next 12 months, if not sooner. An additional 16.2 percent expect to conduct such quantum risk assessments within the next two to five years.
Respondents believe quantum computing security risk management efforts will most likely advance following regulatory pressure to adopt legislation or policies (27.7 percent), or leadership demand -- from the board of directors, CISO/CSO, etc. -- to enable the cryptographic agility which can address the algorithms made obsolete by quantum computing (20.7 percent).
"Collaboration between the C-suite, boards and security leaders is needed to drive quantum cyber preparedness. Good cyber hygiene -- such as developing a cryptographic inventory, honing data governance, and managing certificates -- are all good steps for today and for when we are more completely in the quantum era," concludes Soutar.
You can find out more on the Deloitte site.