Quantum-resistant cryptography has become an increasingly urgent topic as the threat posed by quantum computing continues to grow. The U.S. National Institute of Standards and Technology (NIST) recently released the first set of finalized algorithms designed to withstand quantum computer attacks. As a result, companies are hastening their transition to quantum-resistant systems.

What is a “quantum-resistant system” anyway, and what is there to worry about? Let’s get into it.

The quantum menace

Quantum computing itself has been advancing rapidly. It can solve specific problems more efficiently than classical computers. Additionally, the availability of quantum cloud services has expanded access to these powerful tools, helping researchers and organizations. Innovations in quantum hardware have improved system stability and reduced error rates. The software ecosystem supporting quantum computing has also matured, enabling more complex and scalable algorithms.

In recent years, the field of quantum-resistant computing has made significant strides, such as algorithms capable of enduring the formidable power of quantum computers, which are a considerable threat to traditional cryptographic methods. With the advancement of quantum computing, current encryption methods will become insecure. Adopting quantum-resistant cryptography for data protection on cloud and non-cloud systems will be essential. There is a risk that malicious actors might already be intercepting and storing encrypted data with the intent to decrypt it once quantum computing capabilities become available.

NIST encryption

The Office of the Director of National Intelligences predicts that quantum computing will become widely available within five to six years. Despite the potential risks, quantum computing could also significantly improve artificial intelligence capabilities by accelerating data processing and enabling more intricate mathematical computations.

This convergence might lead to significant advancements in pharmaceuticals, climate modeling, or supply chain logistics. However, it also introduces new threats as more sophisticated and scalable cyberattacks become feasible. Generative AI, for instance, can be used maliciously to construct credible phishing attempts, deep fake media, and highly personalized social engineering attacks. AI tools can also automate vulnerability detection and exploit execution, broadening the scope of cyber threats.

Although adoption is not legally mandatory, NIST’s encryption algorithms are likely to become a benchmark of reasonable data security practices in the future, particularly concerning encryption—at least, according to NIST.

For cybersecurity and data protection lawyers, evolving standards will likely influence regulatory frameworks and vendor management practices, necessitating updates to cryptographic strategies. As the interplay between quantum computing and AI intensifies, organizations must strengthen their defenses and prepare their legal teams to adeptly manage privacy and security challenges related to these technological changes.

Should we be worried?

Enterprises should indeed be concerned about the advancements in quantum computing. Quantum computers have the potential to break widely used encryption protocols, posing risks to financial data, intellectual property, personal information, and even national security.

However, this reaction to danger goes well beyond NIST releasing quantum-resistant algorithms; it’s also crucial for enterprises to start transitioning today to new forms of encryption to future-proof their data security. As other technology advancements arise and enterprises run from one protection to another, work will begin to resemble Whac-A-Mole. I suspect many enterprises will be unable to whack that mole in time, will lose the battle, and be forced to absorb a breach.

Steps to address quantum risks

Here’s how enterprises can proactively respond to the evolving cybersecurity landscape:

  • Transition to quantum-resistant cryptography. As recommended by NIST, quantum-resistant algorithms should be adopted to fortify encryption against future quantum threats. This involves updating existing cryptographic systems to incorporate new NIST standards.
  • Conduct risk assessments. Identify systems and data assets vulnerable to quantum attacks. A thorough understanding of potential points of failure will aid in prioritizing the transition to quantum-safe methods.
  • Enhance cybersecurity infrastructure. Strengthen cybersecurity measures by integrating advanced threat detection systems and AI-driven monitoring tools to identify and mitigate current and emerging threats.
  • Invest in employee training. Train employees on the implications of quantum computing and the importance of adhering to new cybersecurity protocols, ensuring that everyone in the organization is aligned with the updated security measures.
  • Engage with legal and compliance teams. Understand the regulatory implications of adopting new cryptography standards. Compliance with evolving laws will minimize legal risks and ensure data protection.
  • Develop a strategic road map. Keep abreast of the latest advancements in quantum computing and related technologies. Formulate a comprehensive plan for integrating quantum-safe technologies, considering both short-term and long-term goals. Regularly review and update this road map.
  • Collaborate with industry experts. Engage with cybersecurity experts and participate in industry collaborations to share insights and foster community-wide advancements in quantum-safe security practices. Do more than just go to cybersecurity conferences, such as RSA or Black Hat; develop ongoing relationships with experts who can continually assess vulnerabilities.

It’s not just quantum

Quantum computing is a catalyst for change. It’s driving enterprises to reconsider fundamental aspects of data security and computational power and pursue quantum-resistant cryptography to protect sensitive information.

Although quantum computing represents a groundbreaking shift in computational capabilities, the way we address its challenges transcends this singular technology. It’s obvious we need a multidisciplinary approach to managing and leveraging all new advancements.

Organizations must be able to anticipate technological disruptions like quantum computing and also become adaptable enough to implement solutions rapidly. We need a comprehensive strategy that integrates technology, cybersecurity, legal frameworks, and strategic foresight.

For the past hundred years, enterprises have absorbed and implemented technology advances at a dizzying rate. Fitting new round technology pegs into square enterprise holes has often been a matter of trial and error. Regardless of the technology involved, the tools to do it right the first time are within our sights. This could be another watershed moment in history.