The quantum revolution will pose significant threats to information security with its ability to parse complex data, such as encryption algorithms, much quicker than current computers. While experts are still debating the timeline for when quantum computing will outpace the speed and accuracy of classical computing, now’s the time to prepare for its arrival. By 2030, estimates find that there could be 2,000 to 5,000 quantum computers worldwide.
Quantum computing defined
Quantum computing will potentially solve problems that are far too complex for today’s classical computers. Classical computers operate in the binary realm and therefore can only deal with one set of inputs and one calculation at a time. Think basic zeroes and ones. Now, enter quantum computing, which involves qubits – short for quantum bits, which are volatile and changeable by nature. Qubits enable quantum computers to simultaneously solve multiple calculations, each with multiple inputs. It’s anticipated that quantum computers will factor prime numbers and solve the algorithms behind many of the encryption keys, including RSA encryption algorithms, which are widely used by many organizations to protect data and their IT infrastructure.
The ramifications are profound if encryption algorithms are broken. The trust that has defined our digital existence will be forever impacted. Hackers can now create fake certificates, calling into question the validity of every digital identity online or any piece of data transmitted or received over the internet.
The inevitable ability of quantum computers to perform algorithm-breaking computations will require a change in mindset in how CISOs and CIOs secure sensitive and confidential data.
Act now to protect critical data and assets
If organizations wait until quantum computers are commercially available, it will be too late. Cybersecurity experts are pointing to a critical threat known as store-now, decrypt later (SNDL), where nefarious actors are exfiltrating sensitive and confidential data now with the intention of decrypting it once quantum computers are available. While there’s no question that sensitive information is a concern when it comes to the quantum encryption threat, the most profound threat lies with a company’s most critical assets or crown jewels, which, if compromised, could pose an existential threat to the organization and its ability to function. Security teams need to make information such as security-level data, IP for patented research or drugs, and protected health information quantum-proof now from cyber adversaries who are stealing it in anticipation of the eventual availability of quantum computers.
Prepare for the quantum future
To mitigate the threat from hackers, organizations need to level-up their data security now. Yes, organizations should invest in “quantum-safe” encryption solutions. However, security-focused organizations need to understand that advances in quantum technologies will eventually produce the next generation of computing that could potentially break the “quantum-safe” encryption algorithms.
Security-forward organizations understand this dilemma and are seeking solutions that prevent critical digital resources from being exfiltrated in the first place. Security teams are looking to network obfuscation as one potential solution.
With network obfuscation, critical resources are hidden from the public internet and not visible even within the enterprise network environment. Sensitive assets such as vital health records, confidential IP research, business applications, and even encryption algorithms are cordoned off in an “invisible vault” that keeps unauthorized users from even knowing they exist.
Ransomware attacks are so damaging because nefarious actors are buried within an organization’s networks, undetected for weeks or months as they perform reconnaissance on the company’s crown jewels and exfiltrate large amounts of data and credentials. By the time the ransom demands are made, the damage has already been done. In the case of an SNDL breach, security teams often don’t even learn of the consequences until much later.
Obfuscation protects a company’s most critical assets from an external bad actor or an insider threat. They can’t see the obfuscation network that protects the organization’s assets if they haven’t been given access to it. They don’t know the network exists nor the critical assets that are protected within the network. Obfuscation also yields an additional benefit of reducing the number of attack surfaces in the enterprise network since because these assets are no longer visible to cyber adversaries.
Network obfuscation helps to keep the company’s critical assets and encryption algorithms quantum-safe now, and quantum-ready for tomorrow’s threats.
Diem Shin, product marketing lead, Telos Corporation