Quantum Computing: A Call to Action for Security Professionals

While quantum computing holds the promise of revolutionary breakthroughs across various industries, especially those such as financial, medical and governmental sectors that store large amounts of sensitive data, its vast computational power also presents a critical threat to the security of our digital world.

ISACA’s recent Quantum Computing Pulse Poll reveals a compelling picture of both the immense potential and the significant challenges associated with this emerging technology. One of the most concerning findings is the widespread lack of preparedness among organizations. Despite 62% of respondents expressing concerns about the ability of quantum computing to break today's internet encryption, only 5% consider it a high priority for the near future. Further, of the remaining 95%, the majority consider it a medium priority, indicating a significant gap between awareness and urgent action. This disconnect poses a serious risk to the security of sensitive information and long-term privacy. Potential reasons for this lack of preparedness may include a lack of resources, a belief that the threat is still too far in the future, or a lack of understanding of the potential impact.

Complicating the issue, the poll reveals that cybercriminals are already actively preparing for a future of quantum-enabled decryption. With 56% of respondents fearing “harvest now, decrypt later” attacks, the urgency to implement quantum-resistant encryption today becomes even more apparent. "Harvest now, decrypt later" attacks involve cybercriminals collecting encrypted data today, with the intention of decrypting it once sufficiently powerful quantum computers become available.

For years, the cybersecurity and cryptographic communities have been anticipating the release of post-quantum cryptographic standards by the National Institute of Standards and Technology (NIST). Their standards are now published, marking a crucial turning point in the race to secure our data in the quantum era. It is important to remember that the NIST standards process has been ongoing, and the standards are being released in phases. Some algorithms have already been standardized and others are still under evaluation. These new standards include algorithms like lattice-based cryptography and hash-based signatures.

However, a surprising finding of the poll is that only 7% of respondents have a strong understanding of the new NIST standards, despite the years of anticipation. This gap in knowledge emphasizes the need for thorough education and awareness campaigns through the industry and within organizations.

Now is the Time for Action

Many respondents underestimate the rapid pace at which quantum computing could become widespread. With 57% acknowledging the increased business risks associated with this technology and 40% lacking awareness of their company's quantum computing plans, it is evident that time is of the essence.

Potential reasons for this lack of preparedness may include a lack of resources, a belief that the threat is still too far in the future, or a lack of understanding of the potential impact.

The poll reveals a troubling statistic: 55% of organizations have not taken any steps to prepare for quantum computing. This inaction, despite 46% acknowledging the technology's potential for revolutionary innovation and 52% recognizing its impact on skills needs, further highlights the need for proactive measures.

The poll serves as a wake-up call for risk, audit and cybersecurity professionals. Urgent action is required on several fronts:

• Educate Stakeholders: Raising awareness among decision-makers about the imminent threats and the need for quantum-resistant encryption is paramount. This involves creating comprehensive educational programs, conducting workshops and providing real-world attack scenarios to demonstrate the impact. 
• Assess Vulnerabilities: Identifying and prioritizing critical data and systems for protection is crucial. This requires thorough data inventories, risk assessments, and vulnerability scans to pinpoint sensitive information and vulnerable systems. 
• Transition to Quantum-Resistant Encryption: Organizations must begin the immediate migration of essential data and systems to quantum-resistant encryption solutions. This involves developing migration plans, pilot testing new algorithms and ensuring compatibility with existing systems. 
• Upgrade Digital Infrastructure: Continuous improvement and securing of internet-connected systems are essential for a robust defense against quantum-enabled attacks. This includes implementing strong access controls, patching systems, deploying intrusion detection and conducting regular security audits.

Leveraging AI

Incorporating AI into the strategy for mitigating the risks of quantum computing can pay be useful in multiple ways:

• Predictive Analytics: AI can forecast potential quantum-related threats by analyzing trends and patterns, allowing organizations to proactively address vulnerabilities. 
• Automated Incident Response: AI-driven systems can provide swift and effective responses to quantum-enabled cyber-attacks, reducing the window of exploitation. 
• Continuous Learning: AI systems can continuously learn from emerging threats, automatically updating and enhancing security protocols to adapt to new quantum computing developments.

By integrating AI into risk mitigation, organizations can leverage its capabilities to enhance their cybersecurity posture, making them more resilient against the unique challenges posed by quantum computing.

A New Era of Cybersecurity

While blockchain-based cryptocurrencies are not immediately vulnerable to quantum computing, the poll suggests an eventual impact. The cryptocurrency industry must anticipate this future threat and actively develop quantum-resistant solutions to safeguard the security and integrity of transactions.

These poll insights paint a clear picture of the significant challenges and opportunities that lie ahead in the era of quantum computing. The development and deployment of quantum-resistant encryption, education and awareness campaigns, and a collaborative effort to secure our digital world are essential steps for navigating the risks and harnessing the potential of this transformative technology. The costs associated with these new security measures must also be considered and factored into long-term security budgets.