sb-eu logo
Story image

Quantum computing will pose risks to enterprise encryption

24 Oct 2019

The internet of things is becoming a backbone for technology worldwide, and quantum computing is developing right alongside it. While quantum computing can bring the potential for development, there are also plenty of risks.

According to a DigiCert survey of 400 enterprise organisations across Japan, Germany and the United States, 55% believe that quantum computing and post Quantum Crypto  is a ‘somewhat to extremely large’ security threat at the present time, with 71% it will only become more of a threat in the future.

Organisations believe that IT teams should be aware of quantum computing. According to the survey, 83% of respondents believe that IT must learn about quantum-safe security practices.

However, quantum computing presents significant security challenges.

These include: High costs to battle and mitigate quantum threats; Data stolen today is safe if encrypted, but quantum attacks will make this data vulnerable in the future; and encryption on devices and applications embedded in products will be susceptible.

Additionally, cost; lack of staff knowledge; and a concern that TLS vendors won’t have upgraded certificates in time were all cited as concerns.

To deal with those challenges, 95% of surveyed respondents say they are discussing at least one tactic to prepare for quantum computing.

As organisations prepare for quantum computing, 56% of respondents are establishing a PQC budget. Respondents are also beginning to understanding their current level of risk, building knowledge about PQC and developing TLS best practices.

“It is encouraging to see that so many companies understand the risk and challenges that quantum computing poses to enterprise encryption,” says DigiCert industry and standards technical strategist, Tim Hollebeek.

“With the excitement and potential of quantum technologies to impact our world, it's clear that security professionals are at least somewhat aware of the threats that quantum computers pose to encryption and security in the future. With so many engaged, but lacking good information about what to do and how to prepare, now is the time for companies to invest in strategies and solutions that will help them get ahead of the game and not get caught with their data exposed when the threats emerge."

The survey suggests three best practices for companies ready to start planning their strategies for securing their organizations for the quantum future:

1. Know your risk and establish a quantum crypto maturity model.

2. Understand the importance of crypto-agility in your organization and establish it as a core practice.

3. Work with leading vendors to establish digital certificate best practices and ensure they are tracking PQC industry progress to help you stay ahead of the curve, including with their products and solutions. Change rarely happens quickly, so it’s better not to wait, but to address your crypto-agility now.

Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More
Story image
Remote staff overestimating knowledge of cybersecurity basics
‘Unconscious incompetence’ is one of the most difficult issues to identify and solve with security awareness training.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More
Story image
CrowdStrike acquires Preempt Security for $96m, develops zero trust security offerings
With this acquisition, the company plans to offer customers enhanced Zero Trust security capabilities and strengthen the CrowdStrike Falcon platform with conditional access technology. More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More