With cyber warfare already an inextricable part of world events, imagine how threat actors will exploit quantum computing power with impunity…
As the world passes the first week of the new year, here are three more thought-provoking IT and cyber predictions to ponder over the remaining 52 weeks and beyond.
Note that the predictions are based on the premise that quantum computing applications are set to become accessible in some form, to organizations and governments at least.
With every milestone achieved, cyberattackers and state-sponsored threat actors are wont to abuse the unprecedented computing power for the agendas…
Avoiding a quantum-induced apocalypse
First, collaboration is needed to avoid a post-quantum apocalypse. The latter is not a plot from a science-fiction thriller. The consequences of the future threat(s) posed by quantum computers built to attack classical public key encryption algorithms is severe enough that governments and the security industry are already developing new cryptography designed to withstand such attacks.
To defend against threats to the current cryptographic standards that support modern network security, public and private industry collaboration are needed. The ongoing research and development of post-quantum algorithms and protocols from organizations like NIST, CISA and the NSA are critical, and continue to ensure focus and broader awareness of the threats that quantum computing could pose to cybersecurity.
Therefore, in 2024 and beyond, cybersecurity professionals, researchers and organizations will need to stay informed about the latest advancements to prepare for the post-quantum era.
Time-traveling attackers?
The second prediction is that, within the next decade, quantum computers will be able to break modern cryptography. Although we will not be able to predict when this will happen, we do know that the superiority of quantum computing capabilities poses a very real threat to nation-states, enterprises and individuals alike.
The primary attack of concern is store-and-crack, where attackers may already be capturing and storing encrypted information and web traffic now, in preparation for the time when their quantum computers are able to break the encryption. If any of the unlocked data is still valuable in the future, attackers can use them to exploit sensitive systems.
To address this risk today, the industry must begin reviewing research and guidance from the relevant authorities, in order to incorporate quantum-resistant cryptography for long-term security.
Public-private cooperation needed
The final prediction is that organizations will need to assess their cybersecurity risks and begin adopting quantum-resistant cryptography where appropriate. This includes understanding which data and systems are most vulnerable, and where changes to protection must be prioritized.
This is because cybersecurity involves not only protecting data now, but also ensuring security into the future. The critical next steps for the cybersecurity industry will be to watch for the finalized versions of encryption standards, as well as production software library support. Then, the industry must integrate these new cryptographic standards. This process may take a year or more, so attention and investment must happen now to evade store-and-break-later attacks.
Multi-agency cooperative efforts by organizations and the cybersecurity community are crucial to ensure the industry is prepared as soon as possible. All organizations and agencies will need to collaborate with the relevant international experts on tracking the migration to quantum-resistant cryptography and also the overall state of quantum readiness.