Enterprises need to start planning now for post-quantum security
The power that quantum computing makes available offers benefits in many areas, but it also means cracking encryption becomes much easier, which poses an enormous threat to data and user security.
At its annual Trust Summit conference, DigiCert has released the results of a global study exploring how organizations are addressing the post-quantum computing threat and preparing for a safe post-quantum computing future.
The findings reveal that while IT leaders are concerned about their ability to prepare in the timeframes needed, they are hampered by obstacles which include lack of clear ownership, budget and executive support.
It finds that 61 percent of those surveyed are concerned that their organization will not be prepared to address the security implications of PQC. 74 percent of organizations are concerned that bad actors can conduct 'harvest now, decrypt later' attacks, in which they collect and store encrypted data with the goal of decrypting it in the future.
It also shows that IT leaders believe that cyberattacks are becoming more sophisticated (60 percent), targeted (56 percent) and severe (54 percent).
IT leaders expressed concern about the timeframes in which to prepare. 41 percent say that their organizations have less than five years to get ready. The biggest challenges are not having enough time, money and expertise to prepare, with almost half of respondents saying that organizations' leadership is only somewhat aware or not aware about the security implications of quantum computing.
Many organizations are also in the dark about the characteristics and locations of their cryptographic keys. Slightly more than half of respondents (52 percent) say their organizations are currently taking an inventory of types of cryptography keys used and their characteristics.
"PQC is a seismic event in cryptography that will require IT leaders to begin preparation now. Forward-thinking organizations that have invested in crypto agility will be better positioned to manage the transition to quantum-safe algorithms when the final standards are released in 2024," says Amit Sinha, CEO of DigiCert.
The full report is available from the DigiCert site.
Photo Credit: The World in HDR / Shutterstock.com