It’s no secret that quantum computing will drastically reshape the cybersecurity landscape. However, many businesses don’t quite understand the urgency of the issue or what they should do to safeguard their assets.
“Quantum technology will destroy traditional cryptographic algorithms” is too vague of a statement to enable concrete steps. While it has some motivational power, it’s not exactly helpful because it doesn’t tell us what we should be doing in practical terms.
Quantum risk assessment can help enterprises figure out where they are today, and what they need to do to protect their assets when quantum computing inevitably arrives.
How Businesses Can Assess Quantum Risk
At a high level, post-quantum risk assessment can allow businesses to:
- Assess the current state of their information assets and cryptographic policies
- Identify vulnerable and valuable assets that should be protected from quantum threats
- Develop a plan for the implementation of post-quantum cybersecurity
At the EEMA ISSE 2018 cybersecurity conference in Brussels, Belgium, IBM security architect Christiane Peters outlined that post-quantum risk assessment should include the following phases:
- Developing or updating existing cryptographic policies. Cryptographic agility should be the foundation of any organization’s cryptographic policies. As threats evolve, standards and policies should be updated accordingly to maintain their ability to protect confidential data.
- Documenting systems and applications using cryptography. Enterprises should inventory assets that use cryptography. This will help enterprises estimate asset value, identify weaknesses, and prioritize assets based on their business significance and vulnerability.
- Classifying data and mapping data flows. Describing how information should be handled and processed, data classification, and data flow maps can help businesses avoid unintended and potentially malicious uses of their data and help them ascertain that data is comprehensively protected from attacks.
- Creating an enterprise-centered timeline for quantum-safe cryptography. Although nobody can say when quantum computers will become readily accessible and commonplace, enterprises can develop educated guesses about when quantum computing will start becoming a problem. This can help them understand the potential effect of quantum threats on their business competitiveness and longevity.
- Developing a post-quantum implementation strategy. Formulating a post-quantum implementation plan is complicated because standards for post-quantum cryptography are not yet ratified. Regulatory agencies like NIST are in the process of developing frameworks and standards for post-quantum cryptography and have advised organizations to consider agile approaches (like Quantropi’s TrUE quantum-secure encryption solutions) that combine traditional cryptographic measures with emerging Quantum-safe technologies.
Quantum risk assessment can be quite an involved process. To facilitate it, organizations can leverage the guidelines provided in documents like Clause 6.1.2 of the ISO 27001 standard or the NIST Cybersecurity Framework. Guidance from consultants specialized in quantum cybersecurity can add much-needed clarity to the assessment process as well.
Quantum is a Thing of Tomorrow, But Data Needs Protection Today
Quantum risk assessment is ultimately a long-term play, but enterprises must begin protecting their data now.
It’s crucial for businesses to understand that data breaches have considerably more far-reaching consequences than they may seem at first glance. Current encryption systems like AES or RSA can prevent threat actors from touching our business secrets at this very moment, but what happens when those threat actors lay their hands on quantum computers?
The answer is simple – all the ultra-confidential data that hacker groups have been hoarding for years will suddenly become an open book. This may not be a huge issue for some forms of data, but information with long-lasting value because of its business importance or regulatory requirements will be severely compromised.
If businesses want to stay protected when the quantum arrives, they must start working on their policies and cybersecurity measures today.
Prepare for the Quantum Threat With Quantropi
For businesses that aren’t sure how to prepare for the future of quantum computing, Quantropi is here to help. With a mission to propel businesses toward quantum-ready cybersecurity, our technology is bound to be the standard for quantum-secure data communications.