Harvest now, decrypt later

Welcome to the new 75 cyber warriors who joined us last week. Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA stages.

Keep up with our weekly newsletters on LinkedIn — subscribe here.

This week we’re focused on…

Harvest now, decrypt later attacks. 

An emerging attack vector 

This type of attack is emerging in response to developments in quantum computing. On the blog this week we noted the 12 key security trends that communications security firm Kiteworks identified in its 2025 forecast. 

Harvest now, decrypt later (HNDL) attacks are already happening (or at least, in part). As noted by the World Economic Forum, cybercriminals are collecting encrypted data even though they don’t yet have the capabilities to decrypt it. 

What kind of data is being hoarded? 

The threat actors conducting HDNL attacks are focusing on sensitive data with long-term value. 

This includes: 

• Trade secrets and business intelligence
• R&D on emerging technologies
• Data from industries that have long production cycles
• Sensitive customer data, including personal financial information
• Critical sector data, including energy, transportation, finance and government infrastructure
• Pharmaceutical development data
• Self-driving car R&D data 

Exploiting the power of possibility 

Attackers steal or intercept data and then store it securely, even if they can’t read it right now. They wait for quantum computing tech to advance sufficiently to break the encryption. And then they decrypt and exploit the harvested data. 

Driven by quantum advancements 

The primary driver behind HNDL attacks is the rapid advancement of quantum computing. Unlike classical computers that use binary digits (bits), quantum computers use quantum bits or qubits – which can exist in multiple states simultaneously, thanks to a phenomenon called superposition.

This quantum advantage translates to processing speeds that far outpace classical computers. Experts predict that quantum computers could potentially crack widely-used encryption methods in a matter of seconds, compared to the trillions of years it would take classical computers. 

What are the main concerns?

Critical sectors with long product lifetimes of up to 30 years are the most vulnerable, because data longevity is a major concern here. 

Quantum computing advancements are expected to increase in a relatively short time frame going forward, as both government and private sectors continue to invest more heavily in the technology. Large-scale quantum computers aren’t available yet – but it’s predicted that they will be functional in the near future. Research by McKinsey, for example, estimates that 5,000 quantum computers will be operational by 2030. 

How to defend against HNDL attacks 

The best way to defend against HNDL attacks now is to implement post-quantum cryptography (PQC) as soon as possible. NIST has already released new PQC algorithms in August 2024, and it’s recommended that organisations should begin the transition to quantum-resistant cryptography now. 

Organisations with particularly sensitive data can also consider microsharding: the practice of breaking data into tiny fragments that are unintelligible, and distributing across numerous storage locations to make it difficult for threat access to gain access to enough of the data fragments to be able to make any sense of them. 

HNDL attacks could have a major impact on global data security 

We won’t know the full impact of HNDL attacks until quantum computing capabilities are available at scale. But the threat is real, and growing – with cybersecurity leaders widely acknowledging the dangers ahead. 

So even though the outcomes of this threat might still be years away, it’s critical that organisations and cybersecurity leaders across industries act now. 

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 08 January 2025.

Catch you next week,
Steve Durning
Exhibition Director

Join us at Black Hat MEA 2025 to grow your network, expand your knowledge, and build your business.