Industry experts from Barracuda discuss the impending Quantum Computing revolution and its potential implications.
The potential security risks and rewards of Artificial Intelligence (AI) have long influenced cybersecurity predictions. The emergence of ChatGPT in November 2022 spotlighted generative AI, emphasising the need to address its security impact. This raises the question: will Quantum Computing follow a similar path?
Quantum Computing is a groundbreaking technology, offering unparalleled speed in computational processing. This advancement is set to enhance various fields, including particle physics, weather forecasting, traffic optimisation, financial modeling and cybersecurity. However, its ability to break encryption presents a notable risk.
In November 2022, the US introduced the Quantum Computing Cybersecurity Awareness Act. With governments taking action, the question arises: should we be equally prepared?
Barracuda surveyed frontline security professionals about whether the time has come for organisations and the cybersecurity industry to focus on Quantum Computing. Here are their insights.
Sheila Hara, Senior Director, Product Management, Email Protection: While Quantum Computing is not an immediate threat to current security measures, it’s important to proactively consider its potential impact and take steps to prepare for a future where Quantum capabilities may challenge existing cryptographic protections. Quantum computers have the theoretical capability to break widely used encryption algorithms, such as RSA and ECC, through a process known as Shor’s algorithm. This means that sensitive data encrypted with these algorithms could potentially be decrypted by a Quantum computer. Confidential information, including personal data, financial transactions and sensitive communications, could be at risk if encryption methods are compromised by Quantum Computing. The transition from current cryptographic standards to Quantum-resistant standards will take time and careful planning. Organisations need to start considering this transition to ensure the security of their data in the future.
Adam Khan, VP Global Security Operations: While Quantum Computing presents a potential threat to cybersecurity due to its ability to break current encryption algorithms, the timeline for when it will become a significant concern is uncertain and will depend on the progress in Quantum Computing technology and the development of Quantum-resistant cryptographic algorithms.
Stephan Schachinger, Senior Product Manager, IoT: Companies should live security as an on-going process. Begin with the low-hanging fruit, continuously improve and don’t attempt to achieve 100%
overnight. If projects become too big, too complicated, or too expensive, they fail and there is no benefit. So, begin small and then scale.
The ones who think they have done everything to protect themselves against the current threats should worry about Quantum Computing, but for the vast majority of organisations there are other tasks to do first. At the moment, the use of Quantum Computing is still very limited and it’s definitely not a mainstream technology. But we should keep it in mind because one day that’s going to change.
Emre Tezisci, Product Marketing Manager, Zero Trust: In my opinion, it’s not that easy for threat actors to get access to such technologies. First, they require identification. Second, they are expensive. There are many cheaper and simpler options to breach companies.
Rohit Aradhya, VP and Managing Director, Engineering: Quantum Computing capability is an impending threat for the coming years. It is expected that Quantum Computing will help break asymmetric encryption solutions that base their security on integer factorization or discrete logarithms. However, the practical viability of using Quantum resources to impact the security of businesses on a large scale is still few years away. Also, large-scale research and remedial measures are in discussion on how to make security products/solutions address threats emanating from Quantum Computing abilities. We believe it is something to look out for in the near future, but probably not in 2024.
Jesus Cordero, Director, Systems Engineering, SASE and Cloud: It will take a while for all of us to migrate our systems to post-Quantum cryptography to create resilient systems against attacks from Quantum computers. The Quantum Computing Cybersecurity Preparedness Act from 2022 is an initiative worth following.
Mark Lukie, Director of Solution Architects, APAC: Yes, it is time to think about Quantum Computing from a security perspective, but it is not time to worry. Quantum computers are still in their early stages of development and we have time to prepare for their arrival. There are several things that organisations and individuals can do to mitigate the security risks associated with Quantum Computing, such as using post-Quantum cryptography algorithms, Quantum key distribution and segmenting networks and systems. We can also educate employees about cybersecurity best practices to help reduce the risk of phishing attacks and other social engineering attacks. While Quantum Computing poses some security risks, it also has the potential to revolutionise many industries, including cybersecurity. For example, Quantum Computing could be used to develop new encryption algorithms that are even more secure than the ones we use today.
Stefan van der Wal, Consulting Solutions Architect, Application Security, EMEA: As is traditional with every security question, this will be addressed once it’s already too late. It is good to think about a corporate strategy for when it arrives, especially because encryption will, in large parts, become invalid as this technology matures.