The quantum threat: Quantum computing demystified

The Risk to Encryption

A huge portion of online business depends on encryption for security. It is estimated that RSA-2048 (a widely used form of asymmetric encryption) currently secures $3 trillion worth of e-commerce transactions globally (2). This security standard, however, could soon be rendered obsolete. The KTH Royal Institute of Technology suggests that a sufficiently advanced quantum computer could crack RSA-2048 encryption in just eight hours - a feat that is currently considered impossible for traditional computers under any timeframe. (3)

How Soon is the Threat?

Experts differ on when exactly quantum decryption could become a genuine concern. In 2016, NIST predicted that a quantum computer capable of breaking encryption could exist by 2030 (4). However, as of today, quantum computers remain far from possessing the capability required for large-scale decryption. That said, quantum research is pulling in capacity from Big Tech and gaining momentum, leading many to believe it’s a matter of when – not if – this threat becomes a reality.

A Problem for the Future? Think Again.

Even though mass-scale quantum attacks are perhaps years down the line, threat actors are preparing now. By collecting encrypted data now, with the expectation that future quantum developments will allow them to unlock it later, they pose an immediate risk to organisations. This “Harvest Now, Decrypt Later” tactic means sensitive information being stolen today, from financial records to government communications, could be exposed once quantum technology matures. Alarmingly, despite this looming risk, most companies are unprepared. An IBM survey of global business leaders found that companies, on average, score only 21 out of 100 on a quantum-readiness scale (5). Since transitioning to quantum-safe security isn’t instant, businesses need to act now.

How businesses can prepare

To stay ahead of the quantum threat, organisations should take the following steps:

• Identify risks – Map out which systems and data rely on traditional asymmetric encryption methods like RSA and ECC.
• Upgrade encryption – The National Institute of Standards and Technology has already approved new post-quantum encryption standards, and businesses should start considering how to integrate them into their security strategies.
• Assess third-party security – Work with vendors, cloud providers, and partners to ensure they are also preparing for quantum threats.
• Stay informed on developments – Follow cybersecurity updates from NIST and other global cybersecurity bodies to keep up with the latest recommendations.

Large-scale quantum decryption may still be years away, but waiting to address this threat is not an option. Early adopters will be in a much stronger position to safeguard their data and operations when the quantum era arrives.

References

(1). Retrieved from https://kpmg.com/xx/en/our-insights/ai-and-technology/quantum-and-cybersecurity.html 
(2). Retrieved from https://www.bcg.com/publications/2021/quantum-computing-encryption-security
(3). Retrieved from https://arxiv.org/abs/1905.09749
(4). Retrieved from https://csrc.nist.gov/pubs/ir/8105/final
(5). Retrieved from https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/quantum-safe