When technology heavyweights like Google, IBM, Honeywell, and Microsoft throwing their quantum computing hats into the ring, it’s clear that a technological arms race is already underway.
Now, while quantum computing could add immense value to the world’s digital economy, it also has the potential to cause harm to its interconnected systems, devices, and data. It’s this particular implication that’s being felt very strongly in cybersecurity communities all over the world. And that’s why the excitement of this cutting-edge technology is also tempered with a good amount of trepidation – and rightly so.
Quantum Computers Can Break Encryption We Rely On
Today’s enterprises depend on to keep their digital ecosystems and data safe. RSA is built on the principles of public key exchange and ‘prime factorization’, a computationally difficult mathematical problem that today’s ‘classical’ computers aren’t equipped to break.
The current standard recommended key length for an RSA encryption key is 2048 bits, which represents an extremely large number of possible keys and a virtually unbreakable cryptography system that has kept enterprise systems safe – so far. But the massive computational muscle of a sufficiently powerful quantum computer tomorrow will break what today’s classical computers cannot do for billions of years.
And when this happens, businesses will find it impossible to ensure the confidentiality, integrity and availability of their transactions. This would be an especially serious concern for organizations generating and storing huge quantities of sensitive data for longer time periods. Their adversaries and criminals will be able to steal this data and raise questions about the validity of their digital identities. Moreover, people won’t be able to trust the data they share with the business, even if it’s encrypted – an eventuality that will affect their reputations and endanger their continuing survival.
The Quantum Threat to Cybersecurity – Y2Q
When quantum computers become large and powerful enough to crack industry-standard cryptographic algorithms, the cybersecurity industry will change forever. It will be a point of no return and is often referred to as Y2Q. After this, every data protection tool and policy we use today could become as good as junk.
Even though we’re fairly safe right now, it would be a big mistake for businesses to act in a “we’ll deal with it when it happens” mindset. Things might change drastically overnight – when this happens, how long until you can completely rethink how you do cybersecurity to adapt to the new realities? This will most likely take you months – and during these months, you’ll be left completely unprotected.
With that in mind, these three things need to happen to help us adapt the cybersecurity industry to the quantum threat beforehand:
- Cybersecurity vendors need to develop quantum-ready protection algorithms and toolsets. These tools will need to use technologies like truly random quantum numbers to enable quantum-safe encryption of data. Quantropi already offers quantum-ready protection in its enterprise security platform QiSpaceTM, so you can consider this point covered.
- Government and international regulatory bodies need to standardize quantum-proof algorithms. Standards will improve the understanding of the strengths and weaknesses of available post-quantum encryption measures and provide inter-compatibility between different quantum-safe solutions. Quantum standardization is underway, with regulatory bodies like the US NIST working on validating post-quantum cryptography.
- Businesses need to upgrade their data protection arsenals with quantum-proof solutions and policies to continue protecting their data. Many organizations have already taken matters into their own hands and have gone quantum-proof.
Industries at Risk
Clearly, the cybersecurity industry is the most sensitive to the quantum threat. And although quantum computing will affect the cybersecurity industry the most, the consequences aren’t limited to this space. The effects will cascade down to all other industries that deal with data and rely on modern cybersecurity tools to protect that data.
Considering that pretty much every industry today heavily uses digital technology, there’s no single space that won’t be affected by quantum computers. To name a few, here are some of the industries that will likely be affected by the quantum threat:
- Banking and finance
- Retail and wholesale
Across all industries, quantum computing could have a negative effect from the following three standpoints:
- Compliance. Failure to prevent data leaks or theft might lead to the violation of industry-relevant standards and regulations. Depending on the industry and geographical location of your operations, you might need to comply with the GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), or HIPAA (Health Insurance Portability and Accountability Act). Regulation violations could lead to fines and legal consequences.
- Competitiveness. Research teams and businesses develop and retain assets to maintain a competitive edge in their industries. Digital data about these assets could become compromised in a hacker attack and be sold or otherwise made available to competing parties. Needless to say, data leaks can nullify any advantage you have over your competitors and undermine your competitiveness in the long run.
- Reputation and brand image. Data breaches can have a huge impact on your reputation. Large or repeated incidents could drive your existing customers away, hinder your ability to acquire new ones, and reduce your business’ attractiveness for investments. Data breaches can have especially serious consequences in industries like finance or healthcare where the financial well-being or health of customers is at stake.
Another important thing to remember – it’s not just businesses that are at risk. The data security of entire governments is under threat as well. Nation-state attacks can target a country’s infrastructure, military, and businesses, thus posing a threat to national security and well-being.
Finally, cryptocurrency could also be greatly affected by quantum computers. If you expose your public keys, a hacker with a quantum computer might be able to derive your private key and drain your wallets. Today, most crypto networks hide public keys and only show them after initiating a transaction, but the small window between starting and mining a transaction could be everything hackers need to derive a private key.
How Can Businesses Resist the Quantum Threat?
Efforts are underway to develop stronger public-key algorithms that could resist the code-breaking capabilities of tomorrow’s quantum computers. The U.S. NIST is evaluating dozens of new methods collectively referred to as Quantum-safe or Post–quantum Cryptography (PQC). However, this name itself is problematic because it implies that PQC methods are the strongest bulwarks against future quantum attacks, when this isn’t true at all.
Another so-called ‘promising’ approach, Quantum Key Distribution (QKD), where quantum methods are used by the sender and receiver to establish a symmetric key, is also being touted as a means of quantum-safe communications with ‘unconditional security’.
One serious problem with these two so-called quantum-safe methods is that they can only work over shorter distances and require the set up of special hardware. In this case, ‘special’ means ‘massively expensive’. It also means vulnerable to attack, thus giving the lie to the claim about ‘unconditional security’.
Another issue – the data transfer speeds possible with these methods are also severely limited, which then limits their practical applicability for real-world enterprises. Finally, the mass manufacturing low-cost QKD or PQC hardware that can scale up to meet the needs of growing businesses is nowhere close to happening (if ever).
So is there a way for quantum risk-aware businesses to keep themselves safe today from the approaching quantum threat? Yes there is, and it’s available right now.
TrUE Quantum Secure Solutions
Quantropi is the only cybersecurity company in the world providing the 3 prerequisites for cryptographic integrity: Trust, Uncertainty, and Entropy (TrUE).
Powered by quantum mechanics expressed as linear algebra, our patented TrUE technologies establish Trust between any two parties via quantum-secure asymmetric MASQ™ encryption (coming soon); ensure Uncertainty to attackers, rendering data uninterpretable forever, with QEEP™ symmetric encryption; and provide Quantum Entropy as a Service (QEaaS) with SEQUR™ – ultra-random key generation and distribution to enable secure data communications.
All Quantropi’s TrUE technologies are accessible via our flagship QiSpace™ platform.
To know more about this cutting-edge solution to protect your business from quantum threats, get in touch by using the “Let’s Talk Button“.