Quantum computing attacks, which are feared to completely break modern encryption on the internet, are still about a decade away from being viable. However, they are widely seen as inevitable, which hasn’t stopped attackers from preparing well in advance. A new survey from Deloitte reveals that there is immediate and significant cyber risk from “harvest now decrypt later” (HNDL) attacks, in which attackers steal encrypted information and simply sit on it until advances in quantum computing make hacking them easy.
Among other findings, just over half of IT professionals surveyed say their organizations are currently at risk of HNDL attacks. But less than half are currently above their analysis of this emerging cyber risk, and around 11% say there will have to be a cyber incident (by which time it is far too late) before their management is made to do something. on the threat.
A seemingly distant cyber risk already in the early stages of exploitation
The Deloitte survey included input from more than 400 IT professionals working in organizations that are actively considering the benefits of quantum computing, but not necessarily the new level of cyber risk that comes with it. Just over 26% said they had completed a risk assessment at this stage. 18% intend to do so this year and 16% say they will in the next two to five years. 13% say they either have no plans to do so for more than five years or have no intention of doing so at all.
About the same number of organizations that plan to perform a cyber risk assessment long before quantum computing becomes a threat, just over half of all respondents also believe that HNDL is a threat immediately for their organization. 21% don’t think it’s a threat and 28% don’t know.
What would cause some of the most reluctant organizations to take quantum computing threats seriously? 27% of respondents said it would take regulatory pressure. 20% believe leaders will need to be convinced to demand change, 15% believe change will be triggered if competitors are seen doing it, and 11% said it would take nothing less than being hit by a quantum computing attack to move the needle for their organism. Just under 7% felt that customer or shareholder requests would make a difference.
Quantum computing cracking expected around 2030
Cybersecurity experts have differing opinions on the subject, but most believe the quantum computing threat will arrive in as little as five years and likely no more than 15. This means that organizations should reasonably expect to have defenses in place by the end of the present. decade at the latest.
Although encryption is an essential part of a data protection program, files encrypted with today’s algorithms will likely be cracked within seconds at some point by quantum computing tools. If these encrypted files are stolen now, hackers only have to wait a few years to gain easy access to them. The HNDL threat therefore demands immediate attention, but so far its awareness (let alone meaningful action) is lagging behind.
However, some experts warn that organizations shouldn’t pull too far in the opposite direction and panic to change encryption algorithms overnight. The new standards aren’t expected to fully emerge from NIST until 2024, and most IT departments have many unresolved cyber risk issues that are much more immediately beneficial to improving security.
Risk is also not distributed evenly across industries and organizations. Today’s HNDL threat actors are almost exclusively nation-state attackers seeking state secrets and proprietary information that they can unlock later. These groups are also almost certainly the attackers among the limited group of people with early access to stable quantum computing once it becomes a reality. Google’s insufficiently stable quantum computer, Sycamore, costs millions of dollars before you even get to the hundreds of specialized communications cables that cost $1,000 for every meter of length, must be housed in a special refrigeration unit capable of maintaining an extremely accurate temperature at all times, and can go haywire if shut down too long for hardware repairs. The cyber risk of quantum computing is almost certain to be exclusive to nation states, at least in the early stages of its existence.
At the moment, the best way to counter the HNDL threat is to keep hackers away from networks and sensitive files. Taking an inventory of “long-lived” information resources that are not expected to change or become obsolete in the next few years, such as bank account numbers, can also be an immediate step; this highly sensitive data can potentially be processed with current means such as key rolling.
#Quantum #computing #attacks #years #Hack #Decrypt #presents #cyber #risk #CPO #Magazine