Cybersecurity: From an afterthought to a strategic asset
New research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read MoreFor years, quantum computing has been a vision of the future. It’s a technology that has been far away – a distant promise of computing power far beyond our imagination. But major tech companies have made significant leaps forward in the development of quantum computing in recent years. And it’s something that should be front of mind for cybersecurity teams now – because the pace of development will only increase.
In 2022, Jaya Baloo (CISO at Avast) spoke at Black Hat MEA about both the immense potential of quantum computing to enable positive change in society, and the challenges it poses for the cybersecurity industry: “Because this is everything we worry about in cybersecurity, in terms of being able to keep up with the level of concern around quantum computing.”
Last year, IBM unveiled Osprey – a quantum computer with 433-qubits of power, more than triple the 127 qubits of the previous generation processor. IBM also announced plans to scale up to more than 4,000 qubits by 2025.
And while Baloo highlighted how incredibly exciting this is, she also pointed out the key concerns: “...the most audacious thing about this is not that they’re doing this according to roadmap and succeeding on time. But the fact that they’re doing this with this audacious goal of making a quantum computer available to everyone, from the cloud.”
On the journey towards democratised technology, this is encouraging. People and countries that aren’t building their own quantum computer will have access to quantum computing power. But simultaneously, it has significant implications for global cybersecurity.
Cryptography is based on two very difficult mathematical problems:
And the strength of a one-way function relies on the time it takes to reverse that function.
“That time is the problem,” Baloo said, because “we have the advent of Peter Shor and Lov Grover who gave us algorithms to reverse these one-way functions. They made the compute time to go back in this direction just as quick as the way that we went this way.”
“And that ability to reverse these one-way functions, that’s a real threat to all of our current cryptography, especially the stuff we use all across the internet – a-symmetric cryptography.”
“People are trying continuously to confound and weaken the current cryptography systems that we use across the scale of the internet,” Baloo pointed out – and this won’t change when quantum computing is scaled.
We we have to ask questions:
This is crucially important – because change in security is, conventionally, not fast. Our ability to adapt and change is one of the biggest challenges the industry faces – and we need to prioritise quantum security before it’s essential across all networks, because otherwise we won’t have time to catch up.
And there’s another problem: “everything that we’re currently transmitting, or have ever transmitted, is being captured, held, and is waiting for decryption capability. Because old secrets are as good as new secrets.”
So Baloo urged that governments, organisations, and cybersecurity professionals need to:
“Everything we currently use for a-symmetric cryptography would need to be reviewed and migrated to a post-quantum standard. And I really urge you, please start now.”
There are already cryptography systems in the quantum space that you can experiment with, including post-quantum algorithms you can use to encrypt your data, and even post-quantum VPNs that are readily available.
With all of these measures, it’s reasonable to assume that they will break in the future.
“And that is OK if we’ve implemented something called crypto-agility,” Baloo said, and “that we’re ready to rip and replace when needed with a new set of algorithms.”
“The fact that things are breaking is a good thing. It’s good that it broke, that we know about it, and that we can fix it.”
So start engaging now. Add quantum cryptography as a requirement for your security strategy. And remember that it’s good to fail – because when things break, you have the opportunity to build them back better.
Join the newsletter to receive the latest updates in your inbox.
New research shows that a growing number of organisations view cybersecurity as a strategic priority.
Read MoreFind out why CISOs and investors are investing in AI-powered integrated cybersecurity platforms.
Read MoreCybersecurity education in schools could empower a new generation of skilled, engaged cybersecurity professionals, and solve the cyber workforce shortage.
Read More